(comment "CPSA 4.2.3")
(comment "Extracted shapes")

(herald "Envelope Protocol, location-based version" (check-nonces)
  (bound 30) (limit 6000))

(comment "CPSA 4.2.3")

(comment "All input read from sync_locn_envelope_no_auth.scm")

(comment "Step count limited to 6000")

(comment "Strand count bounded at 30")

(comment "Nonces checked first")

(defprotocol envelope basic
  (defrole tpm-power-on
    (vars (current-value mesg) (pcr locn) (tpm chan) (pt pt-0 pval))
    (trace (recv tpm "power on") (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 "0")))
    (uniq-orig pt-0))
  (defrole tpm-extend-enc
    (vars (value current-value mesg) (pcr-id nonce text) (pcr locn)
      (tpm chan) (pt pt-0 pval))
    (trace (send tpm (cat "token" nonce))
      (recv tpm (cat "extend" pcr-id value (hash pcr-id value nonce)))
      (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 (hash current-value value))) (send "ext ok"))
    (uniq-orig nonce pt-0))
  (defrole tpm-quote
    (vars (nonce current-value mesg) (pcr-id text) (aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "quote" pcr-id nonce))
      (load pcr (cat pt current-value))
      (send (enc "quote" pcr-id current-value nonce aik))))
  (defrole tpm-create-key
    (vars (k aik akey) (pcr-id text) (pcrval mesg) (tpm chan))
    (trace (recv tpm (cat "create-req" pcr-id pcrval))
      (send (enc "created" k pcr-id pcrval aik)))
    (non-orig (invk k))
    (uniq-orig k))
  (defrole tpm-decrypt
    (vars (m current-value mesg) (pcr-id text) (k aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "decrypt" (enc m k)))
      (recv (enc "created" k pcr-id current-value aik))
      (load pcr (cat pt current-value)) (send m))
    (non-orig aik))
  (defrole alice
    (vars (n v data) (pcr-id nonce text) (k aik akey)
      (tpm tpmconf chan))
    (trace (recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    (non-orig aik)
    (uniq-orig n v)
    (conf tpmconf)
    (neq (k aik)))
  (defrule genStV-if-hashed-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-not-catted-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 2)
          (p "tpm-extend-enc" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (cat v1 v2)))
        (false)))))

(defskeleton envelope
  (vars (pcr-id nonce text) (v n data) (k aik akey) (tpm tpmconf chan))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpm) (tpmconf tpmconf))
  (non-orig aik)
  (uniq-orig v n)
  (conf tpmconf)
  (traces ((recv v) (send v))
    ((recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k))))
  (label 0)
  (unrealized (0 0) (1 3))
  (preskeleton)
  (origs (v (1 4)) (n (1 1)))
  (comment "Not a skeleton"))

(defskeleton envelope
  (vars (nonce mesg) (pcr-id nonce-0 pcr-id-0 nonce-1 pcr-id-1 text)
    (v n data) (pt pt-0 pt-1 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-1)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-0) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((4 0) (1 0)) ((4 3) (3 2)) ((5 2) (2 0)) ((6 3) (0 0)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 v n pt pt-0 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation channel-test (displaced 7 3 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-2 (hash (hash "0" n) "obtain"))) (6 2))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-1 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain"))) (send v)))
  (label 54)
  (parent 0)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-1 (3 0)) (pt-0 (3 3)) (k (2 1)) (nonce-0 (4 0))
    (pt (4 3)) (v (1 4)) (n (1 1))))

(defskeleton envelope
  (vars (pcr-id nonce pcr-id-0 nonce-0 text) (v n data)
    (pt pt-0 pt-1 pval) (k aik akey) (tpmconf tpm tpm-0 chan)
    (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id) (pt pt)
    (k k) (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (precedes ((1 1) (5 1)) ((1 2) (2 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 3) (0 0)) ((4 3) (3 2)) ((5 0) (1 0)) ((5 3) (4 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 v n pt pt-0 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation encryption-test (contracted (tpm-1 tpmconf))
    (hash (hash "0" n) "obtain") (2 0)
    (ch-msg tpmconf
      (cat "create-req" pcr-id (hash (hash "0" n) "obtain"))))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n)))))
  (label 72)
  (parent 0)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (5 0)) (pt-0 (5 3)) (nonce-0 (4 0)) (pt (4 3)) (k (2 1))
    (n (1 1)) (v (1 4))))

(defskeleton envelope
  (vars (nonce mesg)
    (pcr-id nonce-0 pcr-id-0 nonce-1 pcr-id-1 pcr-id-2 nonce-2 text)
    (v n data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-1)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((4 0) (1 0)) ((4 3) (3 2)) ((4 3) (7 2)) ((5 2) (2 0))
    ((6 3) (0 0)) ((7 3) (6 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 v n pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation channel-test (displaced 8 4 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (7 2))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-1 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-2 "obtain"
          (hash pcr-id-2 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain")))))
  (label 78)
  (parent 0)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt (4 3)) (nonce-2 (7 0)) (pt-2 (7 3))
    (k (2 1)) (nonce-1 (3 0)) (pt-0 (3 3)) (v (1 4)) (n (1 1))))

(defskeleton envelope
  (vars (pcr-id nonce pcr-id-0 nonce-0 text) (v n data)
    (pt pt-0 pt-1 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id) (pt pt)
    (k k) (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k-0) (aik aik-0) (tpm tpmconf))
  (precedes ((1 1) (5 1)) ((1 2) (6 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 3) (0 0)) ((4 3) (3 2)) ((5 0) (1 0)) ((5 3) (4 2))
    ((6 1) (2 0)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 v n pt pt-0 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation encryption-test (displaced 7 1 alice 3)
    (hash (hash "0" n) "obtain") (6 0))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id (hash (hash "0" n) "obtain") aik-0))))
  (label 107)
  (parent 0)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (n (1 1)) (k-0 (6 1)) (nonce (5 0)) (pt-0 (5 3))
    (nonce-0 (4 0)) (pt (4 3)) (k (2 1)) (v (1 4))))

(defskeleton envelope
  (vars (nonce mesg) (pcr-id nonce-0 pcr-id-0 pcr-id-1 nonce-1 text)
    (v n data) (pt pt-0 pt-1 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-0) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-1) (k k) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (precedes ((1 1) (3 1)) ((1 4) (5 0)) ((2 1) (1 3)) ((3 0) (1 0))
    ((3 3) (4 1)) ((3 3) (6 2)) ((4 2) (2 0)) ((5 3) (0 0))
    ((6 3) (5 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 v n pt-0 pt-1 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation generalization deleted (3 0))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-0 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-0 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-1 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "obtain")))))
  (label 158)
  (parent 0)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (3 0)) (pt-0 (3 3)) (nonce-1 (6 0)) (pt-1 (6 3))
    (k (2 1)) (v (1 4)) (n (1 1))))

(comment "Nothing left to do")

(defprotocol envelope basic
  (defrole tpm-power-on
    (vars (current-value mesg) (pcr locn) (tpm chan) (pt pt-0 pval))
    (trace (recv tpm "power on") (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 "0")))
    (uniq-orig pt-0))
  (defrole tpm-extend-enc
    (vars (value current-value mesg) (pcr-id nonce text) (pcr locn)
      (tpm chan) (pt pt-0 pval))
    (trace (send tpm (cat "token" nonce))
      (recv tpm (cat "extend" pcr-id value (hash pcr-id value nonce)))
      (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 (hash current-value value))) (send "ext ok"))
    (uniq-orig nonce pt-0))
  (defrole tpm-quote
    (vars (nonce current-value mesg) (pcr-id text) (aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "quote" pcr-id nonce))
      (load pcr (cat pt current-value))
      (send (enc "quote" pcr-id current-value nonce aik))))
  (defrole tpm-create-key
    (vars (k aik akey) (pcr-id text) (pcrval mesg) (tpm chan))
    (trace (recv tpm (cat "create-req" pcr-id pcrval))
      (send (enc "created" k pcr-id pcrval aik)))
    (non-orig (invk k))
    (uniq-orig k))
  (defrole tpm-decrypt
    (vars (m current-value mesg) (pcr-id text) (k aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "decrypt" (enc m k)))
      (recv (enc "created" k pcr-id current-value aik))
      (load pcr (cat pt current-value)) (send m))
    (non-orig aik))
  (defrole alice
    (vars (n v data) (pcr-id nonce text) (k aik akey)
      (tpm tpmconf chan))
    (trace (recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    (non-orig aik)
    (uniq-orig n v)
    (conf tpmconf)
    (neq (k aik)))
  (defrule genStV-if-hashed-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-not-catted-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 2)
          (p "tpm-extend-enc" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (cat v1 v2)))
        (false)))))

(defskeleton envelope
  (vars (pcr-id pcr-id-0 nonce text) (n v data) (k aik akey)
    (tpm tpmconf chan))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpm) (tpmconf tpmconf))
  (non-orig aik)
  (uniq-orig n v)
  (conf tpmconf)
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpm
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k))))
  (label 388)
  (unrealized (0 0) (1 3))
  (preskeleton)
  (origs (v (1 4)) (n (1 1)))
  (comment "Not a skeleton"))

(defskeleton envelope
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 text) (n v data)
    (pt pt-0 pt-1 pval) (k aik akey) (tpmconf tpm tpm-0 chan)
    (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id) (pt pt)
    (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (precedes ((1 1) (5 1)) ((1 2) (2 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 2) (0 0)) ((4 3) (3 1)) ((5 0) (1 0)) ((5 3) (4 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 n v pt pt-0 k)
  (genStV (hash "0" n) (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation encryption-test (contracted (tpm-1 tpmconf))
    (hash (hash "0" n) "obtain") (2 0)
    (ch-msg tpmconf
      (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain"))))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-1 "refuse"
          (hash pcr-id-1 "refuse" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "refuse"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n)))))
  (label 440)
  (parent 388)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (5 0)) (pt-0 (5 3)) (nonce-0 (4 0)) (pt (4 3)) (n (1 1))
    (k (2 1)) (v (1 4))))

