/*
 * Copyright 2015 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <keymaster/km_openssl/nist_curve_key_exchange.h>

#include <openssl/ec.h>
#include <openssl/ecdh.h>
#include <openssl/err.h>
#include <openssl/evp.h>

#include <keymaster/km_openssl/openssl_err.h>

namespace keymaster {

NistCurveKeyExchange::NistCurveKeyExchange(EC_KEY* private_key, keymaster_error_t* error)
    : private_key_(private_key) {
    if (!private_key_.get() || !EC_KEY_check_key(private_key_.get())) {
        *error = KM_ERROR_INVALID_ARGUMENT;
        return;
    }
    *error = ExtractPublicKey();
}

/* static */
NistCurveKeyExchange* NistCurveKeyExchange::GenerateKeyExchange(keymaster_ec_curve_t curve) {
    int curve_name;
    switch (curve) {
    case KM_EC_CURVE_P_224:
        curve_name = NID_secp224r1;
        break;
    case KM_EC_CURVE_P_256:
        curve_name = NID_X9_62_prime256v1;
        break;
    case KM_EC_CURVE_P_384:
        curve_name = NID_secp384r1;
        break;
    case KM_EC_CURVE_P_521:
        curve_name = NID_secp521r1;
        break;
    default:
        LOG_E("Not a NIST curve: %d", curve);
        return nullptr;
    }

    UniquePtr<EC_KEY, EC_KEY_Delete> key(EC_KEY_new_by_curve_name(curve_name));
    if (!key.get() || !EC_KEY_generate_key(key.get())) {
        return nullptr;
    }
    keymaster_error_t error;
    UniquePtr<NistCurveKeyExchange> key_exchange(new (std::nothrow)
                                                     NistCurveKeyExchange(key.get(), &error));
    if (!key_exchange.get()) error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
    if (error != KM_ERROR_OK) return nullptr;
    (void)key.release();

    return key_exchange.release();
}

keymaster_error_t NistCurveKeyExchange::ExtractPublicKey() {
    const EC_GROUP* group = EC_KEY_get0_group(private_key_.get());
    size_t field_len_bits;
    keymaster_error_t error = ec_get_group_size(group, &field_len_bits);
    if (error != KM_ERROR_OK) return error;

    shared_secret_len_ = (field_len_bits + 7) / 8;
    public_key_len_ = 1 + 2 * shared_secret_len_;
    public_key_.reset(new (std::nothrow) uint8_t[public_key_len_]);
    if (!public_key_.get()) return KM_ERROR_MEMORY_ALLOCATION_FAILED;
    if (EC_POINT_point2oct(group, EC_KEY_get0_public_key(private_key_.get()),
                           POINT_CONVERSION_UNCOMPRESSED, public_key_.get(), public_key_len_,
                           nullptr /* ctx */) != public_key_len_) {
        return TranslateLastOpenSslError();
    }
    return KM_ERROR_OK;
}

bool NistCurveKeyExchange::CalculateSharedKey(const Buffer& peer_public_value,
                                              Buffer* out_result) const {

    return CalculateSharedKey(peer_public_value.peek_read(), peer_public_value.available_read(),
                              out_result);
}

bool NistCurveKeyExchange::CalculateSharedKey(const uint8_t* peer_public_value,
                                              size_t peer_public_value_len,
                                              Buffer* out_result) const {
    const EC_GROUP* group = EC_KEY_get0_group(private_key_.get());
    UniquePtr<EC_POINT, EC_POINT_Delete> point(EC_POINT_new(group));
    if (!point.get() ||
        !EC_POINT_oct2point(/* also test if point is on curve */
                            group, point.get(), peer_public_value, peer_public_value_len,
                            nullptr /* ctx */) ||
        !EC_POINT_is_on_curve(group, point.get(), nullptr /* ctx */)) {
        LOG_E("Can't convert peer public value to point: %d", TranslateLastOpenSslError());
        return false;
    }

    UniquePtr<uint8_t[]> result(new (std::nothrow) uint8_t[shared_secret_len_]);
    if (!result.get()) return false;
    if (ECDH_compute_key(result.get(), shared_secret_len_, point.get(), private_key_.get(),
                         nullptr /* kdf */) != static_cast<int>(shared_secret_len_)) {
        LOG_E("Can't compute ECDH shared key: %d", TranslateLastOpenSslError());
        return false;
    }

    out_result->Reinitialize(result.get(), shared_secret_len_);
    return true;
}

bool NistCurveKeyExchange::public_value(Buffer* public_value) const {
    if (public_key_.get() != nullptr && public_key_len_ != 0) {
        return public_value->Reinitialize(public_key_.get(), public_key_len_);
    }
    return false;
}

}  // namespace keymaster