/*
 * bsspeke.h - BS-SPEKE over Curve25519
 *
 * Author: Charles V. Wright <cvwright@futo.org>
 * 
 * Copyright (c) 2022 FUTO Holdings, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef BSSPEKE_H
#define BSSPEKE_H

#ifdef __cplusplus
extern "C" {
#endif

#define BSSPEKE_VERIFY_CLIENT_MODIFIER "client"
#define BSSPEKE_VERIFY_CLIENT_MODIFIER_LEN 6

#define BSSPEKE_VERIFY_SERVER_MODIFIER "server"
#define BSSPEKE_VERIFY_SERVER_MODIFIER_LEN 6

#define BSSPEKE_MIN_PHF_BLOCKS 100000
#define BSSPEKE_MIN_PHF_ITERATIONS 3

typedef struct {
    // Login credentials
    uint8_t *client_id;
    size_t client_id_len;
    uint8_t *password;
    size_t password_len;
    // Server identifier
    uint8_t *server_id;
    size_t server_id_len;
    // Random number to blind the password in the OPRF
    uint8_t r[32];
    // Server's ephemeral public key
    uint8_t B[32];
    // Ephemeral keypair
    uint8_t a[32];
    //uint8_t A[32];
    // Session key
    uint8_t K_c[32];
} bsspeke_client_ctx;

typedef struct {
    uint8_t *server_id;    // Server's identifier (eg domain name)
    size_t server_id_len;

    uint8_t *client_id;    // Client's identifier (eg Matrix user_id)
    size_t client_id_len;

    //uint8_t P[32];         // Base point for the user
    //uint8_t V[32];         // User's long-term public key

    uint8_t b[32];         // Ephemeral private key
    uint8_t B[32];         // Ephemeral public key
    
    uint8_t A[32];         // Client's ephemeral public key

    uint8_t K_s[32];       // Session key
} bsspeke_server_ctx;

typedef struct {
    uint8_t salt[32];
    size_t salt_len;

    uint8_t P[32];
    uint8_t V[32];

    uint32_t phf_blocks;
    uint32_t phf_iterations;
} bsspeke_user_info_t;

typedef struct {
    char *client_id;
    uint8_t blind[32];
} bsspeke_msg1_t;

typedef bsspeke_msg1_t bsspeke_setup_msg1_t;

typedef struct {
    uint8_t blind_salt[32];
} bsspeke_setup_msg2_t;

typedef struct {
    uint8_t P[32];
    uint8_t V[32];
    uint32_t phf_blocks;
    uint32_t phf_iterations;
} bsspeke_setup_msg3_t;


typedef bsspeke_msg1_t bsspeke_login_msg1_t;

typedef struct {
    uint8_t blind_salt[32];
    uint8_t B[32];
    uint32_t phf_blocks;
    uint32_t phf_iterations;
} bsspeke_login_msg2_t;

typedef struct {
    uint8_t A[32];
    uint8_t client_verifier[32];
} bsspeke_login_msg3_t;

typedef struct {
    uint8_t server_verifier[32];
} bsspeke_login_msg4_t;

void
bsspeke_client_init(bsspeke_client_ctx *ctx,
                    const char* client_id, const size_t client_id_len,
                    const char* server_id, const size_t server_id_len,
                    const char* password, const size_t password_len);

void
bsspeke_server_init(bsspeke_server_ctx *ctx,
                    const char* server_id, const size_t server_id_len);

void
bsspeke_client_setup_generate_message1
(
    bsspeke_setup_msg1_t *msg1,
    bsspeke_client_ctx *client
);


void
bsspeke_server_setup_generate_message2
(
    bsspeke_setup_msg2_t *msg2,
    const bsspeke_setup_msg1_t *msg1,
    // uint8_t *salt, const size_t salt_len,
    bsspeke_user_info_t *user_info,
    bsspeke_server_ctx *server_ctx
);

int
bsspeke_client_setup_generate_message3
(
    bsspeke_setup_msg3_t *msg3,
    const bsspeke_setup_msg2_t *msg2,
    uint32_t phf_blocks, uint32_t phf_iterations,
    bsspeke_client_ctx *client
);

void
bsspeke_server_setup_process_message3
(
    bsspeke_setup_msg3_t *msg3,
    bsspeke_user_info_t *user_info,
    bsspeke_server_ctx *server
);

void
bsspeke_client_login_generate_message1(bsspeke_login_msg1_t *msg1,
                                 bsspeke_client_ctx *client);

void
bsspeke_server_login_generate_message2(bsspeke_login_msg2_t *msg2,
                                 const bsspeke_login_msg1_t *msg1,
                                 // const uint8_t *salt, const size_t salt_len,
                                 // uint8_t P[32], uint8_t V[32],
                                 // uint32_t phf_blocks,
                                 // uint32_t phf_iterations,
                                 const bsspeke_user_info_t *user,
                                 bsspeke_server_ctx *server);

int
bsspeke_client_login_generate_message3(bsspeke_login_msg3_t *msg3,
                                 const bsspeke_login_msg2_t *msg2,
                                 bsspeke_client_ctx *client_ctx);

int
bsspeke_server_login_generate_message4(bsspeke_login_msg4_t *msg4,
                                 const bsspeke_login_msg3_t *msg3,
                                 const bsspeke_user_info_t *user_info,
                                 bsspeke_server_ctx *server_ctx);

int
bsspeke_client_login_verify_message4(const bsspeke_login_msg4_t *msg4,
                               const bsspeke_client_ctx *client);

#ifdef __cplusplus
}
#endif

#endif