(defskeleton envelope
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((4 0) (1 0)) ((4 3) (3 2)) ((4 3) (7 2)) ((5 2) (2 0))
    ((6 2) (0 0)) ((7 3) (6 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 8 4 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (7 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 445)
  (parent 388)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt (4 3)) (nonce-2 (7 0)) (pt-2 (7 3))
    (nonce-1 (3 0)) (pt-0 (3 3)) (k (2 1)) (v (1 4)) (n (1 1))))

(defskeleton envelope
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 text) (n v data)
    (pt pt-0 pt-1 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id) (pt pt)
    (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k-0) (aik aik-0) (tpm tpmconf))
  (precedes ((1 1) (5 1)) ((1 2) (6 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 2) (0 0)) ((4 3) (3 1)) ((5 0) (1 0)) ((5 3) (4 2))
    ((6 1) (2 0)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 n v pt pt-0 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation encryption-test (displaced 7 1 alice 3)
    (hash (hash "0" n) "obtain") (6 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-1 "refuse"
          (hash pcr-id-1 "refuse" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "refuse"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id-0 (hash (hash "0" n) "obtain")
          aik-0))))
  (label 466)
  (parent 388)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (n (1 1)) (k-0 (6 1)) (nonce (5 0)) (pt-0 (5 3))
    (nonce-0 (4 0)) (pt (4 3)) (k (2 1)) (v (1 4))))

(defskeleton envelope
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 pcr-id-2 nonce-1 text) (n v data)
    (pt pt-0 pt-1 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-1) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-1) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (precedes ((1 1) (3 1)) ((1 4) (5 0)) ((2 1) (1 3)) ((3 0) (1 0))
    ((3 3) (4 1)) ((3 3) (6 2)) ((4 2) (2 0)) ((5 2) (0 0))
    ((6 3) (5 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 n v pt-0 pt-1 k)
  (genStV (hash "0" n) (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation generalization deleted (3 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-1 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-1 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "refuse")))))
  (label 504)
  (parent 388)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (3 0)) (pt-0 (3 3)) (nonce-1 (6 0)) (pt-1 (6 3))
    (k (2 1)) (v (1 4)) (n (1 1))))

(comment "Nothing left to do")

(defprotocol envelope basic
  (defrole tpm-power-on
    (vars (current-value mesg) (pcr locn) (tpm chan) (pt pt-0 pval))
    (trace (recv tpm "power on") (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 "0")))
    (uniq-orig pt-0))
  (defrole tpm-extend-enc
    (vars (value current-value mesg) (pcr-id nonce text) (pcr locn)
      (tpm chan) (pt pt-0 pval))
    (trace (send tpm (cat "token" nonce))
      (recv tpm (cat "extend" pcr-id value (hash pcr-id value nonce)))
      (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 (hash current-value value))) (send "ext ok"))
    (uniq-orig nonce pt-0))
  (defrole tpm-quote
    (vars (nonce current-value mesg) (pcr-id text) (aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "quote" pcr-id nonce))
      (load pcr (cat pt current-value))
      (send (enc "quote" pcr-id current-value nonce aik))))
  (defrole tpm-create-key
    (vars (k aik akey) (pcr-id text) (pcrval mesg) (tpm chan))
    (trace (recv tpm (cat "create-req" pcr-id pcrval))
      (send (enc "created" k pcr-id pcrval aik)))
    (non-orig (invk k))
    (uniq-orig k))
  (defrole tpm-decrypt
    (vars (m current-value mesg) (pcr-id text) (k aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "decrypt" (enc m k)))
      (recv (enc "created" k pcr-id current-value aik))
      (load pcr (cat pt current-value)) (send m))
    (non-orig aik))
  (defrole alice
    (vars (n v data) (pcr-id nonce text) (k aik akey)
      (tpm tpmconf chan))
    (trace (recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    (non-orig aik)
    (uniq-orig n v)
    (conf tpmconf)
    (neq (k aik)))
  (defrule genStV-if-hashed-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-not-catted-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 2)
          (p "tpm-extend-enc" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (cat v1 v2)))
        (false)))))

(defskeleton envelope
  (vars (pcr-id pcr-id-0 nonce text) (n v data) (k aik akey)
    (tpm tpmconf chan))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpm) (tpmconf tpmconf))
  (non-orig aik)
  (uniq-orig n v)
  (conf tpmconf)
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpm
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k))))
  (label 590)
  (unrealized (0 0) (1 0) (2 3))
  (preskeleton)
  (origs (v (2 4)) (n (2 1)))
  (comment "Not a skeleton"))

(defskeleton envelope
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-0) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-4) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (8 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((5 0) (2 0)) ((5 3) (4 2)) ((5 3) (9 2))
    ((6 2) (3 0)) ((7 3) (1 0)) ((8 2) (0 0)) ((9 3) (8 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 10 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (9 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain"))) (send v))
    ((recv tpm-3 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-4 (cat "token" nonce-2))
      (recv tpm-4
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 756)
  (parent 590)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-2 (9 0)) (pt-2 (9 3))
    (nonce-1 (4 0)) (pt-0 (4 3)) (k (3 1)) (v (2 4)) (n (2 1))))

(defskeleton envelope
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 pcr-id-2 nonce-1 text)
    (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt) (k k) (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-2) (pcr pcr))
  (precedes ((2 1) (6 1)) ((2 2) (3 0)) ((2 4) (4 0)) ((2 4) (7 0))
    ((3 1) (2 3)) ((4 3) (1 0)) ((5 3) (4 2)) ((6 0) (2 0))
    ((6 3) (5 2)) ((6 3) (8 2)) ((7 2) (0 0)) ((8 3) (7 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 nonce-1 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 9 6 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (8 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 780)
  (parent 590)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (6 0)) (pt-0 (6 3)) (nonce-1 (8 0)) (pt-2 (8 3))
    (nonce-0 (5 0)) (pt (5 3)) (k (3 1)) (n (2 1)) (v (2 4))))

(defskeleton envelope
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      pcr-id-4 nonce-3 text) (n v data) (pt pt-0 pt-1 pt-2 pt-3 pval)
    (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 tpm-5 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-3) (aik aik) (tpm tpm-4) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-4) (nonce nonce-3)
    (pt pt) (pt-0 pt-3) (tpm tpm-5) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (9 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((5 0) (2 0)) ((5 3) (4 2)) ((5 3) (8 2))
    ((5 3) (10 2)) ((6 2) (3 0)) ((7 3) (1 0)) ((8 3) (7 2))
    ((9 2) (0 0)) ((10 3) (9 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 nonce-3 n v pt pt-0 pt-2 pt-3 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 11 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-4 (hash "0" n))) (10 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "obtain"
          (hash pcr-id-3 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain"))))
    ((recv tpm-4 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-3 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-5 (cat "token" nonce-3))
      (recv tpm-5
        (cat "extend" pcr-id-4 "refuse"
          (hash pcr-id-4 "refuse" nonce-3)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-3 (hash (hash "0" n) "refuse")))))
  (label 819)
  (parent 590)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-3 (10 0)) (pt-3 (10 3))
    (nonce-2 (8 0)) (pt-2 (8 3)) (k (3 1)) (nonce-1 (4 0)) (pt-0 (4 3))
    (v (2 4)) (n (2 1))))

(defskeleton envelope
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 pcr-id-2 nonce-1 text)
    (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt) (k k) (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k-0) (aik aik-0) (tpm tpmconf))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((2 1) (6 1)) ((2 2) (7 0)) ((2 4) (4 0)) ((2 4) (8 0))
    ((3 1) (2 3)) ((4 3) (1 0)) ((5 3) (4 2)) ((6 0) (2 0))
    ((6 3) (5 2)) ((6 3) (9 2)) ((7 1) (3 0)) ((8 2) (0 0))
    ((9 3) (8 1)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 nonce-1 n v pt pt-0 pt-2 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 10 6 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (9 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id-0 (hash (hash "0" n) "obtain")
          aik-0)))
    ((recv tpm-2 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-3 (cat "token" nonce-1))
      (recv tpm-3
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 885)
  (parent 590)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (6 0)) (pt-0 (6 3)) (nonce-1 (9 0)) (pt-2 (9 3))
    (n (2 1)) (k-0 (7 1)) (nonce-0 (5 0)) (pt (5 3)) (k (3 1))
    (v (2 4))))

(defskeleton envelope
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 pcr-id-2 nonce-1 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-1) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-1) (k k) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-4) (pcr pcr))
  (precedes ((2 1) (4 1)) ((2 4) (6 0)) ((2 4) (8 0)) ((3 1) (2 3))
    ((4 0) (2 0)) ((4 3) (5 1)) ((4 3) (7 2)) ((4 3) (9 2))
    ((5 2) (3 0)) ((6 3) (1 0)) ((7 3) (6 2)) ((8 2) (0 0))
    ((9 3) (8 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt-0 pt-1 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation generalization deleted (4 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-1 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-1 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "obtain"
          (hash pcr-id-2 "obtain" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "obtain"))))
    ((recv tpm-3 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-4 (cat "token" nonce-2))
      (recv tpm-4
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 962)
  (parent 590)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt-0 (4 3)) (nonce-2 (9 0)) (pt-2 (9 3))
    (nonce-1 (7 0)) (pt-1 (7 3)) (k (3 1)) (v (2 4)) (n (2 1))))

(comment "Nothing left to do")

