/*
 * Copyright (C) 2012 INRIA Paris-Rocquencourt
 *
 * Author: Alfredo Pironti
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

#include "gnutls_int.h"
#include "errors.h"
#include "algorithms.h"
#include "constate.h"
#include "record.h"

static void
_gnutls_set_range(gnutls_range_st * dst, const size_t low,
		  const size_t high)
{
	dst->low = low;
	dst->high = high;
	return;
}

/*
 * Returns how much LH pad we can put in this fragment, given we'll
 * put at least data_length bytes of user data.
 */
static ssize_t
_gnutls_range_max_lh_pad(gnutls_session_t session, ssize_t data_length,
			 ssize_t max_frag)
{
	int ret;
	ssize_t max_pad;
	unsigned int fixed_pad;
	record_parameters_st *record_params;
	ssize_t this_pad;
	ssize_t block_size;
	ssize_t tag_size, overflow;
	const version_entry_st *vers = get_version(session);

	if (unlikely(vers == NULL))
		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);

	ret =
	    _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
			      &record_params);
	if (ret < 0) {
		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
	}

	if (!vers->tls13_sem && record_params->write.is_aead) /* not yet ready */
		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);

	if (vers->tls13_sem) {
		max_pad = max_record_send_size(session, record_params);
		fixed_pad = 2;
	} else {
		max_pad = MAX_PAD_SIZE;
		fixed_pad = 1;
	}

	this_pad = MIN(max_pad, max_frag - data_length);

	block_size = _gnutls_cipher_get_block_size(record_params->cipher);
	tag_size =
	    _gnutls_auth_cipher_tag_len(&record_params->write.
					ctx.tls12);
	switch (_gnutls_cipher_type(record_params->cipher)) {
	case CIPHER_AEAD:
	case CIPHER_STREAM:
		return this_pad;

	case CIPHER_BLOCK:
		overflow =
		    (data_length + this_pad + tag_size +
		     fixed_pad) % block_size;
		if (overflow > this_pad) {
			return this_pad;
		} else {
			return this_pad - overflow;
		}
	default:
		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
	}
}

/**
 * gnutls_record_can_use_length_hiding:
 * @session: is a #gnutls_session_t type.
 *
 * If the session supports length-hiding padding, you can
 * invoke gnutls_record_send_range() to send a message whose
 * length is hidden in the given range. If the session does not
 * support length hiding padding, you can use the standard
 * gnutls_record_send() function, or gnutls_record_send_range()
 * making sure that the range is the same as the length of the
 * message you are trying to send.
 *
 * Returns: true (1) if the current session supports length-hiding
 * padding, false (0) if the current session does not.
 **/
unsigned gnutls_record_can_use_length_hiding(gnutls_session_t session)
{
	int ret;
	record_parameters_st *record_params;
	const version_entry_st *vers = get_version(session);

	if (unlikely(vers == NULL))
		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);

	if (vers->tls13_sem)
		return 1;

#ifdef ENABLE_SSL3
	if (vers->id == GNUTLS_SSL3)
		return 0;
#endif

	ret =
	    _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
			      &record_params);
	if (ret < 0) {
		return 0;
	}

	switch (_gnutls_cipher_type(record_params->cipher)) {
	case CIPHER_BLOCK:
		return 1;
	case CIPHER_STREAM:
	case CIPHER_AEAD:
	default:
		return 0;
	}
}

/**
 * gnutls_range_split:
 * @session: is a #gnutls_session_t type
 * @orig: is the original range provided by the user
 * @next: is the returned range that can be conveyed in a TLS record
 * @remainder: is the returned remaining range
 *
 * This function should be used when it is required to hide the length
 * of very long data that cannot be directly provided to gnutls_record_send_range().
 * In that case this function should be called with the desired length
 * hiding range in @orig. The returned @next value should then be used in
 * the next call to gnutls_record_send_range() with the partial data.
 * That process should be repeated until @remainder is (0,0).
 *
 * Returns: 0 in case splitting succeeds, non zero in case of error.
 * Note that @orig is not changed, while the values of @next
 * and @remainder are modified to store the resulting values.
 */
int
gnutls_range_split(gnutls_session_t session,
		   const gnutls_range_st * orig,
		   gnutls_range_st * next, gnutls_range_st * remainder)
{
	int ret;
	ssize_t max_frag;
	ssize_t orig_low = (ssize_t) orig->low;
	ssize_t orig_high = (ssize_t) orig->high;
	record_parameters_st *record_params;

	ret =
	    _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
			      &record_params);
	if (ret < 0)
		return gnutls_assert_val(ret);

