/*
* Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
* Software Mac Implementation
* plugin-dll headers
*
*/


/**
 @file
*/
#include "cmacimpl.h"
#include "pluginconfig.h"
#include <cryptospi/cryptomacapi.h>


using namespace SoftwareCrypto;
using namespace CryptoSpi;

/**
 * Constants used to generate Key1, Key2 and Key3
 */
const TUint8 K1Constant[] = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
const TUint8 K2Constant[] = {0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02};
const TUint8 K3Constant[] = {0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03};

const TInt KAesXcbcMac96Size = 12;


CCMacImpl* CCMacImpl::NewL(const CKey& aKey, CSymmetricCipher* aSymmetricCipher, TInt32 aAlgorithmUid)
	{
	CCMacImpl* self = CCMacImpl::NewLC(aKey, aSymmetricCipher, aAlgorithmUid);
	CleanupStack::Pop(self);
	return self;
	}
														
CCMacImpl* CCMacImpl::NewLC(const CKey& aKey, CSymmetricCipher* aSymmetricCipher, TInt32 aAlgorithmUid)
	{
	CCMacImpl* self = NULL;
 	TRAPD(err, self = new (ELeave) CCMacImpl(aSymmetricCipher));
  	if(err!=KErrNone)
  		{
  		delete aSymmetricCipher;
  		User::Leave(err);
  		}
	CleanupStack::PushL(self);
	self->ConstructL(aKey, aAlgorithmUid);
	return self;
	}

CKey* CCMacImpl::Create128bitKeyL(const CKey& aKey)
	{
	TBuf8<KMacBlockSize> keybuffer;
	CryptoSpi::CKey* key = NULL;
	
	const TDesC8& keyContent=aKey.GetTDesC8L(CryptoSpi::KSymmetricKeyParameterUid);

	if( (TUint32)keyContent.Size() > KMacBlockSize)
		{
		// Create key
		CryptoSpi::CCryptoParams* keyParams = CryptoSpi::CCryptoParams::NewLC();
		keybuffer.SetLength(KMacBlockSize);
		keybuffer.FillZ();
		// 'keybuffer' is the key with 128 zero bits.
		keyParams->AddL(keybuffer, CryptoSpi::KSymmetricKeyParameterUid);
		key=CryptoSpi::CKey::NewLC(aKey.KeyProperty(),*keyParams);
		// evaluate final key data.
		SetKeyL(*key);
		CleanupStack::PopAndDestroy(2, keyParams);
		keybuffer.Copy(FinalL(keyContent));
		// 'keybuffer' contains the final key data.
		}
	else 
		{
		keybuffer.Copy(keyContent);
		TUint i;
		for (i=keybuffer.Size();i<KMacBlockSize;++i)
			{
			keybuffer.Append(0);
			}
		// 'keybuffer' contains the final key data.
		}
	
	// create a new CKey instance and assign it to iKey using 'keybuffer'.
	CryptoSpi::CCryptoParams* keyParams = CryptoSpi::CCryptoParams::NewLC();
	keyParams->AddL(keybuffer, CryptoSpi::KSymmetricKeyParameterUid);
	key=CryptoSpi::CKey::NewL(aKey.KeyProperty(),*keyParams);
	CleanupStack::PopAndDestroy(keyParams);	

	// 'key' will contain the final CKey instance.
	return key;
	}

void CCMacImpl::SetKeyL(const CKey& aKey)
	{
	const TPtrC8 KeyConstant1(K1Constant, KMacBlockSize);
	const TPtrC8 KeyConstant2(K2Constant, KMacBlockSize);
	const TPtrC8 KeyConstant3(K3Constant, KMacBlockSize);

	// Initialize the cipher class to encrypt Keyconstants to generate additional keys.
	if (iImplementationUid == CryptoSpi::KAlgorithmCipherAesXcbcPrf128)
		{
		// RFC 4434: keys that were not equal in length to 128 bits will no longer be
		// rejected but instead will be made 128 bits for AES-XCBC-PRF-128 Algorithm only.
		CryptoSpi::CKey* key = Create128bitKeyL(aKey);
		CleanupStack::PushL(key);
		iCipherImpl->SetKeyL(*key);
		CleanupStack::PopAndDestroy(key);	
		}
	else
		{
		iCipherImpl->SetKeyL(aKey);
		}
	iCipherImpl->SetCryptoModeL(CryptoSpi::KCryptoModeEncryptUid);
	iCipherImpl->SetOperationModeL(CryptoSpi::KOperationModeNoneUid);

	// cipher class expects the output buffer to be empty.
	iKey1.Zero();
	iKey2.Zero();
	iKey3.Zero();

	// aKey is used to generate Key1, Key2 and Key3.
	// Where Key1 = encrypt KeyConstant1 with aKey
	// Where Key2 = encrypt KeyConstant2 with aKey
	// Where Key3 = encrypt KeyConstant3 with aKey
	
