summaryrefslogtreecommitdiff
path: root/src/Network/Tox/Crypto/Handlers.hs
blob: f59809fd282eaf6624c85afc674163752abb45c4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE TupleSections #-}
{-# LANGUAGE TypeOperators #-}
{-# LANGUAGE DeriveFunctor #-}
{-# LANGUAGE CPP #-}
module Network.Tox.Crypto.Handlers where

import Network.Tox.NodeId
import Network.Tox.Crypto.Transport
import Network.Tox.DHT.Transport (Cookie(..),CookieData(..), CookieRequest(..), NoSpam(..))
import Network.Tox.DHT.Handlers (Client, cookieRequest, createCookieSTM )
import Crypto.Tox
import Control.Arrow
import Control.Concurrent.STM
import Control.Concurrent.STM.TMChan
import Network.Address
import qualified Data.Map.Strict as Map
import Crypto.Hash
import Control.Applicative
import Control.Monad
import Data.Time.Clock.POSIX
import qualified Data.ByteString  as B
import System.IO
import Data.ByteString (ByteString)
import Control.Lens
import Data.Function
import qualified Data.PacketQueue as PQ
         ;import Data.PacketQueue (PacketQueue)
import qualified Data.CyclicBuffer as CB
         ;import Data.CyclicBuffer (CyclicBuffer)
import Data.Serialize             as S
import Data.Word
import Data.Maybe
import qualified Data.Word64Map as W64
import Data.Word64RangeMap
import qualified Data.Set         as Set
import qualified Data.Array.Unboxed as A
import SensibleDir
import System.FilePath
import System.IO.Temp
import System.Environment
import System.Directory
import System.Random -- for ping fuzz
#ifdef THREAD_DEBUG
import Control.Concurrent.Lifted.Instrument
#else
import Control.Concurrent
import GHC.Conc (labelThread)
#endif
import PingMachine
import qualified Data.IntMap.Strict as IntMap
import Control.Concurrent.Supply
import Data.InOrOut
import DPut
import Debug.Trace
import Text.Printf
import Data.Bool
import Connection (Status(..))
import Connection.Tox (ToxProgress(..))


-- * These types are isomorphic to Maybe, but have the advantage of documenting
--   when an item is expected to become known.
data UponDHTKey a       = NeedDHTKey       | HaveDHTKey a       deriving (Functor,Show,Eq)
data UponCookie a       = NeedCookie       | HaveCookie a       deriving (Functor,Show,Eq)
data UponHandshake a    = NeedHandshake    | HaveHandshake a    deriving (Functor,Show,Eq)
data UponCryptoPacket a = NeedCryptoPacket | HaveCryptoPacket a deriving (Functor,Show,Eq)

-- util, todo: move to another module
maybeToEither :: AsMaybe f => f b -> Either String b
maybeToEither y | Just x <- toMaybe y = Right x
maybeToEither _  = Left "maybeToEither"

-- | type class encoding of isomorphism to Maybe
class AsMaybe f where
    toMaybe :: f a -> Maybe a
    -- | The o in from is left out so as not to colide with 'Data.Maybe.fromMaybe'
    frmMaybe :: Maybe a -> f a

instance AsMaybe Maybe where
    toMaybe x = x
    frmMaybe x = x

instance AsMaybe UponDHTKey where
    toMaybe NeedDHTKey     = Nothing
    toMaybe (HaveDHTKey x) = Just x
    frmMaybe Nothing  = NeedDHTKey
    frmMaybe (Just x) = HaveDHTKey x

instance AsMaybe UponCookie where
    toMaybe NeedCookie     = Nothing
    toMaybe (HaveCookie x) = Just x
    frmMaybe Nothing  = NeedCookie
    frmMaybe (Just x) = HaveCookie x

instance AsMaybe UponHandshake where
    toMaybe NeedHandshake     = Nothing
    toMaybe (HaveHandshake x) = Just x
    frmMaybe Nothing  = NeedHandshake
    frmMaybe (Just x) = HaveHandshake x

instance AsMaybe UponCryptoPacket where
    toMaybe NeedCryptoPacket     = Nothing
    toMaybe (HaveCryptoPacket x) = Just x
    frmMaybe Nothing  = NeedCryptoPacket
    frmMaybe (Just x) = HaveCryptoPacket x


--data NetCryptoSessionStatus = Unaccepted | Accepted {- InProgress AwaitingSessionPacket -} | Confirmed {- Established -}
--    deriving (Eq,Ord,Show,Enum)


-- | The idea of IOHook is to replicate the familiar pattern
-- where a function returns Nothing to consume a value
-- or a function used to modify the value and pass it
-- to be processed by another hook.
type IOHook addr x = addr -> x -> IO (Maybe (x -> x))

-- | NetCryptoHook's use the Session as their 'addr' and the
-- value they consume or modify is CryptoMessage.
type NetCryptoHook = IOHook NetCryptoSession CryptoMessage

-- | Convert an id byte to it's type (in Word64 format)
-- Although the type doesn't enforce it, MsgTypeArray
-- should always have 256 entries.
type MsgTypeArray = A.UArray Word8 Word64

-- | Information, that may be made visible in multiple sessions, as well
-- as displayed in some way to the user via mutiple views.
--
data SessionView = SessionView
        { svNick        :: TVar ByteString
        , svStatus      :: TVar UserStatus
        , svStatusMsg   :: TVar ByteString
        , svTyping      :: TVar TypingStatus
        , svNoSpam      :: TVar (Maybe NoSpam)
        , svTheirNick        :: TVar ByteString
        , svTheirStatus      :: TVar UserStatus
        , svTheirStatusMsg   :: TVar ByteString
        , svTheirTyping      :: TVar TypingStatus
        , svTheirNoSpam      :: TVar (Maybe NoSpam)
        , svGroups      :: TVar (Map.Map GroupChatId (Set.Set SockAddr))

        -- allthough these directories are not visible to others on the net
        -- they are included in this type, because it facilitates organizing
        -- the disk according to your public image.

        , svCacheDir    :: FilePath -- ^ directory path used if the session has
                                    -- to use the disk for cache clean up only
                                    -- if space is needed

        , svTmpDir      :: FilePath -- ^ Once off storage goes here, should
                                    -- clean up quickly

        , svConfigDir   :: FilePath      -- ^ profile related storage, etc, never clean up
        , svDownloadDir :: TVar FilePath -- ^ where to put files the user downloads
        }

-- | A static version of 'SessionView'
--   useful for serializing to logs
--   or storing in the ncLastNMsgs queue
data ViewSnapshot = ViewSnapshot
        { vNick        :: ByteString
        , vStatus      :: UserStatus
        , vStatusMsg   :: ByteString
        , vTyping      :: TypingStatus
        , vNoSpam      :: Maybe NoSpam
        , vTheirNick        :: ByteString
        , vTheirStatus      :: UserStatus
        , vTheirStatusMsg   :: ByteString
        , vTheirTyping      :: TypingStatus
        , vTheirNoSpam      :: Maybe NoSpam
        , vGroups      :: Map.Map GroupChatId (Set.Set SockAddr)
        }

