/*
 * Woo-lam version from Spore, as it is in Sjouke's list
 */

usertype Server, SessionKey, Token, Ticket;
secret k: Function;

const Simon: Server;

/* give the intruder something to work with */
// Scyther finds an attack using basic type flaws

const ke: SessionKey;

const authToken: Token;

protocol woolamcmv(A,B,S)
{
	role A
	{
		fresh Na: Nonce;
		var Nb: Nonce;
		var Kab: SessionKey;
		var t1,t2;

		send_1(A,B, A,Na);
		recv_2(B,A, B,Nb);
		send_3(A,B, { A,B, Na,Nb }k(A,S) );
   		recv_6(B,A, { B,Na,Nb,Kab }k(A,S), { Na,Nb }Kab );
		send_7(A,B, { Nb }Kab );	

		claim_8(A,Secret, Kab);
		claim_9(A,Niagree);
		claim_10(A,Nisynch);
	}

	role B
	{
		var Na: Nonce;
		fresh Nb: Nonce;
		var Kab: SessionKey;
		var t1,t2;

		recv_1(A,B, A,Na);
		send_2(B,A, B,Nb);
		recv_3(A,B, t1 );
		send_4(B,S, t1, { A,B,Na,Nb }k(B,S) );
		recv_5(S,B, t2, { A,Na,Nb,Kab }k(B,S) );
   		send_6(B,A, t2, { Na,Nb }Kab );
		recv_7(A,B, { Nb }Kab );	

		claim_11(B,Secret, Kab);
		claim_12(B,Niagree);
		claim_13(B,Nisynch);
	}

	role S
	{
		var Na, Nb: Nonce;
		fresh Kab: SessionKey;

		recv_4(B,S, { A,B, Na,Nb }k(A,S), { A,B,Na,Nb }k(B,S) );
		send_5(S,B, { B,Na,Nb,Kab }k(A,S), { A,Na,Nb,Kab }k(B,S) );

		claim_14(S,Secret, Kab);
	}
}