/* Copyright 2005-2006, Voltage Security, all rights reserved.
 */

/* This file, bbtk.h, is to be included inside ictk.h. This is simply
 * more definitions that belong in ictk.h, but we'll put them into
 * bbtk.h for convenience. You should not include bbtk.h in any file
 * other than ictk.h.
 */

/* In many structs are fields that contain references to other objects.
 * They do not contain new objects created by the struct. When
 * destroying the struct, do not destroy the references. Such fields
 * are indicated as references.
 */

/* bbCtx is a reference
 * curve is a reference
 * fld is a reference
 * ord is a reference
 */
typedef struct
{
  ec1_t      *curve;
  z_t        *fld;    /* to point to curve->p */
  z_t        *ord;    /* to point to curve->q */
  pt1_t      *g;
  pt1_t      *g1;
  pt1_t      *g2;
  pt1_t      *g3;
  fp2_t      *v;
  mul1_t     *mulg;
  mul1_t     *mulg1;
  mul1_t     *mulg3;
  Pointer     bbCtx;
} bb1common_s;

typedef bb1common_s bb1common_t;

/* common is a reference
 * bbCtx is a reference
 */
typedef struct
{
  bb1common_t  *common;
  z_t          *alpha;
  z_t          *beta;
  z_t          *gamma;
  Pointer       bbCtx;
} bb1secret_s;

typedef bb1secret_s bb1secret_t;

/* The bb1 ctx needs a bfCtx because many of the BB operations call
 * functions that need a bfCtx (it is an object created by the bbCtx
 * and is to be destroyed when the bbCtx is destroyed).
 */
typedef struct
{
  bb1common_t   *common;
  bb1secret_t   *secret;
  int            bits;
  unsigned int   bytes;
  unsigned int   ordbyts;
  bf_context_t  *bfCtx;
} bb1_context_s;

typedef bb1_context_s  bb1_context_t;

typedef struct
{
  VoltLibCtx      *libCtx;
  int              type;
  z_t             *p;      /* prime */
  z_t             *order;  /* subprime */
  unsigned char   *a;
  int              aSize;
  unsigned char   *b;
  int              bSize;
  unsigned char   *g;
  int              gSize;
  unsigned char   *g1;
  int              g1Size;
  unsigned char   *g2;
  int              g2Size;
  unsigned char   *g3;
  int              g3Size;
} bb1_parameters_simple_s;

typedef bb1_parameters_simple_s bb1_parameters_simple_t;

typedef struct
{
  unsigned int    sz;
  char           *buf;
  bb1_context_t  *bbCtx;
} bb1msg_s;

typedef bb1msg_s bb1msg_t;

typedef struct
{
  z_t            *val;
  bb1_context_t  *bbCtx;
} bb1publ_s;

typedef bb1publ_s bb1publ_t;

typedef struct
{
  pt1_t          *d0;
  pt1_t          *d1;
#if  ICTK_DO_PRE_DISTORT
  pt1_t          *d0dist;
  pt1_t          *d1dist;
#endif
  bb1_context_t  *bbCtx;
} bb1priv_s;

typedef  bb1priv_s  bb1priv_t;

typedef struct
{
  unsigned int    sz;
  char           *buf;
  bb1_context_t  *bbCtx;
} bb1ident_s;

typedef bb1ident_s bb1ident_t;

typedef struct
{
  pt1_t         *c0;
  pt1_t         *c1;
  z_t           *h;
  char          *c;        /* points to buf */
  unsigned int   sz;
  char          *buf;
  bb1_context_t  *bbCtx;
} bb1ciph_s;

typedef bb1ciph_s bb1ciph_t;

/* sets up the BB1 context (does NOT set up the parameters)
 */
int bb1New (
   VoltLibCtx *libCtx,
   VoltMpIntCtx *mpCtx,
   bb1_context_t **bbCtx
   );

void bb1Del (
   bb1_context_t *bbCtx
   );

/* constructor for bb1_parameters_simple_t with initialization
 */
int bb1ParsNew (
   bb1_context_t *bbCtx,
   bb1_parameters_simple_t **bbPars
   );

/* destructor for bb1_parameters_simple_t
 */
void bb1ParsDel (
   bb1_parameters_simple_t *bbPars
   );

