/*
 * %CopyrightBegin%
 *
 * Copyright Ericsson AB 2010-2018. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * %CopyrightEnd%
 */

#include "cmac.h"
#include "cipher.h"

ERL_NIF_TERM cmac_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{/* (Type, Key, Data) */
#if defined(HAVE_CMAC)
    const struct cipher_type_t *cipherp;
    const EVP_CIPHER     *cipher;
    CMAC_CTX             *ctx = NULL;
    ErlNifBinary         key;
    ErlNifBinary         data;
    ERL_NIF_TERM         ret;
    size_t               ret_size;
    unsigned char       *outp;
    int                  cipher_len;

    ASSERT(argc == 3);

    if (!enif_inspect_iolist_as_binary(env, argv[1], &key))
        goto bad_arg;
    if ((cipherp = get_cipher_type(argv[0], key.size)) == NULL)
        goto bad_arg;
    if (cipherp->flags & (NON_EVP_CIPHER | AEAD_CIPHER))
        goto bad_arg;
    if (!enif_inspect_iolist_as_binary(env, argv[2], &data))
        goto bad_arg;

    if (FORBIDDEN_IN_FIPS(cipherp))
        return enif_raise_exception(env, atom_notsup);
    if ((cipher = cipherp->cipher.p) == NULL)
        return enif_raise_exception(env, atom_notsup);

    if ((ctx = CMAC_CTX_new()) == NULL)
        goto err;
    if (!CMAC_Init(ctx, key.data, key.size, cipher, NULL))
        goto err;
    if (!CMAC_Update(ctx, data.data, data.size))
        goto err;
    if ((cipher_len = EVP_CIPHER_block_size(cipher)) < 0)
        goto err;
    if ((outp = enif_make_new_binary(env, (size_t)cipher_len, &ret)) == NULL)
        goto err;
    if (!CMAC_Final(ctx, outp, &ret_size))
        goto err;

    ASSERT(ret_size == (unsigned)EVP_CIPHER_block_size(cipher));
    CONSUME_REDS(env, data);
    goto done;

 bad_arg:
    return enif_make_badarg(env);

 err:
    ret = atom_notsup;

 done:
    if (ctx)
        CMAC_CTX_free(ctx);
    return ret;

#else
    /* The CMAC functionality was introduced in OpenSSL 1.0.1
     * Although OTP requires at least version 0.9.8, the versions 0.9.8 and 1.0.0 are
     * no longer maintained. */
    return atom_notsup;
#endif
}