/*==LICENSE==*

CyanWorlds.com Engine - MMOG client, server and tools
Copyright (C) 2011 Cyan Worlds, Inc.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.

Additional permissions under GNU GPL version 3 section 7

If you modify this Program, or any covered work, by linking or
combining it with any of RAD Game Tools Bink SDK, Autodesk 3ds Max SDK,
NVIDIA PhysX SDK, Microsoft DirectX SDK, OpenSSL library, Independent
JPEG Group JPEG library, Microsoft Windows Media SDK, or Apple QuickTime SDK
(or a modified version of those libraries),
containing parts covered by the terms of the Bink SDK EULA, 3ds Max EULA,
PhysX SDK EULA, DirectX SDK EULA, OpenSSL and SSLeay licenses, IJG
JPEG Library README, Windows Media SDK EULA, or QuickTime SDK EULA, the
licensors of this Program grant you additional
permission to convey the resulting work. Corresponding Source for a
non-source form of such a combination shall include the source code for
the parts of OpenSSL and IJG JPEG Library used as well as that of the covered
work.

You can contact Cyan Worlds, Inc. by email legal@cyan.com
 or by snail mail at:
      Cyan Worlds, Inc.
      14617 N Newport Hwy
      Mead, WA   99021

*==LICENSE==*/
/*****************************************************************************
*
*   $/Plasma20/Sources/Plasma/NucleusLib/pnUtils/Private/pnUtCrypt.cpp
*   
***/

#include "../Pch.h"
#pragma hdrstop

#include "openssl/md5.h"
#include "openssl/sha.h"

// OpenSSL's RC4 algorithm has bugs and randomly corrupts data
//#define OPENSSL_RC4
#ifdef OPENSSL_RC4
#include "openssl/rc4.h"
#endif

/*****************************************************************************
*
*   Opaque types
*
***/

struct CryptKey {
    ECryptAlgorithm algorithm;
    void *          handle;
};


/*****************************************************************************
*
*   Private
*
***/

namespace Crypt {

ShaDigest s_shaSeed;


/*****************************************************************************
*
*   Internal functions
*
***/

//============================================================================
void Md5Process (
    void *          dest,
    unsigned        sourceCount,
    const unsigned  sourceBytes[],
    const void *    sourcePtrs[]
) {
    // initialize digest
    MD5_CTX md5;
    MD5_Init(&md5);

    // hash data streams
    for (unsigned index = 0; index < sourceCount; ++index)
        MD5_Update(&md5, sourcePtrs[index], sourceBytes[index]);

    // complete hashing
    MD5_Final((unsigned char *)dest, &md5);
}

//============================================================================
void ShaProcess (
    void *          dest,
    unsigned        sourceCount,
    const unsigned  sourceBytes[],
    const void *    sourcePtrs[]
) {
    // initialize digest
    SHA_CTX sha;
    SHA_Init(&sha);

    // hash data streams
    for (unsigned index = 0; index < sourceCount; ++index)
        SHA_Update(&sha, sourcePtrs[index], sourceBytes[index]);

    // complete hashing
    SHA_Final((unsigned char *)dest, &sha);
}

//============================================================================
void Sha1Process (
    void *          dest,
    unsigned        sourceCount,
    const unsigned  sourceBytes[],
    const void *    sourcePtrs[]
) {
    // initialize digest
    SHA_CTX sha;
    SHA1_Init(&sha);

    // hash data streams
    for (unsigned index = 0; index < sourceCount; ++index)
        SHA1_Update(&sha, sourcePtrs[index], sourceBytes[index]);

    // complete hashing
    SHA1_Final((unsigned char *)dest, &sha);
}


/*****************************************************************************
*
*   RC4
*
***/

#ifdef OPENSSL_RC4
//============================================================================
static void Rc4Codec (
    CryptKey *      key,
    bool            encrypt,
    ARRAY(byte) *   dest,
    unsigned        sourceBytes,
    const void *    sourceData
) {
    REF(encrypt);  // RC4 uses the same algorithm to both encrypt and decrypt
    dest->SetCount(sourceBytes);
    RC4((RC4_KEY *)key->handle, sourceBytes, (const unsigned char *)sourceData, dest->Ptr());
}

