- Added the splice-AS protocol. The modelchecker finds an attack, but

the arachne methods causes some problems.

spdl/splice-as.spdl

@@ -0,0 +1,58 @@
+const pk: Function;
+secret sk: Function;
+inversekeys (pk,sk);
+
+protocol spliceAS(C,AS,S)
+{
+        role C
+	{
+		const N1,N2: Nonce;
+		const T,L: Nonce;
+
+		send_1(C,AS,  C, S, N1 );
+		read_2(AS,C,  AS, {AS, C, N1, pk(S)}sk(AS) );
+		send_3(C,S,   C, S, {C, T, L, {N2}pk(S)}sk(C) );
+		read_6(S,C,   S, C, {S, N2}pk(C) );
+
+		claim_7(C, Secret, N2);
+	}
+
+	role AS
+	{
+		var N1,N3: Nonce;
+
+		read_1(C,AS,  C, S, N1 );
+		send_2(AS,C,  AS, {AS, C, N1, pk(S)}sk(AS) );
+		read_4(S,AS,  S, C, N3 );
+		send_5(AS,S,  AS, {AS, S, N3, pk(C)}sk(AS) );
+	}
+
+	role S
+	{
+		const N3: Nonce;
+		var N2: Nonce;
+		var T,L: Nonce;
+
+		var ni: Nonce;
+		const nr: Nonce;
+
+		read_3(C,S,   C, S, {C, T, L, {N2}pk(S)}sk(C) );
+		send_4(S,AS,  S, C, N3 );
+		read_5(AS,S,  AS, {AS, S, N3, pk(C)}sk(AS) );
+		send_6(S,C,   S, C, {S, N2}pk(C) );
+
+		claim_8(S, Secret, N2);
+	}
+}
+
+const Alice,Bob,Eve: Agent;
+
+untrusted Eve;
+const ne: Nonce;
+compromised sk(Eve);
+
+run spliceAS.C(Agent,Agent,Agent);
+run spliceAS.AS(Agent,Agent,Agent);
+run spliceAS.S(Agent,Agent,Agent);
+
+