/* export PUBLIC bb1_context_t to bb1_parameters_simple_t
 */
int bb1ContextExportToIcPars (
   bb1_parameters_simple_t *bbPars,
   bb1_context_t *bbCtx
   );

int bb1commonNew (
   bb1common_t **newCommon,
   bb1_context_t *bbCtx
   );

void bb1commonDel (
   bb1common_t *common
   );

int bb1secretNew (
   bb1secret_t **newSecret,
   bb1_context_t *bbCtx
   );

void bb1secretDel (
   bb1secret_t *secret
   );

int bb1msgNew (
   bb1msg_t **newBb1Msg,
   unsigned char *dat,
   unsigned int sz,
   bb1_context_t *bbCtx
   );

void bb1msgDel (
   bb1msg_t *bb1msg
   );

int bb1publNew (
   bb1publ_t **newPubl,
   bb1_context_t *bbCtx
   );

void bb1publDel (
   bb1publ_t *publ
   );

int bb1privNew (
   bb1priv_t **newPriv,
   bb1_context_t *bbCtx
   );

void bb1privDel (
   bb1priv_t *priv
   );

int bb1identNew (
   bb1ident_t **newIdent,
   unsigned char *dat,
   unsigned int sz,
   bb1_context_t *bbCtx
   );

void bb1identDel (
   bb1ident_t *ident
   );

int bb1ciphNew (
   bb1ciph_t **newBb1ciph,
   unsigned int sz,
   bb1_context_t *bbCtx
   );

void bb1ciphDel (
   bb1ciph_t *bb1ciph
   );

/* set bb based on bb1pars.
 */
int bb1ContextImportFromIcPars (
   bb1_context_t *bbCtx,
   bb1_parameters_simple_t *bb1pars,
   unsigned int accelCount,
   unsigned char *accelG,
   unsigned char *accelG1,
   unsigned char *accelG3,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber
   );

/* populate BB1 context with random curve, public parameters, and
 * master secrets
 */
int bb1RandomSetup (
   bb1_context_t *bb,
   VtRandomObject random,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber,
   int type,
   int primeBits,
   int subprimeBits
   );

/* finds an elliptic curve of prescribed size
 */
int xidBB1corePickEC (
   bb1common_t *common,
   int fld_bits,
   int ord_bits,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber,
   VtRandomObject random
   );

/* picks the master secret and parameters ASSUMING common->curve is
 * already present!
 */
int xidBB1corePickParams (
   bb1common_t *common,
   bb1secret_t *secret,
   VtRandomObject random,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber
   );

/* loads up the common parameters ASSUMING common->curve is already
 * present!
 */
int xidBB1coreLoadCommonParams (
   bb1common_t *common,
   pt1_t *g,
   pt1_t *g1,
   pt1_t *g2,
   pt1_t *g3,
   unsigned int accelCount,
   unsigned char *accelG1,
   unsigned char *accelG3,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber
   );

/* loads up the master secret ASSUMING the curve and common parameters
 * are already present!
 */
int xidBB1coreLoadMasterSecret (
   bb1secret_t *secret,
   bb1common_t *common,
   z_t *alpha,
   z_t *beta,
   z_t *gamma,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber
   );

/* loads up the master secrets (verifying compatibility with the
 * common pars)
 * There are three secrets, they should be in the data buffer
 * consecutively (alph | beta | gamma).
 * return 0 for success or non-zero error code.
 */
int bb1RawLoadSecret (
   bb1_context_t *bbCtx,
   unsigned char *data,
   unsigned int sz,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber
   );

/* dumps the master secret
 * There will be three values dumped into the buf. Each will be
 * secretLen bytes long. If one is longer than the others, each of the
 * shorter values will be prepended by a 00 byte. Actually, all might
 * be prepended by one or more 00 bytes.
 * Hence, secret alpha is at buf, secret beta is at buf + *secretLen
 * and secret gamma is at buf + (2 * (*secretLen)).
 * The function will set totalLen to the total number of bytes placed
 * into buf.
 */
int bb1RawDumpSecret (
   unsigned char *buf,
   unsigned int bufSize,
   unsigned int *secretLen,
   unsigned int *totalLen,
   bb1_context_t *bbCtx
   );

/* get the size of private keys
 */
unsigned int bb1GetRawPrivateKeySize (
   bb1_context_t *bbCtx
   );

/* extract a private key
 */
int bb1RawExtract (
   unsigned char *key,
   unsigned int buf_sz,
   unsigned int *keyLen,
   unsigned char *id,
   unsigned int id_sz,
   VtRandomObject random,
   bb1_context_t *bbCtx
   );

