#include "dcltng.h"

int lt_dcrp( char *prvid, mbedtls_aes_context *pctx, unsigned char *bullx,
	     int *lenbx, unsigned short *peflag )
/************************************************************************
 *  lt_dcrp								*
 *									*
 *  This routine checks if the data in a lightning bulletin is		*
 *  encrypted, and if so decrypts it in place.				*
 *									*
 *  Input parameters:							*
 *	PRVID		CHAR*	Provider identifier			*
 *	BULLX		CHAR*	Lightning bulletin			*
 *	LENBX		INT*	Length of BULLX				*
 *	PCTX	  MBEDTLS_AES_CONTEXT* Decryption key context structure	*
 *									*
 *  Output parameters:							*
 *  	BULLX		CHAR*	Lightning bulletin (now decrypted if it	*
 *  				was originally encrypted)		*
 *	LENBX		INT*	Length of BULLX				*
 *  	PEFLAG		USHRT*	Encryption status of original BULLX:	*
 *  				  0 = Data in BULLX was not encrypted	*
 *  				  1 = Data in BULLX was encrypted	*
 *  	LT_DCRP		INT	Return code:				*
 *  				  0 = Normal return			*
 *  				 -1 = An error occurred			*
 **									*
 * Log:									*
 * J. Ator/NCEP		10/13						*
 * J. Ator/NCEP		04/15	Added pctx as call argument.		*
 * J. Ator/NCEP		05/15	Added prvid as call argument.		*
 * J. Ator/NCEP		11/15	Assume all data is encrypted, even if	*
 *				2nd byte is 0x96 or 0x97.		*
 * J. Ator/NCEP		09/21   Switch from PolarSSL to mbedTLS library	*
 ***********************************************************************/
{
    unsigned char bullx_dc[MXBLSZ];  /* working array to hold decrypted
					copy of bullx */
    unsigned char iv[LENKF];

    size_t stlbx;

    unsigned int ii;
    int ier;

    if ( bullx[1] == 0x96 || bullx[1] == 0x97 ) {
	dc_wclg( 0, "DC", 2, "Bulletin contained 0x96 or 0x97 as 2nd byte, but will still treat as encrypted!\n", &ier );
    }

    *peflag = 1;
    memset( bullx_dc, 0x00, *lenbx );
    if ( strcmp( prvid, "ENI" ) == 0 ) {
/*
**	ENI data uses CBC encryption, so we have to set an initialization
**	vector and decrypt the entire bulletin in one fell swoop.
*/
	memset( iv, 0x00, LENKF );
	stlbx = (size_t) *lenbx;
	while ( ( stlbx % LENKF ) != 0 ) {  /* stlbx must be a multiple of LENKF for mbedtls_aes_crypt_cbc to work properly */
	    stlbx++;
	}
	if ( mbedtls_aes_crypt_cbc( pctx, MBEDTLS_AES_DECRYPT, stlbx, iv, bullx, bullx_dc ) != 0 ) {
	    dc_wclg( 0, "DC", 2, "CBC decryption error in mbedTLS library!\n", &ier );
	    return -1;
	}
    }
    else {
/*
**	Vaisala data uses ECB encryption, so we have to decrypt the 
**	bulletin in chunks, LENKF bytes at a time.
*/
	for ( ii = 0; ii + LENKF < *lenbx; ii += LENKF ) {
	    if ( mbedtls_aes_crypt_ecb( pctx, MBEDTLS_AES_DECRYPT, &bullx[ii], &bullx_dc[ii] ) != 0 ) {
		dc_wclg( 0, "DC", 2, "ECB decryption error in mbedTLS library!\n", &ier );
		return -1;
	    }
	}
	*lenbx = ii - LENKF;
    }

    /* Copy bullx_dc back into bullx. */
    for ( ii = 0; ii < *lenbx; ii++ ) {
	bullx[ii] = bullx_dc[ii];
    }

    return 0;
}