-- | Take snapshot of SessionView
--
-- This is useful for storing the context of
-- remembered messages.
viewSnapshot :: SessionView -> STM ViewSnapshot
viewSnapshot v = do
    nick        <- readTVar (svNick v)
    status      <- readTVar (svStatus v)
    statusMsg   <- readTVar (svStatusMsg v)
    typing      <- readTVar (svTyping v)
    noSpam      <- readTVar (svNoSpam v)
    theirNick        <- readTVar (svTheirNick v)
    theirStatus      <- readTVar (svTheirStatus v)
    theirStatusMsg   <- readTVar (svTheirStatusMsg v)
    theirTyping      <- readTVar (svTheirTyping v)
    theirNoSpam      <- readTVar (svTheirNoSpam v)
    groups      <- readTVar (svGroups v)
    return ViewSnapshot
            { vNick = nick
            , vStatus = status
            , vStatusMsg = statusMsg
            , vTyping = typing
            , vNoSpam = noSpam
            , vTheirNick = theirNick
            , vTheirStatus = theirStatus
            , vTheirStatusMsg = theirStatusMsg
            , vTheirTyping = theirTyping
            , vTheirNoSpam = theirNoSpam
            , vGroups = groups
            }

type SessionID = Word64

-- | Application specific listener type (Word64)
--
-- This is some kind of information associated with a listening TChan.
-- It may be used to indicate what kind of packets it is interested in.
--
-- 0 means listen to all messages and is done automatically in 'defaultUnRecHook'
-- any other values are left open to application specific convention.
--
-- This module does not know what the different values here
-- mean, but code that sets hooks may adhere to a convention
-- defined elsewhere.
--
type ListenerType = Word64

data NetCryptoSession = NCrypto
    { ncState              :: TVar (Status ToxProgress)
    , ncMyPublicKey        :: PublicKey
    , ncSessionId          :: SessionID
    , ncTheirPublicKey     :: PublicKey -- Tox id w/o nospam
    , ncTheirBaseNonce     :: TVar (UponHandshake Nonce24) -- base nonce + packet number
    , ncMyPacketNonce      :: TVar Nonce24 -- base nonce + packet number
    , ncHandShake          :: TVar (UponHandshake (Handshake Encrypted))
    , ncCookie             :: TVar (UponCookie (Cookie Encrypted)) -- ^ Cookie issued by remote peer
    , ncTheirDHTKey        :: UponDHTKey PublicKey
    , ncTheirSessionPublic :: TVar (UponHandshake PublicKey)
    , ncSessionSecret      :: SecretKey
    , ncSockAddr           :: UponDHTKey SockAddr
    -- The remaining fields correspond to implementation specific state --
    -- where as the prior fields will be used in any implementation     --
    , ncHooks              :: TVar (Map.Map MessageType [NetCryptoHook])
    , ncUnrecognizedHook   :: TVar (MessageType -> NetCryptoHook)
    , ncIncomingTypeArray  :: TVar MsgTypeArray
    -- ^ This array maps 255 Id bytes to MessageType
    -- It should contain all messages this session understands.
    -- Use 0 for unsupported. It is used when a message comes
    -- in, and should ordinarily be the identity map.
    --
    -- Id's 0xC7 and 0x63 should contain range-specifying types only, if
    -- such things come to be defined, because these MessageId's are
    -- always escapes.
    --
    -- Currently, the values at these indices are ignored.
    , ncOutgoingIdMap      :: RangeMap TArray Word8 TVar
    -- ^ used to lookup the outgoing id for a type when sending an outoing message
    , ncOutgoingIdMapEscapedLossy :: TVar (A.Array Word8 Word8)
    -- ^ mapping of secondary id, when primary id is 0xC7
    --   (These Id's are called 'MessageName' in 'Network.Tox.Crypto.Transport')
    --   used when sending an outoing message
    , ncOutgoingIdMapEscapedLossless :: TVar (A.Array Word8 Word8)
    -- ^ mapping of secondary id, when primary id is 0x63
    --   (These Id's are called 'MessageName' in 'Network.Tox.Crypto.Transport')
    --   used when sending an outoing message
    , ncAllSessions        :: NetCryptoSessions
     -- ^ needed if one net-crypto session
     --   needs to possibly start another, as is
     --   the case in group chats
    , ncView               :: TVar SessionView
    -- ^ contains your nick, status etc
    , ncPacketQueue        :: PacketQueue CryptoData
    -- ^ a buffer in which incoming packets may be stored out of order
    -- but from which they may be extracted in sequence,
    -- helps ensure lossless packets are processed in order
    , ncDequeueThread      :: Maybe ThreadId
    -- ^ when the thread which dequeues from ncPacketQueue
    -- is started, its ThreadId is stored here
    , ncPingMachine        :: Maybe PingMachine
    -- ^ when the ping thread is started, store it here
    , ncOutgoingQueue      :: TVar
                                (UponHandshake
                                    (PQ.PacketOutQueue
                                          (State,Nonce24,RangeMap TArray Word8 TVar)
                                          CryptoMessage
                                          (CryptoPacket Encrypted)
                                          CryptoData))
    -- ^ To send a message add it to this queue, by calling 'tryAppendQueueOutgoing'
    --   but remember to call 'readyOutGoing' first, because the shared secret cache
    --   presently requires the IO monad.
    --   This specialized queue handles setting buffer_start and buffer_end and encrypting
    --   'readyOutGoing' provides the first parameter to 'tryAppendQueueOutgoing'
    , ncLastNMsgs :: CyclicBuffer (Bool{-Handled?-},(ViewSnapshot,InOrOut CryptoMessage))
    -- ^ cyclic buffer, holds the last N non-handshake crypto messages
    --   even if there is no attached user interface.
    , ncListeners :: TVar (IntMap.IntMap (ListenerType,TMChan CryptoMessage))
    -- ^ user interfaces may "listen" by inserting themselves into this map
    -- with a unique id and a new TChan, and then reading from the TChan
    }

data NetCryptoSessions = NCSessions
    { netCryptoSessions       :: TVar (Map.Map SockAddr NetCryptoSession)
    , netCryptoSessionsByKey  :: TVar (Map.Map PublicKey [NetCryptoSession])
    , transportCrypto         :: TransportCrypto
    , defaultHooks            :: Map.Map MessageType [NetCryptoHook]
    , defaultUnrecognizedHook :: MessageType -> NetCryptoHook
    , sessionView             :: SessionView
    , msgTypeArray            :: MsgTypeArray
    , inboundQueueCapacity    :: Word32
    , outboundQueueCapacity   :: Word32
    , nextSessionId           :: TVar SessionID
    , announceNewSessionHooks :: TVar [IOHook (Maybe NoSpam) NetCryptoSession]
    , sendHandshake           :: SockAddr -> Handshake Encrypted -> IO ()
    , sendSessionPacket       :: SockAddr -> CryptoPacket Encrypted -> IO ()
    , listenerIDSupply        :: TVar Supply
    }

-- | This is the type of a hook to run when a session is created.
type NewSessionHook = IOHook (Maybe NoSpam) NetCryptoSession

addNewSessionHook :: NetCryptoSessions -> NewSessionHook -> STM ()
addNewSessionHook allsessions@(NCSessions { announceNewSessionHooks }) hook = modifyTVar announceNewSessionHooks (hook:)

forgetCrypto :: TransportCrypto -> NetCryptoSessions -> NetCryptoSession -> STM ()
forgetCrypto crypto (NCSessions {netCryptoSessions,netCryptoSessionsByKey}) session = do
    let HaveDHTKey addr = ncSockAddr session
        sid = ncSessionId session
        sPubKey = ncTheirPublicKey session
    byAddrMap <- readTVar netCryptoSessions
 {- byKeyMap  <- readTVar netCryptoSessionsByKey -}
    case Map.lookup addr byAddrMap of
        Nothing -> return () -- already gone
        Just _ -> do
            modifyTVar netCryptoSessions      (Map.delete addr)
            modifyTVar netCryptoSessionsByKey (Map.update (\xs -> case filter (\x -> ncSessionId x /= sid) xs of
                                                                    [] -> Nothing
                                                                    ys -> Just ys) sPubKey)