//============================================================================
static void Rc4Codec (
    CryptKey *      key,
    bool            encrypt,
    unsigned        bytes,
    void *          data
) {
    REF(encrypt);  // RC4 uses the same algorithm to both encrypt and decrypt
    byte * temp = ALLOCA(byte, bytes);
    RC4((RC4_KEY *)key->handle, bytes, (const unsigned char *)data, temp);
    MemCopy(data, temp, bytes);
}

#else // OPENSSL_RC4

//===========================================================================
void KeyRc4::Codec (bool encrypt, ARRAY(byte) * dest, unsigned sourceBytes, const void * sourceData) {
	REF(encrypt);  // RC4 uses the same algorithm to both encrypt and decrypt
	dest->SetCount(sourceBytes);

	byte *       destDataPtr   = (byte *)dest->Ptr();
	const byte * sourceDataPtr = (const byte *)sourceData;

	for (unsigned index = 0; index < sourceBytes; ++index) {
		m_x = (m_x + 1) & 0xff;
		m_y = (m_state[m_x] + m_y) & 0xff;
		SWAP(m_state[m_x], m_state[m_y]);

		const unsigned offset = (m_state[m_x] + m_state[m_y]) & 0xff;
		destDataPtr[index] = (byte)(sourceDataPtr[index] ^ m_state[offset]);
	}
}

//===========================================================================
void KeyRc4::KeyGen (
    unsigned      randomBytes, 
    const void *  randomData,
    ARRAY(byte) * privateData
) {
	// Allocate an output digest
	struct Digest { dword data[5]; };
	privateData->SetCount(sizeof(Digest));
	Digest * digest = (Digest *)privateData->Ptr();

	// Perform the hash
	{
		// Initialize the hash values with the repeating pattern of random
		// data
		unsigned offset = 0;
		for (; offset < sizeof(Digest); ++offset)
			((byte *)digest)[offset] = ((const byte *)randomData)[offset % randomBytes];
		for (; offset < randomBytes; ++offset)
			((byte *)digest)[offset % sizeof(Digest)] ^= ((const byte *)randomData)[offset];

		// 32-bit rotate left
		#ifdef  _MSC_VER
		#define ROTL(n, X)  _rotl(X, n)
		#else
		#define ROTL(n, X)  (((X) << (n)) | ((X) >> (32 - (n))))
		#endif
		#define f1(x,y,z)   (z ^ (x & (y ^ z)))     // Rounds  0-19
		#define K1          0x5A827999L             // Rounds  0-19
		#define subRound(a, b, c, d, e, f, k, data) (e += ROTL(5, a) + f(b, c, d) + k + data, b = ROTL(30, b))

		// first five subrounds from SHA1
		dword A = 0x67452301;
		dword B = 0xEFCDAB89;
		dword C = 0x98BADCFE;
		dword D = 0x10325476;
		dword E = 0xC3D2E1F0;
		subRound(A, B, C, D, E, f1, K1, digest->data[ 0]);
		subRound(E, A, B, C, D, f1, K1, digest->data[ 1]);
		subRound(D, E, A, B, C, f1, K1, digest->data[ 2]);
		subRound(C, D, E, A, B, f1, K1, digest->data[ 3]);
		subRound(B, C, D, E, A, f1, K1, digest->data[ 4]);
		digest->data[0] += A;
		digest->data[1] += B;
		digest->data[2] += C;
		digest->data[3] += D;
		digest->data[4] += E;
	}
}

//===========================================================================
void KeyRc4::Initialize (unsigned bytes, const void * data) {
	ASSERT(bytes);
	ASSERT(data);