	// Key1 is used to encrypt the data whereas
	// Key2 and Key3 is used to XOR with the last 
	// block.
    iCipherImpl->ProcessFinalL(KeyConstant1, iKey1);
	iCipherImpl->ProcessFinalL(KeyConstant2, iKey2);
	iCipherImpl->ProcessFinalL(KeyConstant3, iKey3);
	
	// Create CKey instance with key1
	CCryptoParams* keyParam =CCryptoParams::NewLC();
 	keyParam->AddL(iKey1, CryptoSpi::KSymmetricKeyParameterUid);

 	delete iKey;
 	iKey = NULL;
 	iKey=CKey::NewL(aKey.KeyProperty(), *keyParam);
 	// Initialize the cipher class for MAC calculation.
	iCipherImpl->SetKeyL(*iKey);
 	iCipherImpl->SetOperationModeL(CryptoSpi::KOperationModeCBCUid);
 	Mem::FillZ(iE, sizeof(iE));
 	iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));

 	CleanupStack::PopAndDestroy(keyParam);
	}

CCMacImpl::~CCMacImpl()
	{
	delete iKey;
	delete iCipherImpl;
	}

CCMacImpl::CCMacImpl(const CCMacImpl& aCCMacImpl)
	{
	iImplementationUid = aCCMacImpl.iImplementationUid;
	iKey1.Copy(aCCMacImpl.iKey1);
	iKey2.Copy(aCCMacImpl.iKey2);
	iKey3.Copy(aCCMacImpl.iKey3);
	
	(void)Mem::Copy(iE, aCCMacImpl.iE, sizeof(iE));
	(void)Mem::Copy(iData, aCCMacImpl.iData, sizeof(iData));
	
	iCurrentTotalLength = aCCMacImpl.iCurrentTotalLength;
	}

const CExtendedCharacteristics* CCMacImpl::GetExtendedCharacteristicsL()
	{
	return iCipherImpl->GetExtendedCharacteristicsL();
	}

CCMacImpl::CCMacImpl(CryptoSpi::CSymmetricCipher* aSymmetricCipher)
	{
	iCipherImpl = aSymmetricCipher;
	aSymmetricCipher = NULL;
	iMacValue.SetLength(KMacBlockSize);
	}

void CCMacImpl::ConstructL(const CKey& aKey, TInt32 aAlgorithmUid) 
	{
	iImplementationUid = aAlgorithmUid;
	
    switch(aAlgorithmUid)
    	{
    	case CryptoSpi::KAlgorithmCipherAesXcbcMac96:
    	case CryptoSpi::KAlgorithmCipherAesXcbcPrf128:
    		{
    		SetKeyL(aKey);
     		break;
    		}
    	default:
    		{
    		User::Leave(KErrNotSupported);
    		}
    	}
	}

/**
 * Takes the message and XOR it with iData.
 * 
 * @param aKey 128bit key. This key will be XORed with iData.
 * @param aOutput  The result of the XOR operation will be copied to this.
 * 				   Its length should be 128bit (16bytes).
 */

void CCMacImpl::XORKeyWithData(const TDesC8& aKey, TDes8& aOutput)
	{
	for (TInt i = 0; i < KMacBlockSize; ++i)
		{
		aOutput[i] = iData[i] ^ aKey[i];
		}
	}

/**
 * This function is used to pad message M to make the total message
 * length multiple of block size (128bit). The last block M[n] will be 
 * padded with a single "1" bit followed by the number of "0" bits required
 * to increase M[n]'s size to 128 bits (Block Size).
 * 
 * Used in AES-XCBC-MAC-96 and AES-XCBC-PRF-128 Mac algorithms.
 */
void CCMacImpl::PadMessage()
	{
	if(iCurrentTotalLength < KMacBlockSize)
		{
		iData[iCurrentTotalLength] = 0x80;
		Mem::FillZ(iData + iCurrentTotalLength+1, KMacBlockSize - iCurrentTotalLength - 1);
		}
	}

void CCMacImpl::Reset()
	{
	Mem::FillZ(iE,sizeof(iE));
	iCurrentTotalLength =0;
	// record for Reset, for the next time MacL, UpdateL or FinalL is called as we
	// cannot leave in Reset.
	TRAP(iDelayedReset, iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize)));
	}

TPtrC8 CCMacImpl::MacL(const TDesC8& aMessage)
	{
	// Reset the cipher with iE as 128 zero bits as it leaved in previous call to Reset. 
	if (iDelayedReset != KErrNone)
		{
		// iE was reset to 128 zero bits in previous call to Reset which leaved.
		iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));
		iDelayedReset = KErrNone; 
		}
	
	if (aMessage!=KNullDesC8())
		{
		DoUpdateL(aMessage);			
		}
	
	// Calculate MAC
	TPtrC8 macPtr(KNullDesC8());
	macPtr.Set(DoFinalL());

