/* Copyright 2003-2006, Voltage Security, all rights reserved.
 */

#include "vibecrypto.h"
#include "environment.h"
#include "base.h"
#include "libctx.h"
#include "mpint.h"
#include "surrender.h"

#ifndef ICTK_H
#define ICTK_H

#ifdef __cplusplus
extern "C" {
#endif

typedef int bool_t;
#define true_n     1
#define false_n    0
#define isTrue(b)  (b!=false_n)
#define isFalse(b) (b==false_n)

typedef int sign_t;
#define zero_n    0
#define plus_n    1
#define minus_n  -1

typedef int curvetype_e;
#define undefinedcurve_n    0
#define y2equalsx3plus1_n   1   /* y^2 = x^3 + 1 */
#define erroneouscurve_n   -1

typedef curvetype_e curvetype_t;

typedef struct
{
  curvetype_t  type;
} curve_s;

typedef curve_s curve_t;

typedef struct
{
  VoltMpIntCtx  *mpCtx;
  VoltMpInt     *mpInt;
} vsmath_s;

typedef vsmath_s vsmath_t;
typedef vsmath_t vsm_z_t;
typedef vsm_z_t z_t;

/* We use a "complex" represention of F_p^2 as Z_p[i] where i = sqrt(-1)
 */
typedef struct
{
  z_t *re;
  z_t *im;
  Pointer bf;
} fp2_s;

typedef fp2_s fp2_t;

typedef struct
{
  /* expression of Solinas prime as:
   * 2 ^ a + s * 2 ^ b + c
   */
  unsigned int  a;
  unsigned int  b;
  sign_t        s;
  sign_t        c;
} solinas_s;

typedef solinas_s solinas_t;

typedef struct
{
  curve_t    curve; /* used for inheritance --- don't (re)move! */
  z_t       *p;
  z_t       *q;
  z_t       *p1byq;
  z_t       *cbrtpwr;
  z_t       *tatepwr;
  fp2_t     *zeta;
  solinas_t  sol;
  Pointer    bf;
} ec1_s;

typedef ec1_s ec1_t;

typedef struct
{
  int        m;
  z_t      **prex;
  z_t      **prey;
  Pointer    bf;
} mul1_s;

typedef mul1_s mul1_t;

typedef struct
{
  curvetype_t  type;
} point_s;

typedef point_s point_t;

typedef struct
{
  point_t  point; /* used for inheritance --- don't (re)move! */
  fp2_t    *x;
  fp2_t    *y;
  bool_t   inf;
  Pointer  bf;
} pt1_s;

typedef pt1_s pt1_t;

#ifndef ICTK_DO_PRE_DISTORT
#define ICTK_DO_PRE_DISTORT 1
#endif

typedef struct
{
  ec1_t      *curve;
  mul1_t     *mul;
  z_t        *fld;    /* points to curve->p, is not a "new" object */
  z_t        *ord;    /* points to curve->q, is not a "new" object */
  pt1_t      *gener;
  pt1_t      *refer;
#if ICTK_DO_PRE_DISTORT
  pt1_t      *generphi;
  pt1_t      *referphi;
  fp2_t      *sanity_check_cache;
#endif
  Pointer     bf;
} common_s;

typedef common_s common_t;

typedef struct
{
  common_t   *common;  /* points to an existing common_t, not its own. */
  z_t        *master;
  Pointer     bf;
} secret_s;

typedef secret_s secret_t;

typedef struct
{
  common_t      *common;
  secret_t      *secret;
  int            bits;
  unsigned int   bytes;
  VoltMpIntCtx  *mpCtx;
  VoltLibCtx    *libCtx;
} bf_context_s;

typedef bf_context_s  bf_context_t;

typedef struct
{
  VoltLibCtx      *libCtx;
  int              type;
  z_t             *prime;
  z_t             *subprime;
  unsigned char   *a;
  int              aSize;
  unsigned char   *b;
  int              bSize;
  unsigned char   *base;
  int              baseSize;
  unsigned char   *reference;
  int              referenceSize;
} ic_parameters_simple_s;

typedef ic_parameters_simple_s ic_parameters_simple_t;

/* More definitions that belong in ictk.h, but are in a separate file
 * for convenience.
 */
#include "bbtk.h"

/*=========================================================*/
/*                                                         */
/* Utility Functions                                       */
/*                                                         */
/*=========================================================*/

/* sets up the BF context (does NOT set up the parameters)
 */
int bfNew (
   VoltLibCtx *libCtx,
   VoltMpIntCtx *mpCtx,
   bf_context_t **bfCtx
   );

/* deletes the BF context
 */
void bfDel (
   bf_context_t *bf
   );

/* populate BF context with random curve, public parameters, and master
 * secret
 * return 0 for success and non-zero error code.
 */
int bfRandomSetup (
   bf_context_t *bf,
   VtRandomObject random,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber,
   int type,
   int primeBits,
   int subprimeBits
   );

/* dumps the master secret
 * return 0 for success, non-zero error code.
 */
int bfRawDumpSecret (
   void *buf,
   unsigned int buf_sz,
   unsigned int *secretLen,
   bf_context_t *bf
   );

/* loads up the master secret (verifying compatibility with the
 * common pars)
 * return 0 for success or non-zero error code.
 */
int bfRawLoadSecret (
   bf_context_t *bf,
   unsigned char *data,
   unsigned int sz,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber
   );

