130 |
130 |
131 |
131 |
132 (*** Future keys can't be seen or used! ***) |
132 (*** Future keys can't be seen or used! ***) |
133 |
133 |
134 (*Nobody can have SEEN keys that will be generated in the future. *) |
134 (*Nobody can have SEEN keys that will be generated in the future. *) |
135 goal thy "!!evs. evs : otway ==> \ |
135 goal thy "!!i. evs : otway ==> \ |
136 \ length evs <= length evs' --> \ |
136 \ length evs <= i --> Key(newK i) ~: parts (sees lost Spy evs)"; |
137 \ Key (newK evs') ~: parts (sees lost Spy evs)"; |
|
138 by (parts_induct_tac 1); |
137 by (parts_induct_tac 1); |
139 by (REPEAT_FIRST (best_tac (!claset addEs [leD RS notE] |
138 by (REPEAT_FIRST (best_tac (!claset addEs [leD RS notE] |
140 addDs [impOfSubs analz_subset_parts, |
139 addDs [impOfSubs analz_subset_parts, |
141 impOfSubs parts_insert_subset_Un, |
140 impOfSubs parts_insert_subset_Un, |
142 Suc_leD] |
141 Suc_leD] |
144 qed_spec_mp "new_keys_not_seen"; |
143 qed_spec_mp "new_keys_not_seen"; |
145 Addsimps [new_keys_not_seen]; |
144 Addsimps [new_keys_not_seen]; |
146 |
145 |
147 (*Variant: old messages must contain old keys!*) |
146 (*Variant: old messages must contain old keys!*) |
148 goal thy |
147 goal thy |
149 "!!evs. [| Says A B X : set_of_list evs; \ |
148 "!!evs. [| Says A B X : set_of_list evs; \ |
150 \ Key (newK evt) : parts {X}; \ |
149 \ Key (newK i) : parts {X}; \ |
151 \ evs : otway \ |
150 \ evs : otway \ |
152 \ |] ==> length evt < length evs"; |
151 \ |] ==> i < length evs"; |
153 by (rtac ccontr 1); |
152 by (rtac ccontr 1); |
154 by (dtac leI 1); |
153 by (dtac leI 1); |
155 by (fast_tac (!claset addSDs [new_keys_not_seen, Says_imp_sees_Spy] |
154 by (fast_tac (!claset addSDs [new_keys_not_seen, Says_imp_sees_Spy] |
156 addIs [impOfSubs parts_mono]) 1); |
155 addIs [impOfSubs parts_mono]) 1); |
157 qed "Says_imp_old_keys"; |
156 qed "Says_imp_old_keys"; |
158 |
157 |
159 |
158 |
160 (*** Future nonces can't be seen or used! ***) |
159 (*** Future nonces can't be seen or used! ***) |
161 |
160 |
162 goal thy "!!evs. evs : otway ==> \ |
161 goal thy "!!i. evs : otway ==> \ |
163 \ length evs <= length evs' --> \ |
162 \ length evs <= i --> Nonce(newN i) ~: parts (sees lost Spy evs)"; |
164 \ Nonce (newN evs') ~: parts (sees lost Spy evs)"; |
|
165 by (parts_induct_tac 1); |
163 by (parts_induct_tac 1); |
166 by (REPEAT_FIRST |
164 by (REPEAT_FIRST |
167 (fast_tac (!claset addSEs partsEs |
165 (fast_tac (!claset addSEs partsEs |
168 addSDs [Says_imp_sees_Spy RS parts.Inj] |
166 addSDs [Says_imp_sees_Spy RS parts.Inj] |
169 addEs [leD RS notE] |
167 addEs [leD RS notE] |
173 qed_spec_mp "new_nonces_not_seen"; |
171 qed_spec_mp "new_nonces_not_seen"; |
174 Addsimps [new_nonces_not_seen]; |
172 Addsimps [new_nonces_not_seen]; |
175 |
173 |
176 (*Variant: old messages must contain old nonces!*) |
174 (*Variant: old messages must contain old nonces!*) |
177 goal thy |
175 goal thy |
178 "!!evs. [| Says A B X : set_of_list evs; \ |
176 "!!evs. [| Says A B X : set_of_list evs; \ |
179 \ Nonce (newN evt) : parts {X}; \ |
177 \ Nonce (newN i) : parts {X}; \ |
180 \ evs : otway \ |
178 \ evs : otway \ |
181 \ |] ==> length evt < length evs"; |
179 \ |] ==> i < length evs"; |
182 by (rtac ccontr 1); |
180 by (rtac ccontr 1); |
183 by (dtac leI 1); |
181 by (dtac leI 1); |
184 by (fast_tac (!claset addSDs [new_nonces_not_seen, Says_imp_sees_Spy] |
182 by (fast_tac (!claset addSDs [new_nonces_not_seen, Says_imp_sees_Spy] |