	// Initialize key with default values
	{
		m_x = 0;
		m_y = 0;
		for (unsigned offset = 0; offset < arrsize(m_state); ++offset)
			m_state[offset] = (byte) offset;
	}

	// Seed key from digest
	{
		unsigned index1 = 0;
		unsigned index2 = 0;
		for (unsigned offset = 0; offset < arrsize(m_state); ++offset) {
			ASSERT(index1 < bytes);
			index2 = (((const byte *)data)[index1] + m_state[offset] + index2) & 0xff;
			SWAP(m_state[offset], m_state[index2]);
			if (++index1 == bytes)
				index1 = 0;
		}
	}
}

#endif // OPENSSL_RC4

} using namespace Crypt;


/*****************************************************************************
*
*   Exports
*
***/

//============================================================================
void CryptDigest (
    ECryptAlgorithm algorithm,
    void *          dest,           // must be sized to the algorithm's digest size
    const unsigned  sourceBytes,
    const void *    sourceData
) {
    CryptDigest(
        algorithm,
        dest,
        1,
        &sourceBytes,
        &sourceData
    );
}

//============================================================================
void CryptDigest (
    ECryptAlgorithm algorithm,
    void *          dest,           // must be sized to the algorithm's digest size
    unsigned        sourceCount,
    const unsigned  sourceBytes[],  // [sourceCount]
    const void *    sourcePtrs[]    // [sourceCount]
) {
    switch (algorithm) {
        case kCryptMd5:
            Md5Process(dest, sourceCount, sourceBytes, sourcePtrs);
        break;

        case kCryptSha:
            ShaProcess(dest, sourceCount, sourceBytes, sourcePtrs);
        break;

		case kCryptSha1:
            Sha1Process(dest, sourceCount, sourceBytes, sourcePtrs);
        break;

        DEFAULT_FATAL(algorithm);
    }
}

//============================================================================
CryptKey * CryptKeyCreate (
    ECryptAlgorithm algorithm,
    unsigned        bytes,
    const void *    data
) {
	CryptKey * key = nil;
	switch (algorithm) {
		case kCryptRc4: {
		#ifdef OPENSSL_RC4
			RC4_KEY * rc4 = NEW(RC4_KEY);
			RC4_set_key(rc4, bytes, (const unsigned char *)data);
			key = NEW(CryptKey);
			key->algorithm = kCryptRc4;
			key->handle = rc4;
		#else
			KeyRc4 * rc4 = NEWZERO(KeyRc4)(bytes, data);
			key = NEW(CryptKey);
			key->algorithm = kCryptRc4;
			key->handle = rc4;
		#endif
		}
		break;

		case kCryptRsa: // Not implemented; fall-thru to FATAL
//		break;

		DEFAULT_FATAL(algorithm);
	}

	return key;
}

//===========================================================================
// Not exposed in header because is not used at the moment and I don't want a big rebuild right now :)
void CryptKeyGenerate (
	ECryptAlgorithm	algorithm,
	unsigned		keyBits,    // used for algorithms with variable key strength
	unsigned		randomBytes,
	const void *	randomData,
	ARRAY(byte) *	privateData,
	ARRAY(byte) *	publicData  // only for public key cryptography
) {
	// Allocate and fill in private and/or public key classes
	switch (algorithm) {

		case kCryptRc4:
			KeyRc4::KeyGen(
				randomBytes,
				randomData,
				privateData
			);
		break;

		case kCryptRsa:
			REF(keyBits);
			REF(publicData);
		#if 0
			KeyRsa::KeyGen(
				keyBits,
				randomBytes,
				randomData,
				privateData,
				publicData
			);
		break;
		#endif // fall thru to fatal...

