/*
 * Copyright (c) 2018 embedded brains GmbH.  All rights reserved.
 *
 *  embedded brains GmbH
 *  Dornierstr. 4
 *  82178 Puchheim
 *  Germany
 *  <rtems@embedded-brains.de>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#define TEST_NAME "LIBBSD IPSEC 1"

#include <stdio.h>
#include <stdlib.h>

#include <rtems/bsd/modules.h>
#ifdef RTEMS_BSD_MODULE_NETIPSEC

#include <assert.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>

#include <machine/rtems-bsd-commands.h>
#include <machine/rtems-bsd-rc-conf.h>

#include <rtems/bsd/bsd.h>
#include <rtems/bsd/test/network-config.h>
#include <rtems/console.h>
#include <rtems/shell.h>


#define IPSEC_LOC_INT "10.10.1.1"
#define IPSEC_LOC_NET "10.10.1.0/24"
#define IPSEC_LOC_EXT "192.168.10.1"
#define IPSEC_REM_INT "172.24.0.1"
#define IPSEC_REM_NET "172.24.0.0/24"
#define IPSEC_REM_EXT "192.168.10.10"
#define RACOON_PSK_FILE "/etc/racoon_psk.txt"
#define RACOON_CONFIG_FILE "/etc/racoon.conf"
#define SETKEY_CONFIG_FILE "/etc/setkey.conf"
#define RC_CONF "/etc/rc.conf"

static const char racoon_psk[] =
	IPSEC_REM_EXT "	mysecretkey\n";
static const char racoon_config[] =
	"path	pre_shared_key \"" RACOON_PSK_FILE "\";\n"
	"log	debug;\n"
	"\n"
	"padding	# options are not to be changed\n"
	"{\n"
	"	maximum_length			20;\n"
	"	randomize			off;\n"
	"	strict_check			off;\n"
	"	exclusive_tail			off;\n"
	"}\n"
	"\n"
	"listen	# address [port] that racoon will listen on\n"
	"{\n"
	"	isakmp				" IPSEC_LOC_EXT "[500];\n"
	"}\n"
	"\n"
	"remote " IPSEC_REM_EXT " [500]\n"
	"{\n"
	"	exchange_mode			main;\n"
	"	my_identifier			address " IPSEC_LOC_EXT ";\n"
	"	peers_identifier		address " IPSEC_REM_EXT ";\n"
	"	proposal_check			obey;\n"
	"\n"
	"	proposal {\n"
	"		encryption_algorithm	3des;\n"
	"		hash_algorithm		md5;\n"
	"		authentication_method	pre_shared_key;\n"
	"		lifetime time		3600 sec;\n"
	"		dh_group		2;\n"
	"	}\n"
	"}\n"
	"\n"
	"sainfo (address " IPSEC_LOC_NET " any address " IPSEC_REM_NET " any)\n"
	"{\n"
	"	pfs_group			2;\n"
	"	lifetime			time 28800 sec;\n"
	"	encryption_algorithm		3des;\n"
	"	authentication_algorithm	hmac_md5;\n"
	"	compression_algorithm		deflate;\n"
	"}\n";
static const char setkey_config[] =
	"flush;\n"
	"spdflush;\n"
	"spdadd " IPSEC_LOC_NET " " IPSEC_REM_NET " any -P out ipsec esp/tunnel/" IPSEC_LOC_EXT "-" IPSEC_REM_EXT"/use;\n"
	"spdadd " IPSEC_REM_NET " " IPSEC_LOC_NET " any -P in  ipsec esp/tunnel/" IPSEC_REM_EXT "-" IPSEC_LOC_EXT"/use;\n";
static const char rc_conf[] =
	"cloned_interfaces=\"gif0\"\n"
	"ifconfig_gif0=\"10.10.1.1 172.24.0.1 tunnel 192.168.10.1 192.168.10.10\"\n"
	"ike_enable=\"YES\"\n"
	"ike_program=\"racoon\"\n"
	"ike_flags=\"-F -f /etc/racoon.conf\"\n"
	"ike_priority=\"250\"\n"
	"\n"
	"ipsec_enable=\"YES\"\n"
	"ipsec_file=\"/etc/setkey.conf\"\n"
	"\n"
	"ifconfig_" NET_CFG_INTERFACE_0 "=\"inet " IPSEC_LOC_EXT " netmask 255.255.255.0\"\n";

static const struct {
	const char *name;
	const char *content;
} init_files[] = {
	{.name = RACOON_PSK_FILE, .content = racoon_psk},
	{.name = RACOON_CONFIG_FILE, .content = racoon_config},
	{.name = SETKEY_CONFIG_FILE, .content = setkey_config},
	{.name = RC_CONF, .content = rc_conf},
};

static void
prepare_files()
{
	size_t i;
	struct stat sb;
	int rv;
	int fd;
	size_t written;

