#!/usr/bin/env perl

##
## Author......: See docs/credits.txt
## License.....: MIT
##

use strict;
use warnings;

use Crypt::ScryptKDF qw (scrypt_raw);
use Encode;
use Crypt::CBC;

sub module_constraints { [[0, 256], [16, 16], [-1, -1], [-1, -1], [-1, -1]] }

my $SCRYPT_N = 16384;
my $SCRYPT_R =     8;
my $SCRYPT_P =     1;

my $FIXED_SALT = pack ("H*", "3551038075a3b0c5");
my $FIXED_IV   = pack ("H*", "a344391f538311b329548616c489723e");

my $BITCOINJ_CHARS = ".abcdefghijklmnopqrstuvwxyz";

sub verify_bitcoinj
{
  my $data = shift;

  my $first_char = substr ($data, 0, 1);

  return 0 if ($first_char ne "\n");

  my $second_char = substr ($data, 1, 1);

  return 0 if (ord ($second_char) >= 128);

  return 0 if (substr ($data, 2, 4) ne "org.");

  for (my $i = 6; $i < 14; $i++) # start with 6 (we already checked first chars)
  {
    my $c = substr ($data, $i, 1);

    my $idx = index ($BITCOINJ_CHARS, $c);

    next if ($idx >= 0);

    return 0; # fail
  }

  return 1; # success
}

sub module_generate_hash
{
  my $word   = shift;
  my $iv     = shift;
  my $block1 = shift;
  my $block2 = shift;

  my $word_utf16be = encode ('UTF-16BE', $word);

  my $key = scrypt_raw ($word_utf16be, $FIXED_SALT, $SCRYPT_N, $SCRYPT_R, $SCRYPT_P, 32);

  my $aes_cbc1 = Crypt::CBC->new ({
    cipher      => "Crypt::Rijndael",
    iv          => $iv,
    key         => $key,
    keysize     => 32,
    literal_key => 1,
    header      => "none",
    padding     => "none"
  });

  my $aes_cbc2 = Crypt::CBC->new ({
    cipher      => "Crypt::Rijndael",
    iv          => $FIXED_IV,
    key         => $key,
    keysize     => 32,
    literal_key => 1,
    header      => "none",
    padding     => "none"
  });

  my $data_block1 = "";
  my $data_block2 = "";

  if (defined ($block1)) # verify
  {
    # note: we need to try both alternatives (if the first fails)

    my $data_dec = $aes_cbc1->decrypt ($block1);

    if (verify_bitcoinj ($data_dec) == 1)
    {
      $data_block1 = $block1;
      $data_block2 = $block2;
    }
    else
    {
      # else: ALTERNATIVE 2 (block 2, fixed IV):

      $data_dec = $aes_cbc2->decrypt ($block2);

      if (verify_bitcoinj ($data_dec) == 1)
      {
        $data_block1 = $block1;
        $data_block2 = $block2;
      }
    }
  }
  else
  {
    my $data = "";

    $data .= "\n";
    $data .= chr (random_number (0, 127));
    $data .= "org.";

    for (my $i = 6; $i < 16; $i++)
    {
      $data .= substr ($BITCOINJ_CHARS, random_number (0, length ($BITCOINJ_CHARS) - 1), 1);
    }

    my $random_alternative = random_number (0, 1);

    my $data_enc = "";

    if ($random_alternative == 0)
    {
      $data_block1 = $aes_cbc1->encrypt ($data);
      $data_block2 = $iv; # fake
    }
    else
    {
      $data_block1 = $iv; # fake
      $data_block2 = $aes_cbc2->encrypt ($data);
    }
  }

  my $hash = sprintf ("\$multibit\$2*%s*%s*%s", unpack ("H*", $iv), unpack ("H*", $data_block1), unpack ("H*", $data_block2));

  return $hash;
}

sub module_verify_hash
{
  my $line = shift;

  return unless (substr ($line, 0, 12) eq '$multibit$2*');

  # split hash and word:

  my $idx1 = index ($line, ":", 12);

  return if $idx1 < 1;

  my $hash = substr ($line,  0, $idx1);
  my $word = substr ($line, $idx1 + 1);

  # IV:

  my $idx2 = index ($hash, "*", 12);

  my $iv = substr ($hash, 12, $idx2 - 12);

  # block 1:

  $idx1 = index ($hash, "*", $idx2 + 1);

  my $block1 = substr ($hash, $idx2 + 1, $idx1 - $idx2 - 1);

  # block 2:

  my $block2 = substr ($hash, $idx1 + 1);

  return unless $iv     =~ m/^[0-9a-fA-F]{32}$/;
  return unless $block1 =~ m/^[0-9a-fA-F]{32}$/;
  return unless $block2 =~ m/^[0-9a-fA-F]{32}$/;

  # hex to binary/raw:

  $iv     = pack ("H*", $iv);
  $block1 = pack ("H*", $block1);
  $block2 = pack ("H*", $block2);

  $word = pack_if_HEX_notation ($word);

  my $new_hash = module_generate_hash ($word, $iv, $block1, $block2);

  return ($new_hash, $word);
}

1;