/*
 * Needham-Schroeder symmetric
 * Amended version (from Sjouke's interpret.)
 */

/* symmetric */

usertype SessionKey;
secret k: Function;

/* agents */

const a,b,e: Agent;


/* untrusted e */

untrusted e;
const ne: Nonce;
const kee: SessionKey;

compromised k(e,e);
compromised k(e,a);
compromised k(e,b);
compromised k(a,e);
compromised k(b,e);

/* {}x used for public (invertible) function modeling */

usertype PseudoFunction;
const succ: PseudoFunction;

usertype Ticket;

protocol nssymmetric(A,S,B) 
{
	role A
	{
		const na: Nonce;
		var T1: Ticket;
		var T2: Ticket;
		var kab: SessionKey;
		var nb: Nonce;

		send_1(A,B, A );
		read_2(B,A, T1 );
		send_3(A,S, A,B,na,T1 );
		read_4(S,A, { na,B,kab,T2 }k(A,S) );
		send_5(A,B, T2 );
		read_6(B,A, { nb }kab );
		send_7(A,B, { {nb}succ }kab );

		claim_8(A, Secret, kab);
	}

	role S
	{
		const kab: SessionKey;
		var na: Nonce;
		var nb: Nonce;

		read_3(A,S, A,B,na, { A,nb }k(B,S) );
		send_4(S,A, { na,B,kab, { kab,A }k(B,S) }k(A,S) );
	}

	role B
	{
		var kab: SessionKey;
		const nb: Nonce;

		read_1(A,B, A );
		send_2(B,A, { A,nb }k(B,S) );
		read_5(A,B, { kab,A }k(B,S) );
		send_6(B,A, { nb }kab );
		read_7(A,B, { {nb}succ }kab );

		claim_9(B, Secret, kab);
	}
}