		DEFAULT_FATAL(algorithm);
	}
}

//============================================================================
void CryptKeyClose (
    CryptKey *      key
) {
    if (!key)
        return;

    DEL(key->handle);
    DEL(key);
}

//============================================================================
unsigned CryptKeyGetBlockSize (
    CryptKey *      key
) {
    switch (key->algorithm) {
        case kCryptRc4: {
        #ifdef OPENSSL_RC4
			return 1;
		#else
			KeyRc4 * rc4 = (KeyRc4 *)key->handle;
			return rc4->GetBlockSize();
		#endif
        }
        break;

        case kCryptRsa: // Not implemented; fall-thru to FATAL
//            return RsaGetBlockSize(key);

        DEFAULT_FATAL(algorithm);
    }
}

//============================================================================
void CryptCreateRandomSeed (
    unsigned        bytes,
    byte *          data
) {
    COMPILER_ASSERT(SHA_DIGEST_LENGTH == 20);

    // Combine seed with input data
    {
        unsigned seedIndex = 0;
        unsigned dataIndex = 0;
        unsigned cur = 0;
        unsigned end = max(bytes, sizeof(s_shaSeed));
        for (; cur < end; ++cur) {
            ((byte *) &s_shaSeed)[seedIndex] ^= data[dataIndex];
            if (++seedIndex >= sizeof(s_shaSeed))
                seedIndex = 0;
            if (++dataIndex >= bytes)
                dataIndex = 0;
        }

        s_shaSeed.data[2] ^= (dword) &bytes;
        s_shaSeed.data[3] ^= (dword) bytes;
        s_shaSeed.data[4] ^= (dword) data;
    }

    // Hash seed
    ShaDigest digest;
    CryptDigest(kCryptSha, &digest, sizeof(s_shaSeed), &s_shaSeed);

    // Update output with contents of digest
    {
        unsigned src = 0;
        unsigned dst = 0;
        unsigned cur = 0;
        unsigned end = max(bytes, sizeof(digest));
        for (; cur < end; ++cur) {
            data[dst] ^= ((const byte *) &digest)[src];
            if (++src >= sizeof(digest))
                src = 0;
            if (++dst >= bytes)
                dst = 0;
        }
    }

    // Combine seed with digest
    s_shaSeed.data[0] ^= digest.data[0];
    s_shaSeed.data[1] ^= digest.data[1];
    s_shaSeed.data[2] ^= digest.data[2];
    s_shaSeed.data[3] ^= digest.data[3];
    s_shaSeed.data[4] ^= digest.data[4];
}

//============================================================================
void CryptHashPassword (
    const wchar username[],
    const wchar password[],
    ShaDigest * namePassHash
) {
    unsigned passlen = StrLen(password);
    unsigned userlen = StrLen(username);

    wchar * buffer = ALLOCA(wchar, passlen + userlen);
    StrCopy(buffer, password, passlen);
    StrCopy(buffer + passlen, username, userlen);
    StrLower(buffer + passlen); // lowercase the username

    CryptDigest(
        kCryptSha,
        namePassHash,
        (userlen + passlen) * sizeof(buffer[0]),
        buffer
    );
}

//============================================================================
void CryptHashPasswordChallenge (
    unsigned            clientChallenge,
    unsigned            serverChallenge,
    const ShaDigest &   namePassHash,
    ShaDigest *         challengeHash
) {
    #include <pshpack1.h>
    struct {
        dword       clientChallenge;
        dword       serverChallenge;
        ShaDigest   namePassHash;
    } buffer;
    #include <poppack.h>
    buffer.clientChallenge  = clientChallenge;
    buffer.serverChallenge  = serverChallenge;
    buffer.namePassHash     = namePassHash;
    CryptDigest(kCryptSha, challengeHash, sizeof(buffer), &buffer);
}

