/*
 * ECJoin.cpp
 *
 */

#include <crypto/ECJoin.hh>
#include <util/cryptdb_log.hh>
#include <util/util.hh>


using namespace std;

static EC_POINT *
my_EC_POINT_new(EC_GROUP * group) {

    EC_POINT* point = EC_POINT_new(group);
    throw_c(point, "could not create point");
    return point;

}

static BIGNUM *
my_BN_new() {

    BIGNUM* num = BN_new();
    throw_c(num, "could not create BIGNUM");
    return num;

}

static BIGNUM *
my_BN_mod(const BIGNUM * a, const BIGNUM * n, BN_CTX * bn_ctx) {

    BIGNUM * res = my_BN_new();
    BN_mod(res, a, n, bn_ctx);
    throw_c(res, "failed to compute mod");
    return res;
}

static EC_POINT *
str2Point(const EC_GROUP * group, const string & indata) {

    EC_POINT * point = EC_POINT_new(group);

    throw_c(EC_POINT_oct2point(group, point, (const unsigned char *)indata.data(), indata.length(), NULL),
            "cannot convert from ciphertext to point");

    return point;
}

EC_POINT *
ECJoin::randomPoint() {

    EC_POINT * point = my_EC_POINT_new(group);

    BIGNUM *x = my_BN_new(), *y = my_BN_new(), * rem = my_BN_new();

    bool found = false;

    while (!found) {

        BN_rand_range(x, order);

        if (EC_POINT_set_compressed_coordinates_GFp(group, point, x, 1, bn_ctx)) {
            throw_c(EC_POINT_get_affine_coordinates_GFp(group, point, x, y, bn_ctx),"issue getting coordinates");

            if(BN_is_zero(x) || BN_is_zero(y)) {
                found = false;
                continue;
            }

            if (EC_POINT_is_on_curve(group, point, bn_ctx)) {
                LOG(crypto) << "found correct random point, P";
                found = true;
            } else {
                LOG(crypto) << "P not on curve; try again";
            }
        } else {
            LOG(crypto) << "P is bad random point; try again";
        }
    }

    BN_free(x);
    BN_free(y);
    BN_free(rem);
    return point;
}


ECJoin::ECJoin()
{

    group = EC_GROUP_new_by_curve_name(NID);
    throw_c(group, "issue creating new curve");

    bn_ctx = BN_CTX_new();
    throw_c(bn_ctx, "failed to create big number context");

    order = my_BN_new();

    throw_c(EC_GROUP_get_order(group, order, bn_ctx), "failed to retrieve the order");

    Infty = my_EC_POINT_new(group);
    throw_c(EC_POINT_set_to_infinity(group, Infty), "could not create point at infinity");

    P = randomPoint();

    ZeroBN = BN_new();
    throw_c(ZeroBN != NULL, "cannot create big num");
    BN_zero(ZeroBN);


}

static EC_POINT *
mul(const EC_GROUP * group, const BIGNUM * ZeroBN, const EC_POINT * Point, const BIGNUM * Scalar, BN_CTX * bn_ctx) {

    EC_POINT * ans = EC_POINT_new(group);
    throw_c(ans, "cannot create point ");

    //ans = sk->kp * cbn
    throw_c(EC_POINT_mul(group, ans, ZeroBN, Point, Scalar, bn_ctx), "issue when multiplying ec");

    return ans;
}

static BIGNUM *
my_BN_bin2bn(string data) {
    BIGNUM * res = BN_bin2bn((unsigned char *) data.data(), (int) data.length(), NULL);
    throw_c(res, "could not convert from binary to BIGNUM ");

    return res;
}

ECJoinSK *
ECJoin::getSKey(const AES_KEY * baseKey, const string & columnKey) {


    ECJoinSK * skey = new ECJoinSK();

    skey->aesKey = baseKey;

    BIGNUM * bnkey = my_BN_bin2bn(columnKey);

    skey->k = my_BN_mod(bnkey, order, bn_ctx);

    skey->kP = mul(group, ZeroBN, P, skey->k, bn_ctx);

    BN_free(bnkey);

    return skey;
}

ECDeltaSK *
ECJoin::getDeltaKey(const ECJoinSK * key1, const ECJoinSK *  key2) {

    ECDeltaSK * delta = new ECDeltaSK();

    delta->group = group;
    delta->ZeroBN = ZeroBN;

