/*
 * Copyright (c) 2020 Huawei Technologies Co.,Ltd.
 *
 * openGauss is licensed under Mulan PSL v2.
 * You can use this software according to the terms and conditions of the Mulan PSL v2.
 * You may obtain a copy of Mulan PSL v2 at:
 *
 *          http://license.coscl.org.cn/MulanPSL2
 *
 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
 * See the Mulan PSL v2 for more details.
 * ---------------------------------------------------------------------------------------
 * 
 * cipher.h
 * 
 * 
 * 
 * IDENTIFICATION
 *        src/include/cipher.h
 *
 * ---------------------------------------------------------------------------------------
 */

#ifndef CIPHER_H
#define CIPHER_H

#include <fcntl.h>
#include <unistd.h>
#include <sys/stat.h>

#include "c.h"

#include "utils/pg_crc.h"
#include "openssl/ssl.h"
#include "openssl/tls1.h"
#include "openssl/ossl_typ.h"
#include "openssl/obj_mac.h"

#ifdef WIN32
typedef unsigned __int64 GS_UINT64;
#else
typedef unsigned long long GS_UINT64;
#endif
#if defined(__LP64__) || defined(__64BIT__)
typedef unsigned int GS_UINT32;

typedef signed int GS_INT32;
#else
typedef unsigned long GS_UINT32;

typedef signed long GS_INT32;
#endif

typedef unsigned char GS_UCHAR;

#define CIPHER_KEY_FILE ".key.cipher"
#define RAN_KEY_FILE ".key.rand"
#define RANDOM_LEN 16
#define CIPHER_LEN 16
#define DEK_LEN 16
#define ITERATE_TIMES 10000
#define MAC_ITERATE_TIMES 10000
#define MAC_LEN 20
#define MAX_KEY_LEN 16
#define AK_LEN 512
#define SK_LEN 512
#define AK_VALID_CHRS "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
#define SK_VALID_CHRS AK_VALID_CHRS
#define DEK_SAMPLE_STRING "TRANS_ENCRYPT_SAMPLE_STRING"

typedef enum { UNKNOWN_KEY_MODE, SERVER_MODE, CLIENT_MODE, OBS_MODE, SOURCE_MODE } KeyMode;

typedef struct {
    GS_UCHAR cipherkey[CIPHER_LEN + 1];   /* cipher text vector */
    GS_UCHAR key_salt[RANDOM_LEN + 1];    /* salt vector used to derive key */
    GS_UCHAR vector_salt[RANDOM_LEN + 1]; /* salt vector used to encrypt/decrypt text */
    pg_crc32 crc;
} CipherkeyFile;

typedef struct {
    GS_UCHAR randkey[CIPHER_LEN + 1];
    pg_crc32 crc;
} RandkeyFile;

typedef enum {
    OBS_CLOUD_TYPE = 0,     /* on cloud obs cipher for encrypt and decrypt ak/sk */
    INITDB_NOCLOUDOBS_TYPE, /* non-cloud obs use the cipher same as initdb */
    SSL_TYPE                /* gds ssl and gsql ssl connection cipher*/
} CipherType;

extern void gen_cipher_rand_files(
    KeyMode mode, const char* plain_key, const char* user_name, const char* datadir, const char* preStr);
extern void decode_cipher_files(
    KeyMode mode, const char* user_name, const char* datadir, GS_UCHAR* plainpwd, bool obs_server_mode = false);
extern bool check_input_password(const char* password);
extern bool EncryptInputKey(GS_UCHAR* pucPlainText, GS_UCHAR* initrand, GS_UCHAR* keySaltVector,
    GS_UCHAR* encryptVector, GS_UCHAR* pucCipherText, GS_UINT32* pulCLen);
extern bool ReadContentFromFile(const char* filename, void* content, size_t csize);
extern bool check_certificate_signature_algrithm(const SSL_CTX* SSL_context);
extern long check_certificate_time(const SSL_CTX* SSL_context);
extern bool CipherFileIsValid(CipherkeyFile* cipher);
extern bool RandFileIsValid(RandkeyFile* randfile);
extern void ClearCipherKeyFile(CipherkeyFile* cipher_file_content);
extern void ClearRandKeyFile(RandkeyFile* rand_file_content);
extern bool DecryptInputKey(GS_UCHAR* pucCipherText, GS_UINT32 ulCLen, GS_UCHAR* initrand, GS_UCHAR* initVector,
    GS_UCHAR* decryptVector, GS_UCHAR* pucPlainText, GS_UINT32* pulPLen);

extern bool getTransEncryptKeyString(GS_UCHAR** cipherKey, GS_UCHAR** rndm);
extern bool getAkSkForTransEncrypt(char* ak, int akbuflen, char* sk, int skbuflen);
extern bool getKeyVectorFromCipherFile(char* cipherkeyfile, const char* cipherrndfile, GS_UCHAR* key, GS_UCHAR* vector);
extern bool encryptStringByAES128Speed(GS_UCHAR* PlainText, GS_UINT32 PlainLen, GS_UCHAR* Key, GS_UCHAR* RandSalt,
    GS_UCHAR* CipherText, GS_UINT32* CipherLen);
extern char* getGaussHome();
extern bool getAndCheckTranEncryptDEK();

extern char* SEC_decodeBase64(const char* pucInBuf, GS_UINT32* pulOutBufLen);
extern char* SEC_encodeBase64(const char* pucInBuf, GS_UINT32 ulInBufLen);
extern GS_UINT32 CRYPT_encrypt(GS_UINT32 ulAlgId, const GS_UCHAR* pucKey, GS_UINT32 ulKeyLen, const GS_UCHAR* pucIV,
    GS_UINT32 ulIVLen, GS_UCHAR* pucPlainText, GS_UINT32 ulPlainLen, GS_UCHAR* pucCipherText, GS_UINT32* pulCLen);
extern GS_UINT32 CRYPT_decrypt(GS_UINT32 ulAlgId, const GS_UCHAR* pucKey, GS_UINT32 ulKeyLen, const GS_UCHAR* pucIV,
    GS_UINT32 ulIVLen, GS_UCHAR* pucCipherText, GS_UINT32 ulCLen, GS_UCHAR* pucPlainText, GS_UINT32* pulPLen);
extern GS_UINT32 CRYPT_hmac(GS_UINT32 ulAlgType, const GS_UCHAR* pucKey, GS_UINT32 upucKeyLen, const GS_UCHAR* pucData,
    GS_UINT32 ulDataLen, GS_UCHAR* pucDigest, GS_UINT32* pulDigestLen);

#endif