/*
 * Copyright (c) 1997-8,2021 Andrew G. Morgan <morgan@kernel.org>
 *
 * This file deals with exchanging internal and external
 * representations of capability sets.
 */

#include "libcap.h"

/*
 * External representation for capabilities. (exported as a fixed
 * length)
 */
#define CAP_EXT_MAGIC "\220\302\001\121"
#define CAP_EXT_MAGIC_SIZE 4
const static __u8 external_magic[CAP_EXT_MAGIC_SIZE+1] = CAP_EXT_MAGIC;

/*
 * This is the largest size libcap can currently export.
 * cap_size() may return something smaller depending on the
 * content of its argument cap_t.
 */
struct cap_ext_struct {
    __u8 magic[CAP_EXT_MAGIC_SIZE];
    __u8 length_of_capset;
    /*
     * note, we arrange these so the caps are stacked with byte-size
     * resolution
     */
    __u8 bytes[CAP_SET_SIZE][NUMBER_OF_CAP_SETS];
};

/*
 * minimum exported flag size: libcap2 has always exported with flags
 * this size.
 */
static size_t _libcap_min_ext_flag_size = CAP_SET_SIZE < 8 ? CAP_SET_SIZE : 8;

static ssize_t _cap_size_locked(cap_t cap_d)
{
    size_t j, used;
    for (j=used=0; j<CAP_SET_SIZE; j+=sizeof(__u32)) {
	int i;
	__u32 val = 0;
	for (i=0; i<NUMBER_OF_CAP_SETS; ++i) {
	    val |= cap_d->u[j/sizeof(__u32)].flat[i];
	}
	if (val == 0) {
	    continue;
	}
	if (val > 0x0000ffff) {
	    if (val > 0x00ffffff) {
		used = j+4;
	    } else {
		used = j+3;
	    }
	} else if (val > 0x000000ff) {
	    used = j+2;
	} else {
	    used = j+1;
	}
    }
    if (used < _libcap_min_ext_flag_size) {
	used = _libcap_min_ext_flag_size;
    }
    return (ssize_t)(CAP_EXT_MAGIC_SIZE + 1+ NUMBER_OF_CAP_SETS * used);
}

/*
 * return size of external capability set
 */
ssize_t cap_size(cap_t cap_d)
{
    size_t used;
    if (!good_cap_t(cap_d)) {
	return ssizeof(struct cap_ext_struct);
    }
    _cap_mu_lock(&cap_d->mutex);
    used = _cap_size_locked(cap_d);
    _cap_mu_unlock(&cap_d->mutex);
    return used;
}

/*
 * Copy the internal (cap_d) capability set into an external
 * representation.  The external representation is portable to other
 * Linux architectures.
 */

ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length)
{
    struct cap_ext_struct *result = (struct cap_ext_struct *) cap_ext;
    ssize_t csz, len_set;
    int i;

    /* valid arguments? */
    if (!good_cap_t(cap_d) || cap_ext == NULL) {
	errno = EINVAL;
	return -1;
    }

    _cap_mu_lock(&cap_d->mutex);
    csz = _cap_size_locked(cap_d);
    if (csz > length) {
	errno = EINVAL;
	_cap_mu_unlock_return(&cap_d->mutex, -1);
    }
    len_set = (csz - (CAP_EXT_MAGIC_SIZE+1))/NUMBER_OF_CAP_SETS;

    /* fill external capability set */
    memcpy(&result->magic, external_magic, CAP_EXT_MAGIC_SIZE);
    result->length_of_capset = len_set;

    for (i=0; i<NUMBER_OF_CAP_SETS; ++i) {
	size_t j;
	for (j=0; j<len_set; ) {
	    __u32 val;

	    val = cap_d->u[j/sizeof(__u32)].flat[i];

	    result->bytes[j++][i] =      val        & 0xFF;
	    if (j < len_set) {
		result->bytes[j++][i] = (val >>= 8) & 0xFF;
	    }
	    if (j < len_set) {
		result->bytes[j++][i] = (val >>= 8) & 0xFF;
	    }
	    if (j < len_set) {
		result->bytes[j++][i] = (val >> 8)  & 0xFF;
	    }
	}
    }

    /* All done: return length of external representation */
    _cap_mu_unlock_return(&cap_d->mutex, csz);
}

/*
 * Import an external representation to produce an internal rep.
 * the internal rep should be liberated with cap_free().
 *
 * Note, this function assumes that cap_ext has a valid length. That
 * is, feeding garbage to this function will likely crash the program.
 */
cap_t cap_copy_int(const void *cap_ext)
{
    const struct cap_ext_struct *export =
	(const struct cap_ext_struct *) cap_ext;
    cap_t cap_d;
    int set, blen;

    /* Does the external representation make sense? */
    if ((export == NULL)
	|| memcmp(export->magic, external_magic, CAP_EXT_MAGIC_SIZE)) {
	errno = EINVAL;
	return NULL;
    }

    /* Obtain a new internal capability set */
    if (!(cap_d = cap_init()))
       return NULL;

    blen = export->length_of_capset;
    for (set=0; set<NUMBER_OF_CAP_SETS; ++set) {
	unsigned blk;
	int bno = 0;
	for (blk=0; blk<(CAP_SET_SIZE/sizeof(__u32)); ++blk) {
	    __u32 val = 0;

	    if (bno != blen)
		val  = export->bytes[bno++][set];
	    if (bno != blen)
		val |= export->bytes[bno++][set] << 8;
	    if (bno != blen)
		val |= export->bytes[bno++][set] << 16;
	    if (bno != blen)
		val |= export->bytes[bno++][set] << 24;

	    cap_d->u[blk].flat[set] = val;
	}
    }

    /* all done */
    return cap_d;
}

/*
 * This function is the same as cap_copy_int() although it requires an
 * extra argument that is the length of the cap_ext data. Before
 * running cap_copy_int() the function validates that length is
 * consistent with the stated length. It returns NULL on error.
 */
cap_t cap_copy_int_check(const void *cap_ext, ssize_t length)
{
    const struct cap_ext_struct *export =
	(const struct cap_ext_struct *) cap_ext;

    if (length < 1+CAP_EXT_MAGIC_SIZE) {
	errno = EINVAL;
	return NULL;
    }
    if (length < 1+CAP_EXT_MAGIC_SIZE + export->length_of_capset * NUMBER_OF_CAP_SETS) {
	errno = EINVAL;
	return NULL;
    }
    return cap_copy_int(cap_ext);
}