diff -r 9c968d0de9a0 -r 2ce98ee39990 Attic/programs/Engine.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Attic/programs/Engine.thy Sat Oct 04 13:17:18 2014 +0100 @@ -0,0 +1,67 @@ +theory Engin +imports Main +begin + +typedecl principal + +consts E :: principal +consts T :: principal +consts M :: principal + +consts Says :: "principal \ bool \ bool" ("_ says _" [101, 101] 100) +consts Sends :: "principal \ principal \ bool \ bool" ("_ sends _ : _" [100, 100, 100] 100) +consts Enc :: "bool \ bool \ bool" +consts Id :: "principal \ bool" + +consts N :: "bool" +consts K :: "bool" +consts start_engine :: "principal \ bool" + + +axiomatization where + saysI[intro]: "F \ P says F" and + saysE[elim]: "\P says (F1 \ F2); P says F1\ \ P says F2" and + says_encI[intro]: "\P says F1; P says F2\ \ P says (Enc F1 F2)" and + says_encE[elim]: "\P says (Enc F1 F2); P says F2\ \ P says F1" and + sendsE[elim]: "\P sends Q : F; P says F\ \ Q says F" + + +lemma + assumes start: "E says N" + and challenge: "E sends T : N" + and response: "T says N \ (T sends E : (Enc N K) \ T sends E : Id(T))" + and keyT: "T says K" + and idT: "T says Id T" + and engine: "(E says (Enc N K) \ E says Id(T)) \ start_engine T" + shows "start_engine T" +using assms +by (metis says_encI sendsE) + +lemma + assumes start: "E says N" + and challenge: "\T. E sends T : N" + and response: "\N E. T says N \ (T sends E : (Enc N K) \ T sends E : Id(T))" + and keyT: "T says K" + and idT: "T says Id T" + and engine: "\T. (E says (Enc N K) \ E says Id(T)) \ start_engine T" + shows "start_engine M" +using assms +sorry +(*by (metis saysE says_encE says_encI sendsE)*) + +lemma + assumes start: "E says N" + and challenge: "\T. E sends T : N" + and response: "\N E. T says N \ (T sends E : (Enc N K) \ T sends E : Id T)" + and keyT: "T says K" + and idT: "T says Id T" + and engine: "\T. (E says (Enc N K) \ E says Id T) \ start_engine T" + and middle1: "\N. M sends T : N" + and middle2: "\N'. M sends E : N'" + and middle3: "M says Id M" + shows "start_engine M" +using assms + +by (metis saysE says_encE says_encI sendsE) + +end