/*
 This file is part of cpp-ethereum.
 
 cpp-ethereum is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 
 cpp-ethereum is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 
 You should have received a copy of the GNU General Public License
 along with cpp-ethereum.  If not, see <http://www.gnu.org/licenses/>.
 */
/** @file ECDHE.h
 * @author Alex Leverington <nessence@gmail.com>
 * @date 2014
 *
 * Elliptic curve Diffie-Hellman ephemeral key exchange
 */

#pragma once

#include "EC.h"

namespace dev
{
namespace crypto
{
	
/**
 * @brief Derive DH shared secret from EC keypairs.
 * @todo shield secret()
 */
class ECDHE
{
	friend class ECDHETKeyExchange;
public:
	ECDHE();

	/// Agree on ECDH parmaters and derive shared secret.
	void agree(Public _remote);

protected:
	Secret secret();
	
private:
	KeyPair m_ephemeral;		///< Ephemeral keypair
	Public m_remote;			///< Public key of remote
};

/**
 * @brief Secure exchange of static keys.
 * Key exchange is encrypted with public key of remote and then encrypted by block cipher. For a blind remote the ecdhe public key is used to encrypt exchange, and for a trusted remote the trusted public key is used. The block cipher key is derived from ecdhe shared secret.
 */
class ECDHETKeyExchange
{
public:
	/// Blind key exchange. KeyPair trusts are updated if successful.
	ECDHETKeyExchange(ECDHE const& _ecdhe, ECKeyPair* _keyTrust);
	
	/// Trusted key exchange. Upon success, KeyPair trusts are updated.
	ECDHETKeyExchange(ECDHE const& _ecdhe, ECKeyPair* _keyTrust, Address _remote);
	
	/// Authentication for trusted remote, blind trust, or disconnect.
	/// Returns key exchange. encrypted w/aes-ctr. key=ecdhe.m_shared[0-127]
	///
	/// @returns E(K,prefix||e(epub,m||v||sign(k,sha3(dhe-k||m)))||mac)
	///
	/// E = AES in CTR mode (todo: nonce)
	/// K = ecdhe.secret[0..127]
	/// ECDHETKeyExchange(ECDHE const&, ECKeyPair*):
	///   prefix = sha3(ecdhe.remote)
	///   epub = ecdhe.remote
	/// ECDHETKeyExchange(ECDHE const&, ECKeyPair* _k, Address _r):
	///   trust = _k.m_trustEgress.find(_r)
	///   sha3(trust.first)
	///   epub = trust.second
	/// e = ECIES encrypt()
	/// m = keypair.public
	/// v = 0x80
	/// k = keypair.secret
	/// mac = sha3(M||prefix||e()); M = ecdhe.secret[128..255]
	/// K = ecdhe.secret[0..127]
	bytes exchange();
	
	/// Decrypts payload, checks mac, checks trust, decrypts exchange, authenticates exchange, verifies version, verifies signature, and if no failures occur, updates or creats trust and derives trusted-shared-secret.
	/// New ECDH agreement is created with trusted public keys.
	/// _out = E(m_trustedC, _out)
	/// E = AES in CTR mode (todo: nonce)
	/// sigk = k from exchange signature sent
	/// sigr = r from exchange signature received
	/// K = sha3(ecdheTrusted.secret||(sha3(sigk)⊕sha3(sigr))
	/// m_trustedC = K[0..127]
	/// m_trustedM = K[128..255]
	bool authenticate(bytes _exchangeIn);
	
	/// Places ciphertext in _out, zeros _in, and upates _mac. MAC is finalized and appended to _out if _finalmac is true.
	void blockEncrypt(bytes* _in, bytes* _out, h256* _mac, bool _finalmac);
	
private:
	/// Encrypt message using current m_trust public key. During blind trust key exchange the remote ephemeral public key is used.
	void encrypt();
	
	bool blind;
	ECDHE const& m_ecdhe;
	ECKeyPair* m_keypair;
	PublicTrust m_trust;
	ECDHE m_ecdheTrusted;
	FixedHash<16> m_trustedC;
	FixedHash<16> m_trustedM;
};

}
}