185 addIs [impOfSubs parts_mono]) 1); |
183 addIs [impOfSubs parts_mono]) 1); |
186 qed "Says_imp_old_nonces"; |
184 qed "Says_imp_old_nonces"; |
187 |
185 |
188 |
186 |
189 (*Nobody can have USED keys that will be generated in the future. |
187 (*Nobody can have USED keys that will be generated in the future. |
190 ...very like new_keys_not_seen*) |
188 ...very like new_keys_not_seen*) |
191 goal thy "!!evs. evs : otway ==> \ |
189 goal thy "!!i. evs : otway ==> \ |
192 \ length evs <= length evs' --> \ |
190 \ length evs <= i --> newK i ~: keysFor (parts (sees lost Spy evs))"; |
193 \ newK evs' ~: keysFor (parts (sees lost Spy evs))"; |
|
194 by (parts_induct_tac 1); |
191 by (parts_induct_tac 1); |
195 (*OR1 and OR3*) |
192 (*OR1 and OR3*) |
196 by (EVERY (map (fast_tac (!claset addDs [Suc_leD] addss (!simpset))) [4,2])); |
193 by (EVERY (map (fast_tac (!claset addDs [Suc_leD] addss (!simpset))) [4,2])); |
197 (*Fake, OR2, OR4: these messages send unknown (X) components*) |
194 (*Fake, OR2, OR4: these messages send unknown (X) components*) |
198 by (REPEAT |
195 by (REPEAT |
217 (*Describes the form of K and NA when the Server sends this message. Also |
214 (*Describes the form of K and NA when the Server sends this message. Also |
218 for Oops case.*) |
215 for Oops case.*) |
219 goal thy |
216 goal thy |
220 "!!evs. [| Says Server B \ |
217 "!!evs. [| Says Server B \ |
221 \ {|NA, X, Crypt (shrK B) {|NB, K|}|} : set_of_list evs; \ |
218 \ {|NA, X, Crypt (shrK B) {|NB, K|}|} : set_of_list evs; \ |
222 \ evs : otway |] \ |
219 \ evs : otway |] \ |
223 \ ==> (EX evt: otway. K = Key(newK evt)) & \ |
220 \ ==> (EX n. K = Key(newK n)) & \ |
224 \ (EX i. NA = Nonce i) & (EX j. NB = Nonce j)"; |
221 \ (EX i. NA = Nonce i) & (EX j. NB = Nonce j)"; |
225 by (etac rev_mp 1); |
222 by (etac rev_mp 1); |
226 by (etac otway.induct 1); |
223 by (etac otway.induct 1); |
227 by (ALLGOALS (fast_tac (!claset addss (!simpset)))); |
224 by (ALLGOALS (fast_tac (!claset addss (!simpset)))); |
228 qed "Says_Server_message_form"; |
225 qed "Says_Server_message_form"; |
232 val analz_Fake_tac = |
229 val analz_Fake_tac = |
233 dtac OR2_analz_sees_Spy 4 THEN |
230 dtac OR2_analz_sees_Spy 4 THEN |
234 dtac OR4_analz_sees_Spy 6 THEN |
231 dtac OR4_analz_sees_Spy 6 THEN |
235 forward_tac [Says_Server_message_form] 7 THEN |
232 forward_tac [Says_Server_message_form] 7 THEN |
236 assume_tac 7 THEN Full_simp_tac 7 THEN |
233 assume_tac 7 THEN Full_simp_tac 7 THEN |
237 REPEAT ((eresolve_tac [bexE, exE, conjE] ORELSE' hyp_subst_tac) 7); |
234 REPEAT ((eresolve_tac [exE, conjE] ORELSE' hyp_subst_tac) 7); |
238 |
235 |
239 |
236 |
240 (**** |
237 (**** |
241 The following is to prove theorems of the form |
238 The following is to prove theorems of the form |
242 |
239 |
243 Key K : analz (insert (Key (newK evt)) (sees lost Spy evs)) ==> |
240 Key K : analz (insert (Key (newK i)) (sees lost Spy evs)) ==> |
244 Key K : analz (sees lost Spy evs) |
241 Key K : analz (sees lost Spy evs) |
245 |
242 |
246 A more general formula must be proved inductively. |
243 A more general formula must be proved inductively. |
247 |
244 |
248 ****) |
245 ****) |
249 |
246 |
265 \ ALL K E. (Key K : analz (Key``(newK``E) Un (sees lost Spy evs))) = \ |
262 \ ALL K E. (Key K : analz (Key``(newK``E) Un (sees lost Spy evs))) = \ |
266 \ (K : newK``E | Key K : analz (sees lost Spy evs))"; |
263 \ (K : newK``E | Key K : analz (sees lost Spy evs))"; |
267 by (etac otway.induct 1); |
