/*
 * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/hpke.h>

#include <openssl/objects.h>
#include <openssl/x509.h>

#ifndef OPENSSL_NO_ECH

# define OSSL_ECH_KEYGEN_MODE    0 /* default: generate a key pair/ECHConfig */
# define OSSL_ECH_SELPRINT_MODE  1 /* we can print/down-select ECHConfigList */

# define PEM_SELECT_ALL    -1 /* to indicate we're not downselecting another */

typedef enum OPTION_choice {
    /* standard openssl options */
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_VERBOSE,
    OPT_PEMOUT,
    /* ECHConfig specifics */
    OPT_PUBLICNAME, OPT_ECHVERSION,
    OPT_MAXNAMELENGTH, OPT_HPKESUITE
} OPTION_CHOICE;

const OPTIONS ech_options[] = {
    OPT_SECTION("General options"),
    {"help", OPT_HELP, '-', "Display this summary"},
    {"verbose", OPT_VERBOSE, '-', "Provide additional output"},
    OPT_SECTION("Key generation"),
    {"pemout", OPT_PEMOUT, '>',
     "Private key and ECHConfig [default echconfig.pem]"},
    {"public_name", OPT_PUBLICNAME, 's', "public_name value"},
    {"max_name_len", OPT_MAXNAMELENGTH, 'n',
     "Maximum host name length value [default: 0]"},
    {"suite", OPT_HPKESUITE, 's', "HPKE ciphersuite: e.g. \"0x20,1,3\""},
    {"ech_version", OPT_ECHVERSION, 'n',
     "ECHConfig version [default 0xff0d (13)]"},
    {NULL}
};

/**
 * @brief map version string like 0xff01 or 65291 to uint16_t
 * @param arg is the version string, from command line
 * @return is the uint16_t value (with zero for error cases)
 */
static uint16_t verstr2us(char *arg)
{
    long lv = strtol(arg, NULL, 0);
    uint16_t rv = 0;

    if (lv < 0xffff && lv > 0) {
        rv = (uint16_t)lv;
    }
    return rv;
}

int ech_main(int argc, char **argv)
{
    char *prog = NULL;
    OPTION_CHOICE o;
    int verbose = 0;
    char *pemfile = NULL;
    char *public_name = NULL;
    char *suitestr = NULL;
    uint16_t ech_version = OSSL_ECH_CURRENT_VERSION;
    uint8_t max_name_length = 0;
    OSSL_HPKE_SUITE hpke_suite = OSSL_HPKE_SUITE_DEFAULT;
    int mode = OSSL_ECH_KEYGEN_MODE; /* key generation */

    prog = opt_init(argc, argv, ech_options);
    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_EOF:
        case OPT_ERR:
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
            goto end;
        case OPT_HELP:
            opt_help(ech_options);
            goto end;
        case OPT_VERBOSE:
            verbose = 1;
            break;
        case OPT_PEMOUT:
            pemfile = opt_arg();
            break;
        case OPT_PUBLICNAME:
            public_name = opt_arg();
            break;
        case OPT_ECHVERSION:
            ech_version = verstr2us(opt_arg());
            break;
        case OPT_MAXNAMELENGTH:
            {
                long tmp = strtol(opt_arg(), NULL, 10);

                if (tmp < 0 || tmp > OSSL_ECH_MAX_MAXNAMELEN) {
                    BIO_printf(bio_err,
                               "max name length out of range [0,%d] (%ld)\n",
                               OSSL_ECH_MAX_MAXNAMELEN, tmp);
                    goto opthelp;
                } else {
                    max_name_length = (uint8_t)tmp;
                }
            }
            break;
        case OPT_HPKESUITE:
            suitestr = opt_arg();
            break;
        }
    }

    argc = opt_num_rest();
    argv = opt_rest();
    if (argc != 0) {
        BIO_printf(bio_err, "%s: Unknown parameter %s\n", prog, argv[0]);
        goto opthelp;
    }

    /*
     * Check ECH-specific inputs
     */
    switch (ech_version) {
    case OSSL_ECH_RFCXXXX_VERSION: /* fall through */
    case 13:
        ech_version = OSSL_ECH_RFCXXXX_VERSION;
        break;
    default:
        BIO_printf(bio_err, "Un-supported version (0x%04x)\n", ech_version);
        goto end;
    }

    if (max_name_length > TLSEXT_MAXLEN_host_name) {
        BIO_printf(bio_err, "Weird max name length (0x%04x) - biggest is "
                   "(0x%04x) - exiting\n", max_name_length,
                   TLSEXT_MAXLEN_host_name);
        ERR_print_errors(bio_err);
        goto end;
    }

    if (suitestr != NULL) {
        if (OSSL_HPKE_str2suite(suitestr, &hpke_suite) != 1) {
            BIO_printf(bio_err, "Bad OSSL_HPKE_SUITE (%s)\n", suitestr);
            ERR_print_errors(bio_err);
            goto end;
        }
    }

    /* Set default if needed */
    if (pemfile == NULL)
        pemfile = "echconfig.pem";

    if (mode == OSSL_ECH_KEYGEN_MODE) {
        OSSL_ECHSTORE *es = NULL;
        BIO *ecf = NULL;

        if (verbose)
            BIO_printf(bio_err, "Calling OSSL_ECHSTORE_new_config\n");
        if ((ecf = BIO_new_file(pemfile, "w")) == NULL 
            || (es = OSSL_ECHSTORE_new(NULL, NULL)) == NULL
            || OSSL_ECHSTORE_new_config(es, ech_version, max_name_length,
                                        public_name, hpke_suite) != 1
            || OSSL_ECHSTORE_write_pem(es, 0, ecf) != 1) {
            BIO_printf(bio_err, "OSSL_ECHSTORE_new_config error\n");
            goto end;
        }
        if (verbose)
            BIO_printf(bio_err, "OSSL_ECHSTORE_new_config success\n");
        OSSL_ECHSTORE_free(es);
        BIO_free_all(ecf);
        return 1;
    }

opthelp:
    BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
    goto end;

end:
    return 0;
}

#endif