/*
 * Needham-Schroeder symmetric
 * Amended version (from Sjouke's interpret.)
 */

/* symmetric */

usertype SessionKey;
secret k: Function;

/* agents */



/* untrusted e */

untrusted e;
const kee: SessionKey;

compromised k(e,e);
compromised k(e,a);
compromised k(e,b);
compromised k(a,e);
compromised k(b,e);

/* {}x used for public (invertible) function modeling */

usertype PseudoFunction;
const succ: PseudoFunction;

usertype Ticket;

protocol nssymmetricamended(A,S,B) 
{
	role A
	{
		fresh na: Nonce;
		var T1: Ticket;
		var T2: Ticket;
		var kab: SessionKey;
		var nb: Nonce;

		send_1(A,B, A );
		recv_2(B,A, T1 );
		send_3(A,S, A,B,na,T1 );
		recv_4(S,A, { na,B,kab,T2 }k(A,S) );
		send_5(A,B, T2 );
		recv_6(B,A, { nb }kab );
		send_7(A,B, { {nb}succ }kab );

		claim_8(A, Secret, kab);
		claim_8a(A, Niagree);
		claim_8b(A, Nisynch);
	}

	role S
	{
		fresh kab: SessionKey;
		var na: Nonce;
		var nb: Nonce;

		recv_3(A,S, A,B,na, { A,nb }k(B,S) );
		send_4(S,A, { na,B,kab, { kab,A }k(B,S) }k(A,S) );
	}

	role B
	{
		var kab: SessionKey;
		fresh nb: Nonce;

		recv_1(A,B, A );
		send_2(B,A, { A,nb }k(B,S) );
		recv_5(A,B, { kab,A }k(B,S) );
		send_6(B,A, { nb }kab );
		recv_7(A,B, { {nb}succ }kab );

		claim_9(B, Secret, kab);
		claim_9a(B, Niagree);
		claim_9b(B, Nisynch);
	}
}