newSessionsState :: TransportCrypto
                 -> (MessageType -> NetCryptoHook)      -- ^ default hook
                 -> Map.Map MessageType [NetCryptoHook] -- ^ all hooks, can be empty to start
                 -> IO NetCryptoSessions
newSessionsState crypto unrechook hooks = do
    x <- atomically $ newTVar Map.empty
    x2 <- atomically $ newTVar Map.empty
    nick <- atomically $ newTVar B.empty
    status <- atomically $ newTVar Online
    statusmsg <- atomically $ newTVar B.empty
    typing <- atomically $ newTVar NotTyping
    nospam <- atomically $ newTVar Nothing
    theirnick <- atomically $ newTVar B.empty
    theirstatus <- atomically $ newTVar Online
    theirstatusmsg <- atomically $ newTVar B.empty
    theirtyping <- atomically $ newTVar NotTyping
    theirnospam <- atomically $ newTVar Nothing
    grps <- atomically $ newTVar Map.empty
    pname <- getProgName
    cachedir <- sensibleCacheDirCreateIfMissing pname
    tmpdir <- (</> pname) <$> (getTemporaryDirectory >>= canonicalizePath) -- getCanonicalTemporaryDirectory
    configdir <- sensibleVarLib pname
    homedir <- getHomeDirectory
    svDownloadDir0 <- atomically $ newTVar (homedir </> "Downloads")
    nextSessionId0 <- atomically $ newTVar 0
    announceNewSessionHooks0 <- atomically $ newTVar []
    lsupply <- newSupply
    lsupplyVar <- atomically (newTVar lsupply)
    return NCSessions { netCryptoSessions       = x
                      , netCryptoSessionsByKey  = x2
                      , transportCrypto         = crypto
                      , defaultHooks            = hooks
                      , defaultUnrecognizedHook = unrechook
                      , sessionView             = SessionView
                            { svNick        = nick
                            , svStatus      = status
                            , svStatusMsg   = statusmsg
                            , svTyping      = typing
                            , svNoSpam      = nospam
                            , svTheirNick        = theirnick
                            , svTheirStatus      = theirstatus
                            , svTheirStatusMsg   = theirstatusmsg
                            , svTheirTyping      = theirtyping
                            , svTheirNoSpam      = theirnospam
                            , svGroups      = grps
                            , svCacheDir    = cachedir
                            , svTmpDir      = tmpdir
                            , svConfigDir   = configdir
                            , svDownloadDir = svDownloadDir0
                            }
                      , msgTypeArray            = allMsgTypes id -- todo make this a parameter
                      , inboundQueueCapacity    = 200
                      , outboundQueueCapacity   = 400
                      , nextSessionId           = nextSessionId0
                      , announceNewSessionHooks = announceNewSessionHooks0
                      , sendHandshake     = error "Need to set sendHandshake field of NetCryptoSessions!"
                      , sendSessionPacket = error "Need to set sendSessionPacket field of NetCryptoSessions!"
                      , listenerIDSupply = lsupplyVar
                      }

data HandshakeParams
        = HParam
            { hpTheirBaseNonce        :: Maybe Nonce24 -- ignore and generate your own
            , hpOtherCookie           :: Cookie Encrypted
            , hpTheirSessionKeyPublic :: Maybe PublicKey
            , hpMySecretKey           :: SecretKey
            , hpCookieRemotePubkey    :: PublicKey
            , hpCookieRemoteDhtkey    :: PublicKey
            }

newHandShakeData :: POSIXTime -> TransportCrypto -> Nonce24 -> HandshakeParams -> SockAddr -> PublicKey -> STM (Maybe HandshakeData)
newHandShakeData timestamp crypto basenonce (HParam {hpOtherCookie,hpMySecretKey,hpCookieRemotePubkey,hpCookieRemoteDhtkey}) addr mySessionPublic
    = do
    freshCookie
      <- case  nodeInfo (key2id hpCookieRemoteDhtkey) addr  of
            Right nodeinfo -> Just <$> createCookieSTM timestamp crypto nodeinfo hpCookieRemotePubkey
            Left er        -> return Nothing
    let hinit                = hashInit
        Cookie n24 encrypted = hpOtherCookie
        hctx                 = hashUpdate hinit n24
        hctx'                = hashUpdate hctx encrypted
        digest               = hashFinalize hctx'
    return $
      fmap (\freshCookie' ->
            HandshakeData
                { baseNonce   = basenonce
                , sessionKey  = mySessionPublic
                , cookieHash  = digest
                , otherCookie = freshCookie'
                }) freshCookie

type XMessage = CryptoMessage -- todo

-- THIS Would work if not for the IO shared secret cache...
-- increments packet nonce, only call when actually queuing an outgoing packet
-- getOutGoingParam crypto session = do
--    n24 <- (ncMyPacketNonce session)
--    let state = computeSharedSecret (transportSecret crypto) (ncTheirPublicKey session) n24
--    modifyTVar (ncMyPacketNonce session) (+1)
--    rangemap <- readTVar (ncOutgoingIdMap session)
--    return (state,n24,rangemap)

ncToWire :: STM (State,Nonce24,RangeMap TArray Word8 TVar)
         -> Word32{- packet number we expect to recieve -}
         -> Word32{- buffer_end -}
         -> Word32{- packet number -}
         -> XMessage
         -> STM (Maybe (CryptoPacket Encrypted,Word32{-next packet no-}))
ncToWire getState seqno bufend pktno msg = do
    let typ = getMessageType msg
        typ64 = toWord64 typ
    let lsness msg =
            case typ of
                    Msg mid -> lossyness mid
                    GrpMsg KnownLossy _ -> Lossy
                    GrpMsg KnownLossless _ -> Lossless
    (state,n24,msgOutMapVar) <- getState
    -- msgOutMap <- readTVar msgOutMapVar
    result1 <- trace ("lookupInRangeMap typ64=" ++ show typ64)
                     $ lookupInRangeMap typ64 msgOutMapVar
    case result1 of -- msgOutMapLookup typ64 msgOutMap of
        Nothing -> trace "lookupInRangeMap gave Nothing!" $ return Nothing
        Just outid -> trace ("encrypting packet with Nonce: " ++ show n24) $ do
            let setMessageId (OneByte _)   mid = OneByte (toEnum8 mid)
                setMessageId (TwoByte _ x) mid = TwoByte (toEnum8 mid) x
                setMessageId (UpToN _ x)   mid = UpToN (toEnum8 mid) x
                msg' = setMessageId msg outid
                in case lsness msg of
                        UnknownLossyness -> return Nothing
                        Lossy    -> let cd =
                                         CryptoData
                                            { bufferStart = seqno
                                            , bufferEnd = bufend
                                            , bufferData = msg'
                                            }
                                        plain = encodePlain cd
                                        encrypted = encrypt state plain
                                        pkt = CryptoPacket { pktNonce = let r = nonce24ToWord16 n24
                                                                            in trace (printf "converting n24 to word16: 0x%x" r) r
                                                           , pktData = encrypted }
                                        in return (Just (pkt, pktno))
                        Lossless -> let cd =
                                         CryptoData
                                            { bufferStart = seqno
                                            , bufferEnd = pktno
                                            , bufferData = msg'
                                            }
                                        plain = encodePlain cd
                                        encrypted = encrypt state plain
                                        pkt = CryptoPacket { pktNonce = nonce24ToWord16 n24, pktData = encrypted }
                                        in return (Just (pkt, pktno+1))

