2dup enddate@ 64>r 2dup startdate@ 64>r
    ticks fuzzedtime# 64+ 64r> 64r>
    64dup 64#-1 64<> IF  fuzzedtime# 64-2* 64+  THEN
    early/late?
    msg( dup IF  <err> ." sig out of date: " ticks .ticks ."  sigdate: "
    >r 2dup startdate@ .ticks 2dup enddate@ .ticks r> <default> cr  THEN ) ;
: verify-sig ( addr u pk -- addr u flag )  >r
    check-date dup 0= IF  drop
	2dup + sigonlysize# - r> ed-verify 0= sig-wrong and
    check-date dup 0= IF  drop +cmd
	2dup + sigonlysize# - r> ed-verify 0= sig-wrong and +sig
	EXIT  THEN
    rdrop ;
: quick-verify-sig ( addr u pk -- addr u flag )  >r
    check-date dup 0= IF  drop
    check-date dup 0= IF  drop +cmd
	2dup + sigonlysize# -
	r@ dup last# >r search-key? r> to last#
	dup 0= IF  nip nip rdrop  EXIT  THEN
	swap .ke-sksig sec@ drop swap 2swap
	ed-quick-verify 0= sig-wrong and
	ed-quick-verify 0= sig-wrong and +sigquick
    THEN
    rdrop ;

: date-sig? ( addr u pk -- addr u flag )
    >r >date r> verify-sig ;
: pk-sig? ( addr u -- addr u' flag )
    dup sigpksize# u< IF  sig-unsigned  EXIT  THEN

: pk@ ( -- pk u )
    my-key? .ke-pk $@ ;
: sk@ ( -- sk u )
    my-key? .ke-sk sec@ ;
: sksig@ ( -- sksig u )
    my-key? .ke-sksig sec@ ;
: .sig ( -- )
    sigdate +date sigdate datesize# type
    +sig sigdate +date sigdate datesize# type
    sig-params ed-sign type keysize emit ;
: .pk ( -- )  pk@ key| type ;
: pk-sig ( addr u -- sig u )
    c:0key c:hash [: .pk .sig ;] $tmp ;

: +sig$ ( addr u -- hostaddr host-u ) [: type .sig ;] $tmp ;
: gen-host ( addr u -- addr' u' )

timer: +desta
timer: +inmove
timer: +next
timer: +reset
timer: +event
timer: +calc
timer: +cryptsu
timer: +sig
timer: +sigquick
timer: +enc
timer: +rec
timer: +send
timer: +wait
timer: +cmd
timer: +dest
timer: +ack

    sigbuf $40 >hash             \ z=hash(r,pk,message)
    sct1 hashtmp 64b>sc25519     \ sct1 is z
    sct2 sk raw>sc25519          \ sct2 is sk
    sct1 sct1 sct2 sc25519*
    sct1 sct1 sct3 sc25519+      \ s=z*sk+k
    sigbuf $20 + sct1 sc25519>32b
    clean-ed25519 sigbuf $40 ;   \ r,s

UValue no-ed-check?
0 to no-ed-check?

: ed-check? { sig pk -- flag }
    \G check a message: the keccak state contains the hash of the message.
    \G The unpacked pk is in get0, so this word can be used for batch checking.
    \G sig and pk need to be aligned properly, ed-verify does that alignment
    no-ed-check? IF  true  EXIT  THEN
    sig hashtmp $20 move  pk hashtmp $20 + $20 move
    hashtmp $40 c:shorthash hashtmp $40 c:hash@ \ z=hash(r+pk+message)
    sct2 hashtmp 64b>sc25519       \ sct2 is z
    sct3 sig $20 + raw>sc25519     \ sct3 is s
    get1 get0 sct2 sct3 ge25519*+  \ base*s-pk*z
    sigbuf $40 + get1 ge25519-pack \ =r
    sig sigbuf $40 + 32b= ;

Variable key-version
: key-version$ "1" ;
key-version$ evaluate Constant key-version#