    BIGNUM * key1Inverse = BN_mod_inverse(NULL, key1->k, order, bn_ctx);
    throw_c(key1Inverse, "could not compute inverse of key 1");

    delta->deltaK = BN_new();
    BN_mod_mul(delta->deltaK, key1Inverse, key2->k, order, bn_ctx);
    throw_c(delta->deltaK, "failed to multiply");

    BN_free(key1Inverse);

    return delta;

}

// a PRF with 128 bits security, but 160 bit output
string
ECJoin::PRFForEC(const AES_KEY * sk, const string & ptext) {

    string nptext = ptext;

    unsigned int len = (uint) ptext.length();

    if (bytesLong > len) {
        for (unsigned int i = 0 ; i < bytesLong - len; i++) {
            nptext = nptext + "0";
        }
    }

    // should collapse down to 1 AES_BLOCK_SIZE using SHA1

    return encrypt_AES(nptext, sk, 1).substr(0, bytesLong);

}

string
ECJoin::point2Str(const EC_GROUP * group, const EC_POINT * point) {
    unsigned char buf[ECJoin::MAX_BUF+1];
    memset(buf, 0, ECJoin::MAX_BUF);

    size_t len = 0;
    len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, buf, MAX_BUF, NULL);

    throw_c(len, "cannot serialize EC_POINT ");

    return string((char *)buf, len);
}

string
ECJoin::encrypt(const ECJoinSK * sk, const string & ptext) {

    // CONVERT ptext in PRF(ptext)
    string ctext = PRFForEC(sk->aesKey, ptext);

    //cbn = PRF(ptext)
    BIGNUM * cbn = my_BN_bin2bn(ctext);

    BIGNUM * cbn2 = my_BN_mod(cbn, order, bn_ctx);

    //ans = sk->kp * cbn
    EC_POINT * ans = mul(group, ZeroBN, sk->kP, cbn2, bn_ctx);

    string res = point2Str(group, ans);

    EC_POINT_free(ans);
    BN_free(cbn);
    BN_free(cbn2);

    return res;
}

string
ECJoin::adjust(const ECDeltaSK * delta, const string & ctext) {

    EC_POINT * point = str2Point(delta->group, ctext);

    EC_POINT * res = mul(delta->group, delta->ZeroBN, point, delta->deltaK, NULL);

    string result = point2Str(delta->group, res);

    EC_POINT_free(res);
    EC_POINT_free(point);

    return result;
}

ECJoin::~ECJoin()
{
    BN_free(order);
    EC_POINT_free(P);
    EC_GROUP_clear_free(group);
    BN_CTX_free(bn_ctx);
}




/*** some internal test code ..
    cerr << "is key null? " << pretty_bn2str(key1->k) << "\n";
    cerr << "comp key oder " << BN_cmp(key1->k, order) << "\n";
    BIGNUM * key1Inverse = BN_mod_inverse(NULL, key1->k, order, bn_ctx);
    throw_c(key1Inverse, "could not compute inverse of key 1");

    delta->deltaK = BN_new();
    BN_mod_mul(delta->deltaK, key1Inverse, key2->k, order, bn_ctx);
    throw_c(delta->deltaK, "failed to multiply");

    //delta * k1 = k2?
    cerr << "(remove this code) \n checking delta \n";
    BIGNUM * temp = BN_new();
    BN_mod_mul(temp, delta->deltaK, key1->k, order, bn_ctx);
    cerr << "cmp temp key2 " << BN_cmp(temp, key2->k) << "\n";
    BN_free(temp);


    //let's now check that key1->kP * deltaK = key2->Kp
    cerr << "remove code here\n";
    cerr << "are the two points equal? " << EC_POINT_cmp(group, mul(group, ZeroBN, key1->kP, delta->deltaK, bn_ctx), key2->kP, bn_ctx) << "\n";

    //let's now check with the ciphertexts

    cerr << "are the points with ciph equal? " << EC_POINT_cmp(group,
                                                mul(group, ZeroBN, str2Point(group, c1), delta->deltaK, bn_ctx),
                                                str2Point(group, c2),
                                                bn_ctx) << "\n";
*/

/* static string
pretty_bn2str(BIGNUM * bn) {
        unsigned char * tov = new unsigned char[256];
        int len = BN_bn2bin(bn, tov);

        throw_c(len, "cannot convert from bn to binary ");

        string res = "";

        for (int i = 0 ; i < len ; i++) {
                res = res + StringFromVal(tov[i]) + " ";
        }
        return res;
}
*/