src/HOL/Auth/Yahalom.thy
changeset 67443 3abf6a722518
parent 67226 ec32cdaab97b
child 67613 ce654b0e6d69
--- a/src/HOL/Auth/Yahalom.thy	Tue Jan 16 09:12:16 2018 +0100
+++ b/src/HOL/Auth/Yahalom.thy	Tue Jan 16 09:30:00 2018 +0100
@@ -53,7 +53,7 @@
                 # evs3 \<in> yahalom"
 
  | YM4:  
-       \<comment>\<open>Alice receives the Server's (?) message, checks her Nonce, and
+       \<comment> \<open>Alice receives the Server's (?) message, checks her Nonce, and
            uses the new session key to send Bob his Nonce.  The premise
            @{term "A \<noteq> Server"} is needed for \<open>Says_Server_not_range\<close>.
            Alice can check that K is symmetric by its length.\<close>
@@ -234,9 +234,9 @@
 apply (erule yahalom.induct, force,
        drule_tac [6] YM4_analz_knows_Spy)
 apply (simp_all add: pushes analz_insert_eq analz_insert_freshK) 
-  subgoal \<comment>\<open>Fake\<close> by spy_analz
-  subgoal \<comment>\<open>YM3\<close> by blast   
-  subgoal \<comment>\<open>Oops\<close> by  (blast dest: unique_session_keys)   
+  subgoal \<comment> \<open>Fake\<close> by spy_analz
+  subgoal \<comment> \<open>YM3\<close> by blast   
+  subgoal \<comment> \<open>Oops\<close> by  (blast dest: unique_session_keys)   
 done
 
 text\<open>Final version\<close>
@@ -314,8 +314,8 @@
 apply (erule yahalom.induct, force,
        frule_tac [6] YM4_parts_knows_Spy)
          apply (analz_mono_contra, simp_all)
-  subgoal \<comment>\<open>Fake\<close> by blast
-  subgoal \<comment>\<open>YM3\<close> by blast   
+  subgoal \<comment> \<open>Fake\<close> by blast
+  subgoal \<comment> \<open>YM3\<close> by blast   
 txt\<open>YM4.  A is uncompromised because NB is secure
   A's certificate guarantees the existence of the Server message\<close>
 apply (blast dest!: Gets_imp_Says Crypt_Spy_analz_bad
@@ -397,10 +397,10 @@
   @{term Says_Server_KeyWithNonce}, we get @{prop "~ KeyWithNonce K NB
   evs"}; then simplification can apply the induction hypothesis with
   @{term "KK = {K}"}.\<close>
-  subgoal \<comment>\<open>Fake\<close> by spy_analz
-  subgoal \<comment>\<open>YM2\<close> by blast
-  subgoal \<comment>\<open>YM3\<close> by blast
-  subgoal \<comment>\<open>YM4: If @{prop "A \<in> bad"} then @{term NBa} is known, therefore @{prop "NBa \<noteq> NB"}.\<close>
+  subgoal \<comment> \<open>Fake\<close> by spy_analz
+  subgoal \<comment> \<open>YM2\<close> by blast
+  subgoal \<comment> \<open>YM3\<close> by blast
+  subgoal \<comment> \<open>YM4: If @{prop "A \<in> bad"} then @{term NBa} is known, therefore @{prop "NBa \<noteq> NB"}.\<close>
     by (metis A_trusts_YM3 Gets_imp_analz_Spy Gets_imp_knows_Spy KeyWithNonce_def
         Spy_analz_shrK analz.Fst analz.Snd analz_shrK_Decrypt parts.Fst parts.Inj)
 done
@@ -484,13 +484,13 @@
        frule_tac [6] YM4_analz_knows_Spy)
 apply (simp_all add: split_ifs pushes new_keys_not_analzd analz_insert_eq
                      analz_insert_freshK)
-  subgoal \<comment>\<open>Fake\<close> by spy_analz
-  subgoal \<comment>\<open>YM1: NB=NA is impossible anyway, but NA is secret because it is fresh!\<close> by blast
-  subgoal \<comment>\<open>YM2\<close> by blast
-  subgoal \<comment>\<open>YM3: because no NB can also be an NA\<close> 
+  subgoal \<comment> \<open>Fake\<close> by spy_analz
+  subgoal \<comment> \<open>YM1: NB=NA is impossible anyway, but NA is secret because it is fresh!\<close> by blast
+  subgoal \<comment> \<open>YM2\<close> by blast
+  subgoal \<comment> \<open>YM3: because no NB can also be an NA\<close> 
     by (blast dest!: no_nonce_YM1_YM2 dest: Gets_imp_Says Says_unique_NB)
-  subgoal \<comment>\<open>YM4: key K is visible to Spy, contradicting session key secrecy theorem\<close>
-    \<comment>\<open>Case analysis on whether Aa is bad;
+  subgoal \<comment> \<open>YM4: key K is visible to Spy, contradicting session key secrecy theorem\<close>
+    \<comment> \<open>Case analysis on whether Aa is bad;
             use \<open>Says_unique_NB\<close> to identify message components: @{term "Aa=A"}, @{term "Ba=B"}\<close>
     apply clarify
     apply (blast dest!: Says_unique_NB analz_shrK_Decrypt
@@ -498,7 +498,7 @@
                  dest: Gets_imp_Says Says_imp_spies Says_Server_imp_YM2
                        Spy_not_see_encrypted_key)
     done
-  subgoal \<comment>\<open>Oops case: if the nonce is betrayed now, show that the Oops event is
+  subgoal \<comment> \<open>Oops case: if the nonce is betrayed now, show that the Oops event is
     covered by the quantified Oops assumption.\<close>
     apply clarsimp
     apply (metis Says_Server_imp_YM2 Gets_imp_Says Says_Server_not_range Says_unique_NB no_nonce_YM1_YM2 parts.Snd single_Nonce_secrecy spies_partsEs(1))
@@ -596,10 +596,10 @@
 apply (erule yahalom.induct, force,
        frule_tac [6] YM4_parts_knows_Spy)
 apply (analz_mono_contra, simp_all)
-  subgoal \<comment>\<open>Fake\<close> by blast
-  subgoal \<comment>\<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
+  subgoal \<comment> \<open>Fake\<close> by blast
+  subgoal \<comment> \<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
      by (force dest!: Crypt_imp_keysFor)
-   subgoal \<comment>\<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
+   subgoal \<comment> \<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
                otherwise by unicity of session keys\<close>
      by (blast dest!: Gets_imp_Says A_trusts_YM3 B_trusts_YM4_shrK Crypt_Spy_analz_bad
              dest: Says_imp_knows_Spy [THEN parts.Inj] unique_session_keys)