(defprotocol envelope-plus basic
  (defrole tpm-power-on
    (vars (current-value mesg) (pcr locn) (tpm chan) (pt pt-0 pval))
    (trace (recv tpm "power on") (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 "0")))
    (uniq-orig pt-0))
  (defrole tpm-extend-enc
    (vars (value current-value mesg) (pcr-id nonce text) (pcr locn)
      (tpm chan) (pt pt-0 pval))
    (trace (send tpm (cat "token" nonce))
      (recv tpm (cat "extend" pcr-id value (hash pcr-id value nonce)))
      (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 (hash current-value value))) (send "ext ok"))
    (uniq-orig nonce pt-0))
  (defrole tpm-quote
    (vars (nonce current-value mesg) (pcr-id text) (aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "quote" pcr-id nonce))
      (load pcr (cat pt current-value))
      (send (enc "quote" pcr-id current-value nonce aik))))
  (defrole tpm-create-key
    (vars (k aik akey) (pcr-id text) (pcrval mesg) (tpm chan))
    (trace (recv tpm (cat "create-req" pcr-id pcrval))
      (send (enc "created" k pcr-id pcrval aik)))
    (non-orig (invk k))
    (uniq-orig k))
  (defrole tpm-decrypt
    (vars (m current-value mesg) (pcr-id text) (k aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "decrypt" (enc m k)))
      (recv (enc "created" k pcr-id current-value aik))
      (load pcr (cat pt current-value)) (send m))
    (non-orig aik))
  (defrole alice
    (vars (n v data) (pcr-id nonce text) (k aik akey)
      (tpm tpmconf chan))
    (trace (recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    (non-orig aik)
    (uniq-orig n v)
    (conf tpmconf)
    (neq (k aik)))
  (defrule genStV-if-hashed-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-not-catted-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 2)
          (p "tpm-extend-enc" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (cat v1 v2)))
        (false))))
  (defrule ordered-extends
    (forall ((y z strd) (pcr locn))
      (implies
        (and (p "tpm-extend-enc" y 4) (p "tpm-extend-enc" z 4)
          (p "tpm-extend-enc" "pcr" y pcr)
          (p "tpm-extend-enc" "pcr" z pcr))
        (or (= y z) (prec y 3 z 2) (prec z 3 y 2))))))

(defskeleton envelope-plus
  (vars (pcr-id nonce text) (v n data) (k aik akey) (tpm tpmconf chan))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpm) (tpmconf tpmconf))
  (non-orig aik)
  (uniq-orig v n)
  (conf tpmconf)
  (traces ((recv v) (send v))
    ((recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k))))
  (label 1220)
  (unrealized (0 0) (1 3))
  (preskeleton)
  (origs (v (1 4)) (n (1 1)))
  (comment "Not a skeleton"))

(defskeleton envelope-plus
  (vars (nonce mesg) (pcr-id nonce-0 pcr-id-0 nonce-1 pcr-id-1 text)
    (v n data) (pt pt-0 pt-1 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-1)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-0) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((4 0) (1 0)) ((4 3) (3 2)) ((5 2) (2 0)) ((6 3) (0 0)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 v n pt pt-0 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation channel-test (displaced 7 3 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-2 (hash (hash "0" n) "obtain"))) (6 2))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-1 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain"))) (send v)))
  (label 1274)
  (parent 1220)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-1 (3 0)) (pt-0 (3 3)) (k (2 1)) (nonce-0 (4 0))
    (pt (4 3)) (v (1 4)) (n (1 1))))

(defskeleton envelope-plus
  (vars (pcr-id nonce pcr-id-0 nonce-0 text) (v n data)
    (pt pt-0 pt-1 pval) (k aik akey) (tpmconf tpm tpm-0 chan)
    (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id) (pt pt)
    (k k) (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (precedes ((1 1) (5 1)) ((1 2) (2 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 3) (0 0)) ((4 3) (3 2)) ((5 0) (1 0)) ((5 3) (4 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 v n pt pt-0 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation encryption-test (contracted (tpm-1 tpmconf))
    (hash (hash "0" n) "obtain") (2 0)
    (ch-msg tpmconf
      (cat "create-req" pcr-id (hash (hash "0" n) "obtain"))))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n)))))
  (label 1292)
  (parent 1220)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (5 0)) (pt-0 (5 3)) (nonce-0 (4 0)) (pt (4 3)) (k (2 1))
    (n (1 1)) (v (1 4))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id nonce-0 pcr-id-0 nonce-1 pcr-id-1 pcr-id-2 nonce-2 text)
    (v n data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-1)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((3 3) (7 2)) ((4 0) (1 0)) ((4 3) (3 2)) ((5 2) (2 0))
    ((6 3) (0 0)) ((7 3) (6 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 v n pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 8 4 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (7 2))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-1 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-2 "obtain"
          (hash pcr-id-2 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain")))))
  (label 1298)
  (parent 1220)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt (4 3)) (nonce-2 (7 0)) (pt-2 (7 3))
    (k (2 1)) (nonce-1 (3 0)) (pt-0 (3 3)) (v (1 4)) (n (1 1))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id nonce-0 pcr-id-0 nonce-1 pcr-id-1 pcr-id-2 nonce-2 text)
    (v n data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-1)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((4 0) (1 0)) ((4 3) (7 2)) ((5 2) (2 0)) ((6 3) (0 0))
    ((7 3) (3 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 v n pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 8 4 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (7 2))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-1 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-2 "obtain"
          (hash pcr-id-2 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain")))))
  (label 1299)
  (parent 1220)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt (4 3)) (nonce-2 (7 0)) (pt-2 (7 3))
    (k (2 1)) (nonce-1 (3 0)) (pt-0 (3 3)) (v (1 4)) (n (1 1))))

(defskeleton envelope-plus
  (vars (pcr-id nonce pcr-id-0 nonce-0 text) (v n data)
    (pt pt-0 pt-1 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id) (pt pt)
    (k k) (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k-0) (aik aik-0) (tpm tpmconf))
  (precedes ((1 1) (5 1)) ((1 2) (6 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 3) (0 0)) ((4 3) (3 2)) ((5 0) (1 0)) ((5 3) (4 2))
    ((6 1) (2 0)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 v n pt pt-0 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation encryption-test (displaced 7 1 alice 3)
    (hash (hash "0" n) "obtain") (6 0))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id (hash (hash "0" n) "obtain") aik-0))))
  (label 1329)
  (parent 1220)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (n (1 1)) (k-0 (6 1)) (nonce (5 0)) (pt-0 (5 3))
    (nonce-0 (4 0)) (pt (4 3)) (k (2 1)) (v (1 4))))

(defskeleton envelope-plus
  (vars (nonce mesg) (pcr-id nonce-0 pcr-id-0 pcr-id-1 nonce-1 text)
    (v n data) (pt pt-0 pt-1 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-0) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-1) (k k) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (precedes ((1 1) (3 1)) ((1 4) (5 0)) ((2 1) (1 3)) ((3 0) (1 0))
    ((3 3) (4 1)) ((3 3) (6 2)) ((4 2) (2 0)) ((5 3) (0 0))
    ((6 3) (5 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 v n pt-0 pt-1 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation generalization deleted (3 0))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-0 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-0 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-1 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "obtain")))))
  (label 1387)
  (parent 1220)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (3 0)) (pt-0 (3 3)) (nonce-1 (6 0)) (pt-1 (6 3))
    (k (2 1)) (v (1 4)) (n (1 1))))

(comment "Nothing left to do")

(defprotocol envelope-plus basic
  (defrole tpm-power-on
    (vars (current-value mesg) (pcr locn) (tpm chan) (pt pt-0 pval))
    (trace (recv tpm "power on") (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 "0")))
    (uniq-orig pt-0))
  (defrole tpm-extend-enc
    (vars (value current-value mesg) (pcr-id nonce text) (pcr locn)
      (tpm chan) (pt pt-0 pval))
    (trace (send tpm (cat "token" nonce))
      (recv tpm (cat "extend" pcr-id value (hash pcr-id value nonce)))
      (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 (hash current-value value))) (send "ext ok"))
    (uniq-orig nonce pt-0))
  (defrole tpm-quote
    (vars (nonce current-value mesg) (pcr-id text) (aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "quote" pcr-id nonce))
      (load pcr (cat pt current-value))
      (send (enc "quote" pcr-id current-value nonce aik))))
  (defrole tpm-create-key
    (vars (k aik akey) (pcr-id text) (pcrval mesg) (tpm chan))
    (trace (recv tpm (cat "create-req" pcr-id pcrval))
      (send (enc "created" k pcr-id pcrval aik)))
    (non-orig (invk k))
    (uniq-orig k))
  (defrole tpm-decrypt
    (vars (m current-value mesg) (pcr-id text) (k aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "decrypt" (enc m k)))
      (recv (enc "created" k pcr-id current-value aik))
      (load pcr (cat pt current-value)) (send m))
    (non-orig aik))
  (defrole alice
    (vars (n v data) (pcr-id nonce text) (k aik akey)
      (tpm tpmconf chan))
    (trace (recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    (non-orig aik)
    (uniq-orig n v)
    (conf tpmconf)
    (neq (k aik)))
  (defrule genStV-if-hashed-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-not-catted-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 2)
          (p "tpm-extend-enc" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (cat v1 v2)))
        (false))))
  (defrule ordered-extends
    (forall ((y z strd) (pcr locn))
      (implies
        (and (p "tpm-extend-enc" y 4) (p "tpm-extend-enc" z 4)
          (p "tpm-extend-enc" "pcr" y pcr)
          (p "tpm-extend-enc" "pcr" z pcr))
        (or (= y z) (prec y 3 z 2) (prec z 3 y 2))))))

(defskeleton envelope-plus
  (vars (pcr-id pcr-id-0 nonce text) (n v data) (k aik akey)
    (tpm tpmconf chan))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpm) (tpmconf tpmconf))
  (non-orig aik)
  (uniq-orig n v)
  (conf tpmconf)
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpm
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k))))
  (label 1737)
  (unrealized (0 0) (1 3))
  (preskeleton)
  (origs (v (1 4)) (n (1 1)))
  (comment "Not a skeleton"))