	/* Create /etc if necessary */
	rv = mkdir("/etc", S_IRWXU | S_IRWXG | S_IRWXO);
	/* ignore errors, check the dir after. */
	assert(stat("/etc", &sb) == 0);
	assert(S_ISDIR(sb.st_mode));

	/* Create files */
	for(i = 0; i < (sizeof(init_files)/sizeof(init_files[0])); ++i) {
		const char *content;
		size_t len;

		content = init_files[i].content;
		len = strlen(content);

		fd = open(init_files[i].name, O_WRONLY | O_CREAT,
		    S_IRWXU | S_IRWXG | S_IRWXO);
		assert(fd != -1);

		written = write(fd, content, len);
		assert(written == len);

		rv = close(fd);
		assert(rv == 0);
	}
}

static void
test_main(void)
{
	int rv;
	rtems_status_code sc;

	rv = rtems_bsd_run_rc_conf(RC_CONF, 15, true);
	assert(rv == 0);

	/* Wait for initial racoon messages. */
	sleep(2);
	puts("--------------------------------------------------");
	puts("Everything should be prepared now.");
	puts("As soon as you communicate with someone in " IPSEC_REM_NET
	    " the IPSEC connection should be established.");
	puts("--------------------------------------------------");

	sc = rtems_shell_init("SHLL", 32 * 1024, 1, CONSOLE_DEVICE_NAME,
	    false, true, NULL);
	assert(sc == RTEMS_SUCCESSFUL);

	exit(0);
}

#define DEFAULT_EARLY_INITIALIZATION

static void
early_initialization(void)
{
	prepare_files();
}

#include <machine/rtems-bsd-sysinit.h>

#define RTEMS_BSD_CONFIG_IPSEC
/* Software crypto should work on all devices. */
RTEMS_BSD_DEFINE_NEXUS_DEVICE(cryptosoft, 0, 0, NULL);
#define RTEMS_BSD_CONFIG_BSP_CONFIG

#include <rtems/bsd/test/default-init.h>

#define CONFIGURE_SHELL_COMMANDS_INIT
#include <rtems/netcmds-config.h>

#define CONFIGURE_SHELL_USER_COMMANDS \
  &rtems_shell_ARP_Command, \
  &rtems_shell_HOSTNAME_Command, \
  &rtems_shell_PING_Command, \
  &rtems_shell_ROUTE_Command, \
  &rtems_shell_NETSTAT_Command, \
  &rtems_shell_SYSCTL_Command, \
  &rtems_shell_IFCONFIG_Command, \
  &rtems_shell_VMSTAT_Command

#define CONFIGURE_SHELL_COMMAND_CPUINFO
#define CONFIGURE_SHELL_COMMAND_CPUUSE
#define CONFIGURE_SHELL_COMMAND_PERIODUSE
#define CONFIGURE_SHELL_COMMAND_STACKUSE
#define CONFIGURE_SHELL_COMMAND_PROFREPORT

#define CONFIGURE_SHELL_COMMAND_CP
#define CONFIGURE_SHELL_COMMAND_PWD
#define CONFIGURE_SHELL_COMMAND_LS
#define CONFIGURE_SHELL_COMMAND_LN
#define CONFIGURE_SHELL_COMMAND_LSOF
#define CONFIGURE_SHELL_COMMAND_CHDIR
#define CONFIGURE_SHELL_COMMAND_CD
#define CONFIGURE_SHELL_COMMAND_MKDIR
#define CONFIGURE_SHELL_COMMAND_RMDIR
#define CONFIGURE_SHELL_COMMAND_CAT
#define CONFIGURE_SHELL_COMMAND_MV
#define CONFIGURE_SHELL_COMMAND_RM
#define CONFIGURE_SHELL_COMMAND_MALLOC_INFO

#include <rtems/shellconfig.h>

#else /* RTEMS_BSD_MODULE_NETIPSEC */

static void
test_main(void)
{
	puts("IPSec not enabled in the current build set.");
	exit(0);
}

#include <rtems/bsd/test/default-init.h>

#endif /* RTEMS_BSD_MODULE_NETIPSEC */