// SPDX-License-Identifier: GPL-2.0+
/*
 * Copyright (c) 2019,Softathome
 */

#define OPENSSL_API_COMPAT 0x10101000L

#include "mkimage.h"
#include <stdio.h>
#include <string.h>
#include <image.h>
#include <time.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <uboot_aes.h>

#if OPENSSL_VERSION_NUMBER >= 0x10000000L
#define HAVE_ERR_REMOVE_THREAD_STATE
#endif

int image_aes_encrypt(struct image_cipher_info *info,
		      unsigned char *data, int size,
		      unsigned char **cipher, int *cipher_len)
{
	EVP_CIPHER_CTX *ctx;
	unsigned char *buf = NULL;
	int buf_len, len, ret = 0;

	/* create and initialise the context */
	ctx = EVP_CIPHER_CTX_new();
	if (!ctx) {
		printf("Can't create context\n");
		return -1;
	}

	/* allocate a buffer for the result */
	buf = malloc(size + AES_BLOCK_LENGTH);
	if (!buf) {
		printf("Can't allocate memory to encrypt\n");
		ret = -1;
		goto out;
	}

	if (EVP_EncryptInit_ex(ctx, info->cipher->calculate_type(),
			       NULL, info->key, info->iv) != 1) {
		printf("Can't init encryption\n");
		ret = -1;
		goto out;
	}

	if (EVP_EncryptUpdate(ctx, buf, &len, data, size) != 1) {
		printf("Can't encrypt data\n");
		ret = -1;
		goto out;
	}

	buf_len = len;

	if (EVP_EncryptFinal_ex(ctx, buf + len, &len) != 1) {
		printf("Can't finalise the encryption\n");
		ret = -1;
		goto out;
	}

	buf_len += len;

	*cipher = buf;
	*cipher_len = buf_len;

 out:
	EVP_CIPHER_CTX_free(ctx);
	return ret;
}

int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest,
			      void *fit, int node_noffset)
{
	int parent, node;
	char name[128];
	int ret = 0;

	/* Either create or overwrite the named cipher node */
	parent = fdt_subnode_offset(keydest, 0, FIT_CIPHER_NODENAME);
	if (parent == -FDT_ERR_NOTFOUND) {
		parent = fdt_add_subnode(keydest, 0, FIT_CIPHER_NODENAME);
		if (parent < 0) {
			ret = parent;
			if (ret != -FDT_ERR_NOSPACE) {
				fprintf(stderr,
					"Couldn't create cipher node: %s\n",
					fdt_strerror(parent));
			}
		}
	}
	if (ret)
		goto done;

	/* Either create or overwrite the named key node */
	if (info->ivname)
		snprintf(name, sizeof(name), "key-%s-%s-%s",
			 info->name, info->keyname, info->ivname);
	else
		snprintf(name, sizeof(name), "key-%s-%s",
			 info->name, info->keyname);

	node = fdt_subnode_offset(keydest, parent, name);
	if (node == -FDT_ERR_NOTFOUND) {
		node = fdt_add_subnode(keydest, parent, name);
		if (node < 0) {
			ret = node;
			if (ret != -FDT_ERR_NOSPACE) {
				fprintf(stderr,
					"Could not create key subnode: %s\n",
					fdt_strerror(node));
			}
		}
	} else if (node < 0) {
		fprintf(stderr, "Cannot select keys parent: %s\n",
			fdt_strerror(node));
		ret = node;
	}

	if (ret)
		goto done;

	if (info->ivname)
		/* Store the IV in the u-boot device tree */
		ret = fdt_setprop(keydest, node, "iv",
				  info->iv, info->cipher->iv_len);
	else
		/* Store the IV in the FIT image */
		ret = fdt_setprop(fit, node_noffset, "iv",
				  info->iv, info->cipher->iv_len);

	if (!ret)
		ret = fdt_setprop(keydest, node, "key",
				  info->key, info->cipher->key_len);

	if (!ret)
		ret = fdt_setprop_u32(keydest, node, "key-len",
				      info->cipher->key_len);

done:
	if (ret)
		ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;

	return ret;
}