// SPDX-License-Identifier: LGPL-2.1+

/*

 * Copyright (C) 2018 Red Hat, Inc.

 */

#ifndef __NM_SECRET_UTILS_H__

#define __NM_SECRET_UTILS_H__

#include "nm-macros-internal.h"

/*****************************************************************************/

void nm_explicit_bzero (void *s, gsize n);

/*****************************************************************************/

char *nm_secret_strchomp (char *secret);

/*****************************************************************************/

void nm_free_secret (char *secret);

NM_AUTO_DEFINE_FCN0 (char *, _nm_auto_free_secret, nm_free_secret)

/**

 * nm_auto_free_secret:

 *

 * Call g_free() on a variable location when it goes out of scope.

 * Also, previously, calls memset(loc, 0, strlen(loc)) to clear out

 * the secret.

 */

#define nm_auto_free_secret nm_auto(_nm_auto_free_secret)

/*****************************************************************************/

GBytes *nm_secret_copy_to_gbytes (gconstpointer mem, gsize mem_len);

/*****************************************************************************/

/* NMSecretPtr is a pair of malloc'ed data pointer and the length of the

 * data. The purpose is to use it in combination with nm_auto_clear_secret_ptr

 * which ensures that the data pointer (with all len bytes) is cleared upon

 * cleanup. */

typedef struct {

	gsize len;

	/* the data pointer. This pointer must be allocated with malloc (at least

	 * when used with nm_secret_ptr_clear()). */

	union {

		char *str;

		void *ptr;

		guint8 *bin;

	};

} NMSecretPtr;

static inline void

nm_secret_ptr_bzero (NMSecretPtr *secret)

{

	if (secret) {

		if (secret->len > 0) {

			if (secret->ptr)

				nm_explicit_bzero (secret->ptr, secret->len);

		}

	}

}

#define nm_auto_bzero_secret_ptr nm_auto(nm_secret_ptr_bzero)

static inline void

nm_secret_ptr_clear (NMSecretPtr *secret)

{

	if (secret) {

		if (secret->len > 0) {

			if (secret->ptr)

				nm_explicit_bzero (secret->ptr, secret->len);

			secret->len = 0;

		}

		nm_clear_g_free (&secret->ptr);

	}

}

#define nm_auto_clear_secret_ptr nm_auto(nm_secret_ptr_clear)

#define NM_SECRET_PTR_INIT() \

	((const NMSecretPtr) { \

		.len = 0, \

		.ptr = NULL, \

	})

#define NM_SECRET_PTR_STATIC(_len) \

	((const NMSecretPtr) { \

		.len = _len, \

		.ptr = ((guint8 [_len]) { }), \

	})

#define NM_SECRET_PTR_ARRAY(_arr) \

	((const NMSecretPtr) { \

		.len = G_N_ELEMENTS (_arr) * sizeof ((_arr)[0]), \

		.ptr = &((_arr)[0]), \

	})

static inline void

nm_secret_ptr_clear_static (const NMSecretPtr *secret)

{

	if (secret) {

		if (secret->len > 0) {

			nm_assert (secret->ptr);

			nm_explicit_bzero (secret->ptr, secret->len);

		}

	}

}

#define nm_auto_clear_static_secret_ptr nm_auto(nm_secret_ptr_clear_static)

static inline void

nm_secret_ptr_move (NMSecretPtr *dst, NMSecretPtr *src)

{

	if (dst && dst != src) {

		*dst = *src;

		src->len = 0;

		src->ptr = NULL;

	}

}

/*****************************************************************************/

typedef struct {

	const gsize len;

	union {

		char str[0];

		guint8 bin[0];

	};

} NMSecretBuf;

static inline void

_nm_auto_free_secret_buf (NMSecretBuf **ptr)

{

	NMSecretBuf *b = *ptr;

	if (b) {

		nm_assert (b->len > 0);

		nm_explicit_bzero (b->bin, b->len);

		g_free (b);

	}

}

#define nm_auto_free_secret_buf nm_auto(_nm_auto_free_secret_buf)

NMSecretBuf *nm_secret_buf_new (gsize len);

GBytes *nm_secret_buf_to_gbytes_take (NMSecretBuf *secret, gssize actual_len);

/*****************************************************************************/

gboolean nm_utils_memeqzero_secret (gconstpointer data, gsize length);

/*****************************************************************************/

/**

 * nm_secret_mem_realloc:

 * @m_old: the current buffer of length @cur_len.