//============================================================================
void CryptCreateFastWeakChallenge (
    unsigned *  challenge,
    unsigned    val1,
    unsigned    val2
) {
    s_shaSeed.data[0] ^= TimeGetMs();                       // looping time
    s_shaSeed.data[0] ^= _rotl(s_shaSeed.data[0], 1);
    s_shaSeed.data[0] ^= (unsigned) TimeGetTime();          // global time
    s_shaSeed.data[0] ^= _rotl(s_shaSeed.data[0], 1);
    s_shaSeed.data[0] ^= *challenge;                        // unknown
    s_shaSeed.data[0] ^= _rotl(s_shaSeed.data[0], 1);
    s_shaSeed.data[0] ^= (unsigned) challenge;              // variable address
    s_shaSeed.data[0] ^= _rotl(s_shaSeed.data[0], 1);
    s_shaSeed.data[0] ^= val1;
    s_shaSeed.data[0] ^= _rotl(s_shaSeed.data[0], 1);
    s_shaSeed.data[0] ^= val2;
    *challenge        = s_shaSeed.data[0];
}

//============================================================================
void CryptEncrypt (
    CryptKey *      key,
    ARRAY(byte) *   dest,
    unsigned        sourceBytes,
    const void *    sourceData
) {
	switch (key->algorithm) {
		case kCryptRc4: {
		#ifdef OPENSSL_RC4
			Rc4Codec(key, true, dest, sourceBytes, sourceData);
		#else
			KeyRc4 * rc4 = (KeyRc4 *)key->handle;
			rc4->Codec(true, dest, sourceBytes, sourceData);
		#endif
		}
		break;

		case kCryptRsa: // Not implemented; fall-thru to FATAL
//			RsaCodec(key, true, dest, sourceBytes, sourceData);
//		break;

		DEFAULT_FATAL(key->algorithm);
	}
}

//============================================================================
void CryptEncrypt (
    CryptKey *      key,
    unsigned        bytes,
    void *          data
) {
	ASSERT(1 == CryptKeyGetBlockSize(key));

	switch (key->algorithm) {
		case kCryptRc4: {
		#ifdef OPENSSL_RC4
			Rc4Codec(key, true, bytes, data);
		#else
			ARRAY(byte) dest;
			dest.Reserve(bytes);
			CryptEncrypt(key, &dest, bytes, data);
			MemCopy(data, dest.Ptr(), bytes);
		#endif
		}
		break;

		case kCryptRsa: // Not implemented; fall-thru to FATAL
//			RsaCodec(key, true, dest, sourceBytes, sourceData);
//		break;

		DEFAULT_FATAL(key->algorithm);
	}
}

//============================================================================
void CryptDecrypt (
    CryptKey *      key,
    ARRAY(byte) *   dest,
    unsigned        sourceBytes,
    const void *    sourceData
) {
	switch (key->algorithm) {
		case kCryptRc4: {
		#ifdef OPENSSL_RC4
			Rc4Codec(key, false, dest, sourceBytes, sourceData);
		#else
			KeyRc4 * rc4 = (KeyRc4 *)key->handle;
			rc4->Codec(false, dest, sourceBytes, sourceData);
		#endif
		}
		break;

		case kCryptRsa: // Not implemented; fall-thru to FATAL
//			RsaCodec(key, false, dest, sourceBytes, sourceData);
//		break;

		DEFAULT_FATAL(key->algorithm);
	}
}

//============================================================================
void CryptDecrypt (
    CryptKey *      key,
    unsigned        bytes,
    void *          data
) {
    ASSERT(1 == CryptKeyGetBlockSize(key));

    switch (key->algorithm) {
        case kCryptRc4: {
		#ifdef OPENSSL_RC4
            Rc4Codec(key, false, bytes, data);
		#else
			ARRAY(byte) dest;
			dest.Reserve(bytes);
			CryptDecrypt(key, &dest, bytes, data);
			MemCopy(data, dest.Ptr(), bytes);
		#endif
		}
        break;

		case kCryptRsa: // Not implemented; fall-thru to FATAL
//			RsaCodec(key, false, dest, sourceBytes, sourceData);
//		break;

        DEFAULT_FATAL(key->algorithm);
    }
}