-- | called when we recieve a crypto handshake with valid cookie
-- TODO set priority on contact addr to 0 if it is older than ForgetPeriod,
-- then increment it regardless. (Keep addr in MinMaxPSQ in Roster.Contact)
--
-- This function sends a handshake response packet.
freshCryptoSession :: NetCryptoSessions -> SockAddr -> SecretKey -> POSIXTime -> HandshakeParams -> STM (Maybe (Handshake Encrypted),IO ())
freshCryptoSession  sessions
                    addr
                    newsession
                    timestamp
                    hp@(HParam
                              { hpTheirBaseNonce = mbtheirBaseNonce
                              , hpOtherCookie    = otherCookie
                              , hpTheirSessionKeyPublic = mbtheirSessionKey
                              , hpMySecretKey        = key
                              , hpCookieRemotePubkey = remotePublicKey
                              , hpCookieRemoteDhtkey = remoteDhtPublicKey
                              }) = do
    let crypto = transportCrypto sessions
        allsessions = netCryptoSessions sessions
        allsessionsByKey = netCryptoSessionsByKey sessions
        dmsg msg = trace msg (return ())
    sessionId <- do
        x <- readTVar (nextSessionId sessions)
        modifyTVar    (nextSessionId sessions) (+1)
        return x
    -- ncState0 <- newTVar Accepted -- (InProgress AwaitingSessionPacket)
    ncState0 <- newTVar (if isJust mbtheirBaseNonce
                                        then InProgress AwaitingSessionPacket
                                        else InProgress AwaitingHandshake)
    ncTheirBaseNonce0 <- newTVar (frmMaybe mbtheirBaseNonce)
    n24 <- transportNewNonce crypto
    state <- ($ n24) <$> lookupNonceFunctionSTM timestamp crypto key remotePublicKey
    newBaseNonce <- transportNewNonce crypto
    mbMyhandshakeData <- newHandShakeData timestamp crypto newBaseNonce hp addr (toPublic newsession)
    let encodeHandshake myhandshakeData = let plain = encodePlain myhandshakeData
    --                                        state = computeSharedSecret key remoteDhtPublicKey n24
                                              encrypted = encrypt state plain
                                              in Handshake { handshakeCookie = otherCookie
                                                           , handshakeNonce = n24
                                                           , handshakeData = encrypted
                                                           }
    let myhandshake= encodeHandshake <$> mbMyhandshakeData
    ncHandShake0 <- newTVar (frmMaybe myhandshake)
    ncMyPacketNonce0 <- newTVar newBaseNonce
    cookie0 <- newTVar (HaveCookie otherCookie)
    ncHooks0 <- newTVar (defaultHooks sessions)
    ncUnrecognizedHook0 <- newTVar (defaultUnrecognizedHook sessions)
    ncIncomingTypeArray0 <- newTVar (msgTypeArray sessions)
    let idMap = foldl (\mp (x,y) -> W64.insert x y mp) W64.empty (zip [0..255] [0..255])
    (ncOutgoingIdMap0,lossyEscapeIdMap,losslessEscapeIdMap) <- do
        idmap <- emptySTMRangeMap
        insertArrayAt idmap  0 (A.listArray (0,255) [0 .. 255])
        -- the 2 escape ranges are adjacent, so put them in one array:
        insertArrayAt idmap  512 (A.listArray (512,1023) ( replicate 256 0xC7 -- lossy escaped
                                                        ++ replicate 256 0x63 -- lossless escapped
                                                         ))
        -- lossless as separate range could have been done:
        -- > insertArrayAt idmap  768 (A.listArray (768,1023)  (replicate 256 0x63))
        lossyEsc    <- newTVar $ A.listArray (0,255) [0 .. 255]
        losslessEsc <- newTVar $ A.listArray (0,255) [0 .. 255]
        return (idmap,lossyEsc,losslessEsc)
    ncView0 <- newTVar (sessionView sessions)
    pktq <- PQ.new (inboundQueueCapacity sessions) 0
    bufstart <- newTVar 0
    mbpktoq
     <- case mbtheirSessionKey of
         Nothing -> return NeedHandshake
         Just theirSessionKey -> createNetCryptoOutQueue sessions newsession theirSessionKey pktq ncMyPacketNonce0 ncOutgoingIdMap0
    mbpktoqVar <- newTVar mbpktoq
    lastNQ <- CB.new 10 0 :: STM (CyclicBuffer (Bool,(ViewSnapshot,InOrOut CryptoMessage)))
    listeners <- newTVar IntMap.empty
    msgNum <- newTVar 0
    dropNum <- newTVar 0
    theirbasenonce <- readTVar ncTheirBaseNonce0
    dmsg $ "freshCryptoSession: Session ncTheirBaseNonce=" ++ show theirbasenonce
    dmsg $ "freshCryptoSession: My Session Public =" ++ show (key2id $ toPublic newsession)
    ncTheirSessionPublic0 <- newTVar (frmMaybe mbtheirSessionKey)
    let netCryptoSession0 =
            NCrypto { ncState              = ncState0
                    , ncMyPublicKey        = toPublic key
                    , ncSessionId          = sessionId
                    , ncTheirPublicKey     = remotePublicKey
                    , ncTheirBaseNonce     = ncTheirBaseNonce0
                    , ncMyPacketNonce      = ncMyPacketNonce0
                    , ncHandShake          = ncHandShake0
                    , ncCookie             = cookie0
                    , ncTheirDHTKey        = HaveDHTKey remoteDhtPublicKey
                    , ncTheirSessionPublic = ncTheirSessionPublic0
                    , ncSessionSecret      = newsession
                    , ncSockAddr           = HaveDHTKey addr
                    , ncHooks              = ncHooks0
                    , ncUnrecognizedHook   = ncUnrecognizedHook0
                    , ncAllSessions        = sessions
                    , ncIncomingTypeArray  = ncIncomingTypeArray0
                    , ncOutgoingIdMap      = ncOutgoingIdMap0
                    , ncOutgoingIdMapEscapedLossy    = lossyEscapeIdMap
                    , ncOutgoingIdMapEscapedLossless = losslessEscapeIdMap
                    , ncView               = ncView0
                    , ncPacketQueue        = pktq
                    , ncDequeueThread      = Nothing -- error "you want the NetCrypto-Dequeue thread id, but is it started?"
                    , ncPingMachine        = Nothing -- error "you want the NetCrypto-PingMachine, but is it started?"
                    , ncOutgoingQueue      = mbpktoqVar
                    , ncLastNMsgs          = lastNQ
                    , ncListeners          = listeners
                    }
    addSessionToMapIfNotThere sessions addr netCryptoSession0
    maybeLaunchMissles
        <- case mbpktoq of
            NeedHandshake -> return (return ())
            HaveHandshake pktoq -> return (runUponHandshake netCryptoSession0 addr pktoq)
    return (myhandshake,maybeLaunchMissles)

type NetCryptoOutQueue = PQ.PacketOutQueue (State,Nonce24,RangeMap TArray Word8 TVar)
                                           CryptoMessage
                                           (CryptoPacket Encrypted)
                                           CryptoData

createNetCryptoOutQueue :: NetCryptoSessions -> SecretKey -> PublicKey -> PacketQueue CryptoData
                        -> TVar Nonce24    -> RangeMap TArray Word8 TVar     -> STM (UponHandshake NetCryptoOutQueue)
createNetCryptoOutQueue sessions newsession theirSessionKey pktq ncMyPacketNonce0 ncOutgoingIdMap0 = do
            let crypto = transportCrypto sessions
            let toWireIO = do
                    f <- lookupNonceFunction crypto newsession theirSessionKey
                    atomically $ do
                        n24 <- readTVar ncMyPacketNonce0
                        let n24plus1 = incrementNonce24 n24
                        trace ("ncMyPacketNonce+1=" ++ show n24plus1
                            ++ "\n toWireIO: theirSessionKey = " ++ show (key2id theirSessionKey)
                            ++ "\n toWireIO: my public session key = " ++ show (key2id (toPublic newsession))
                              ) $ writeTVar ncMyPacketNonce0 n24plus1
                        return (return (f n24, n24, ncOutgoingIdMap0))
            pktoq <- PQ.newOutGoing pktq ncToWire toWireIO 0 (outboundQueueCapacity sessions) 0
            return (HaveHandshake pktoq)

-- | add this session to the lookup maps, overwrite if its already in them
addSessionToMapIfNotThere :: NetCryptoSessions -> SockAddr -> NetCryptoSession -> STM ()
addSessionToMapIfNotThere sessions addrRaw netCryptoSession = do
    let addr = either id id $ either4or6 addrRaw
    let dmsg msg = trace msg (return ())
    dmsg $ "addSessionToMapIfNotThere sockaddr = " ++ show addr ++ ", sessionid = " ++ show (ncSessionId netCryptoSession)
    let remotePublicKey = ncTheirPublicKey netCryptoSession
        allsessions     = netCryptoSessions sessions
        allsessionsByKey= netCryptoSessionsByKey sessions
    byAddrResult <- readTVar allsessions >>= return . Map.lookup addr
    mp <- readTVar allsessions
    case byAddrResult of
        Just (NCrypto { ncSessionId = staleId }) -> do
            dmsg $ "addSessionToMapIfNotThere: addr(" ++ show addr ++") already in map(" ++ show (map (second ncSessionId) (Map.assocs mp)) ++ ")"
            dmsg $ "addSessionToMapIfNotThere: considering it stale(staleId=" ++ show staleId ++") and removing it from the by-key map, so remove it from by-key map."
            dmsg $ "addSessionToMapIfNotThere: leave it in the by-addr map, and overwrite it shortly."
            -- manually remove the stale session from the by-key map
            modifyTVar allsessionsByKey (Map.map (filter ((/=staleId) . ncSessionId)))
        Nothing -> -- nothing to remove
            dmsg $ "addSessionToMapIfNotThere: addr(" ++ show addr ++") not yet in map(" ++ show (map (second ncSessionId) (Map.assocs mp)) ++ ")"
    dmsg $ "addSessionToMapIfNotThere: Inserting addr(" ++ show addr ++") into map(" ++ show (map (second ncSessionId) (Map.assocs mp)) ++ ")"
    -- write session to by-addr map regardless of whether one is in there,
    -- it should overwrite on match
    modifyTVar allsessions (Map.insert addr netCryptoSession)
    -- Now insert new session into by-key map
    byKeyResult <- readTVar allsessionsByKey >>= return . Map.lookup remotePublicKey
    case byKeyResult of
        Nothing -> modifyTVar allsessionsByKey (Map.insert remotePublicKey [netCryptoSession])
        Just xs -> do
            -- in case we're using the same long term key on different IPs ...
            modifyTVar allsessionsByKey (Map.insert remotePublicKey (netCryptoSession:xs))

