54 |
54 |
55 AddIffs [newK_notin_initState]; |
55 AddIffs [newK_notin_initState]; |
56 |
56 |
57 goalw thy [keysFor_def] "keysFor (parts (initState lost C)) = {}"; |
57 goalw thy [keysFor_def] "keysFor (parts (initState lost C)) = {}"; |
58 by (agent.induct_tac "C" 1); |
58 by (agent.induct_tac "C" 1); |
59 by (auto_tac (!claset addIs [range_eqI], !simpset)); |
59 by (Auto_tac ()); |
60 qed "keysFor_parts_initState"; |
60 qed "keysFor_parts_initState"; |
61 Addsimps [keysFor_parts_initState]; |
61 Addsimps [keysFor_parts_initState]; |
62 |
62 |
63 goalw thy [keysFor_def] "keysFor (Key``E) = {}"; |
63 goalw thy [keysFor_def] "keysFor (Key``E) = {}"; |
64 by (Auto_tac ()); |
64 by (Auto_tac ()); |
208 AddIs [usedI]; |
208 AddIs [usedI]; |
209 |
209 |
210 (** Fresh keys never clash with long-term shared keys **) |
210 (** Fresh keys never clash with long-term shared keys **) |
211 |
211 |
212 goal thy "Key (shrK A) : used evs"; |
212 goal thy "Key (shrK A) : used evs"; |
213 by (Best_tac 1); |
213 by (Blast_tac 1); |
214 qed "shrK_in_used"; |
214 qed "shrK_in_used"; |
215 AddIffs [shrK_in_used]; |
215 AddIffs [shrK_in_used]; |
216 |
216 |
217 (*Used in parts_Fake_tac and analz_Fake_tac to distinguish session keys |
217 (*Used in parts_induct_tac and analz_Fake_tac to distinguish session keys |
218 from long-term shared keys*) |
218 from long-term shared keys*) |
219 goal thy "!!K. Key K ~: used evs ==> K ~: range shrK"; |
219 goal thy "!!K. Key K ~: used evs ==> K ~: range shrK"; |
220 by (Best_tac 1); |
220 by (Blast_tac 1); |
221 qed "Key_not_used"; |
221 qed "Key_not_used"; |
222 |
222 |
223 (*A session key cannot clash with a long-term shared key*) |
223 (*A session key cannot clash with a long-term shared key*) |
224 goal thy "!!K. K ~: range shrK ==> shrK B ~= K"; |
224 goal thy "!!K. K ~: range shrK ==> shrK B ~= K"; |
225 by (Blast_tac 1); |
225 by (Blast_tac 1); |
235 |
235 |
236 goal thy "used [] <= used l"; |
236 goal thy "used [] <= used l"; |
237 by (list.induct_tac "l" 1); |
237 by (list.induct_tac "l" 1); |
238 by (event.induct_tac "a" 2); |
238 by (event.induct_tac "a" 2); |
239 by (ALLGOALS Asm_simp_tac); |
239 by (ALLGOALS Asm_simp_tac); |
240 by (Best_tac 1); |
240 by (Blast_tac 1); |
241 qed "used_nil_subset"; |
241 qed "used_nil_subset"; |
242 |
242 |
243 goal thy "used l <= used (l@l')"; |
243 goal thy "used l <= used (l@l')"; |
244 by (list.induct_tac "l" 1); |
244 by (list.induct_tac "l" 1); |
245 by (simp_tac (!simpset addsimps [used_nil_subset]) 1); |
245 by (simp_tac (!simpset addsimps [used_nil_subset]) 1); |
246 by (event.induct_tac "a" 1); |
246 by (event.induct_tac "a" 1); |
247 by (Asm_simp_tac 1); |
247 by (Asm_simp_tac 1); |
248 by (Best_tac 1); |
248 by (Blast_tac 1); |
249 qed "used_subset_append"; |
249 qed "used_subset_append"; |
250 |
250 |
251 |
251 |
252 (*** Supply fresh nonces for possibility theorems. ***) |
252 (*** Supply fresh nonces for possibility theorems. ***) |
253 |
253 |
370 |
370 |
371 (*The Spy can see more than anybody else, except for their initial state*) |
371 (*The Spy can see more than anybody else, except for their initial state*) |
372 goal thy "sees lost A evs <= initState lost A Un sees lost Spy evs"; |
372 goal thy "sees lost A evs <= initState lost A Un sees lost Spy evs"; |
373 by (list.induct_tac "evs" 1); |
373 by (list.induct_tac "evs" 1); |
374 by (event.induct_tac "a" 2); |
374 by (event.induct_tac "a" 2); |
375 by (ALLGOALS (fast_tac (!claset addDs [sees_Says_subset_insert RS subsetD] |
375 by (ALLGOALS Asm_simp_tac); |
376 addss (!simpset)))); |
376 by (ALLGOALS (blast_tac (!claset addDs [sees_Says_subset_insert RS subsetD]))); |
377 qed "sees_agent_subset_sees_Spy"; |
377 qed "sees_agent_subset_sees_Spy"; |
378 |
378 |
379 (*The Spy can see more than anybody else who's lost their key!*) |
379 (*The Spy can see more than anybody else who's lost their key!*) |
380 goal thy "A: lost --> A ~= Server --> sees lost A evs <= sees lost Spy evs"; |
380 goal thy "A: lost --> A ~= Server --> sees lost A evs <= sees lost Spy evs"; |
381 by (list.induct_tac "evs" 1); |
381 by (list.induct_tac "evs" 1); |
382 by (event.induct_tac "a" 2); |
382 by (event.induct_tac "a" 2); |
383 by (agent.induct_tac "A" 1); |
383 by (agent.induct_tac "A" 1); |
384 by (auto_tac (!claset addDs [sees_Says_subset_insert RS subsetD], (!simpset))); |
384 by (ALLGOALS Asm_simp_tac); |
|
385 by (ALLGOALS (blast_tac (!claset addDs [sees_Says_subset_insert RS subsetD]))); |
385 qed_spec_mp "sees_lost_agent_subset_sees_Spy"; |
386 qed_spec_mp "sees_lost_agent_subset_sees_Spy"; |
386 |
387 |
387 |
388 |
388 (** Simplifying parts (insert X (sees lost A evs)) |
389 (** Simplifying parts (insert X (sees lost A evs)) |
389 = parts {X} Un parts (sees lost A evs) -- since general case loops*) |
390 = parts {X} Un parts (sees lost A evs) -- since general case loops*) |