/*
   GSS-PROXY

   Copyright (C) 2013 Simo Sorce <simo.sorce@redhat.com>

   Permission is hereby granted, free of charge, to any person obtaining a
   copy of this software and associated documentation files (the "Software"),
   to deal in the Software without restriction, including without limitation
   the rights to use, copy, modify, merge, publish, distribute, sublicense,
   and/or sell copies of the Software, and to permit persons to whom the
   Software is furnished to do so, subject to the following conditions:

   The above copyright notice and this permission notice shall be included in
   all copies or substantial portions of the Software.

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
   THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
   DEALINGS IN THE SOFTWARE.
*/

#include "config.h"
#include <errno.h>
#include <string.h>
#include "gp_proxy.h"
#include "gp_crypto.h"
#include <krb5/krb5.h>

#define GP_CRYPTO_ENCTYPE ENCTYPE_AES256_CTS_HMAC_SHA1_96

static krb5_context k5ctx = NULL;

static int init_ctx(krb5_context *ctx)
{
    if (*ctx) return 0;
    return krb5_init_context(ctx);
}

struct gp_crypto_key {
    uint32_t key_id;
    krb5_keyblock key;
};

struct gp_crypto_key *gp_crypto_new_key(void)
{
    struct gp_crypto_key *key = NULL;
    krb5_data rand_id;
    int ret;

    ret = init_ctx(&k5ctx);
    if (ret) {
        goto done;
    }

    key = calloc(1, sizeof(struct gp_crypto_key));
    if (!key) {
        goto done;
    }

    rand_id.length = sizeof(key->key_id);
    rand_id.data = (char *)&key->key_id;
    ret = krb5_c_random_make_octets(k5ctx, &rand_id);
    if (ret) {
        goto done;
    }

    ret = krb5_c_make_random_key(k5ctx, GP_CRYPTO_ENCTYPE, &key->key);

done:
    if (ret && key) {
        krb5_free_keyblock_contents(k5ctx, &key->key);
        safefree(key);
    }
    return key;
}

void gp_crypto_free_key(struct gp_crypto_key **key)
{
    if (!key || !*key) return;

    krb5_free_keyblock_contents(k5ctx, &((*key)->key));
    gp_safe_zero(*key, sizeof(struct gp_crypto_key));
    safefree(*key);
}

int gp_crypto_export_key(struct gp_crypto_key *key, void **buf, size_t *len)
{
    krb5_data data;
    size_t offset;
    uint32_t cp;

    data.length = sizeof(uint32_t) * 3 + key->key.length;
    data.data = calloc(1, data.length);
    if (!data.data) {
        return ENOMEM;
    }

    offset = 0;
    cp = key->key_id;
    memcpy(data.data + offset, &cp, sizeof(uint32_t));

    offset += sizeof(uint32_t);
    cp = key->key.enctype;
    memcpy(data.data + offset, &cp, sizeof(uint32_t));

    offset += sizeof(uint32_t);
    cp = key->key.length;
    memcpy(data.data + offset, &cp, sizeof(uint32_t));

    offset += sizeof(uint32_t);
    memcpy(data.data + offset, key->key.contents, key->key.length);

    *len = data.length;
    *buf = data.data;
    return 0;
}

int gp_crypto_import_key(void *buf, size_t len, struct gp_crypto_key **out)
{
    struct gp_crypto_key *key = NULL;
    char *data = (char *)buf;
    uint32_t key_id;
    uint32_t enctype;
    uint32_t keylen;
    size_t offset;
    int ret;

    if (len < sizeof(uint32_t) * 3) {
        return EINVAL;
    }

    offset = 0;
    memcpy(&key_id, data + offset, sizeof(uint32_t));

    offset += sizeof(uint32_t);
    memcpy(&enctype, data + offset, sizeof(uint32_t));

    offset += sizeof(uint32_t);
    memcpy(&keylen, data + offset, sizeof(uint32_t));

    offset += sizeof(uint32_t);
    if (keylen != len - offset) {
        return EINVAL;
    }

    key = calloc(1, sizeof(struct gp_crypto_key));
    if (!key) {
        return ENOMEM;
    }

    key->key_id = key_id;
    key->key.magic = KV5M_KEYBLOCK;
    key->key.enctype = enctype;
    key->key.length = keylen;

    key->key.contents = malloc(keylen);
    if (!key->key.contents) {
        ret = ENOMEM;
        goto done;
    }
    memcpy(key->key.contents, data + offset, keylen);

    *out = key;
    ret = 0;

done:
    if (ret && key) {
        krb5_free_keyblock_contents(k5ctx, &key->key);
        safefree(key);
    }
    return ret;
}

int gp_crypto_encrypt(struct gp_crypto_key *key,
                      void *plaintext, size_t plainlen,
                      void **ciphertext, size_t *cipherlen)
{
    krb5_data plain = { KV5M_DATA, plainlen, plaintext };
    krb5_enc_data enc_handle = { 0 };
    int ret;

    ret = init_ctx(&k5ctx);
    if (ret) {
        return ret;
    }

    ret = krb5_c_encrypt_length(k5ctx, GP_CRYPTO_ENCTYPE, plain.length,
                                (size_t *)&enc_handle.ciphertext.length);
    if (ret) {
        return EINVAL;
    }

    enc_handle.ciphertext.data = malloc(enc_handle.ciphertext.length);
    if (!enc_handle.ciphertext.data) {
        return ENOMEM;
    }

    ret = krb5_c_encrypt(k5ctx, &key->key,
                         KRB5_KEYUSAGE_APP_DATA_ENCRYPT,
                         NULL, &plain, &enc_handle);
    if (ret) {
        goto done;
    }

    *cipherlen = enc_handle.ciphertext.length;
    *ciphertext = enc_handle.ciphertext.data;
    ret = 0;

done:
    if (ret) safefree(enc_handle.ciphertext.data);
    return ret;
}

int gp_crypto_decrypt(struct gp_crypto_key *key,
                      void *ciphertext, size_t cipherlen,
                      void **plaintext, size_t *plainlen)
{
    krb5_enc_data enc_handle = { KV5M_ENC_DATA, GP_CRYPTO_ENCTYPE, 0,
                                 { KV5M_DATA, cipherlen, ciphertext } };
    krb5_data plain = { KV5M_DATA, cipherlen, NULL };
    int ret;

    plain.data = malloc(cipherlen);
    if (!plain.data) {
        return ENOMEM;
    }

    ret = krb5_c_decrypt(k5ctx, &key->key,
                         KRB5_KEYUSAGE_APP_DATA_ENCRYPT,
                         NULL, &enc_handle, &plain);
    if (ret) {
        goto done;
    }

    *plaintext = plain.data;
    *plainlen = plain.length;
    ret = 0;

done:
    if (ret) safefree(plain.data);
    return ret;
}