(defskeleton envelope-plus
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 text) (n v data)
    (pt pt-0 pt-1 pval) (k aik akey) (tpmconf tpm tpm-0 chan)
    (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id) (pt pt)
    (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (precedes ((1 1) (5 1)) ((1 2) (2 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 2) (0 0)) ((4 3) (3 1)) ((5 0) (1 0)) ((5 3) (4 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 n v pt pt-0 k)
  (genStV (hash "0" n) (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation encryption-test (contracted (tpm-1 tpmconf))
    (hash (hash "0" n) "obtain") (2 0)
    (ch-msg tpmconf
      (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain"))))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-1 "refuse"
          (hash pcr-id-1 "refuse" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "refuse"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n)))))
  (label 1789)
  (parent 1737)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (5 0)) (pt-0 (5 3)) (nonce-0 (4 0)) (pt (4 3)) (n (1 1))
    (k (2 1)) (v (1 4))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((3 3) (7 2)) ((4 0) (1 0)) ((4 3) (3 2)) ((5 2) (2 0))
    ((6 2) (0 0)) ((7 3) (6 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 8 4 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (7 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 1794)
  (parent 1737)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt (4 3)) (nonce-2 (7 0)) (pt-2 (7 3))
    (nonce-1 (3 0)) (pt-0 (3 3)) (k (2 1)) (v (1 4)) (n (1 1))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((4 0) (1 0)) ((4 3) (7 2)) ((5 2) (2 0)) ((6 2) (0 0))
    ((7 3) (3 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 8 4 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (7 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 1795)
  (parent 1737)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt (4 3)) (nonce-2 (7 0)) (pt-2 (7 3))
    (nonce-1 (3 0)) (pt-0 (3 3)) (k (2 1)) (v (1 4)) (n (1 1))))

(defskeleton envelope-plus
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 text) (n v data)
    (pt pt-0 pt-1 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id) (pt pt)
    (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k-0) (aik aik-0) (tpm tpmconf))
  (precedes ((1 1) (5 1)) ((1 2) (6 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 2) (0 0)) ((4 3) (3 1)) ((5 0) (1 0)) ((5 3) (4 2))
    ((6 1) (2 0)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 n v pt pt-0 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation encryption-test (displaced 7 1 alice 3)
    (hash (hash "0" n) "obtain") (6 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-1 "refuse"
          (hash pcr-id-1 "refuse" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "refuse"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id-0 (hash (hash "0" n) "obtain")
          aik-0))))
  (label 1817)
  (parent 1737)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (n (1 1)) (k-0 (6 1)) (nonce (5 0)) (pt-0 (5 3))
    (nonce-0 (4 0)) (pt (4 3)) (k (2 1)) (v (1 4))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 pcr-id-2 nonce-1 text) (n v data)
    (pt pt-0 pt-1 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-1) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-1) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (precedes ((1 1) (3 1)) ((1 4) (5 0)) ((2 1) (1 3)) ((3 0) (1 0))
    ((3 3) (4 1)) ((3 3) (6 2)) ((4 2) (2 0)) ((5 2) (0 0))
    ((6 3) (5 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 n v pt-0 pt-1 k)
  (genStV (hash "0" n) (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation generalization deleted (3 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-1 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-1 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "refuse")))))
  (label 1861)
  (parent 1737)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (3 0)) (pt-0 (3 3)) (nonce-1 (6 0)) (pt-1 (6 3))
    (k (2 1)) (v (1 4)) (n (1 1))))

(comment "Nothing left to do")

(defprotocol envelope-plus basic
  (defrole tpm-power-on
    (vars (current-value mesg) (pcr locn) (tpm chan) (pt pt-0 pval))
    (trace (recv tpm "power on") (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 "0")))
    (uniq-orig pt-0))
  (defrole tpm-extend-enc
    (vars (value current-value mesg) (pcr-id nonce text) (pcr locn)
      (tpm chan) (pt pt-0 pval))
    (trace (send tpm (cat "token" nonce))
      (recv tpm (cat "extend" pcr-id value (hash pcr-id value nonce)))
      (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 (hash current-value value))) (send "ext ok"))
    (uniq-orig nonce pt-0))
  (defrole tpm-quote
    (vars (nonce current-value mesg) (pcr-id text) (aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "quote" pcr-id nonce))
      (load pcr (cat pt current-value))
      (send (enc "quote" pcr-id current-value nonce aik))))
  (defrole tpm-create-key
    (vars (k aik akey) (pcr-id text) (pcrval mesg) (tpm chan))
    (trace (recv tpm (cat "create-req" pcr-id pcrval))
      (send (enc "created" k pcr-id pcrval aik)))
    (non-orig (invk k))
    (uniq-orig k))
  (defrole tpm-decrypt
    (vars (m current-value mesg) (pcr-id text) (k aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "decrypt" (enc m k)))
      (recv (enc "created" k pcr-id current-value aik))
      (load pcr (cat pt current-value)) (send m))
    (non-orig aik))
  (defrole alice
    (vars (n v data) (pcr-id nonce text) (k aik akey)
      (tpm tpmconf chan))
    (trace (recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    (non-orig aik)
    (uniq-orig n v)
    (conf tpmconf)
    (neq (k aik)))
  (defrule genStV-if-hashed-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-not-catted-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 2)
          (p "tpm-extend-enc" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (cat v1 v2)))
        (false))))
  (defrule ordered-extends
    (forall ((y z strd) (pcr locn))
      (implies
        (and (p "tpm-extend-enc" y 4) (p "tpm-extend-enc" z 4)
          (p "tpm-extend-enc" "pcr" y pcr)
          (p "tpm-extend-enc" "pcr" z pcr))
        (or (= y z) (prec y 3 z 2) (prec z 3 y 2))))))

(defskeleton envelope-plus
  (vars (pcr-id pcr-id-0 nonce text) (n v data) (k aik akey)
    (tpm tpmconf chan))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpm) (tpmconf tpmconf))
  (non-orig aik)
  (uniq-orig n v)
  (conf tpmconf)
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpm
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k))))
  (label 2117)
  (unrealized (0 0) (1 0) (2 3))
  (preskeleton)
  (origs (v (2 4)) (n (2 1)))
  (comment "Not a skeleton"))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-0) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-4) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (8 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((4 3) (9 2)) ((5 0) (2 0)) ((5 3) (4 2))
    ((6 2) (3 0)) ((7 3) (1 0)) ((8 2) (0 0)) ((9 3) (8 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 10 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (9 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain"))) (send v))
    ((recv tpm-3 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-4 (cat "token" nonce-2))
      (recv tpm-4
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 2293)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-2 (9 0)) (pt-2 (9 3))
    (nonce-1 (4 0)) (pt-0 (4 3)) (k (3 1)) (v (2 4)) (n (2 1))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-0) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-4) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (8 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((5 0) (2 0)) ((5 3) (9 2)) ((6 2) (3 0))
    ((7 3) (1 0)) ((8 2) (0 0)) ((9 3) (4 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 10 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (9 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain"))) (send v))
    ((recv tpm-3 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-4 (cat "token" nonce-2))
      (recv tpm-4
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 2294)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-2 (9 0)) (pt-2 (9 3))
    (nonce-1 (4 0)) (pt-0 (4 3)) (k (3 1)) (v (2 4)) (n (2 1))))

(defskeleton envelope-plus
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 pcr-id-2 nonce-1 text)
    (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt) (k k) (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-2) (pcr pcr))
  (precedes ((2 1) (6 1)) ((2 2) (3 0)) ((2 4) (4 0)) ((2 4) (7 0))
    ((3 1) (2 3)) ((4 3) (1 0)) ((5 3) (4 2)) ((5 3) (8 2))
    ((6 0) (2 0)) ((6 3) (5 2)) ((7 2) (0 0)) ((8 3) (7 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 nonce-1 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 9 6 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (8 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 2323)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (6 0)) (pt-0 (6 3)) (nonce-1 (8 0)) (pt-2 (8 3))
    (nonce-0 (5 0)) (pt (5 3)) (k (3 1)) (n (2 1)) (v (2 4))))

