isabelle: comparison src/HOL/Auth/OtwayRees

equal deleted inserted replaced

-:3ad2493fa0e0
+:ce85a2aafc7a
 Fake "[| evs: otway;  B ~= Spy;  X: synth (analz (sees lost Spy evs)) |]
 ==> Says Spy B X  # evs : otway"
 (*Alice initiates a protocol run*)
 OR1  "[| evs: otway;  A ~= B;  B ~= Server |]
-==> Says A B {|Nonce (newN evs), Agent A, Agent B,
+==> Says A B {|Nonce (newN(length evs)), Agent A, Agent B,
 Crypt (shrK A)
-{|Nonce (newN evs), Agent A, Agent B|} |}
+{|Nonce (newN(length evs)), Agent A, Agent B|} |}
 # evs : otway"
 (*Bob's response to Alice's message.  Bob doesn't know who
 	   the sender is, hence the A' in the sender field.
 We modify the published protocol by NOT encrypting NB.*)
 OR2  "[| evs: otway;  B ~= Server;
 Says A' B {|Nonce NA, Agent A, Agent B, X|} : set_of_list evs |]
 ==> Says B Server
-{|Nonce NA, Agent A, Agent B, X, Nonce (newN evs),
+{|Nonce NA, Agent A, Agent B, X, Nonce (newN(length evs)),
 Crypt (shrK B) {|Nonce NA, Agent A, Agent B|}|}
 # evs : otway"
 (*The Server receives Bob's message and checks that the three NAs
 match.  Then he sends a new session key to Bob with a packet for
 Nonce NB,
 Crypt (shrK B) {|Nonce NA, Agent A, Agent B|}|}
 : set_of_list evs |]
 ==> Says Server B
 {|Nonce NA,
-Crypt (shrK A) {|Nonce NA, Key (newK evs)|},
+Crypt (shrK A) {|Nonce NA, Key (newK(length evs))|},
-Crypt (shrK B) {|Nonce NB, Key (newK evs)|}|}
+Crypt (shrK B) {|Nonce NB, Key (newK(length evs))|}|}
 # evs : otway"
 (*Bob receives the Server's (?) message and compares the Nonces with
 	   those in the message he previously sent the Server.*)
 OR4  "[| evs: otway;  A ~= B;

changeset 2451	ce85a2aafc7a
parent 2284	80ebd1a213fd
child 2516	4d68fbe6378b