/* extracts a private key from given public key using the PKG
 * master secret
 */
int xidBB1coreExtract (
   bb1priv_t *priv,
   bb1publ_t *publ,
   bb1secret_t *secret,
   VtRandomObject random
   );

/* get the ciphertext size given the plaintext size
 */
unsigned int bb1GetRawEncryptedSize (
   unsigned int msg_sz,
   bb1_context_t *bbCtx
   );

/* get the plaintext size given the ciphertext size
 */
unsigned int bb1GetRawDecryptedSize (
   unsigned int ciph_sz,
   bb1_context_t *bbCtx
   );

/* encrypt for a given identity
 * return 0 for success, non-zero error code.
 */
int bb1RawEncrypt (
   unsigned char *ciph,
   unsigned int buf_sz,
   unsigned int *outputLen,
   unsigned char *id,
   unsigned int id_sz,
   unsigned char *msg,
   unsigned int msg_sz,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber,
   VtRandomObject userRandom,
   bb1_context_t *bbCtx
   );

/* decrypt using a given private key
 * return 0 for success, non-zero error code.
 */
int bb1RawDecrypt (
   unsigned char *msg,
   unsigned int buf_sz,
   unsigned int *outputLen,
   unsigned char *key,
   unsigned int key_sz,
   unsigned char *ciph,
   unsigned int ciph_sz,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber,
   bb1_context_t *bbCtx
   );

int xidBB1ibeStrongDecrypt (
   bb1ciph_t *ciph,
   fp2_t *decapsk,
   bb1common_t *common,
   bb1msg_t **bb1msg,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber
   );

/* calculates the y coordinate of a point given its (x, y[0])
 * ASN1 compressed representation
 * return 0 for success, non-zero error code.
 */
int bb1CalculatePointY (
   unsigned char *ycoord,
   unsigned int buf_sz,
   unsigned int *ycoordLen,
   unsigned char *point,
   unsigned int pointSize,
   bb1_context_t *bbCtx
   );

/* calculates the x coordinate of a point given its y-coordinate.
 * The return is the ASN.1 compressed version (y[0], x-coord).
 * return 0 for success, non-zero error code.
 */
int bb1CalculatePointX (
   unsigned char *xcoord,
   unsigned int buf_sz,
   unsigned int *xcoordLen,
   unsigned char *ycoord,
   unsigned int ycoordSize,
   bb1_context_t *bbCtx
   );

/* export raw private key (as given by bfRawExtract) to ASN1 compressed
 * point representation.
 * The input is a single buffer with the y-coordinate of one point or
 * the y-coordinates of two points. If one point, the output will be
 * placed into privkey0, if two points, the output will be placed in
 * privkey0 and privkey1. These will be the x-coordinates of the one or
 * two points (with an extra leading byte).
 * The function will know how many points to produce based on the
 * length of raw_sz.
 * Return 0 for success or a non-zero error code.
 */
int bb1PrivateKeyExportToPoints (
   unsigned char *privkey0,
   unsigned char *privkey1,
   unsigned int *keyLen,
   int bufSizes,
   unsigned char *raw,
   unsigned int raw_sz,
   bb1_context_t  *bbCtx
   );

/* import raw private key (for use by bbRawDecrypt) from ASN1
 * compressed point representation
 * return 0 for success, non-zero error code.
 */
int bb1PrivateKeyImportFromPoints (
   unsigned char *raw,
   unsigned int buf_sz,
   unsigned int *keyLen,
   unsigned char *privkey0,
   unsigned char *privkey1,
   int privkeySizes,
   bb1_context_t *bbCtx
   );

/* derives a public key from given identity using the common parameters
 */
int xidBB1coreGetPubl (
   bb1publ_t *publ,
   bb1ident_t *id,
   bb1common_t *common
   );

/* BF IBE Encrypt
 */
int xidBB1ibeEncrypt (
   bb1msg_t *msg,
   bb1publ_t *publ,
   bb1common_t *common,
   bb1ciph_t **bb1ciph,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber,
   VtRandomObject userRandom
   );

/* BB IBE Decrypt
 */
int xidBB1ibeDecrypt (
   bb1ciph_t *ciph,
   bb1priv_t *priv,
   bb1common_t *common,
   bb1msg_t **bb1msg,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber
   );