(defskeleton envelope-plus
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 pcr-id-2 nonce-1 text)
    (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt) (k k) (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-2) (pcr pcr))
  (precedes ((2 1) (6 1)) ((2 2) (3 0)) ((2 4) (4 0)) ((2 4) (7 0))
    ((3 1) (2 3)) ((4 3) (1 0)) ((5 3) (4 2)) ((6 0) (2 0))
    ((6 3) (8 2)) ((7 2) (0 0)) ((8 3) (5 2)) ((8 3) (7 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 nonce-1 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 9 6 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (8 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 2324)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (6 0)) (pt-0 (6 3)) (nonce-1 (8 0)) (pt-2 (8 3))
    (nonce-0 (5 0)) (pt (5 3)) (k (3 1)) (n (2 1)) (v (2 4))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      pcr-id-4 nonce-3 text) (n v data) (pt pt-0 pt-1 pt-2 pt-3 pval)
    (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 tpm-5 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-3) (aik aik) (tpm tpm-4) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-4) (nonce nonce-3)
    (pt pt) (pt-0 pt-3) (tpm tpm-5) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (9 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((4 3) (8 2)) ((5 0) (2 0)) ((5 3) (10 2))
    ((6 2) (3 0)) ((7 3) (1 0)) ((8 3) (7 2)) ((9 2) (0 0))
    ((10 3) (4 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 nonce-3 n v pt pt-0 pt-2 pt-3 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 11 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-4 (hash "0" n))) (10 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "obtain"
          (hash pcr-id-3 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain"))))
    ((recv tpm-4 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-3 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-5 (cat "token" nonce-3))
      (recv tpm-5
        (cat "extend" pcr-id-4 "refuse"
          (hash pcr-id-4 "refuse" nonce-3)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-3 (hash (hash "0" n) "refuse")))))
  (label 2376)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-3 (10 0)) (pt-3 (10 3))
    (nonce-2 (8 0)) (pt-2 (8 3)) (k (3 1)) (nonce-1 (4 0)) (pt-0 (4 3))
    (v (2 4)) (n (2 1))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      pcr-id-4 nonce-3 text) (n v data) (pt pt-0 pt-1 pt-2 pt-3 pval)
    (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 tpm-5 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-3) (aik aik) (tpm tpm-4) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-4) (nonce nonce-3)
    (pt pt) (pt-0 pt-3) (tpm tpm-5) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (9 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((4 3) (8 2)) ((5 0) (2 0)) ((5 3) (4 2))
    ((6 2) (3 0)) ((7 3) (1 0)) ((8 3) (7 2)) ((8 3) (10 2))
    ((9 2) (0 0)) ((10 3) (9 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 nonce-3 n v pt pt-0 pt-2 pt-3 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 11 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-4 (hash "0" n))) (10 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "obtain"
          (hash pcr-id-3 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain"))))
    ((recv tpm-4 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-3 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-5 (cat "token" nonce-3))
      (recv tpm-5
        (cat "extend" pcr-id-4 "refuse"
          (hash pcr-id-4 "refuse" nonce-3)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-3 (hash (hash "0" n) "refuse")))))
  (label 2377)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-3 (10 0)) (pt-3 (10 3))
    (nonce-2 (8 0)) (pt-2 (8 3)) (k (3 1)) (nonce-1 (4 0)) (pt-0 (4 3))
    (v (2 4)) (n (2 1))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      pcr-id-4 nonce-3 text) (n v data) (pt pt-0 pt-1 pt-2 pt-3 pval)
    (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 tpm-5 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-3) (aik aik) (tpm tpm-4) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-4) (nonce nonce-3)
    (pt pt) (pt-0 pt-3) (tpm tpm-5) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (9 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((4 3) (10 2)) ((5 0) (2 0)) ((5 3) (4 2))
    ((6 2) (3 0)) ((7 3) (1 0)) ((8 3) (7 2)) ((9 2) (0 0))
    ((10 3) (8 2)) ((10 3) (9 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 nonce-3 n v pt pt-0 pt-2 pt-3 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends ordered-extends)
  (operation channel-test (displaced 11 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-4 (hash "0" n))) (10 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "obtain"
          (hash pcr-id-3 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain"))))
    ((recv tpm-4 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-3 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-5 (cat "token" nonce-3))
      (recv tpm-5
        (cat "extend" pcr-id-4 "refuse"
          (hash pcr-id-4 "refuse" nonce-3)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-3 (hash (hash "0" n) "refuse")))))
  (label 2378)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-3 (10 0)) (pt-3 (10 3))
    (nonce-2 (8 0)) (pt-2 (8 3)) (k (3 1)) (nonce-1 (4 0)) (pt-0 (4 3))
    (v (2 4)) (n (2 1))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      pcr-id-4 nonce-3 text) (n v data) (pt pt-0 pt-1 pt-2 pt-3 pval)
    (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 tpm-5 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-3) (aik aik) (tpm tpm-4) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-4) (nonce nonce-3)
    (pt pt) (pt-0 pt-3) (tpm tpm-5) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (9 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((4 3) (10 2)) ((5 0) (2 0)) ((5 3) (8 2))
    ((6 2) (3 0)) ((7 3) (1 0)) ((8 3) (4 2)) ((9 2) (0 0))
    ((10 3) (9 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 nonce-3 n v pt pt-0 pt-2 pt-3 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 11 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-4 (hash "0" n))) (10 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "obtain"
          (hash pcr-id-3 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain"))))
    ((recv tpm-4 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-3 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-5 (cat "token" nonce-3))
      (recv tpm-5
        (cat "extend" pcr-id-4 "refuse"
          (hash pcr-id-4 "refuse" nonce-3)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-3 (hash (hash "0" n) "refuse")))))
  (label 2380)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-3 (10 0)) (pt-3 (10 3))
    (nonce-2 (8 0)) (pt-2 (8 3)) (k (3 1)) (nonce-1 (4 0)) (pt-0 (4 3))
    (v (2 4)) (n (2 1))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      pcr-id-4 nonce-3 text) (n v data) (pt pt-0 pt-1 pt-2 pt-3 pval)
    (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 tpm-5 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-3) (aik aik) (tpm tpm-4) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-4) (nonce nonce-3)
    (pt pt) (pt-0 pt-3) (tpm tpm-5) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (9 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((5 0) (2 0)) ((5 3) (10 2)) ((6 2) (3 0))
    ((7 3) (1 0)) ((8 3) (4 2)) ((9 2) (0 0)) ((10 3) (8 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 nonce-3 n v pt pt-0 pt-2 pt-3 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 11 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-4 (hash "0" n))) (10 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "obtain"
          (hash pcr-id-3 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain"))))
    ((recv tpm-4 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-3 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-5 (cat "token" nonce-3))
      (recv tpm-5
        (cat "extend" pcr-id-4 "refuse"
          (hash pcr-id-4 "refuse" nonce-3)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-3 (hash (hash "0" n) "refuse")))))
  (label 2381)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-3 (10 0)) (pt-3 (10 3))
    (nonce-2 (8 0)) (pt-2 (8 3)) (k (3 1)) (nonce-1 (4 0)) (pt-0 (4 3))
    (v (2 4)) (n (2 1))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      pcr-id-4 nonce-3 text) (n v data) (pt pt-0 pt-1 pt-2 pt-3 pval)
    (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 tpm-5 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-3) (aik aik) (tpm tpm-4) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-4) (nonce nonce-3)
    (pt pt) (pt-0 pt-3) (tpm tpm-5) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (9 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((5 0) (2 0)) ((5 3) (8 2)) ((6 2) (3 0))
    ((7 3) (1 0)) ((8 3) (10 2)) ((9 2) (0 0)) ((10 3) (4 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 nonce-3 n v pt pt-0 pt-2 pt-3 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends ordered-extends)
  (operation channel-test (displaced 11 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-4 (hash "0" n))) (10 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "obtain"
          (hash pcr-id-3 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain"))))
    ((recv tpm-4 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-3 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-5 (cat "token" nonce-3))
      (recv tpm-5
        (cat "extend" pcr-id-4 "refuse"
          (hash pcr-id-4 "refuse" nonce-3)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-3 (hash (hash "0" n) "refuse")))))
  (label 2382)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-3 (10 0)) (pt-3 (10 3))
    (nonce-2 (8 0)) (pt-2 (8 3)) (k (3 1)) (nonce-1 (4 0)) (pt-0 (4 3))
    (v (2 4)) (n (2 1))))

(defskeleton envelope-plus
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 pcr-id-2 nonce-1 text)
    (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt) (k k) (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k-0) (aik aik-0) (tpm tpmconf))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((2 1) (6 1)) ((2 2) (7 0)) ((2 4) (4 0)) ((2 4) (8 0))
    ((3 1) (2 3)) ((4 3) (1 0)) ((5 3) (4 2)) ((5 3) (9 2))
    ((6 0) (2 0)) ((6 3) (5 2)) ((7 1) (3 0)) ((8 2) (0 0))
    ((9 3) (8 1)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 nonce-1 n v pt pt-0 pt-2 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 10 6 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (9 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id-0 (hash (hash "0" n) "obtain")
          aik-0)))
    ((recv tpm-2 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-3 (cat "token" nonce-1))
      (recv tpm-3
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 2479)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (6 0)) (pt-0 (6 3)) (nonce-1 (9 0)) (pt-2 (9 3))
    (n (2 1)) (k-0 (7 1)) (nonce-0 (5 0)) (pt (5 3)) (k (3 1))
    (v (2 4))))

(defskeleton envelope-plus
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 pcr-id-2 nonce-1 text)
    (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt) (k k) (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k-0) (aik aik-0) (tpm tpmconf))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((2 1) (6 1)) ((2 2) (7 0)) ((2 4) (4 0)) ((2 4) (8 0))
    ((3 1) (2 3)) ((4 3) (1 0)) ((5 3) (4 2)) ((6 0) (2 0))
    ((6 3) (9 2)) ((7 1) (3 0)) ((8 2) (0 0)) ((9 3) (5 2))
    ((9 3) (8 1)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 nonce-1 n v pt pt-0 pt-2 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (rule ordered-extends)
  (operation channel-test (displaced 10 6 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (9 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id-0 (hash (hash "0" n) "obtain")
          aik-0)))
    ((recv tpm-2 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-3 (cat "token" nonce-1))
      (recv tpm-3
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 2480)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (6 0)) (pt-0 (6 3)) (nonce-1 (9 0)) (pt-2 (9 3))
    (n (2 1)) (k-0 (7 1)) (nonce-0 (5 0)) (pt (5 3)) (k (3 1))
    (v (2 4))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 pcr-id-2 nonce-1 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-1) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-1) (k k) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-4) (pcr pcr))
  (precedes ((2 1) (4 1)) ((2 4) (6 0)) ((2 4) (8 0)) ((3 1) (2 3))
    ((4 0) (2 0)) ((4 3) (5 1)) ((4 3) (7 2)) ((5 2) (3 0))
    ((6 3) (1 0)) ((7 3) (6 2)) ((7 3) (9 2)) ((8 2) (0 0))
    ((9 3) (8 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt-0 pt-1 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation generalization deleted (4 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-1 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-1 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "obtain"
          (hash pcr-id-2 "obtain" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "obtain"))))
    ((recv tpm-3 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-4 (cat "token" nonce-2))
      (recv tpm-4
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 2618)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt-0 (4 3)) (nonce-2 (9 0)) (pt-2 (9 3))
    (nonce-1 (7 0)) (pt-1 (7 3)) (k (3 1)) (v (2 4)) (n (2 1))))