runUponHandshake :: NetCryptoSession -> SockAddr -> NetCryptoOutQueue -> IO ()
runUponHandshake netCryptoSession0 addr pktoq = do
    dput XNetCrypto "(((((((runUponHandshake))))))) Launching threads"
    let sessions = ncAllSessions netCryptoSession0
        pktq = ncPacketQueue netCryptoSession0
        remotePublicKey = ncTheirPublicKey netCryptoSession0
        crypto = transportCrypto sessions
        allsessions = netCryptoSessions sessions
        allsessionsByKey = netCryptoSessionsByKey sessions
    -- launch dequeue thread
    -- (In terms of data dependency, this thread could be launched prior to handshake)
    threadid <- forkIO $ do
        tid <- myThreadId
        labelThread tid ("NetCryptoDequeue." ++ show (key2id remotePublicKey))
        fix $ \loop -> do
            cd <- atomically $ PQ.dequeue pktq
            _ <- runCryptoHook (netCryptoSession0 {ncDequeueThread=Just tid}) (bufferData cd)
            loop
    dput XNetCrypto $ "runUponHandshake: " ++ show threadid ++ " = NetCryptoDequeue." ++ show (key2id remotePublicKey)
    -- launch dequeueOutgoing thread
    threadidOutgoing <- forkIO $ do
        tid <- myThreadId
        labelThread tid ("NetCryptoDequeueOutgoing." ++ show (key2id remotePublicKey))
        fix $ \loop -> do
            (_,pkt) <- atomically $ PQ.dequeueOutgoing pktoq
            dput XNetCrypto "NetCryptoDequeueOutgoing thread... Sending encrypted Packet"
            sendSessionPacket sessions addr pkt
            loop
    dput XNetCrypto $ "runUponHandshake: " ++ show threadidOutgoing ++ " = NetCryptoDequeueOutgoing." ++ show (key2id remotePublicKey)
    -- launch ping thread
    fuzz <- randomRIO (0,2000)
    pingMachine <- forkPingMachine ("NetCrypto." ++ show (key2id remotePublicKey)) (15000 + fuzz) 2000
    -- update session with thread ids
    let netCryptoSession = netCryptoSession0 {ncDequeueThread=Just threadid, ncPingMachine=Just pingMachine}
    -- add this session to the lookup maps
    -- atomically $ addSessionToMapIfNotThere sessions addr netCryptoSession
    -- run announceNewSessionHooks
    dput XNetCrypto $ "runUponHandshake: Announcing new session"
    hooks <- atomically $ readTVar (announceNewSessionHooks sessions)
    flip fix (hooks,netCryptoSession) $ \loop (hooks,session) ->
        case hooks of
            [] -> return ()
            (h:hs) -> do
                r <- h Nothing session
                case r of
                  Just f -> loop (hs, f session)
                  Nothing -> return ()

-- | Called when we get a handshake, but there's already a session entry.
--
--     1) duplicate packet ... ignore
--     2) handshake for new session (old session is lost?)

--     3) we initiated, this a response
updateCryptoSession :: NetCryptoSessions -> SockAddr -> SecretKey -> POSIXTime -> HandshakeParams
                    -> NetCryptoSession -> Handshake Encrypted -> STM (Maybe (Handshake Encrypted), IO ())
updateCryptoSession sessions addr newsession timestamp hp session handshake = do
    let dmsg msg = trace msg (return ())
    ncState0 <- readTVar (ncState session)
    ncTheirBaseNonce0 <- readTVar (ncTheirBaseNonce session)
    if (ncState0 >= {-Accepted-}InProgress AwaitingSessionPacket)
        -- If the nonce in the handshake and the dht key are both the same as
        -- the ones we have saved, assume we already handled this and this is a
        -- duplicate handshake packet, otherwise disregard everything, and
        -- refresh all state.
        --
     then do
          dmsg "updateCryptoSession already accepted.."
          dmsg ("   ncTheirBaseNonce0=" ++ show ncTheirBaseNonce0
                         ++ bool "(/=)" "(==)" (toMaybe ncTheirBaseNonce0 == hpTheirBaseNonce hp)
                         ++ "hpTheirBaseNonce=" ++ show (hpTheirBaseNonce hp))
          dmsg ("   ncTheirDHTKey=" ++ show (ncTheirDHTKey session)
                         ++ bool "{/=}" "{==}" (ncTheirDHTKey session == HaveDHTKey (hpCookieRemoteDhtkey hp))
                         ++ "hpCookieRemoteDhtkey=" ++ show (hpCookieRemoteDhtkey hp))
          if (  -- Just ncTheirBaseNonce0 /= hpTheirBaseNonce hp -- XXX: Do we really want to compare base nonce here?
                -- ||
               ncTheirDHTKey session /= HaveDHTKey (hpCookieRemoteDhtkey hp)
             )
            then freshCryptoSession sessions addr newsession timestamp hp
            else return (Nothing,return ())
     else do
          dmsg "updateCryptoSession else clause"
          dmsg ("   ncTheirBaseNonce0=" ++ show ncTheirBaseNonce0
                         ++ bool "(/=)" "(==)" (toMaybe ncTheirBaseNonce0 == hpTheirBaseNonce hp)
                         ++ "hpTheirBaseNonce=" ++ show (hpTheirBaseNonce hp))
          if ( ncTheirBaseNonce0 /= frmMaybe (hpTheirBaseNonce hp))
            then do
                case ncTheirBaseNonce0 of
                    NeedHandshake | Just theirSessionPublic <- hpTheirSessionKeyPublic hp -> do
                        writeTVar (ncTheirBaseNonce session) (frmMaybe (hpTheirBaseNonce hp))
                        writeTVar (ncTheirBaseNonce session) (frmMaybe (hpTheirBaseNonce hp))
                        writeTVar (ncTheirSessionPublic session) (frmMaybe (hpTheirSessionKeyPublic hp))
                        writeTVar (ncHandShake session) (HaveHandshake handshake)
                        writeTVar (ncState session) {-Accepted-}(InProgress AwaitingSessionPacket)
                        mbpktoq <- createNetCryptoOutQueue
                                                sessions
                                                newsession
                                                theirSessionPublic
                                                (ncPacketQueue session)
                                                (ncMyPacketNonce session)
                                                (ncOutgoingIdMap session)
                        writeTVar (ncOutgoingQueue session) mbpktoq
                        return (Nothing,maybe (dput XNetCrypto "ERROR: something went wrong creating the ncOutgoingQueue")
                                              (runUponHandshake session addr)
                                              (toMaybe mbpktoq))
                    HaveHandshake _ -> do
                        dmsg "basenonce mismatch, trigger refresh"
                        freshCryptoSession sessions addr newsession timestamp hp -- basenonce mismatch, trigger refresh
                    _ -> do
                        dmsg "updateCryptoSession -- unexpected condition! have hpTheirSessionKeyPublic but missing hpTheirBaseNonce?"
                        return (Nothing,return ())
            else do
                writeTVar (ncState session) {-Accepted-}(InProgress AwaitingSessionPacket)
                return (Nothing,return ())

anyRight :: Monad m => a -> [t] -> (t -> m (Either b b1)) -> m (Either a b1)
anyRight e []     f = return $ Left e
anyRight e (x:xs) f = f x >>= either (const $ anyRight e xs f) (return . Right)

decryptHandshake :: TransportCrypto -> Handshake Encrypted -> IO (Either String (SecretKey,Handshake Identity))
decryptHandshake crypto hshake@(Handshake (Cookie n24 ecookie) nonce24 encrypted) = do
    (ukeys,symkey) <- atomically $ (,) <$> userKeys crypto
                                       <*> transportSymmetric crypto
    let seckeys = map fst ukeys
    dput XNetCrypto "decryptHandshake: trying the following keys:"
    now <- getPOSIXTime
    forM_ seckeys $ \k -> dput XNetCrypto $ "  " ++ show (key2id . toPublic $ k)
    fmap join . sequence $ do -- Either Monad
            cd@(CookieData cookieTime remotePubkey remoteDhtkey) <- decodePlain =<< decryptSymmetric symkey n24 ecookie
            Right $ do -- IO Monad
            decrypted <- anyRight "missing key" seckeys $ \key -> do
                            dput XNetCrypto $ "(NetCrypto)handshakeH: remotePubkey =  " ++ show (key2id $ remotePubkey)
                            dput XNetCrypto $ "(NetCrypto)handshakeH: nonce24 =  " ++ show nonce24
                            secret <- lookupSharedSecret crypto key remotePubkey nonce24
                            let step1 = decrypt secret encrypted
                            case step1 of
                                Left s -> do
                                    dput XNetCrypto $ "(NetCrypto)handshakeH: (decrypt) " ++ s
                                    return (Left s)
                                Right pln -> do
                                    case decodePlain pln of
                                        Left s -> do
                                            dput XNetCrypto $ "(NetCrypto)handshakeH: (decodePlain) " ++ s
                                            return (Left s)
                                        Right x -> return (Right (key,x))
            return $ do -- Either Monad
            (key,hsdata@HandshakeData { baseNonce, sessionKey, cookieHash, otherCookie }) <- decrypted
            left (asTypeOf "cookie too old") $ guard (now - fromIntegral cookieTime < 15)
            let hinit = hashInit
                hctx = hashUpdate hinit n24
                hctx' = hashUpdate hctx ecookie
                digest = hashFinalize hctx'
            left (asTypeOf "cookie digest mismatch") $ guard (cookieHash == digest)
            return ( key
                   , hshake { handshakeCookie = Cookie n24 (pure cd)
                            , handshakeData   = pure hsdata
                            } )

toHandshakeParams :: (SecretKey, Handshake Identity) -> HandshakeParams
toHandshakeParams (key,hs)
    = let hd = runIdentity $ handshakeData hs
          Cookie _ cd0 = handshakeCookie hs
          CookieData _ remotePublicKey remoteDhtPublicKey = runIdentity cd0
      in HParam { hpTheirBaseNonce        = Just $ baseNonce hd
                , hpOtherCookie           = otherCookie hd
                , hpTheirSessionKeyPublic = Just $ sessionKey hd
                , hpMySecretKey           = key
                , hpCookieRemotePubkey    = remotePublicKey
                , hpCookieRemoteDhtkey    = remoteDhtPublicKey
                }

handshakeH :: NetCryptoSessions -> SockAddr -> Handshake Encrypted -> IO (Maybe a)
handshakeH sessions addrRaw hshake@(Handshake (Cookie n24 ecookie) nonce24 encrypted) = do
    let addr = either id id $ either4or6 addrRaw
    dput XNetCrypto ("RECIEVED HANDSHAKE from " ++ show addr)
    -- Handle Handshake Message
    let crypto            = transportCrypto sessions   :: TransportCrypto
        allsessions       = netCryptoSessions sessions :: TVar (Map.Map SockAddr NetCryptoSession)
    seckeys <- map fst <$> atomically (userKeys crypto)
    dput XNetCrypto "trying the following keys:"
    forM_ seckeys $ \k -> dput XNetCrypto $ "  " ++ show (key2id . toPublic $ k)
    symkey <- atomically $ transportSymmetric crypto
    now <- getPOSIXTime
    dput XNetCrypto ("Decrypt cookie with n24=" ++ show n24 ++ "\n    symkey= " ++ show symkey)
    lr <- fmap  toHandshakeParams <$> decryptHandshake crypto hshake
    case lr of
        Left s -> dput XNetCrypto ("(NetCrypto)handshakeH: " ++ s)
        Right hp@(HParam
                      { hpTheirBaseNonce        = Just theirBaseNonce
                      , hpOtherCookie           = otherCookie
                      , hpTheirSessionKeyPublic = theirSessionKey
                      , hpMySecretKey           = key
                      , hpCookieRemotePubkey    = remotePublicKey
                      , hpCookieRemoteDhtkey    = remoteDhtPublicKey
                      }) -> do
            dput XNetCrypto ("(NetCrypto)handshakeH: hpTheirBaseNonce = " ++ show theirBaseNonce)
            -- IO action to get a new session key in case we need it in transaction to come
            newsession <- generateSecretKey
            -- Do a lookup, so we can handle the update case differently
            let dmsg msg = trace msg (return ())
            timestamp <- getPOSIXTime
            (myhandshake,launchThreads)
              <- atomically $ do
                    sessionsmap <- readTVar allsessions
                    case Map.lookup addr sessionsmap of
                        Nothing -> do
                            dmsg $ "sockaddr(" ++ show addr ++ ") not in session map(" ++ show (map (second ncSessionId) (Map.assocs sessionsmap)) ++ "), so freshCryptoSession"
                            freshCryptoSession sessions addr newsession timestamp hp -- create new session
                        Just session -> do
                            dmsg "sockaddr ALREADY in session map, so updateCryptoSession"
                            updateCryptoSession sessions addr (ncSessionSecret session) timestamp hp session hshake -- update existing session
            launchThreads
            forM myhandshake $ \response_handshake -> do
                sendHandshake sessions addr response_handshake
            return ()
    return Nothing

sessionPacketH :: NetCryptoSessions -> SockAddr -> CryptoPacket Encrypted -> IO (Maybe (x -> x))
sessionPacketH sessions addrRaw (CryptoPacket nonce16 encrypted) = do
    let addr = either id id $ either4or6 addrRaw
    dput XNetCrypto ("RECIEVED CRYPTOPACKET from " ++ show addr)
    let crypto = transportCrypto sessions
        allsessions = netCryptoSessions sessions
    sessionsmap <- atomically $ readTVar allsessions
    -- Handle Encrypted Message
    case Map.lookup addr sessionsmap of
        Nothing -> do
            dput XNetCrypto "Dropping packet.. no session"
            return Nothing -- drop packet, we have no session
        Just session@(NCrypto { ncIncomingTypeArray, ncState, ncPacketQueue, ncHooks,
                                ncSessionSecret, ncTheirSessionPublic, ncTheirBaseNonce,
                                ncPingMachine}) -> do
         mbTheirBaseNonce <- atomically $ readTVar ncTheirBaseNonce
         case mbTheirBaseNonce of
          NeedHandshake -> dput XNetCrypto "CryptoPacket recieved, but we still dont have their base nonce?" >> return Nothing
          HaveHandshake theirBaseNonce -> do
            -- Try to decrypt message
            let diff :: Word16
                diff      = nonce16 - (last2Bytes theirBaseNonce) -- truncating to Word16
                tempNonce = addtoNonce24 theirBaseNonce (fromIntegral diff)    -- expanding to Word
            mbpublickey <- atomically (readTVar ncTheirSessionPublic)
            lr <- fmap join $ sequence $ do -- Either Monad --
                        pubkey <- maybeToEither mbpublickey
                        Right $ do -- IO Monad
                        dput XNetCrypto $ "(NetCrypto)sessionPacketH: pubkey =  " ++ show (key2id $ pubkey)
                        dput XNetCrypto $ "(NetCrypto)sessionPacketH: theirBaseNonce =  " ++ show theirBaseNonce
                        dput XNetCrypto $ "(NetCrypto)sessionPacketH: tempNonce =  " ++ show tempNonce
                                       ++ " nonce16=" ++ printf "0x%x" nonce16 ++ " last2bytes =" ++ printf "0x%x" (last2Bytes theirBaseNonce)
                        dput XNetCrypto $ "(NetCrypto)sessionPacketH: mySession public=" ++ show (key2id $ toPublic ncSessionSecret)
                        dput XNetCrypto $ "(NetCrypto)sessionPacketH: theirSession public=" ++ show (key2id $ pubkey)
                        secret <- lookupSharedSecret crypto ncSessionSecret pubkey tempNonce
                        let step1 = decrypt secret encrypted
                        case step1 of
                            Left s -> do
                                dput XNetCrypto $ "(NetCrypto)sessionPacketH: (decrypt) " ++ s
                                return (Left s)
                            Right pln -> do
                                case decodePlain pln of
                                    Left s -> do
                                        dput XNetCrypto $ "(NetCrypto)sessionPacketH: (decodePlain) " ++ s
                                        return (Left s)
                                    Right x -> return (Right x)
            case lr of
                Left s -> do
                    dput XNetCrypto $ "(NetCrypto)sessionPacketH: " ++ s
                    return Nothing -- decryption failed, ignore packet
                Right cd@(CryptoData {bufferStart, bufferEnd, bufferData=cm}) -> do -- decryption succeeded,
                    -- TODO: Why do I need bufferStart & bufferEnd?
                    --
                    --   buffer_start = highest packet number handled + 1
                    --                , recvbuffers buffer_start
                    --
                    --   bufferEnd = sendbuffer buffer_end if lossy, otherwise packet number
                    -- update ncTheirBaseNonce if necessary
                    when (diff > 2 * dATA_NUM_THRESHOLD)$
                        atomically $ do
                            HaveHandshake y <- readTVar ncTheirBaseNonce
                            let x = addtoNonce24 y (fromIntegral dATA_NUM_THRESHOLD)
                            trace ("nonce y(" ++ show y ++ ") + " ++ show (fromIntegral dATA_NUM_THRESHOLD)
                                    ++ " = " ++ show x) (return ())
                            writeTVar ncTheirBaseNonce (HaveHandshake y)
                    -- then set session confirmed,
                    atomically $ writeTVar ncState {-Confirmed-}Established
                    -- bump ping machine
                    case ncPingMachine of
                        Just pingMachine -> pingBump pingMachine
                        Nothing -> return ()
                    msgTypes <- atomically $ readTVar ncIncomingTypeArray
                    let msgTyp = cd ^. messageType
                        msgTypMapped64 = msgTypes A.! fromEnum8 (msgID cm)
                        msgTypMapped = fromWord64 $ msgTypMapped64
                        isLossy (GrpMsg KnownLossy _) = True
                        isLossy (Msg mid) | lossyness mid == Lossy = True
                        isLossy _ = False
                    if isLossy msgTypMapped
                        then do dput XNetCrypto "enqueue ncPacketQueue Lossy"
                                atomically $ PQ.observeOutOfBand ncPacketQueue bufferEnd
                                runCryptoHook session (bufferData cd)
                        else do dput XNetCrypto "enqueue ncPacketQueue Lossless"
                                atomically $ PQ.enqueue ncPacketQueue bufferEnd cd
                                return Nothing
    where
        last2Bytes :: Nonce24 -> Word16
        last2Bytes (Nonce24 bs) = case S.decode (B.drop 22 bs) of
                                    Right n -> n -- trace ("byteSwap16 " ++ printf "0x%x" n ++ " = " ++ printf "0x%x" (byteSwap16 n)) $ byteSwap16 n
                                    _ -> error "unreachable-last2Bytes"
        dATA_NUM_THRESHOLD = 21845 -- = 65535 / 3

