/*
 * Needham-Schroeder symmetric
 */

/* symmetric */

usertype SessionKey;
secret k: Function;

/* agents */



/* untrusted e */

untrusted e;
const kee: SessionKey;

compromised k(e,e);
compromised k(e,a);
compromised k(e,b);
compromised k(a,e);
compromised k(b,e);

/* {}x used for public (invertible) function modeling */

usertype PseudoFunction;
const succ: PseudoFunction;

usertype Ticket;

protocol nssymmetric(A,S,B) 
{
	role A
	{
		fresh na: Nonce;
		var T: Ticket;
		var kab: SessionKey;
		var nb: Nonce;

		send_1(A,S, A,B,na );
		recv_2(S,A, { na,B,kab,T }k(A,S) );
		send_3(A,B, T );
		recv_4(B,A, { nb }kab );
		send_5(A,B, { {nb}succ }kab );

		claim_6(A, Secret, kab);
	}

	role S
	{
		fresh kab: SessionKey;
		var na: Nonce;

		recv_1(A,S, A,B,na );
		send_2(S,A, { na,B,kab, { kab,A }k(B,S) }k(A,S) );
	}

	role B
	{
		var kab: SessionKey;
		fresh nb: Nonce;

		recv_3(A,B, { kab,A }k(B,S) );
		send_4(B,A, { nb }kab );
		recv_5(A,B, { {nb}succ }kab );

		claim_7(B, Secret, kab);
	}
}