(defskeleton envelope-plus
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 pcr-id-2 nonce-1 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-1) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-1) (k k) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-4) (pcr pcr))
  (precedes ((2 1) (4 1)) ((2 4) (6 0)) ((2 4) (8 0)) ((3 1) (2 3))
    ((4 0) (2 0)) ((4 3) (5 1)) ((4 3) (9 2)) ((5 2) (3 0))
    ((6 3) (1 0)) ((7 3) (6 2)) ((8 2) (0 0)) ((9 3) (7 2))
    ((9 3) (8 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt-0 pt-1 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation generalization deleted (4 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-1 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-1 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "obtain"
          (hash pcr-id-2 "obtain" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "obtain"))))
    ((recv tpm-3 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-4 (cat "token" nonce-2))
      (recv tpm-4
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 2619)
  (parent 2117)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt-0 (4 3)) (nonce-2 (9 0)) (pt-2 (9 3))
    (nonce-1 (7 0)) (pt-1 (7 3)) (k (3 1)) (v (2 4)) (n (2 1))))

(comment "Nothing left to do")

(defprotocol envelope-plus-2 basic
  (defrole tpm-power-on
    (vars (current-value mesg) (pcr locn) (tpm chan) (pt pt-0 pval))
    (trace (recv tpm "power on") (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 "0")))
    (uniq-orig pt-0))
  (defrole tpm-extend-enc
    (vars (value current-value mesg) (pcr-id nonce text) (pcr locn)
      (tpm chan) (pt pt-0 pval))
    (trace (send tpm (cat "token" nonce))
      (recv tpm (cat "extend" pcr-id value (hash pcr-id value nonce)))
      (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 (hash current-value value))) (send "ext ok"))
    (uniq-orig nonce pt-0))
  (defrole tpm-quote
    (vars (nonce current-value mesg) (pcr-id text) (aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "quote" pcr-id nonce))
      (load pcr (cat pt current-value))
      (send (enc "quote" pcr-id current-value nonce aik))))
  (defrole tpm-create-key
    (vars (k aik akey) (pcr-id text) (pcrval mesg) (tpm chan))
    (trace (recv tpm (cat "create-req" pcr-id pcrval))
      (send (enc "created" k pcr-id pcrval aik)))
    (non-orig (invk k))
    (uniq-orig k))
  (defrole tpm-decrypt
    (vars (m current-value mesg) (pcr-id text) (k aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "decrypt" (enc m k)))
      (recv (enc "created" k pcr-id current-value aik))
      (load pcr (cat pt current-value)) (send m))
    (non-orig aik))
  (defrole alice
    (vars (n v data) (pcr-id nonce text) (k aik akey)
      (tpm tpmconf chan))
    (trace (recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    (non-orig aik)
    (uniq-orig n v)
    (conf tpmconf)
    (neq (k aik)))
  (defrule genStV-if-hashed-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-not-catted-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 2)
          (p "tpm-extend-enc" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (cat v1 v2)))
        (false))))
  (defrule pcr-id-identifies-pcr
    (forall ((y z strd) (pcr-id text) (pcr pcr-0 locn))
      (implies
        (and (p "tpm-extend-enc" y 3) (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "pcr-id" y pcr-id)
          (p "tpm-extend-enc" "pcr-id" z pcr-id)
          (p "tpm-extend-enc" "pcr" y pcr)
          (p "tpm-extend-enc" "pcr" z pcr-0))
        (= pcr pcr-0)))))

(defskeleton envelope-plus-2
  (vars (pcr-id nonce text) (v n data) (k aik akey) (tpm tpmconf chan))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpm) (tpmconf tpmconf))
  (non-orig aik)
  (uniq-orig v n)
  (conf tpmconf)
  (traces ((recv v) (send v))
    ((recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k))))
  (label 3633)
  (unrealized (0 0) (1 3))
  (preskeleton)
  (origs (v (1 4)) (n (1 1)))
  (comment "Not a skeleton"))

(defskeleton envelope-plus-2
  (vars (nonce mesg) (pcr-id nonce-0 pcr-id-0 nonce-1 pcr-id-1 text)
    (v n data) (pt pt-0 pt-1 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-1)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-0) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((4 0) (1 0)) ((4 3) (3 2)) ((5 2) (2 0)) ((6 3) (0 0)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 v n pt pt-0 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation channel-test (displaced 7 3 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-2 (hash (hash "0" n) "obtain"))) (6 2))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-1 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain"))) (send v)))
  (label 3687)
  (parent 3633)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-1 (3 0)) (pt-0 (3 3)) (k (2 1)) (nonce-0 (4 0))
    (pt (4 3)) (v (1 4)) (n (1 1))))

(defskeleton envelope-plus-2
  (vars (pcr-id nonce pcr-id-0 nonce-0 text) (v n data)
    (pt pt-0 pt-1 pval) (k aik akey) (tpmconf tpm tpm-0 chan)
    (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id) (pt pt)
    (k k) (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (precedes ((1 1) (5 1)) ((1 2) (2 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 3) (0 0)) ((4 3) (3 2)) ((5 0) (1 0)) ((5 3) (4 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 v n pt pt-0 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation encryption-test (contracted (tpm-1 tpmconf))
    (hash (hash "0" n) "obtain") (2 0)
    (ch-msg tpmconf
      (cat "create-req" pcr-id (hash (hash "0" n) "obtain"))))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n)))))
  (label 3705)
  (parent 3633)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (5 0)) (pt-0 (5 3)) (nonce-0 (4 0)) (pt (4 3)) (k (2 1))
    (n (1 1)) (v (1 4))))

(defskeleton envelope-plus-2
  (vars (nonce mesg)
    (pcr-id nonce-0 pcr-id-0 nonce-1 pcr-id-1 pcr-id-2 nonce-2 text)
    (v n data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-1)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((4 0) (1 0)) ((4 3) (3 2)) ((4 3) (7 2)) ((5 2) (2 0))
    ((6 3) (0 0)) ((7 3) (6 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 v n pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation channel-test (displaced 8 4 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (7 2))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-1 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-2 "obtain"
          (hash pcr-id-2 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain")))))
  (label 3711)
  (parent 3633)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt (4 3)) (nonce-2 (7 0)) (pt-2 (7 3))
    (k (2 1)) (nonce-1 (3 0)) (pt-0 (3 3)) (v (1 4)) (n (1 1))))

(defskeleton envelope-plus-2
  (vars (pcr-id nonce pcr-id-0 nonce-0 text) (v n data)
    (pt pt-0 pt-1 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id) (pt pt)
    (k k) (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-0) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k-0) (aik aik-0) (tpm tpmconf))
  (precedes ((1 1) (5 1)) ((1 2) (6 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 3) (0 0)) ((4 3) (3 2)) ((5 0) (1 0)) ((5 3) (4 2))
    ((6 1) (2 0)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 v n pt pt-0 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation encryption-test (displaced 7 1 alice 3)
    (hash (hash "0" n) "obtain") (6 0))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-0 "obtain"
          (hash pcr-id-0 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id (hash (hash "0" n) "obtain") aik-0))))
  (label 3740)
  (parent 3633)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (n (1 1)) (k-0 (6 1)) (nonce (5 0)) (pt-0 (5 3))
    (nonce-0 (4 0)) (pt (4 3)) (k (2 1)) (v (1 4))))

(defskeleton envelope-plus-2
  (vars (nonce mesg) (pcr-id nonce-0 pcr-id-0 pcr-id-1 nonce-1 text)
    (v n data) (pt pt-0 pt-1 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-0) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id)
    (pt pt-1) (k k) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (precedes ((1 1) (3 1)) ((1 4) (5 0)) ((2 1) (1 3)) ((3 0) (1 0))
    ((3 3) (4 1)) ((3 3) (6 2)) ((4 2) (2 0)) ((5 3) (0 0))
    ((6 3) (5 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 v n pt-0 pt-1 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain"))
  (conf tpmconf)
  (operation generalization deleted (3 0))
  (traces ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (send (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-0 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-0 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-1 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "obtain")))))
  (label 3791)
  (parent 3633)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((v v) (n n) (pcr-id pcr-id) (nonce nonce-0) (k k) (aik aik)
        (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (3 0)) (pt-0 (3 3)) (nonce-1 (6 0)) (pt-1 (6 3))
    (k (2 1)) (v (1 4)) (n (1 1))))

(comment "Nothing left to do")

(defprotocol envelope-plus-2 basic
  (defrole tpm-power-on
    (vars (current-value mesg) (pcr locn) (tpm chan) (pt pt-0 pval))
    (trace (recv tpm "power on") (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 "0")))
    (uniq-orig pt-0))
  (defrole tpm-extend-enc
    (vars (value current-value mesg) (pcr-id nonce text) (pcr locn)
      (tpm chan) (pt pt-0 pval))
    (trace (send tpm (cat "token" nonce))
      (recv tpm (cat "extend" pcr-id value (hash pcr-id value nonce)))
      (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 (hash current-value value))) (send "ext ok"))
    (uniq-orig nonce pt-0))
  (defrole tpm-quote
    (vars (nonce current-value mesg) (pcr-id text) (aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "quote" pcr-id nonce))
      (load pcr (cat pt current-value))
      (send (enc "quote" pcr-id current-value nonce aik))))
  (defrole tpm-create-key
    (vars (k aik akey) (pcr-id text) (pcrval mesg) (tpm chan))
    (trace (recv tpm (cat "create-req" pcr-id pcrval))
      (send (enc "created" k pcr-id pcrval aik)))
    (non-orig (invk k))
    (uniq-orig k))
  (defrole tpm-decrypt
    (vars (m current-value mesg) (pcr-id text) (k aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "decrypt" (enc m k)))
      (recv (enc "created" k pcr-id current-value aik))
      (load pcr (cat pt current-value)) (send m))
    (non-orig aik))
  (defrole alice
    (vars (n v data) (pcr-id nonce text) (k aik akey)
      (tpm tpmconf chan))
    (trace (recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    (non-orig aik)
    (uniq-orig n v)
    (conf tpmconf)
    (neq (k aik)))
  (defrule genStV-if-hashed-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-not-catted-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 2)
          (p "tpm-extend-enc" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (cat v1 v2)))
        (false))))
  (defrule pcr-id-identifies-pcr
    (forall ((y z strd) (pcr-id text) (pcr pcr-0 locn))
      (implies
        (and (p "tpm-extend-enc" y 3) (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "pcr-id" y pcr-id)
          (p "tpm-extend-enc" "pcr-id" z pcr-id)
          (p "tpm-extend-enc" "pcr" y pcr)
          (p "tpm-extend-enc" "pcr" z pcr-0))
        (= pcr pcr-0)))))