runCryptoHook :: NetCryptoSession -> CryptoMessage -> IO (Maybe (x -> x))
runCryptoHook session@(NCrypto {ncState, ncHooks,ncSessionSecret,ncTheirSessionPublic,ncTheirBaseNonce,ncIncomingTypeArray})
              cm {-cd@(CryptoData {bufferStart, bufferEnd, bufferData=cm})-} = do
    hookmap <- atomically $ readTVar ncHooks
    -- run hook
    flip fix (cm,hookmap) $ \lookupAgain (cm,hookmap) -> do
        msgTypes <- atomically $ readTVar ncIncomingTypeArray
        let msgTyp = cm ^. messageType
            msgTypMapped64 = msgTypes A.! fromEnum8 (msgID cm)
            msgTypMapped = fromWord64 $ msgTypMapped64
        if msgTypMapped64 == 0
         then return Nothing
         else
           case Map.lookup msgTypMapped hookmap of
                Nothing -> do -- no recognizing hook, run ncUnrecognizedHook0, loopAgain on result
                             unrecognize <- atomically $ readTVar (ncUnrecognizedHook session)
                             mbConsume <- unrecognize msgTypMapped session cm
                             case mbConsume of
                                Just f -> do
                                           -- ncUnrecognizedHook0 may have updated the hookmap
                                           hookmap' <- atomically $ readTVar ncHooks
                                           lookupAgain (f cm,hookmap')
                                Nothing -> return Nothing
                Just hooks -> flip fix (hooks,cm,msgTypMapped) $ \loop (hooks,cm,typ) -> do
                                let _ = cm :: CryptoMessage
                                case (hooks,cm) of
                                    ([],_) ->  return Nothing
                                    (hook:more,cd) -> do
                                        r <- hook session cm :: IO (Maybe (CryptoMessage -> CryptoMessage))
                                        case r of
                                            Just f -> let newcd = f cd
                                                          newtyp = newcd ^. messageType
                                                          in if newtyp == typ then loop (more,newcd,newtyp)
                                                                              else lookupAgain (newcd,hookmap)
                                            Nothing -> return Nothing -- message consumed

-- | construct a 'MsgTypeArray' for specified types, using their known common positions
--   in the MessageId space if they have such a thing.
mkMsgTypes :: [MessageType] -> MsgTypeArray
mkMsgTypes msgs = let zeros = A.listArray (0,255) (replicate 256 0)
                      in zeros A.// map (\x -> (toIndex x,toWord64 x)) msgs
    where
        toIndex (Msg mid) = fromIntegral . fromEnum  $ mid
        toIndex (GrpMsg KnownLossless nam) = 0x63 -- fromEnum MESSAGE_GROUPCHAT
        toIndex (GrpMsg KnownLossy    nam) = 0xC7 -- fromEnum LOSSY_GROUPCHAT

-- | Handle all Tox messages that this code base is aware of.
--   The first parameter is a function which is applied to get the values
--   for keys of unknown nature. Could be either 'id' or 'const 0'
allMsgTypes :: (Word64 -> Word64) -> MsgTypeArray
allMsgTypes fDefault = A.listArray (minBound,maxBound) (0:knownMsgs)
  where
    knownMsgs :: [Word64]
    knownMsgs =
      concat [ map (fromIntegral . fromEnum) [ PacketRequest .. KillPacket ]
             , map (const 0)                 [ 3 .. 15 ]  -- UnspecifiedPacket
             , map (const 0)                 [ 16 .. 23 ] -- MessengerLoseless
             , map (fromIntegral . fromEnum) [ ONLINE .. OFFLINE ]
             , map (const 0)                 [ 26 .. 47 ] -- MessengerLoseless
             , map (fromIntegral . fromEnum) [ NICKNAME .. TYPING ]
             , map (const 0)                 [ 52 .. 63 ] -- MessengerLoseless
             , map (fromIntegral . fromEnum) [ MESSAGE .. ACTION ]
             , map (const 0)                 [ 66 .. 68 ] -- MessengerLoseless
             , map (fromIntegral . fromEnum) [ MSI ]
             , map (const 0)                 [ 70 .. 79 ] -- MessengerLoseless
             , map (fromIntegral . fromEnum) [ FILE_SENDREQUEST .. FILE_DATA ]
             , map (const 0)                 [ 83 .. 95 ] -- MessengerLoseless
             , map (fromIntegral . fromEnum) [ INVITE_GROUPCHAT .. MESSAGE_GROUPCHAT ]
             , map (const 0)                 [ 100 .. 191 ] -- MessengerLoseless
             , map (const 0)                 [ 192 .. 198 ] -- MessengerLossy
             , map (fromIntegral . fromEnum) [ LOSSY_GROUPCHAT ]
             , map (const 0)                 [ 200 .. 255 ] -- All lossy, exept the last
             ]

sendCrypto :: TransportCrypto -> NetCryptoSession -> (STM ()) -> CryptoMessage -> IO (Either String ())
sendCrypto crypto session updateLocal cm = do
    HaveHandshake outq <- atomically $ readTVar (ncOutgoingQueue session)
    -- XXX: potential race? if shared secret comes out of sync with cache?
    dput XNetCrypto "sendCrypto: enter "
    getOutGoingParam <- PQ.readyOutGoing outq
    dput XNetCrypto "sendCrypto: got the io extra stuff"
    atomically $ do
        result <- PQ.tryAppendQueueOutgoing getOutGoingParam outq cm
        case result of
            PQ.OGSuccess    -> updateLocal >> return (Right())
            PQ.OGFull       -> return (Left "Outgoing packet buffer is full")
            PQ.OGEncodeFail -> return (Left "Failed to encode outgoing packet")