/*=========================================================*/
/*                                                         */
/* Data Import/Export Functions                            */
/*                                                         */
/*=========================================================*/

/* constructor for ic_parameters_simple_t with initialization
 */
int bfIcParsNew (
   bf_context_t *bf,
   ic_parameters_simple_t **icPars
   );

/* destructor for ic_parameters_simple_t
 */
void bfIcParsDel (
   ic_parameters_simple_t *icp
   );

/* export PUBLIC bf_context_t to ic_parameters_simple_t
 * (returns 0 if ok; non-zero code otherwise)
 */
int bfContextExportToIcPars (
   ic_parameters_simple_t *icp,
   bf_context_t *bf
   );

/* import PUBLIC ic_parameters_simple_t to bf_context_t
 * (returns 0 if ok; non-zero code otherwise)
 */
int bfContextImportFromIcPars (
   bf_context_t *bf,
   ic_parameters_simple_t *icp,
   unsigned int accelCount,
   unsigned char *accelTable,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber
   );

/* ASN1-compliant point compression for non-zero points in F_p only
 */
int bfPointCompressSpecial (
   unsigned char *buf,
   unsigned int sz,
   pt1_t *pt,
   ec1_t *ec,
   bf_context_t *bf
   );

/* ASN1-compliant point decompression for compressed non-zero points
 * in F_p only.
 */
int bfPointDecompressSpecial (
   pt1_t *pt,
   unsigned char *buf,
   unsigned int sz,
   ec1_t *ec,
   bf_context_t *bf
   );

/* export raw private key (as given by bfRawExtract) to ASN1 compressed
 * point representation
 * Return 0 for success or a non-zero error code.
 */
int bfPrivateKeyExportToPoint (
   unsigned char *privkey,
   int bufSize,
   int *keyLen,
   unsigned char *raw,
   unsigned int raw_sz,
   bf_context_t  *bf
   );

/* import raw private key (for use by bfRawDecrypt) from ASN1
 * compressed point representation
 * return 0 for success, non-zero error code.
 */
int bfPrivateKeyImportFromPoint (
   unsigned char *raw,
   unsigned int buf_sz,
   unsigned int *keyLen,
   unsigned char *privkey,
   int privkeySize,
   bf_context_t *bf
   );

/* calculates the y coordinate of a point given its (x, y[0])
 * ASN1 compressed representation
 * return 0 for success, non-zero error code.
 */
int bfCalculatePointY (
   unsigned char *ycoord,
   unsigned int buf_sz,
   unsigned int *ycoordLen,
   unsigned char *point,
   unsigned int pointSize,
   bf_context_t *bf
   );

/* calculates the x coordinate of a point given its y coordinate.
 * Normally, the function declaration would look like this.
 * <pre>
 * <code>
 *   int bfCalculatePointX (
 *      unsigned char *xcoord,
 *      unsigned int buf_sz,
 *      unsigned int *xcoordLen,
 *      unsigned char *ycoord,
 *      unsigned int ysize,
 *      bf_context_t *bf
 *      );
 * </code>
 * </pre>
 * But top calculate X, the toolkit will do the same thing a
 * bfPrivateKeyExportToPoint. So call that instead.
 */
#define bfCalculatePointX bfPrivateKeyExportToPoint

/*=========================================================*/
/*                                                         */
/* IB Encryption Functions                                 */
/*                                                         */
/*=========================================================*/

/* get the size of private keys
 */
unsigned int bfGetRawPrivateKeySize (
   bf_context_t *bf
   );

/* extract a private key
 */
int bfRawExtract (
   unsigned char *key,
   unsigned int buf_sz,
   unsigned int *keyLen,
   unsigned char *id,
   unsigned int id_sz,
   bf_context_t *bf
   );

/* get the ciphertext size given the plaintext size
 */
unsigned int bfGetRawEncryptedSize (
   unsigned int msg_sz,
   bf_context_t *bf
   );

/* encrypt for a given identity
 * return 0 for success, non-zero error code.
 *
 * This function will call the surrender function (if there is a
 * surrender ctx) twice with a callCount of 4. That is, the first call
 * to Surrender, the callCount will be 4 and the callNumber will be 2.
 * The second call, the callCount will be 4 and the callNumber will be
 * 3.
 */
int bfRawEncrypt (
   unsigned char *ciph,
   unsigned int buf_sz,
   unsigned int *outputLen,
   unsigned char *id,
   unsigned int id_sz,
   unsigned char *msg,
   unsigned int msg_sz,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber,
   VtRandomObject userRandom,
   bf_context_t *bf
   );

/* get the plaintext size given the ciphertext size
 */
unsigned int bfGetRawDecryptedSize (
   unsigned int ciph_sz,
   bf_context_t *bf
   );

/* decrypt using a given private key
 * return 0 for success, non-zero error code.
 *
 * This function will call the surrender function (if there is a
 * surrender ctx) once with a callCount of 3. That is, for the call to
 * Surrender, the callCount will be 3 and the callNumber will be 2.
 */
int bfRawDecrypt (
   unsigned char *msg,
   unsigned int buf_sz,
   unsigned int *outputLen,
   unsigned char *key,
   unsigned int key_sz,
   unsigned char *ciph,
   unsigned int ciph_sz,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber,
   bf_context_t *bf
   );

#ifdef __cplusplus
}
#endif

#endif /* ICTK_H */