1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
/*
 * Copyright (c) Peter Bjorklund. All rights reserved. https://github.com/nimble-rust/workspace
 * Licensed under the MIT License. See LICENSE in the project root for license information.
 */
pub mod datagram_builder;
pub mod prelude;

use std::io::{Error, ErrorKind, Result};

use flood_rs::prelude::*;
use hexify::format_hex_u32_be;
use mash_rs::murmur3_32;

/// A seed used for generating a [Murmur3 hash](https://en.wikipedia.org/wiki/MurmurHash#MurmurHash3) for connection validation.

/// Represents a unique connection identifier for the session.
#[derive(Eq, PartialEq, Copy, Clone, Default, Debug)]
pub struct ConnectionId {
    pub value: u8,
}

impl ConnectionId {
    /// Writes the connection identifier to the provided output stream.
    ///
    /// # Arguments
    ///
    /// * `stream` - A mutable reference to a stream implementing `WriteOctetStream`.
    ///
    /// # Errors
    ///
    /// Returns an `io::Result` error if writing to the stream fails.
    pub fn to_stream(&self, stream: &mut impl WriteOctetStream) -> Result<()> {
        stream.write_u8(self.value)
    }

    /// Reads a connection identifier from the provided input stream.
    ///
    /// # Arguments
    ///
    /// * `stream` - A mutable reference to a stream implementing `ReadOctetStream`.
    ///
    /// # Returns
    ///
    /// A `Result` containing the `ConnectionId` if successful, or an `io::Result` error if reading fails.
    pub fn from_stream(stream: &mut impl ReadOctetStream) -> Result<Self> {
        Ok(Self {
            value: stream.read_u8()?,
        })
    }
}

/// Prepares an output stream by writing a default connection ID and reserving space for a hash.
///
/// This function is typically used before writing the actual payload to the stream.
///
/// # Arguments
///
/// * `stream` - A mutable reference to a stream implementing `WriteOctetStream`.
///
/// # Errors
///
/// Returns an `io::Result` error if writing to the stream fails.
pub fn prepare_out_stream(stream: &mut impl WriteOctetStream) -> Result<()> {
    let connection_id = ConnectionId { value: 0 };
    connection_id.to_stream(stream)?; // connection id must be outside the hashing
    stream.write_u32(0) // prepare hash value
}

/// Represents the header of a connection with an ID and a Murmur3 hash.
#[derive(Eq, PartialEq, Debug)]
pub struct ConnectionLayer {
    pub connection_id: ConnectionId,
    pub murmur3_hash: u32,
}

/// Represents the mode of a connection layer, which can be either [Out-Of-Band (OOB)](https://en.wikipedia.org/wiki/Out-of-band_data) or an active connection.
#[derive(Eq, PartialEq, Debug)]
pub enum ConnectionLayerMode {
    OOB,
    Connection(ConnectionLayer),
}

impl ConnectionLayerMode {
    /// Serializes the `ConnectionLayerMode` into the provided output stream.
    ///
    /// # Arguments
    ///
    /// * `stream` - A mutable reference to a stream implementing [`WriteOctetStream`].
    ///
    /// # Errors
    ///
    /// Returns an `io::Result` error if writing to the stream fails.
    pub fn to_stream(&self, stream: &mut impl WriteOctetStream) -> Result<()> {
        match self {
            ConnectionLayerMode::OOB => ConnectionId::default().to_stream(stream),
            ConnectionLayerMode::Connection(layer) => {
                layer.connection_id.to_stream(stream)?;
                stream.write_u32(layer.murmur3_hash)
            }
        }
    }

    /// Deserializes a `ConnectionLayerMode` from the provided input stream.
    ///
    /// # Arguments
    ///
    /// * `stream` - A mutable reference to a stream implementing [`ReadOctetStream`].
    ///
    /// # Returns
    ///
    /// A `Result` containing the `ConnectionLayerMode` if successful, or an `io::Result` error if reading fails.
    pub fn from_stream(stream: &mut impl ReadOctetStream) -> Result<Self> {
        let connection_id = ConnectionId::from_stream(stream)?;
        let mode = match connection_id.value {
            0 => ConnectionLayerMode::OOB,
            _ => ConnectionLayerMode::Connection(ConnectionLayer {
                connection_id,
                murmur3_hash: stream.read_u32()?,
            }),
        };

        Ok(mode)
    }
}

#[derive(Copy, Clone)]
pub struct ConnectionSecretSeed(u32);

/// Writes a connection header and a payload to the provided stream, including a Murmur3 hash for validation.
///
/// # Arguments
///
/// * `stream` - A mutable reference to a stream implementing `WriteOctetStream`.
/// * `connection_id` - The `ConnectionId` to write to the stream.
/// * `seed` - A `ConnectionSecretSeed` used for generating the Murmur3 hash.
/// * `payload` - The payload data to be written and hashed.
///
/// # Errors
///
/// Returns an `io::Result` error if writing to the stream fails.
pub fn write_to_stream(
    stream: &mut impl WriteOctetStream,
    connection_id: ConnectionId,
    seed: ConnectionSecretSeed,
    payload: &[u8],
) -> Result<()> {
    let calculated_hash = murmur3_32(payload, seed.0);
    ConnectionLayerMode::Connection(ConnectionLayer {
        connection_id,
        murmur3_hash: calculated_hash,
    })
    .to_stream(stream)
}

pub fn write_empty(stream: &mut impl WriteOctetStream) -> Result<()> {
    let zero_connection_id = ConnectionId { value: 0 };
    ConnectionLayerMode::Connection(ConnectionLayer {
        connection_id: zero_connection_id,
        murmur3_hash: 0,
    })
    .to_stream(stream)
}

/// Verifies the integrity of a payload against an expected Murmur3 hash.
///
/// # Arguments
///
/// * `expected_hash` - The expected Murmur3 hash value.
/// * `seed` - The `ConnectionSecretSeed` used for generating the hash.
/// * `payload` - The payload data to be hashed and compared.
///
/// # Errors
///
/// Returns an `io::Result` error if the calculated hash does not match the expected hash.
pub fn verify_hash(expected_hash: u32, seed: ConnectionSecretSeed, payload: &[u8]) -> Result<()> {
    let calculated_hash = murmur3_32(payload, seed.0);
    if calculated_hash != expected_hash {
        Err(Error::new(
            ErrorKind::InvalidData,
            format!(
                "hash mismatch: the data does not match the expected hash. calculated {} but payload provided hash {}",
                format_hex_u32_be(calculated_hash), format_hex_u32_be(expected_hash),
            ),
        ))
    } else {
        Ok(())
    }
}