/*****************************************************************
Copyright (c) 2005 Michele Citterio
All rights reserved.

Redistribution and use in source and binary forms, with or without 
modification, are permitted provided that the following conditions 
are met:
* Redistributions of source code must retain the above copyright 
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright 
notice, this list of conditions and the following disclaimer in the 
documentation and/or other materials provided with the distribution.
* Neither the name of the <ORGANIZATION> nor the names of its 
contributors may be used to endorse or promote products derived from 
this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
PARTICULAR PURPOSE AND NONINFRINGEMENT ARE DISCLAIMED. IN NO EVENT 
SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
POSSIBILITY OF SUCH DAMAGE.

The owaccu class contains an implementation of cryptographic
one-way accumulators as described in the paper:
"Benaloh J. & de Mare M. (199?) - One-Way Accumulators: a
Decentralized Alternative to Digital Signatures". Please see
the accompanying file owaccu.txt for further details.

Contacts: michele.citterio@unimi.it - www.citterio.net

TODO: implement exceptions handling, write actual file parser
*****************************************************************/


#include "owaccu.h"

using namespace std;

owaccu::owaccu(int rigidprimedigits, int rigidprimebase, int participants)
{
	//csprng rng;
	char random_seed[80] = "";
	already_added = 0;

	cout << "dynamically allocating memory for " << participants << " participants...";
	members = new member_data [participants];
	cout << " ok" << "\n";
	cout << "Please input random keystrokes to seed the prng (maximum one line):\n";
	cin >> random_seed; //TODO: implement a check against char[] overflow
	cout << "initializing the prng...";
	strong_init(&rng, 4, random_seed, 636); //&rng, len(stringa), stringa, timeofday
	cout << "ok" << "\n";
	cout << "generating the agreed base...";
	x = strong_rand(&rng, rigidprimedigits, rigidprimebase);
	z = x;
	cout << " ok" << "\n";	
	cout << "generating the rigid prime...";
	n = gen_rigid_prime (rigidprimedigits, rigidprimebase);
	cout << " ok" << "\n\n";
	strong_rand(&rng, rigidprimedigits, rigidprimebase);//supposedly, this shuffles the prng internal state a little bit

	return;
}


owaccu::owaccu(Big modulus, Big agreedbase, Big accumulatedhash)
{
	//csprng rng;
	participants = 1;
	char random_seed[80] = "";
	already_added = 0;
	members = new member_data [participants];
	cout << "setting the agreed base...";
	x = agreedbase;
	cout << " ok" << "\n";	
	cout << "setting the modulus...";
	n = modulus;
	z = accumulatedhash;
	cout << " ok" << "\n\n";
	return;
}

owaccu::~owaccu()
{
	int fake_target;
	for(int it = 0; it < participants; it++)									//supposedly, this overwrites 
	{																			//the memory locations of the
		strcpy(members[it].name, "nigrdlksfjmdcfkdfjmcòslfjerte4ut409tpqm");	//members' data, particularly
		strcpy(members[it].passwd, " 23p8tioetcjr8lksg mà tphkophfgvgklcm,3");	//their z_k credentials, with
		members[it].z_k = x;													//assorted rubbish

		fake_target = strcmp(members[it].name, members[it].passwd);	//supposedly, this should persuade optimizing compilers to actually
		members[it].z_k += 1;	//care about the previous assignations, since here we are using the values of those hacked variables
	}
	delete [] members;
	cout << "\nthe members' data list in memory has been destroied\n" << "\n";
	return;
}


Big owaccu::add_member(member_data *member)
{
#ifdef VERBOSE_OUTPUT
		cout << "adding the member " << member->name;
		if (strlen(member->passwd)) cout << ", whose password is: " << member->passwd << "\n"; else cout << ", who has no password" << "\n";
#endif
	strcpy(members[already_added].name, member->name);
	strcpy(members[already_added].passwd, member->passwd);
	members[already_added].z_k = z;
	Big bighash = hash_member_data(member);
	z = one_way_accumulator (z, bighash, n);
	for (int it = 0; it < already_added; it++)//here is why we need to have the whole list in members[], hence it is safer to have it as private member of the class
	{
		members[it].z_k = one_way_accumulator (members[it].z_k, bighash, n);
	}
	already_added++;
	return members[already_added - 1].z_k;
}


member_data owaccu::get_member_data(int member_number)
{
	return members[member_number];
}


int owaccu::check_membership(member_data *member)
{
	char entered_passwd[40]="";
#ifdef VERBOSE_OUTPUT
		cout << "\nmembership checking for " << member->name << "...\n";
#endif
	Big bighash = hash_member_data(member);
	return (z == one_way_accumulator(member->z_k, bighash, n));
}


Big owaccu::gen_rigid_prime(int rigidprimedigits, int rigidprimebase)
{
	//csprng rng1;
	int safeprimedigits = rigidprimedigits / 2;
	int safeprimebase = rigidprimebase;
	r = strong_rand(&rng, safeprimedigits, safeprimebase);
	p = nextsafeprime(0,0,r);
	r = strong_rand(&rng, safeprimedigits, safeprimebase);
	q = nextsafeprime(0,0,r);
	n = p * q;
	for(int it = 0; it == 2; it++)								//supposedly, this flushes 
	{															//a few times the memory 
		p = strong_rand(&rng, safeprimedigits, safeprimebase);	//location of p, q and r.
		q = strong_rand(&rng, safeprimedigits, safeprimebase);	//Their leakage would allow
		r = strong_rand(&rng, safeprimedigits, safeprimebase);	//to immediately factor n
		r = (p + q +r) += 1; //again, this is (naively) meant to avoid unused variables frm not being computed
	}
    return n;
}


Big owaccu::one_way_accumulator(Big x, Big y, Big n)
{
	return pow(x,y,n);
}


Big owaccu::hash_member_data(member_data *member)
{
	sha sh;
	char hash[20];
	char nome_e_passwd[81] = "";
	strcat(nome_e_passwd, member->name);
	strcat(nome_e_passwd, member->passwd);
	shs_init(&sh);
	for (int it = 0; nome_e_passwd[it] != 0; it++) shs_process(&sh, nome_e_passwd[it]);
	shs_hash(&sh,hash);
	return from_binary(20, hash);
}