/* bca-eax.c */
/*
 This file is part of the AVR-Crypto-Lib.
 Copyright (C) 2006-2015 Daniel Otte (bg@nerilex.org)

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include <stdint.h>
#include "bcal-basic.h"
#include "blockcipher_descriptor.h"
#include "bcal-cmac.h"
#include "bcal-ctr.h"
#include "bcal-eax.h"
#include "memxor.h"

uint8_t bcal_eax_init(const bcdesc_t *desc, const void *key, uint16_t keysize_b,
        bcal_eax_ctx_t *ctx)
{
    uint8_t r;
    ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc) + 7) / 8;
    ctx->nonce = malloc(ctx->blocksize_B);
    if (ctx->nonce == NULL) {
        return 0x81;
    }
    r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ctag));
    if (r) {
        return r;
    }
    r = bcal_cmac_init(desc, key, keysize_b, &(ctx->htag));
    if (r) {
        return (r | 0x10);
    }
    r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ntag));
    if (r) {
        return (r | 0x20);
    }
    r = bcal_ctr_init(desc, key, keysize_b, NULL, &(ctx->cipher));
    if (r) {
        return (r | 0x30);
    }
    ctx->header_set = 0;
    uint8_t tmp[ctx->blocksize_B];
    memset(tmp, 0, ctx->blocksize_B);
    bcal_cmac_nextBlock(&(ctx->ntag), tmp);
    tmp[ctx->blocksize_B - 1] = 1;
    bcal_cmac_nextBlock(&(ctx->htag), tmp);
    tmp[ctx->blocksize_B - 1] = 2;
    bcal_cmac_nextBlock(&(ctx->ctag), tmp);
    return 0;
}

void bcal_eax_free(bcal_eax_ctx_t *ctx)
{
    bcal_ctr_free(&(ctx->cipher));
    bcal_cmac_free(&(ctx->ctag));
    bcal_cmac_free(&(ctx->htag));
    bcal_cmac_free(&(ctx->ntag));
    free(ctx->nonce);
}

void bcal_eax_loadNonce(const void *nonce, uint16_t length_b,
        bcal_eax_ctx_t *ctx)
{
    bcal_cmac_lastBlock(&(ctx->ntag), nonce, length_b);
    bcal_cmac_ctx2mac(ctx->nonce, ctx->blocksize_B * 8, &(ctx->ntag));
    bcal_ctr_loadIV(ctx->nonce, &(ctx->cipher));
}

void bcal_eax_addNextHeader(const void *header, bcal_eax_ctx_t *ctx)
{
    bcal_cmac_nextBlock(&(ctx->htag), header);
}

void bcal_eax_addLastHeader(const void *header, uint16_t length_b,
        bcal_eax_ctx_t *ctx)
{
    bcal_cmac_lastBlock(&(ctx->htag), header, length_b);
    ctx->header_set = 1;
}

void bcal_eax_encNextBlock(void *block, bcal_eax_ctx_t *ctx)
{
    bcal_ctr_encNext(block, &(ctx->cipher));
    bcal_cmac_nextBlock(&(ctx->ctag), block);
}

void bcal_eax_encLastBlock(void *block, uint16_t length_b, bcal_eax_ctx_t *ctx)
{
    bcal_ctr_encMsg(NULL, block, length_b, &(ctx->cipher));
    bcal_cmac_lastBlock(&(ctx->ctag), block, length_b);
}

void bcal_eax_decNextBlock(void *block, bcal_eax_ctx_t *ctx)
{
    bcal_cmac_nextBlock(&(ctx->ctag), block);
    bcal_ctr_decNext(block, &(ctx->cipher));
}

void bcal_eax_decLastBlock(void *block, uint16_t length_b, bcal_eax_ctx_t *ctx)
{
    bcal_cmac_lastBlock(&(ctx->ctag), block, length_b);
    bcal_ctr_decMsg(NULL, block, length_b, &(ctx->cipher));
}

void bcal_eax_ctx2tag(void *dest, uint16_t length_b, bcal_eax_ctx_t *ctx)
{
    uint8_t tmp[ctx->blocksize_B];
    if (ctx->header_set == 0) {
        bcal_cmac_lastBlock(&(ctx->htag), NULL, 0);
    }

    bcal_cmac_ctx2mac(tmp, ctx->blocksize_B * 8, &(ctx->htag));
    memxor(ctx->nonce, tmp, ctx->blocksize_B);

    bcal_cmac_ctx2mac(tmp, ctx->blocksize_B * 8, &(ctx->ctag));
    memxor(ctx->nonce, tmp, ctx->blocksize_B);
    memcpy(dest, ctx->nonce, (length_b + 7) / 8);
}