264 by (etac otway.induct 1); |
268 by analz_Fake_tac; |
265 by analz_Fake_tac; |
269 by (REPEAT_FIRST (ares_tac [allI, lemma])); |
266 by (REPEAT_FIRST (ares_tac [allI, lemma])); |
270 by (ALLGOALS |
267 by (ALLGOALS (*Takes 18 secs*) |
271 (asm_simp_tac |
268 (asm_simp_tac |
272 (!simpset addsimps ([insert_Key_singleton, insert_Key_image, pushKey_newK] |
269 (!simpset addsimps [Un_assoc RS sym, |
273 @ pushes) |
270 insert_Key_singleton, insert_Key_image, pushKey_newK] |
274 setloop split_tac [expand_if]))); |
271 setloop split_tac [expand_if]))); |
275 (** LEVEL 7 **) |
|
276 (*OR4, OR2, Fake*) |
272 (*OR4, OR2, Fake*) |
277 by (EVERY (map spy_analz_tac [5,3,2])); |
273 by (EVERY (map spy_analz_tac [5,3,2])); |
278 (*Oops, OR3, Base*) |
274 (*Oops, OR3, Base*) |
279 by (REPEAT (fast_tac (!claset addIs [image_eqI] addss (!simpset)) 1)); |
275 by (REPEAT (fast_tac (!claset addIs [image_eqI] addss (!simpset)) 1)); |
280 qed_spec_mp "analz_image_newK"; |
276 qed_spec_mp "analz_image_newK"; |
281 |
277 |
282 |
278 |
283 goal thy |
279 goal thy |
284 "!!evs. evs : otway ==> \ |
280 "!!evs. evs : otway ==> \ |
285 \ Key K : analz (insert (Key (newK evt)) (sees lost Spy evs)) = \ |
281 \ Key K : analz (insert (Key(newK i)) (sees lost Spy evs)) = \ |
286 \ (K = newK evt | Key K : analz (sees lost Spy evs))"; |
282 \ (K = newK i | Key K : analz (sees lost Spy evs))"; |
287 by (asm_simp_tac (HOL_ss addsimps [pushKey_newK, analz_image_newK, |
283 by (asm_simp_tac (HOL_ss addsimps [pushKey_newK, analz_image_newK, |
288 insert_Key_singleton]) 1); |
284 insert_Key_singleton]) 1); |
289 by (Fast_tac 1); |
285 by (Fast_tac 1); |
290 qed "analz_insert_Key_newK"; |
286 qed "analz_insert_Key_newK"; |
291 |
287 |
292 |
288 |
293 (*** The Key K uniquely identifies the Server's message. **) |
289 (*** The Key K uniquely identifies the Server's message. **) |
294 |
290 |
295 goal thy |
291 goal thy |
296 "!!evs. evs : otway ==> \ |
292 "!!evs. evs : otway ==> \ |
297 \ EX B' NA' NB' X'. ALL B NA NB X. \ |
293 \ EX B' NA' NB' X'. ALL B NA NB X. \ |
298 \ Says Server B {|NA, X, Crypt (shrK B) {|NB, K|}|} : set_of_list evs --> \ |
294 \ Says Server B {|NA, X, Crypt (shrK B) {|NB, K|}|} : set_of_list evs --> \ |
299 \ B=B' & NA=NA' & NB=NB' & X=X'"; |
295 \ B=B' & NA=NA' & NB=NB' & X=X'"; |
300 by (etac otway.induct 1); |
296 by (etac otway.induct 1); |
301 by (ALLGOALS (asm_simp_tac (!simpset addsimps [all_conj_distrib]))); |
297 by (ALLGOALS (asm_simp_tac (!simpset addsimps [all_conj_distrib]))); |
330 \ Says B Spy {|NA, NB, Key K|} ~: set_of_list evs --> \ |
326 \ Says B Spy {|NA, NB, Key K|} ~: set_of_list evs --> \ |
331 \ Key K ~: analz (sees lost Spy evs)"; |
327 \ Key K ~: analz (sees lost Spy evs)"; |
332 by (etac otway.induct 1); |
328 by (etac otway.induct 1); |
333 by analz_Fake_tac; |
329 by analz_Fake_tac; |
334 by (ALLGOALS |
330 by (ALLGOALS |
335 (asm_simp_tac (!simpset addsimps ([not_parts_not_analz, |
331 (asm_simp_tac (!simpset addsimps [not_parts_not_analz, |
336 analz_insert_Key_newK] @ pushes) |
332 analz_insert_Key_newK] |
337 setloop split_tac [expand_if]))); |
333 setloop split_tac [expand_if]))); |
338 (*OR3*) |
334 (*OR3*) |
339 by (fast_tac (!claset addEs [Says_imp_old_keys RS less_irrefl] |
335 by (fast_tac (!claset addEs [Says_imp_old_keys RS less_irrefl] |
340 addss (!simpset addsimps [parts_insert2])) 3); |
336 addss (!simpset addsimps [parts_insert2])) 3); |
341 (*OR4, OR2, Fake*) |
337 (*OR4, OR2, Fake*) |