382 \ length evs <= length evs' --> \ |
382 \ length evs <= length evs' --> \ |
383 \ newK evs' ~: keysFor (UN C. parts (sees C evs))"; |
383 \ newK evs' ~: keysFor (UN C. parts (sees C evs))"; |
384 be traces.induct 1; |
384 be traces.induct 1; |
385 bd NS3_msg_in_parts_sees_Enemy 5; |
385 bd NS3_msg_in_parts_sees_Enemy 5; |
386 by (ALLGOALS Asm_simp_tac); |
386 by (ALLGOALS Asm_simp_tac); |
387 by (ALLGOALS |
387 (*NS1 and NS2*) |
388 (best_tac |
388 map (by o fast_tac (!claset addDs [Suc_leD] addss (!simpset))) [3,2]; |
|
389 (*Fake and NS3*) |
|
390 map (by o best_tac |
389 (!claset addSDs [newK_invKey] |
391 (!claset addSDs [newK_invKey] |
390 addDs [impOfSubs (analz_subset_parts RS keysFor_mono), |
392 addDs [impOfSubs (analz_subset_parts RS keysFor_mono), |
391 impOfSubs (parts_insert_subset_Un RS keysFor_mono), |
393 impOfSubs (parts_insert_subset_Un RS keysFor_mono), |
392 Suc_leD] |
394 Suc_leD] |
393 addEs [new_keys_not_seen RS not_parts_not_analz RSN (2,rev_notE)] |
395 addEs [new_keys_not_seen RS not_parts_not_analz RSN (2,rev_notE)] |
394 addss (!simpset)))); |
396 addss (!simpset))) |
|
397 [2,1]; |
|
398 (*NS4*) |
|
399 by (step_tac (!claset addSDs [Suc_leD, newK_invKey]) 1); |
|
400 by (deepen_tac (!claset addIs [impOfSubs keysFor_mono]) 0 2); |
|
401 by (fast_tac (!claset addDs [Says_imp_old_keys] |
|
402 addss (!simpset addsimps [le_def])) 1); |
395 val lemma = result(); |
403 val lemma = result(); |
396 |
404 |
397 goal thy |
405 goal thy |
398 "!!evs. [| evs : traces; length evs <= length evs' |] ==> \ |
406 "!!evs. [| evs : traces; length evs <= length evs' |] ==> \ |
399 \ newK evs' ~: keysFor (parts (sees C evs))"; |
407 \ newK evs' ~: keysFor (parts (sees C evs))"; |
524 by (forward_tac [encrypted_form] 1); |
532 by (forward_tac [encrypted_form] 1); |
525 br (parts.Inj RS conjI) 1; |
533 br (parts.Inj RS conjI) 1; |
526 by (auto_tac (!claset addIs [Says_imp_old_keys], !simpset)); |
534 by (auto_tac (!claset addIs [Says_imp_old_keys], !simpset)); |
527 qed "Says_S_message_form"; |
535 qed "Says_S_message_form"; |
528 |
536 |
|
537 (*Currently unused. Needed only to reason about the VERY LAST message.*) |
529 goal thy |
538 goal thy |
530 "!!evs. [| evs = Says S A (Crypt {|Nonce NA, Agent B, Key K, X|} \ |
539 "!!evs. [| evs = Says S A (Crypt {|Nonce NA, Agent B, Key K, X|} \ |
531 \ (serverKey A)) # evs'; \ |
540 \ (serverKey A)) # evs'; \ |
532 \ evs : traces \ |
541 \ evs : traces \ |
533 \ |] ==> (EX evt:traces. evs' : traces & length evt < length evs & \ |
542 \ |] ==> (EX evt:traces. evs' : traces & length evt < length evs & \ |
566 (*Deals with Faked messages*) |
574 (*Deals with Faked messages*) |
567 by (best_tac (!claset addSEs partsEs |
575 by (best_tac (!claset addSEs partsEs |
568 addDs [impOfSubs analz_subset_parts, |
576 addDs [impOfSubs analz_subset_parts, |
569 impOfSubs parts_insert_subset_Un] |
577 impOfSubs parts_insert_subset_Un] |
570 addss (!simpset)) 1); |
578 addss (!simpset)) 1); |
|
579 by (fast_tac (!claset addss (!simpset)) 1); |
571 result(); |
580 result(); |
572 |
581 |
573 |
582 |
574 (** Specialized rewriting for this proof **) |
583 (** Specialized rewriting for this proof **) |
575 |
584 |