	max_frag = max_record_send_size(session, record_params);

	if (orig_high == orig_low) {
		int length = MIN(orig_high, max_frag);
		int rem = orig_high - length;
		_gnutls_set_range(next, length, length);
		_gnutls_set_range(remainder, rem, rem);

		return 0;
	} else {
		if (orig_low >= max_frag) {
			_gnutls_set_range(next, max_frag, max_frag);
			_gnutls_set_range(remainder, orig_low - max_frag,
					  orig_high - max_frag);
		} else {
			ret =
			    _gnutls_range_max_lh_pad(session, orig_low,
						     max_frag);
			if (ret < 0)
				return gnutls_assert_val(ret);

			ssize_t this_pad = MIN(ret, orig_high - orig_low);

			_gnutls_set_range(next, orig_low,
					  orig_low + this_pad);
			_gnutls_set_range(remainder, 0,
					  orig_high - (orig_low +
						       this_pad));
		}

		return 0;
	}
}

static size_t
_gnutls_range_fragment(size_t data_size, gnutls_range_st cur,
		       gnutls_range_st next)
{
	return MIN(cur.high, data_size - next.low);
}

/**
 * gnutls_record_send_range:
 * @session: is a #gnutls_session_t type.
 * @data: contains the data to send.
 * @data_size: is the length of the data.
 * @range: is the range of lengths in which the real data length must be hidden.
 *
 * This function operates like gnutls_record_send() but, while
 * gnutls_record_send() adds minimal padding to each TLS record,
 * this function uses the TLS extra-padding feature to conceal the real
 * data size within the range of lengths provided.
 * Some TLS sessions do not support extra padding (e.g. stream ciphers in standard
 * TLS or SSL3 sessions). To know whether the current session supports extra
 * padding, and hence length hiding, use the gnutls_record_can_use_length_hiding()
 * function.
 *
 * Note: This function currently is limited to blocking sockets.
 *
 * Returns: The number of bytes sent (that is data_size in a successful invocation),
 * or a negative error code.
 **/
ssize_t
gnutls_record_send_range(gnutls_session_t session, const void *data,
			 size_t data_size, const gnutls_range_st * range)
{
	size_t sent = 0;
	size_t next_fragment_length;
	ssize_t ret;
	gnutls_range_st cur_range, next_range;

	/* sanity check on range and data size */
	if (range->low > range->high ||
	    data_size < range->low || data_size > range->high) {
		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
	}

	ret = gnutls_record_can_use_length_hiding(session);
	if (ret == 0)
		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

	_gnutls_set_range(&cur_range, range->low, range->high);

	_gnutls_record_log
	    ("RANGE: Preparing message with size %d, range (%d,%d)\n",
	     (int) data_size, (int) range->low, (int) range->high);

	while (cur_range.high != 0) {
		ret =
		    gnutls_range_split(session, &cur_range, &cur_range,
				       &next_range);
		if (ret < 0) {
			return ret;	/* already gnutls_assert_val'd */
		}

		next_fragment_length =
		    _gnutls_range_fragment(data_size, cur_range,
					   next_range);

		_gnutls_record_log
		    ("RANGE: Next fragment size: %d (%d,%d); remaining range: (%d,%d)\n",
		     (int) next_fragment_length, (int) cur_range.low,
		     (int) cur_range.high, (int) next_range.low,
		     (int) next_range.high);

		ret =
		    _gnutls_send_tlen_int(session, GNUTLS_APPLICATION_DATA,
					  -1, EPOCH_WRITE_CURRENT,
					  &(((char *) data)[sent]),
					  next_fragment_length,
					  cur_range.high -
					  next_fragment_length,
					  MBUFFER_FLUSH);

		while (ret == GNUTLS_E_AGAIN
		       || ret == GNUTLS_E_INTERRUPTED) {
			ret =
			    _gnutls_send_tlen_int(session,
						  GNUTLS_APPLICATION_DATA,
						  -1, EPOCH_WRITE_CURRENT,
						  NULL, 0, 0,
						  MBUFFER_FLUSH);
		}

		if (ret < 0) {
			return gnutls_assert_val(ret);
		}
		if (ret != (ssize_t) next_fragment_length) {
			_gnutls_record_log
			    ("RANGE: ERROR: ret = %d; next_fragment_length = %d\n",
			     (int) ret, (int) next_fragment_length);
			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
		}
		sent += next_fragment_length;
		data_size -= next_fragment_length;
		_gnutls_set_range(&cur_range, next_range.low,
				  next_range.high);
	}

	return sent;
}