sendOnline :: TransportCrypto -> NetCryptoSession -> IO (Either String ())
sendOnline crypto session = do
    let cm=OneByte ONLINE
    addMsgToLastN False (cm ^. messageType) session (Out cm)
    sendCrypto crypto session (return ()) (OneByte ONLINE)

sendOffline :: TransportCrypto -> NetCryptoSession -> IO (Either String ())
sendOffline crypto session = do
    let cm=OneByte OFFLINE
    addMsgToLastN False (cm ^. messageType) session (Out cm)
    sendCrypto crypto session (return ()) (OneByte OFFLINE)


sendKill :: TransportCrypto -> NetCryptoSession -> IO (Either String ())
sendKill crypto session = do
    let cm=OneByte KillPacket
    addMsgToLastN False (cm ^. messageType) session (Out cm)
    sendCrypto crypto session (return ()) cm

setNick :: TransportCrypto -> NetCryptoSession -> ByteString -> IO (Either String ())
setNick crypto session nick = do
    let Just (_,maxlen) = msgSizeParam NICKNAME
    if B.length nick > maxlen
     then return (Left $ "nickname must not exceed " ++ show maxlen ++ " bytes.")
     else do
        let updateLocal = do
                let viewVar = ncView session
                view <- readTVar viewVar
                writeTVar (svNick view) nick
        let cm = UpToN NICKNAME nick
        addMsgToLastN False (cm ^. messageType) session (Out cm)
        sendCrypto crypto session updateLocal cm

setTyping :: TransportCrypto -> NetCryptoSession -> TypingStatus -> IO (Either String ())
setTyping crypto session status = do
   let updateLocal = do
        view <- readTVar (ncView session)
        writeTVar (svTyping view) status
   let cm = TwoByte TYPING (fromEnum8 status)
   addMsgToLastN False (cm ^. messageType) session (Out cm)
   sendCrypto crypto session updateLocal cm

setNoSpam :: TransportCrypto -> NetCryptoSession -> Maybe NoSpam -> IO (Either String ())
setNoSpam crypto session mbnospam = do
   let viewVar = ncView session
   atomically $ do
    view <- readTVar viewVar
    writeTVar (svNoSpam view) mbnospam
   return (Right ())

setStatus :: TransportCrypto -> NetCryptoSession -> UserStatus -> IO (Either String ())
setStatus crypto session status = do
   let updateLocal = do
        view <- readTVar (ncView session)
        writeTVar (svStatus view) status
   let cm = TwoByte USERSTATUS (fromEnum8 status)
   addMsgToLastN False (cm ^. messageType) session (Out cm)
   sendCrypto crypto session updateLocal cm

setStatusMsg :: TransportCrypto -> NetCryptoSession -> ByteString -> IO (Either String ())
setStatusMsg crypto session msg = do
    let Just (_,maxlen) = msgSizeParam STATUSMESSAGE
    if B.length msg > maxlen
     then return (Left $ "status message must not exceed " ++ show maxlen ++ " bytes.")
     else do
        let updateLocal = do
                view <- readTVar (ncView session)
                writeTVar (svStatusMsg view) msg
        let cm = UpToN STATUSMESSAGE msg
        addMsgToLastN False (cm ^. messageType) session (Out cm)
        sendCrypto crypto session updateLocal cm

sendChatMsg :: TransportCrypto -> NetCryptoSession -> ByteString -> IO (Either String ())
sendChatMsg crypto session msg = do
    let Just (_,maxlen) = msgSizeParam MESSAGE
    if B.length msg > maxlen
     then return (Left $ "status message must not exceed " ++ show maxlen ++ " bytes.")
     else do
        let updateLocal = do
                view <- readTVar (ncView session)
                writeTVar (svStatusMsg view) msg
        let cm = UpToN MESSAGE msg
        addMsgToLastN False (cm ^. messageType) session (Out cm)
        sendCrypto crypto session updateLocal cm

-- | handles nothings
defaultCryptoDataHooks :: Map.Map MessageType [NetCryptoHook]
defaultCryptoDataHooks
    = Map.fromList
            [ (Msg USERSTATUS,[defaultUserStatusHook])
            , (Msg TYPING,[defaultTypingHook])
            , (Msg NICKNAME, [defaultNicknameHook])
            , (Msg STATUSMESSAGE, [defaultStatusMsgHook])
            ]

defaultUserStatusHook :: NetCryptoSession -> CryptoMessage -> IO (Maybe (CryptoMessage -> CryptoMessage))
defaultUserStatusHook session cm@(TwoByte {msgID=USERSTATUS, msgByte=statusByte}) = do
    let status = toEnum8 statusByte
        viewVar = ncView session
    atomically $ do
        view <- readTVar viewVar
        writeTVar (svTheirStatus view) status
    hookHelper True (Msg USERSTATUS) session cm

defaultTypingHook :: NetCryptoSession -> CryptoMessage -> IO (Maybe (CryptoMessage -> CryptoMessage))
defaultTypingHook session cm@(TwoByte {msgID=TYPING, msgByte=statusByte}) = do
    let status = toEnum8 statusByte
        viewVar = ncView session
    atomically $ do
        view <- readTVar viewVar
        writeTVar (svTheirStatus view) status
    hookHelper True (Msg TYPING) session cm

defaultNicknameHook :: NetCryptoSession -> CryptoMessage -> IO (Maybe (CryptoMessage -> CryptoMessage))
defaultNicknameHook session cm@(UpToN {msgID=NICKNAME, msgBytes=nick}) = do
    let viewVar = ncView session
    atomically $ do
        view <- readTVar viewVar
        writeTVar (svTheirNick view) nick
    hookHelper True (Msg NICKNAME) session cm

defaultStatusMsgHook :: NetCryptoSession -> CryptoMessage -> IO (Maybe (CryptoMessage -> CryptoMessage))
defaultStatusMsgHook session cm@(UpToN {msgID=STATUSMESSAGE, msgBytes=msg}) = do
    let viewVar = ncView session
    atomically $ do
        view <- readTVar viewVar
        writeTVar (svTheirStatusMsg view) msg
    hookHelper True (Msg STATUSMESSAGE) session cm

-- | updates ncLastNMsgs, and sends message to type-0 listeners
defaultUnRecHook :: MessageType -> NetCryptoHook
defaultUnRecHook = hookHelper False

hookHelper :: Bool -> MessageType -> NetCryptoHook
hookHelper _ typ session cm | any ($ typ) [isKillPacket, isOFFLINE] = atomically $ do
    tmchans <- map snd . IntMap.elems <$> readTVar (ncListeners session)
    forM_ tmchans $ \chan -> closeTMChan chan
    return Nothing

hookHelper handledFlg typ  session  cm = do
    addMsgToLastN handledFlg typ session (In cm)
    atomically $ do
        idtmchans <- IntMap.assocs <$> readTVar (ncListeners session)
        mbChans
          <- forM idtmchans $ \(id,(typ,chan)) -> do
                bClosed <- isClosedTMChan chan
                if bClosed
                 then do
                    modifyTVar' (ncListeners session) (IntMap.delete id)
                    return Nothing
                 else return (if typ==0 then Just chan else Nothing)
        forM_ (catMaybes mbChans) $ \chan -> do
            writeTMChan chan cm
    return Nothing

addMsgToLastN :: Bool -> MessageType -> NetCryptoSession -> InOrOut CryptoMessage -> IO ()
addMsgToLastN handledFlg typ session cm = do
    let lastNQ = ncLastNMsgs session
    atomically $ do
        view <- readTVar (ncView session)
        snapshot <- viewSnapshot view
        num <- CB.getNextSequenceNum lastNQ
        CB.enqueue lastNQ num (handledFlg,(snapshot,cm))


-- | use to add a single hook to a specific session.
addCryptoDataHook1 :: Map.Map MessageType [NetCryptoHook] -> MessageType -> NetCryptoHook -> Map.Map MessageType [NetCryptoHook]
addCryptoDataHook1 mp typ hook = case Map.lookup typ mp of
                                    Nothing -> Map.insert typ [hook] mp
                                    Just hooks -> Map.insert typ (hook:hooks) mp