: new-pet? ( addr u -- addr u flag )
    0 ke-pets[] [: rot >r 2over str= r> or ;] $[]map 0= ;

: ?sk ( addr u -- addr u )
    over keypad sk>pk \ generate pubkey
    keypad ke-pk $@ drop keysize tuck str= 0= !!wrong-key!! ;

scope{ net2o-base

cmd-table $@ inherit-table key-entry-table
\g 
\g ### key storage commands ###
\g
$2 net2o: slit ( #lit -- ) \g deprecated slit version
    p@ key-version @ 0= IF  zz>n save-keys-again on  ELSE  64invert  THEN ;
$F net2o: kversion ( $:string -- ) \g key version
    $> s>unumber? IF  drop  ELSE  2drop 0  THEN  dup key-version !
    key-version# u< save-keys-again or! ;
$11 net2o: privkey ( $:string -- )
    \g private key
    \ does not need to be signed, the secret key verifies itself
    !!unsigned? $40 !!>=order?
    keypack c@ $F and ke-pwlevel !
    $> over keypad sk>pk \ generate pubkey
    $> ?sk ke-sk sec! +seckey
    keypad ke-pk $@ drop keysize tuck str= 0= !!wrong-key!!
    ke-sk sec! +seckey "\0" ke-groups $! 0 groups[] $[]@ drop @ ke-mask ! ;
    "\0" ke-groups $! 0 groups[] $[]@ drop @ ke-mask ! ;
+net2o: keytype ( n -- )           !!signed?   1 !!>order? 64>n ke-type ! ;
    \g key type (0: anon, 1: user, 2: group)
+net2o: keynick ( $:string -- )    !!signed?   2 !!>order? $> ke-nick $!
    \g key nick
    nick! ;
+net2o: keyprofile ( $:string -- ) !!signed?   4 !!>order? $> ke-prof $! ;
    \g key profile (hash of a resource)

\ read key file

: try-decrypt-key ( key u1 -- addr u2 flag )
    keypack keypack-d keypack-all# move
    keypack-d keypack-all# 2swap
    dup $20 = IF  decrypt$  ELSE
	keypack c@ $F and config:pw-maxlevel# @ <=
	IF  decrypt-pw$  ELSE  2drop false  THEN
	IF  +cmd decrypt-pw$ +cryptsu  ELSE  2drop false  THEN
    THEN ;

: try-decrypt ( flag -- addr u / 0 0 ) { flag }
    keys $[]# 0 ?DO
	I keys sec[]@ dup keysize = flag xor IF
	    try-decrypt-key IF
		I keys $[] @ dup >storekey ! defaultkey !

: read-key-loop ( -- )
    import#self import-type !  secret-keys# >r
    ?key-sfd read-keys-loop
    secret-keys# r> = IF  migrate-key-loop  THEN
    save-keys-again @ IF  save-seckeys      THEN ;
: read-pkey-loop ( -- )
    lastkey@ drop defaultkey ! \ at least one default key available
    true to no-ed-check?
    -1 config:pw-level#
    [: import#new import-type !
    [: import#new import-type !  ?key-pfd read-keys-loop
      ?key-pfd read-keys-loop
      save-keys-again @ IF  save-keys  THEN ;] !wrapper ;
	save-keys-again @ IF  save-keys  THEN ;] !wrapper
    false to no-ed-check? ;

: read-keys ( -- )
    read-key-loop read-pkey-loop import#new import-type ! ;

: read-pk2key$ ( addr u -- )
    \g read a nested key into sample-key
    sample-key >o c-state off  sim-nick! on

    ?dup-IF  <err> ." error: " error$ type cr <default>  THEN ;

}scope

: start-n2o ( -- )
    [IFDEF] cov+ load-cov [THEN]
    cmd-args ++debug %droprate %droprate \ read in all debugging stuff
    profile( init-timer )
    argc @ 1 > IF next-cmd ELSE n2o:help THEN
    [IFDEF] cov+ save-cov annotate-cov cov% [THEN]
    profile( .times )
    n2o:bye ;

' start-n2o is process-args