/*
 * Copyright (C) 2017 Red Hat
 * Copyright (C) 1995-2017 Free Software Foundation, Inc.
 * This file is part of the GNU C Library.
 * Contributed by Ulrich Drepper <drepper@gnu.ai.mit.edu>, August 1995.
 *
 * This file is part of GnuTLS.
 *
 * Libgcrypt is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * Libgcrypt is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this program; if not, see <https://www.gnu.org/licenses/>.
 */

#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/types.h>
#include <drbg-aes.h>
#include <fips.h>

#include "gnutls_int.h"
#include "errors.h"
#include <stdlib.h>
#include <rnd-common.h>

#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION

struct r48_rand_data {
	unsigned short int __x[3];	/* Current state.  */
	unsigned short int __old_x[3];	/* Old state.  */
	unsigned short int __c;	/* Additive const. in congruential formula.  */
	unsigned short int __init;	/* Flag for initializing.  */
	__extension__ unsigned long long int __a;	/* Factor in congruential
							   formula.  */
};

#ifdef __clang__
__attribute__((no_sanitize("integer")))
#endif
static int
__r48_rand_iterate(unsigned short int xsubi[3], struct r48_rand_data *buffer)
{
	uint64_t X;
	uint64_t result;

	/* Initialize buffer, if not yet done.  */
	if (unlikely(!buffer->__init)) {
		buffer->__a = 0x5deece66dull;
		buffer->__c = 0xb;
		buffer->__init = 1;
	}

	/* Do the real work.  We choose a data type which contains at least
	   48 bits.  Because we compute the modulus it does not care how
	   many bits really are computed.  */

	X = (uint64_t) xsubi[2] << 32 | (uint32_t) xsubi[1] << 16 | xsubi[0];

	result = X * buffer->__a + buffer->__c;

	xsubi[0] = result & 0xffff;
	xsubi[1] = (result >> 16) & 0xffff;
	xsubi[2] = (result >> 32) & 0xffff;

	return 0;
}

#ifdef __clang__
__attribute__((no_sanitize("integer")))
#elif defined __GNUC__
__attribute__((no_sanitize("shift-base")))
#endif
static int
r48_r(unsigned short int xsubi[3], struct r48_rand_data *buffer,
      long int *result)
{
	/* Compute next state.  */
	if (__r48_rand_iterate(xsubi, buffer) < 0)
		return -1;

	/* Store the result.  */
	*result = (int32_t) ((xsubi[2] << 16) | xsubi[1]);

	return 0;
}

static int r48(struct r48_rand_data *buffer, long int *result)
{
	return r48_r(buffer->__x, buffer, result);
}

/* This is a dummy random generator intended to be reproducible
 * for use in fuzzying targets.
 */

static int _rngfuzz_init(void **_ctx)
{
	*_ctx = calloc(1, sizeof(struct r48_rand_data));

	return 0;
}

static int _rngfuzz_rnd(void *_ctx, int level, void *buffer, size_t length)
{
	struct r48_rand_data *ctx = _ctx;
	uint8_t *p = buffer;
	long r;
	unsigned i;

	memset(ctx, 0, sizeof(*ctx));

	for (i = 0; i < length; i++) {
		r48(ctx, &r);
		p[i] = r;
	}
	return 0;
}

static void _rngfuzz_deinit(void *_ctx)
{
	struct r48_rand_data *ctx = _ctx;

	free(ctx);
}

static void _rngfuzz_refresh(void *_ctx)
{
	/* this is predictable RNG. Don't refresh */
	return;
}

gnutls_crypto_rnd_st _gnutls_fuzz_rnd_ops = {
	.init = _rngfuzz_init,
	.deinit = _rngfuzz_deinit,
	.rnd = _rngfuzz_rnd,
	.rnd_refresh = _rngfuzz_refresh,
	.self_test = NULL,
};

#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */