// Copyright (c) 2020, Google Inc.
// SPDX-License-Identifier: ISC

#include <stdio.h>
#include <string.h>

#include <string>

#include <openssl/base.h>
#include <openssl/aead.h>
#include <openssl/crypto.h>
#include <openssl/cipher.h>
#include <openssl/mem.h>
#include <openssl/service_indicator.h>

#include <gtest/gtest.h>
#include "test/test_util.h"
#include "ube/vm_ube_detect.h"

static int AWS_LC_ERROR_return(void) {
  GUARD_PTR(NULL);
  return 1;
}

static int AWS_LC_SUCCESS_return(void) {
  char non_null_ptr[1];
  GUARD_PTR(non_null_ptr);
  return 1;
}

TEST(CryptoTest, SafetyMacro) {
  // It is assumed that |GUARD_PTR| returns 0 for fail/false and 1 for
  // success/true. Change these default values with care because code might not
  // use the related macros |AWS_LC_ERROR| or |AWS_LC_SUCCESS|.
  EXPECT_EQ(AWS_LC_ERROR_return(), 0);
  EXPECT_EQ(AWS_LC_SUCCESS_return(), 1);
}

// Test that OPENSSL_VERSION_NUMBER and OPENSSL_VERSION_TEXT are consistent.
// Node.js parses the version out of OPENSSL_VERSION_TEXT instead of using
// OPENSSL_VERSION_NUMBER.
TEST(CryptoTest, Version) {
  char expected[512];
  snprintf(expected, sizeof(expected), "OpenSSL %d.%d.%d ",
           OPENSSL_VERSION_NUMBER >> 28, (OPENSSL_VERSION_NUMBER >> 20) & 0xff,
           (OPENSSL_VERSION_NUMBER >> 12) & 0xff);
  EXPECT_EQ(expected,
            std::string(OPENSSL_VERSION_TEXT).substr(0, strlen(expected)));

  std::string full_expected = "OpenSSL 1.1.1 (compatible; AWS-LC ";
  full_expected += AWSLC_VERSION_NUMBER_STRING;
  full_expected += ")";
  EXPECT_EQ(OPENSSL_VERSION_TEXT, full_expected);

  full_expected = AWSLC_VERSION_STRING;
  std::string actual = std::string(OpenSSL_version(OPENSSL_VERSION));
  EXPECT_EQ(actual, full_expected);
}

TEST(CryptoTest, Strndup) {
  bssl::UniquePtr<char> str(OPENSSL_strndup(nullptr, 0));
  EXPECT_TRUE(str);
  EXPECT_STREQ("", str.get());
}

TEST(CryptoTest, aws_lc_assert_entropy_cpu_jitter) {
  if (FIPS_mode() == 1 && CRYPTO_get_vm_ube_supported() != 1) {
    ASSERT_EQ(1, FIPS_is_entropy_cpu_jitter());
  }
}

TEST(CryptoTest, OPENSSL_hexstr2buf) {
  const char *test_cases[][2] = {{"a2", "\xa2"},
                                 {"a213", "\xa2\x13"},
                                 {"ffeedd", "\xff\xee\xdd"},
                                 {"10aab1c2", "\x10\xaa\xb1\xc2"}};

  for (auto test_case : test_cases) {
    const char *test_value = test_case[0];
    const char *expected_answer = test_case[1];
    size_t actual_answer_len = 0;
    // The longest test case we have is currently 4 bytes long
    size_t expected_answer_len = OPENSSL_strnlen(test_case[1], 5);
    unsigned char *buf = OPENSSL_hexstr2buf(test_value, &actual_answer_len);
    ASSERT_TRUE(buf != nullptr);
    EXPECT_EQ(expected_answer_len, actual_answer_len);
    EXPECT_EQ(0, OPENSSL_memcmp(buf, expected_answer, expected_answer_len));
    OPENSSL_free(buf);
  }

  // Test failure modes
  size_t actual_answer_len = 0;
  EXPECT_FALSE(OPENSSL_hexstr2buf("a", &actual_answer_len));
  EXPECT_FALSE(OPENSSL_hexstr2buf(NULL, &actual_answer_len));
  EXPECT_FALSE(OPENSSL_hexstr2buf("ab", nullptr));
  EXPECT_FALSE(OPENSSL_hexstr2buf("ag", &actual_answer_len));
}

#if defined(BORINGSSL_FIPS)
TEST(CryptoTest, FIPSdownstreamPrecompilationFlag) {
#if defined(AWSLC_FIPS)
  ASSERT_TRUE(1);
#else
  ASSERT_TRUE(0);
#endif
}
#endif // defined(BORINGSSL_FIPS)

#if defined(BORINGSSL_FIPS) && !defined(OPENSSL_ASAN)
TEST(Crypto, OnDemandIntegrityTest) {
  BORINGSSL_integrity_test();
}
#endif

OPENSSL_DEPRECATED static void DeprecatedFunction() {}

OPENSSL_BEGIN_ALLOW_DEPRECATED
TEST(CryptoTest, DeprecatedFunction) {
  // This is deprecated, but should not trigger any warnings.
  DeprecatedFunction();
}
OPENSSL_END_ALLOW_DEPRECATED