(defskeleton envelope-plus-2
  (vars (pcr-id pcr-id-0 nonce text) (n v data) (k aik akey)
    (tpm tpmconf chan))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpm) (tpmconf tpmconf))
  (non-orig aik)
  (uniq-orig n v)
  (conf tpmconf)
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpm
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k))))
  (label 4021)
  (unrealized (0 0) (1 3))
  (preskeleton)
  (origs (v (1 4)) (n (1 1)))
  (comment "Not a skeleton"))

(defskeleton envelope-plus-2
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 text) (n v data)
    (pt pt-0 pt-1 pval) (k aik akey) (tpmconf tpm tpm-0 chan)
    (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id) (pt pt)
    (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (precedes ((1 1) (5 1)) ((1 2) (2 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 2) (0 0)) ((4 3) (3 1)) ((5 0) (1 0)) ((5 3) (4 2)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 n v pt pt-0 k)
  (genStV (hash "0" n) (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation encryption-test (contracted (tpm-1 tpmconf))
    (hash (hash "0" n) "obtain") (2 0)
    (ch-msg tpmconf
      (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain"))))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-1 "refuse"
          (hash pcr-id-1 "refuse" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "refuse"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n)))))
  (label 4073)
  (parent 4021)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (5 0)) (pt-0 (5 3)) (nonce-0 (4 0)) (pt (4 3)) (n (1 1))
    (k (2 1)) (v (1 4))))

(defskeleton envelope-plus-2
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((1 1) (4 1)) ((1 4) (6 0)) ((2 1) (1 3)) ((3 3) (5 1))
    ((4 0) (1 0)) ((4 3) (3 2)) ((4 3) (7 2)) ((5 2) (2 0))
    ((6 2) (0 0)) ((7 3) (6 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 8 4 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (7 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 4078)
  (parent 4021)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt (4 3)) (nonce-2 (7 0)) (pt-2 (7 3))
    (nonce-1 (3 0)) (pt-0 (3 3)) (k (2 1)) (v (1 4)) (n (1 1))))

(defskeleton envelope-plus-2
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 text) (n v data)
    (pt pt-0 pt-1 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id) (pt pt)
    (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k-0) (aik aik-0) (tpm tpmconf))
  (precedes ((1 1) (5 1)) ((1 2) (6 0)) ((1 4) (3 0)) ((2 1) (1 3))
    ((3 2) (0 0)) ((4 3) (3 1)) ((5 0) (1 0)) ((5 3) (4 2))
    ((6 1) (2 0)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 n v pt pt-0 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation encryption-test (displaced 7 1 alice 3)
    (hash (hash "0" n) "obtain") (6 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-1 "refuse"
          (hash pcr-id-1 "refuse" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "refuse"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id-0 (hash (hash "0" n) "obtain")
          aik-0))))
  (label 4099)
  (parent 4021)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (n (1 1)) (k-0 (6 1)) (nonce (5 0)) (pt-0 (5 3))
    (nonce-0 (4 0)) (pt (4 3)) (k (2 1)) (v (1 4))))

(defskeleton envelope-plus-2
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 pcr-id-2 nonce-1 text) (n v data)
    (pt pt-0 pt-1 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-1) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-1) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (precedes ((1 1) (3 1)) ((1 4) (5 0)) ((2 1) (1 3)) ((3 0) (1 0))
    ((3 3) (4 1)) ((3 3) (6 2)) ((4 2) (2 0)) ((5 2) (0 0))
    ((6 3) (5 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 n v pt-0 pt-1 k)
  (genStV (hash "0" n) (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation generalization deleted (3 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-1 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-1 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "refuse")))))
  (label 4137)
  (parent 4021)
  (unrealized)
  (shape)
  (maps
    ((0 1)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (3 0)) (pt-0 (3 3)) (nonce-1 (6 0)) (pt-1 (6 3))
    (k (2 1)) (v (1 4)) (n (1 1))))

(comment "Nothing left to do")

(defprotocol envelope-plus-2 basic
  (defrole tpm-power-on
    (vars (current-value mesg) (pcr locn) (tpm chan) (pt pt-0 pval))
    (trace (recv tpm "power on") (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 "0")))
    (uniq-orig pt-0))
  (defrole tpm-extend-enc
    (vars (value current-value mesg) (pcr-id nonce text) (pcr locn)
      (tpm chan) (pt pt-0 pval))
    (trace (send tpm (cat "token" nonce))
      (recv tpm (cat "extend" pcr-id value (hash pcr-id value nonce)))
      (load pcr (cat pt current-value))
      (stor pcr (cat pt-0 (hash current-value value))) (send "ext ok"))
    (uniq-orig nonce pt-0))
  (defrole tpm-quote
    (vars (nonce current-value mesg) (pcr-id text) (aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "quote" pcr-id nonce))
      (load pcr (cat pt current-value))
      (send (enc "quote" pcr-id current-value nonce aik))))
  (defrole tpm-create-key
    (vars (k aik akey) (pcr-id text) (pcrval mesg) (tpm chan))
    (trace (recv tpm (cat "create-req" pcr-id pcrval))
      (send (enc "created" k pcr-id pcrval aik)))
    (non-orig (invk k))
    (uniq-orig k))
  (defrole tpm-decrypt
    (vars (m current-value mesg) (pcr-id text) (k aik akey) (pcr locn)
      (tpm chan) (pt pval))
    (trace (recv tpm (cat "decrypt" (enc m k)))
      (recv (enc "created" k pcr-id current-value aik))
      (load pcr (cat pt current-value)) (send m))
    (non-orig aik))
  (defrole alice
    (vars (n v data) (pcr-id nonce text) (k aik akey)
      (tpm tpmconf chan))
    (trace (recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id n (hash pcr-id n nonce)))
      (send tpm (cat "create-req" pcr-id (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    (non-orig aik)
    (uniq-orig n v)
    (conf tpmconf)
    (neq (k aik)))
  (defrule genStV-if-hashed-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-if-hashed-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (hash v1 v2)))
        (gen-st (hash v1 v2)))))
  (defrule genStV-not-catted-tpm-power-on
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-power-on" z 2)
          (p "tpm-power-on" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-extend-enc
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-extend-enc" z 2)
          (p "tpm-extend-enc" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-decrypt
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-decrypt" z 3)
          (p "tpm-decrypt" "current-value" z (cat v1 v2)))
        (false))))
  (defrule genStV-not-catted-tpm-quote
    (forall ((z strd) (v1 v2 mesg))
      (implies
        (and (p "tpm-quote" z 2)
          (p "tpm-quote" "current-value" z (cat v1 v2)))
        (false))))
  (defrule pcr-id-identifies-pcr
    (forall ((y z strd) (pcr-id text) (pcr pcr-0 locn))
      (implies
        (and (p "tpm-extend-enc" y 3) (p "tpm-extend-enc" z 3)
          (p "tpm-extend-enc" "pcr-id" y pcr-id)
          (p "tpm-extend-enc" "pcr-id" z pcr-id)
          (p "tpm-extend-enc" "pcr" y pcr)
          (p "tpm-extend-enc" "pcr" z pcr-0))
        (= pcr pcr-0)))))

(defskeleton envelope-plus-2
  (vars (pcr-id pcr-id-0 nonce text) (n v data) (k aik akey)
    (tpm tpmconf chan))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpm) (tpmconf tpmconf))
  (non-orig aik)
  (uniq-orig n v)
  (conf tpmconf)
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpm (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpm
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k))))
  (label 4223)
  (unrealized (0 0) (1 0) (2 3))
  (preskeleton)
  (origs (v (2 4)) (n (2 1)))
  (comment "Not a skeleton"))

(defskeleton envelope-plus-2
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-0) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-4) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (8 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((5 0) (2 0)) ((5 3) (4 2)) ((5 3) (9 2))
    ((6 2) (3 0)) ((7 3) (1 0)) ((8 2) (0 0)) ((9 3) (8 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 10 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (9 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain"))) (send v))
    ((recv tpm-3 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-4 (cat "token" nonce-2))
      (recv tpm-4
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 4389)
  (parent 4223)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-2 (9 0)) (pt-2 (9 3))
    (nonce-1 (4 0)) (pt-0 (4 3)) (k (3 1)) (v (2 4)) (n (2 1))))

(defskeleton envelope-plus-2
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 pcr-id-2 nonce-1 text)
    (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpmconf))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt) (k k) (aik aik) (tpm tpm) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-2) (pcr pcr))
  (precedes ((2 1) (6 1)) ((2 2) (3 0)) ((2 4) (4 0)) ((2 4) (7 0))
    ((3 1) (2 3)) ((4 3) (1 0)) ((5 3) (4 2)) ((6 0) (2 0))
    ((6 3) (5 2)) ((6 3) (8 2)) ((7 2) (0 0)) ((8 3) (7 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce nonce-0 nonce-1 n v pt pt-0 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 9 6 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (8 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-0 (cat "token" nonce-0))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 4413)
  (parent 4223)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (6 0)) (pt-0 (6 3)) (nonce-1 (8 0)) (pt-2 (8 3))
    (nonce-0 (5 0)) (pt (5 3)) (k (3 1)) (n (2 1)) (v (2 4))))

