# Wide Mouthed Frog
#
# Modelled after the description in the SPORE library
# http://www.lsv.ens-cachan.fr/spore/wideMouthedFrog.html
#
# Note
# The name of the party that has generated a message was added in order
# to model the property described in SPORE that an agent can identify
# its own messages and will reject them.

usertype SessionKey;
usertype TimeStamp;

secret k: Function;
const Fresh: Function;
const Compromised: Function;

protocol wmfSessionKeyCompromise(C)
{
    // Read the names of 3 agents and disclose a session between them including
    // corresponding session key to simulate key compromise
    role C {
        const Ni,Nr: Nonce;
        const Kir: SessionKey;
        const Ti,Ts: TimeStamp;
        var I,R,S: Agent;

        read_C1(C,C,    I,R,S);
        send_C2(C,C,    I, {I,Ti,R,Kir}k(I,S),
                        {S,Ts,I,Kir}k(R,S),
                        Kir
               );
        claim_C3(C,Empty, (Compromised,Kir));
    }
}

protocol wmf(I,R,S)
{
    role I
    {
        const Kir: SessionKey;
        const Ti: TimeStamp;
        var Kr: SessionKey;

        send_1(I,S, I, {I, Ti, R, Kir}k(I,S)); 

        claim_I1(I,Secret,Kir);
        claim_I2(I,Empty,(Fresh,Kir));
    }    
    
    role R
    {
        var Ts: TimeStamp;
        var Kir: SessionKey;

        read_2(S,R, {S, Ts, I, Kir}k(R,S) );

        claim_R1(R,Secret,Kir);
        claim_R2(R,Nisynch);
        claim_R3(R,Empty,(Fresh,Kir));
    }

    role S
    {
        var Kir: SessionKey;
        const Ts: TimeStamp;
        var Ti: TimeStamp;

        read_1(I,S, I,{I, Ti, R, Kir}k(I,S) );
        send_2(S,R, {S, Ts, I, Kir}k(R,S));
    }
}

const Alice,Bob,Eve,Simon: Agent;
const Ke: SessionKey;
const Te: TimeStamp;


untrusted Eve;
compromised k(Eve,Simon);

run wmf.I (Agent,Agent,Simon);
run wmf.R (Agent,Agent,Simon);
run wmf.S (Agent,Agent,Simon);