usertype SessionKey;
const pk: Function;
secret sk: Function;
secret k: Function;
inversekeys (pk,sk);

protocol andrewBan(I,R)
{
	role I
	{
		const ni: Nonce;
		var nr: Nonce;
		var kir: SessionKey;

		send_1(I,R, I,ni );
		read_2(R,I, {ni,kir,I}k(I,R) );
		send_3(I,R, {ni}kir );
		read_4(R,I, nr );
		claim_5(I,Nisynch);
		claim_6(I,Secret, kir);
		claim_7(I,Secret, k(I,R));
	}	
	
	role R
	{
		var ni: Nonce;
		const nr: Nonce;
		const kir: SessionKey;

		read_1(I,R, I,ni );
		send_2(R,I, {ni,kir,I}k(I,R) );
		read_3(I,R, {ni}kir );
		send_4(R,I, nr );
		claim_8(R,Nisynch);
		claim_9(R,Secret, kir);
		claim_10(R,Secret, k(I,R));
	}
}

const Alice,Bob,Eve: Agent;

untrusted Eve;
const ne: Nonce;
const kee: SessionKey;
compromised sk(Eve);

run andrewBan.I(Agent,Agent);
run andrewBan.R(Agent,Agent);
run andrewBan.I(Agent,Agent);
run andrewBan.R(Agent,Agent);