(defskeleton envelope-plus-2
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 nonce-1 pcr-id-2 pcr-id-3 nonce-2
      pcr-id-4 nonce-3 text) (n v data) (pt pt-0 pt-1 pt-2 pt-3 pval)
    (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 tpm-5 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-1)
    (pt pt) (pt-0 pt-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt-1) (pt-0 pt) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-2)
    (pt pt-0) (aik aik-0) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-2) (k k) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-3) (aik aik) (tpm tpm-4) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-4) (nonce nonce-3)
    (pt pt) (pt-0 pt-3) (tpm tpm-5) (pcr pcr))
  (precedes ((2 1) (5 1)) ((2 4) (7 0)) ((2 4) (9 0)) ((3 1) (2 3))
    ((4 3) (6 1)) ((5 0) (2 0)) ((5 3) (4 2)) ((5 3) (8 2))
    ((5 3) (10 2)) ((6 2) (3 0)) ((7 3) (1 0)) ((8 3) (7 2))
    ((9 2) (0 0)) ((10 3) (9 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 nonce-3 n v pt pt-0 pt-2 pt-3 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 11 5 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-4 (hash "0" n))) (10 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpm-0 (cat "token" nonce-1))
      (recv tpm-0
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-1)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-0 (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt (hash "0" n))))
    ((recv tpm-1 (cat "quote" pcr-id-2 nonce))
      (load pcr (cat pt-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "quote" pcr-id-2 (hash (hash "0" n) "obtain") nonce
          aik-0)))
    ((recv tpm-2 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-2 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-3 (cat "token" nonce-2))
      (recv tpm-3
        (cat "extend" pcr-id-3 "obtain"
          (hash pcr-id-3 "obtain" nonce-2)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "obtain"))))
    ((recv tpm-4 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-3 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-5 (cat "token" nonce-3))
      (recv tpm-5
        (cat "extend" pcr-id-4 "refuse"
          (hash pcr-id-4 "refuse" nonce-3)))
      (load pcr (cat pt (hash "0" n)))
      (stor pcr (cat pt-3 (hash (hash "0" n) "refuse")))))
  (label 4452)
  (parent 4223)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (5 0)) (pt (5 3)) (nonce-3 (10 0)) (pt-3 (10 3))
    (nonce-2 (8 0)) (pt-2 (8 3)) (k (3 1)) (nonce-1 (4 0)) (pt-0 (4 3))
    (v (2 4)) (n (2 1))))

(defskeleton envelope-plus-2
  (vars (pcr-id pcr-id-0 nonce pcr-id-1 nonce-0 pcr-id-2 nonce-1 text)
    (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik k-0 aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt) (k k) (aik aik) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-1) (nonce nonce-0)
    (pt pt-0) (pt-0 pt) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce) (pt pt-1) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k-0) (aik aik-0) (tpm tpmconf))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-3) (pcr pcr))
  (precedes ((2 1) (6 1)) ((2 2) (7 0)) ((2 4) (4 0)) ((2 4) (8 0))
    ((3 1) (2 3)) ((4 3) (1 0)) ((5 3) (4 2)) ((6 0) (2 0))
    ((6 3) (5 2)) ((6 3) (9 2)) ((7 1) (3 0)) ((8 2) (0 0))
    ((9 3) (8 1)))
  (non-orig aik (invk k) (invk k-0))
  (uniq-orig nonce nonce-0 nonce-1 n v pt pt-0 pt-2 k k-0)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation channel-test (displaced 10 6 tpm-extend-enc 4)
    (ch-msg pcr-0 (cat pt-3 (hash "0" n))) (9 2))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((recv tpm-0 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-1 (cat "token" nonce-0))
      (recv tpm-1
        (cat "extend" pcr-id-1 "obtain"
          (hash pcr-id-1 "obtain" nonce-0)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt (hash (hash "0" n) "obtain"))))
    ((send tpmconf (cat "token" nonce))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce)))
      (load pcr (cat pt-1 "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpmconf
       (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k-0 pcr-id-0 (hash (hash "0" n) "obtain")
          aik-0)))
    ((recv tpm-2 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-3 (cat "token" nonce-1))
      (recv tpm-3
        (cat "extend" pcr-id-2 "refuse"
          (hash pcr-id-2 "refuse" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 4518)
  (parent 4223)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce (6 0)) (pt-0 (6 3)) (nonce-1 (9 0)) (pt-2 (9 3))
    (n (2 1)) (k-0 (7 1)) (nonce-0 (5 0)) (pt (5 3)) (k (3 1))
    (v (2 4))))

(defskeleton envelope-plus-2
  (vars (nonce mesg)
    (pcr-id pcr-id-0 nonce-0 pcr-id-1 pcr-id-2 nonce-1 pcr-id-3 nonce-2
      text) (n v data) (pt pt-0 pt-1 pt-2 pval) (k aik aik-0 akey)
    (tpmconf tpm tpm-0 tpm-1 tpm-2 tpm-3 tpm-4 chan) (pcr locn))
  (deflistener
    (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
  (deflistener v)
  (defstrand alice 5 (pcr-id pcr-id-0) (nonce nonce-0) (n n) (v v) (k k)
    (aik aik) (tpm tpmconf) (tpmconf tpmconf))
  (defstrand tpm-create-key 2 (pcrval (hash (hash "0" n) "obtain"))
    (pcr-id pcr-id-0) (k k) (aik aik) (tpm tpm))
  (defstrand tpm-extend-enc 4 (value n) (current-value "0")
    (pcr-id pcr-id-0) (nonce nonce-0) (pt pt) (pt-0 pt-0) (tpm tpmconf)
    (pcr pcr))
  (defstrand tpm-quote 3 (nonce nonce) (current-value (hash "0" n))
    (pcr-id pcr-id-1) (pt pt-0) (aik aik-0) (tpm tpm-0) (pcr pcr))
  (defstrand tpm-decrypt 4 (m v)
    (current-value (hash (hash "0" n) "obtain")) (pcr-id pcr-id-0)
    (pt pt-1) (k k) (aik aik) (tpm tpm-1) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "obtain")
    (current-value (hash "0" n)) (pcr-id pcr-id-2) (nonce nonce-1)
    (pt pt-0) (pt-0 pt-1) (tpm tpm-2) (pcr pcr))
  (defstrand tpm-quote 3 (nonce (enc v k))
    (current-value (hash (hash "0" n) "refuse")) (pcr-id pcr-id)
    (pt pt-2) (aik aik) (tpm tpm-3) (pcr pcr))
  (defstrand tpm-extend-enc 4 (value "refuse")
    (current-value (hash "0" n)) (pcr-id pcr-id-3) (nonce nonce-2)
    (pt pt-0) (pt-0 pt-2) (tpm tpm-4) (pcr pcr))
  (precedes ((2 1) (4 1)) ((2 4) (6 0)) ((2 4) (8 0)) ((3 1) (2 3))
    ((4 0) (2 0)) ((4 3) (5 1)) ((4 3) (7 2)) ((4 3) (9 2))
    ((5 2) (3 0)) ((6 3) (1 0)) ((7 3) (6 2)) ((8 2) (0 0))
    ((9 3) (8 1)))
  (non-orig aik (invk k))
  (uniq-orig nonce-0 nonce-1 nonce-2 n v pt-0 pt-1 pt-2 k)
  (genStV (hash "0" n) (hash (hash "0" n) "obtain")
    (hash (hash "0" n) "refuse"))
  (conf tpmconf)
  (operation generalization deleted (4 0))
  (traces
    ((recv
       (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k) aik))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik))) ((recv v) (send v))
    ((recv tpmconf (cat "token" nonce-0))
      (send tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (send tpmconf
        (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (send (enc v k)))
    ((recv tpm (cat "create-req" pcr-id-0 (hash (hash "0" n) "obtain")))
      (send
        (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik)))
    ((send tpmconf (cat "token" nonce-0))
      (recv tpmconf (cat "extend" pcr-id-0 n (hash pcr-id-0 n nonce-0)))
      (load pcr (cat pt "0")) (stor pcr (cat pt-0 (hash "0" n))))
    ((recv tpm-0 (cat "quote" pcr-id-1 nonce))
      (load pcr (cat pt-0 (hash "0" n)))
      (send (enc "quote" pcr-id-1 (hash "0" n) nonce aik-0)))
    ((recv tpm-1 (cat "decrypt" (enc v k)))
      (recv (enc "created" k pcr-id-0 (hash (hash "0" n) "obtain") aik))
      (load pcr (cat pt-1 (hash (hash "0" n) "obtain"))) (send v))
    ((send tpm-2 (cat "token" nonce-1))
      (recv tpm-2
        (cat "extend" pcr-id-2 "obtain"
          (hash pcr-id-2 "obtain" nonce-1)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-1 (hash (hash "0" n) "obtain"))))
    ((recv tpm-3 (cat "quote" pcr-id (enc v k)))
      (load pcr (cat pt-2 (hash (hash "0" n) "refuse")))
      (send
        (enc "quote" pcr-id (hash (hash "0" n) "refuse") (enc v k)
          aik)))
    ((send tpm-4 (cat "token" nonce-2))
      (recv tpm-4
        (cat "extend" pcr-id-3 "refuse"
          (hash pcr-id-3 "refuse" nonce-2)))
      (load pcr (cat pt-0 (hash "0" n)))
      (stor pcr (cat pt-2 (hash (hash "0" n) "refuse")))))
  (label 4595)
  (parent 4223)
  (unrealized)
  (shape)
  (maps
    ((0 1 2)
      ((n n) (v v) (k k) (aik aik) (pcr-id pcr-id) (pcr-id-0 pcr-id-0)
        (nonce nonce-0) (tpm tpmconf) (tpmconf tpmconf))))
  (origs (nonce-0 (4 0)) (pt-0 (4 3)) (nonce-2 (9 0)) (pt-2 (9 3))
    (nonce-1 (7 0)) (pt-1 (7 3)) (k (3 1)) (v (2 4)) (n (2 1))))

(comment "Nothing left to do")