	// Restore the internal state.
	// We don't want to save any state change happened in 
	// DoFinalL.
	// iE is not updated in DoFinalL function and hence
	// can be used to reset iCipherImpl to previous state.
	iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));
	
	return macPtr;		
	}

TPtrC8 CCMacImpl::FinalL(const TDesC8& aMessage)
	{
	// Reset the cipher with iE as 128 zero bits as it leaved in previous call to Reset. 
	if (iDelayedReset == KErrNone)
		{
		// iE was reset to 128 zero bits in previous call to Reset which leaved.
		iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));
		iDelayedReset = KErrNone;
		}

	if (aMessage!=KNullDesC8())
		{
		DoUpdateL(aMessage);			
		}
	TPtrC8 macPtr(KNullDesC8());
	macPtr.Set(DoFinalL());
	Reset();
	return macPtr;
	}

void CCMacImpl::UpdateL(const TDesC8& aMessage)
	{
	// Reset the cipher with iE as 128 zero bits as it leaved in previous call to Reset. 
	if (iDelayedReset == KErrNone)
		{
		// iE was reset to 128 zero bits in previous call to Reset which leaved.
		iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));
		iDelayedReset = KErrNone;
		}

	if (aMessage!=KNullDesC8())
		{
		DoUpdateL(aMessage);			
		}
	}

void CCMacImpl::ProcessBlockL()
	{
	TPtrC8 dataPtr(iData, KMacBlockSize);
	TPtr8 intermediateCipherPtr(iE,0,KMacBlockSize);
	// iData (Block) should be XORed with iE calculated
	// from previoue processing. If it's the first processing
	// then iE will be zero.
	// Here we are not doing explicit XORing because iCpherImpl 
	// is set in CBC mode. Therefore this operation will be
	// done by iCipherImpl
	iCipherImpl->ProcessL(dataPtr, intermediateCipherPtr);
	// After processing discard the block.
	iCurrentTotalLength = 0;
	}

void CCMacImpl::DoUpdateL(const TDesC8& aMessage)
	{
	TInt curLength = aMessage.Length();
	const TUint8* msgPtr = aMessage.Ptr();
	
	while(curLength > 0)
		{
		// If block is formed then process it.
		if(iCurrentTotalLength == KMacBlockSize)
			ProcessBlockL();
		
		// Check the space left in the block.
		TUint remainingLength = KMacBlockSize - iCurrentTotalLength;
		// If unprocesed message length is less then remainingLength
		// then copy the entire data to iData else copy till iData
		// if full.
		TUint length = Min(curLength, remainingLength);

		
		// Discard the return value obtained from Mem::Copy( ) function.		
		(void)Mem::Copy(iData+iCurrentTotalLength, msgPtr, length);
		// Update data offset
		iCurrentTotalLength += length;
		curLength -= length;
		msgPtr += length;
		}
 	}

TPtrC8 CCMacImpl::DoFinalL()
	{
	TBuf8<KMacBlockSize> finalBlock;
	finalBlock.SetLength(KMacBlockSize);
	
	// If padding is required then use Key3
	// else use Key2.
	if(iCurrentTotalLength < KMacBlockSize)
		{
		PadMessage();
		XORKeyWithData(iKey3, finalBlock);
		}
	else
		{
		XORKeyWithData(iKey2, finalBlock);
		}

	// cipher class expects the output buffer to be empty.
	iMacValue.Zero();

	iCipherImpl->ProcessFinalL(finalBlock, iMacValue);
	
    return (iImplementationUid == CryptoSpi::KAlgorithmCipherAesXcbcMac96)? iMacValue.Left(KAesXcbcMac96Size): TPtrC8(iMacValue);
	}

void CCMacImpl::ReInitialiseAndSetKeyL(const CKey& aKey)
	{
	Reset();
	SetKeyL(aKey);
	}


CCMacImpl* CCMacImpl::CopyL()
	{
	CCMacImpl* clone = new(ELeave) CCMacImpl(*this);
	CleanupStack::PushL(clone);
	clone->iKey = CKey::NewL(*iKey);
	CryptoSpi::CSymmetricCipherFactory::CreateSymmetricCipherL(clone->iCipherImpl,
												CryptoSpi::KAesUid,
												*iKey,
												CryptoSpi::KCryptoModeEncryptUid,
												CryptoSpi::KOperationModeCBCUid,
												CryptoSpi::KPaddingModeNoneUid,
												NULL);
	clone->iCipherImpl->SetIvL(TPtrC8(clone->iE, KMacBlockSize));
	CleanupStack::Pop();
	return clone;	
	}
	
CCMacImpl* CCMacImpl::ReplicateL()
	{
	CCMacImpl* replica = CopyL();
	replica->Reset();
	return replica;
	}