 * @do_bzero_mem: if %TRUE, bzero the old buffer

 * @cur_len: the current buffer length of @m_old. It is necessary for bzero.

 * @new_len: the desired new length

 *

 * If @do_bzero_mem is false, this is like g_realloc().

 * Otherwise, this will allocate a new buffer of the desired size, copy over the

 * old data, and bzero the old buffer before freeing it. As such, it also behaves

 * similar to g_realloc(), with the overhead of nm_explicit_bzero() and using

 * malloc/free intead of realloc().

 *

 * Returns: the new allocated buffer. Think of it behaving like g_realloc().

 */

static inline gpointer

nm_secret_mem_realloc (gpointer m_old, gboolean do_bzero_mem, gsize cur_len, gsize new_len)

{

	gpointer m_new;

	nm_assert (m_old || cur_len == 0);

	if (   do_bzero_mem

	    && G_LIKELY (cur_len > 0)) {

		m_new = g_malloc (new_len);

		if (G_LIKELY (new_len > 0))

			memcpy (m_new, m_old, NM_MIN (cur_len, new_len));

		nm_explicit_bzero (m_old, cur_len);

		g_free (m_old);

	} else

		m_new = g_realloc (m_old, new_len);

	return m_new;

}

/**

 * nm_secret_mem_try_realloc:

 * @m_old: the current buffer of length @cur_len.

 * @do_bzero_mem: if %TRUE, bzero the old buffer

 * @cur_len: the current buffer length of @m_old. It is necessary for bzero.

 * @new_len: the desired new length

 *

 * If @do_bzero_mem is false, this is like g_try_realloc().

 * Otherwise, this will try to allocate a new buffer of the desired size, copy over the

 * old data, and bzero the old buffer before freeing it. As such, it also behaves

 * similar to g_try_realloc(), with the overhead of nm_explicit_bzero() and using

 * malloc/free intead of realloc().

 *

 * Returns: the new allocated buffer or NULL. Think of it behaving like g_try_realloc().

 */

static inline gpointer

nm_secret_mem_try_realloc (gpointer m_old, gboolean do_bzero_mem, gsize cur_len, gsize new_len)

{

	gpointer m_new;

	nm_assert (m_old || cur_len == 0);

	if (   do_bzero_mem

	    && G_LIKELY (cur_len > 0)) {

		if (G_UNLIKELY (new_len == 0))

			m_new = NULL;

		else {

			m_new = g_try_malloc (new_len);

			if (!m_new)

				return NULL;

			memcpy (m_new, m_old, NM_MIN (cur_len, new_len));

		}

		nm_explicit_bzero (m_old, cur_len);

		g_free (m_old);

		return m_new;

	}

	return g_try_realloc (m_old, new_len);

}

/**

 * nm_secret_mem_try_realloc_take:

 * @m_old: the current buffer of length @cur_len.

 * @do_bzero_mem: if %TRUE, bzero the old buffer

 * @cur_len: the current buffer length of @m_old. It is necessary for bzero.

 * @new_len: the desired new length

 *

 * This works like nm_secret_mem_try_realloc(), which is not unlike g_try_realloc().

 * The difference is, if we fail to allocate a new buffer, then @m_old will be

 * freed (and possibly cleared). This differs from plain realloc(), where the

 * old buffer is unchanged if the operation fails.

 *

 * Returns: the new allocated buffer or NULL. Think of it behaving like g_try_realloc()

 *   but it will always free @m_old.

 */

static inline gpointer

nm_secret_mem_try_realloc_take (gpointer m_old, gboolean do_bzero_mem, gsize cur_len, gsize new_len)

{

	gpointer m_new;

	nm_assert (m_old || cur_len == 0);

	if (   do_bzero_mem

	    && G_LIKELY (cur_len > 0)) {

		if (G_UNLIKELY (new_len == 0))

			m_new = NULL;

		else {

			m_new = g_try_malloc (new_len);

			if (G_LIKELY (m_new))

				memcpy (m_new, m_old, NM_MIN (cur_len, new_len));

		}

		nm_explicit_bzero (m_old, cur_len);

		g_free (m_old);

		return m_new;

	}

	m_new = g_try_realloc (m_old, new_len);

	if (G_UNLIKELY (!m_new && new_len > 0))

		g_free (m_old);

	return m_new;

}

/*****************************************************************************/

#endif /* __NM_SECRET_UTILS_H__ */