/*
   SSHSecure - a program to harden OpenSSH from defaults
   Copyright (C) 2020  Brent Saner

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <https://www.gnu.org/licenses/>.
*/

package moduli

import (
	"fmt"

	`github.com/Luzifer/go-dhparam`
	"r00t2.io/sshsecure/sharedconsts"
)

// Misc
const (
	// Where to find an up-to-date copy of the upstream moduli and its SHA3-512 (NIST) checksum.
	// pregenURL string = "https://anongit.mindrot.org/openssh.git/plain/moduli"
	pregenURL string = "https://raw.githubusercontent.com/openssh/openssh-portable/master/moduli"
	// This is the best way I could think of to verify integrity, since the file itself doesn't have a signature or anything like that.
	pregenCksum string = "106EDB19A936608D065D2E8E81F7BDE7" +
		"434AF80EF81102E9440B99ACB98FBEF8" +
		"CC2F4B6BFD76828337BDB1F2CF34D859" +
		"045285DCE6B0DE7D7D93A9EE61F8CC96"
	// The tag name to use for struct tags (marshal/unmarshaling)
	parseTag string = "sshmoduli"
	// The recommended minimum moduli to have available.
	recMinMod int = 400
	// The minimum bits for filtering. It's generally bits - 1
	minBits uint16 = 4096
)

// Generation iterables.
var (
	genBits = []uint16{
		4096,
		6144,
		7680,
		8192,
	}
	genGenerators = []dhparam.Generator{
		dhparam.GeneratorTwo,
		dhparam.GeneratorFive,
	}
)

// The header line on the /etc/ssh/moduli file.
var header = string(
	fmt.Sprintf(
		"# %v\n"+
			"# Time Type Tests Tries Size Generator Modulus\n", sharedconsts.IDCmnt,
	),
)

// For parsing/rendering /etc/ssh/moduli
const (
	// Golang has no strftime formatting codes. It operates on *display of a specific time*.
	// What a dumb language.
	timeFormat string = "20060102150405" // %Y%m%d%H%M%S
)

// For validation. TODO.
var (
	validTypes = []uint8{
		0, // Unknown, not tested
		2, // "Safe" prime; (p-1)/2 is also prime.
		4, // Sophie Germain; 2p+1 is also prime.
	}
	validTests = []byte{
		0x00, // Not tested.
		0x01, // Composite number - not prime.
		0x02, // Sieve of Eratosthenes.
		0x04, // Probabilistic Miller-Rabin primality tests.
	}
)