usertype Server, SessionKey, Token, Ticket;
secret k: Function;

const Alice, Bob, Charlie, Eve: Agent;
const Simon: Server;

/* give the intruder something to work with */
const ne: Nonce;
const ke: SessionKey;
untrusted Eve;
compromised k(Eve,Simon);

const authToken: Token;

protocol woolamcmv(A,B,S)
{
	role B
	{
		var Na: Nonce;
		const Nb: Nonce;
		var Kab: SessionKey;
		var t1,t2: Ticket;

		read_1(A,B, A,Na);
		send_2(B,A, B,Nb);
		read_3(A,B, t1 );
		send_4(B,S, t1, { (A,(B,(Na,Nb))) }k(B,S) );
		read_5(S,B, t2, { (A,(Na,(Nb,Kab))) }k(B,S) );
   		send_6(B,A, t2, { Na,Nb }Kab );
		read_7(A,B, { Nb }Kab );	

		claim(B,Secret,Kab,Nb,authToken);
	}
}

run woolamcmv.B(Alice,Bob,Simon);
run woolamcmv.B(Alice,Bob,Simon);