/* local.h: kernel signature checker internal defs
 *
 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 * - Derived from GnuPG packet.h - packet definitions
 *   - Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
 *
 * GnuPG is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * GnuPG is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

#include <linux/list.h>
#include <linux/crypto.h>
#include <linux/crypto/ksign.h>
#include <linux/crypto/mpi.h>
#include <asm/atomic.h>

#define SHA1_DIGEST_SIZE	20

#define PUBKEY_USAGE_SIG	1	    /* key is good for signatures */
#define PUBKEY_USAGE_ENC	2	    /* key is good for encryption */

#define PUBKEY_ALGO_DSA		17
#define DSA_NPKEY		4	/* number of MPI's in DSA public key */
#define DSA_NSIG		2	/* number of MPI's in DSA signature */

#define DIGEST_ALGO_SHA1	2

typedef enum {
	PKT_NONE			= 0,
	PKT_SIGNATURE			= 2,	/* secret key encrypted packet */
	PKT_PUBLIC_KEY			= 6,	/* public key */
	PKT_USER_ID			= 13,	/* user id packet */
} pkttype_t;

typedef enum {
	SIGSUBPKT_TEST_CRITICAL		= -3,
	SIGSUBPKT_NONE			= 0,
	SIGSUBPKT_SIG_CREATED		= 2,	/* signature creation time */
	SIGSUBPKT_SIG_EXPIRE		= 3,	/* signature expiration time */
	SIGSUBPKT_EXPORTABLE		= 4,	/* exportable */
	SIGSUBPKT_TRUST			= 5,	/* trust signature */
	SIGSUBPKT_REGEXP		= 6,	/* regular expression */
	SIGSUBPKT_REVOCABLE		= 7,	/* revocable */
	SIGSUBPKT_KEY_EXPIRE		= 9,	/* key expiration time */
	SIGSUBPKT_ARR			= 10,	/* additional recipient request */
	SIGSUBPKT_PREF_SYM		= 11,	/* preferred symmetric algorithms */
	SIGSUBPKT_REV_KEY		= 12,	/* revocation key */
	SIGSUBPKT_ISSUER		= 16,	/* issuer key ID */
	SIGSUBPKT_NOTATION		= 20,	/* notation data */
	SIGSUBPKT_PREF_HASH		= 21,	/* preferred hash algorithms */
	SIGSUBPKT_PREF_COMPR		= 22,	/* preferred compression algorithms */
	SIGSUBPKT_KS_FLAGS		= 23,	/* key server preferences */
	SIGSUBPKT_PREF_KS		= 24,	/* preferred key server */
	SIGSUBPKT_PRIMARY_UID		= 25,	/* primary user id */
	SIGSUBPKT_POLICY		= 26,	/* policy URL */
	SIGSUBPKT_KEY_FLAGS		= 27,	/* key flags */
	SIGSUBPKT_SIGNERS_UID		= 28,	/* signer's user id */
	SIGSUBPKT_REVOC_REASON		= 29,	/* reason for revocation */
	SIGSUBPKT_PRIV_VERIFY_CACHE	= 101,	/* cache verification result */

	SIGSUBPKT_FLAG_CRITICAL		= 128
} sigsubpkttype_t;

/*
 * signature record
 */
struct ksign_signature
{
	uint32_t	keyid[2];		/* 64 bit keyid */
	time_t		timestamp;		/* signature made */
	uint8_t		version;
	uint8_t		sig_class;		/* sig classification, append for MD calculation*/
	uint8_t		*hashed_data;		/* all subpackets with hashed  data (v4 only) */
	uint8_t		*unhashed_data;		/* ditto for unhashed data */
	uint8_t		digest_start[2];	/* first 2 uint8_ts of the digest */
	MPI		data[DSA_NSIG];
};

extern void ksign_free_signature(struct ksign_signature *sig);

/*
 * public key record
 */
struct ksign_public_key
{
	struct list_head link;
	atomic_t	count;			/* ref count */
	time_t		timestamp;		/* key made */
	time_t		expiredate;		/* expires at this date or 0 if not at all */
	uint8_t		hdrbytes;		/* number of header bytes */
	uint8_t		version;
	int		is_valid;		/* key (especially subkey) is valid */
	unsigned long	local_id;		/* internal use, valid if > 0 */
	uint32_t	main_keyid[2];		/* keyid of the primary key */
	uint32_t	keyid[2];		/* calculated by keyid_from_pk() */
	MPI		pkey[DSA_NPKEY];
};

extern void ksign_free_public_key(struct ksign_public_key *pk);

static inline void ksign_put_public_key(struct ksign_public_key *pk)
{
	if (atomic_dec_and_test(&pk->count))
		ksign_free_public_key(pk);
}

extern int ksign_load_keyring_from_buffer(const void *buffer, size_t size);

extern struct ksign_public_key *ksign_get_public_key(const uint32_t *keyid);

/*
 * user ID record
 */
struct ksign_user_id
{
	int		len;			/* length of the name */
	char		name[0];
};

extern void ksign_free_user_id(struct ksign_user_id *uid);

/*
 *
 */
typedef int (*ksign_signature_actor_t)(struct ksign_signature *, void *fnxdata);
typedef int (*ksign_public_key_actor_t)(struct ksign_public_key *, void *fnxdata);
typedef int (*ksign_user_id_actor_t)(struct ksign_user_id *, void *fnxdata);

extern int ksign_parse_packets(const uint8_t *buf,
			       size_t size,
			       ksign_signature_actor_t sigfnx,
			       ksign_public_key_actor_t pkfnx,
			       ksign_user_id_actor_t uidfnx,
			       void *data);

extern int DSA_verify(const MPI datahash, const MPI sig[], const MPI pkey[]);

/*
 * fast access to the digest
 * - we _know_ the data is locked into kernel memory, so we don't want to have
 *   to kmap() it
 */
static inline void SHA1_putc(struct crypto_tfm *sha1, uint8_t ch)
{
	crypto_digest_update_kernel(sha1, &ch, 1);
}

static inline void SHA1_write(struct crypto_tfm *sha1, const void *s, size_t n)
{
	crypto_digest_update_kernel(sha1, s, n);
}