// Copyright (c) 2019, Google Inc.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

package subprocess

import (
	"bytes"
	"encoding/hex"
	"encoding/json"
	"fmt"
)

// The following structures reflect the JSON of ACVP hash tests. See
// https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-test-vectors

type ecdsaTestVectorSet struct {
	Groups []ecdsaTestGroup `json:"testGroups"`
	Mode   string           `json:"mode"`
}

type ecdsaTestGroup struct {
	ID                   uint64 `json:"tgId"`
	Curve                string `json:"curve"`
	SecretGenerationMode string `json:"secretGenerationMode,omitempty"`
	HashAlgo             string `json:"hashAlg,omitEmpty"`
	ComponentTest        bool   `json:"componentTest"`
	Tests                []struct {
		ID     uint64 `json:"tcId"`
		QxHex  string `json:"qx,omitempty"`
		QyHex  string `json:"qy,omitempty"`
		RHex   string `json:"r,omitempty"`
		SHex   string `json:"s,omitempty"`
		MsgHex string `json:"message,omitempty"`
	} `json:"tests"`
}

type ecdsaTestGroupResponse struct {
	ID    uint64              `json:"tgId"`
	Tests []ecdsaTestResponse `json:"tests"`
	QxHex string              `json:"qx,omitempty"`
	QyHex string              `json:"qy,omitempty"`
}

type ecdsaTestResponse struct {
	ID     uint64 `json:"tcId"`
	DHex   string `json:"d,omitempty"`
	QxHex  string `json:"qx,omitempty"`
	QyHex  string `json:"qy,omitempty"`
	RHex   string `json:"r,omitempty"`
	SHex   string `json:"s,omitempty"`
	Passed *bool  `json:"testPassed,omitempty"` // using pointer so value is not omitted when it is false
}

// ecdsa implements an ACVP algorithm by making requests to the
// subprocess to generate and verify ECDSA keys and signatures.
type ecdsa struct {
	// algo is the ACVP name for this algorithm and also the command name
	// given to the subprocess to hash with this hash function.
	algo       string
	curves     map[string]bool // supported curve names
	primitives map[string]primitive
}

func (e *ecdsa) Process(vectorSet []byte, m Transactable) (any, error) {
	var parsed ecdsaTestVectorSet
	if err := json.Unmarshal(vectorSet, &parsed); err != nil {
		return nil, err
	}

	var ret []ecdsaTestGroupResponse
	// See
	// https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-test-vectors
	// for details about the tests.
	for _, group := range parsed.Groups {
		group := group

		if _, ok := e.curves[group.Curve]; !ok {
			return nil, fmt.Errorf("curve %q in test group %d not supported", group.Curve, group.ID)
		}

		response := ecdsaTestGroupResponse{
			ID: group.ID,
		}
		var sigGenPrivateKey []byte

		for _, test := range group.Tests {
			test := test

			var testResp ecdsaTestResponse
			testResp.ID = test.ID

			switch parsed.Mode {
			case "keyGen":
				if group.SecretGenerationMode != "testing candidates" {
					return nil, fmt.Errorf("invalid secret generation mode in test group %d: %q", group.ID, group.SecretGenerationMode)
				}
				m.TransactAsync(e.algo+"/"+"keyGen", 3, [][]byte{[]byte(group.Curve)}, func(result [][]byte) error {
					testResp.DHex = hex.EncodeToString(result[0])
					testResp.QxHex = hex.EncodeToString(result[1])
					testResp.QyHex = hex.EncodeToString(result[2])
					response.Tests = append(response.Tests, testResp)
					return nil
				})

			case "keyVer":
				qx, err := hex.DecodeString(test.QxHex)
				if err != nil {
					return nil, fmt.Errorf("failed to decode qx in test case %d/%d: %s", group.ID, test.ID, err)
				}
				qy, err := hex.DecodeString(test.QyHex)
				if err != nil {
					return nil, fmt.Errorf("failed to decode qy in test case %d/%d: %s", group.ID, test.ID, err)
				}
				m.TransactAsync(e.algo+"/"+"keyVer", 1, [][]byte{[]byte(group.Curve), qx, qy}, func(result [][]byte) error {
					// result[0] should be a single byte: zero if false, one if true
					switch {
					case bytes.Equal(result[0], []byte{00}):
						f := false
						testResp.Passed = &f
					case bytes.Equal(result[0], []byte{01}):
						t := true
						testResp.Passed = &t
					default:
						return fmt.Errorf("key verification returned unexpected result: %q", result[0])
					}
					response.Tests = append(response.Tests, testResp)
					return nil
				})

			case "sigGen":
				p := e.primitives[group.HashAlgo]
				h, ok := p.(*hashPrimitive)
				if !ok {
					return nil, fmt.Errorf("unsupported hash algorithm %q in test group %d", group.HashAlgo, group.ID)
				}

				if len(sigGenPrivateKey) == 0 {
					// Ask the subprocess to generate a key for this test group.
					result, err := m.Transact(e.algo+"/"+"keyGen", 3, []byte(group.Curve))
					if err != nil {
						return nil, fmt.Errorf("key generation failed for test case %d/%d: %s", group.ID, test.ID, err)
					}

					sigGenPrivateKey = result[0]
					response.QxHex = hex.EncodeToString(result[1])
					response.QyHex = hex.EncodeToString(result[2])
				}

				msg, err := hex.DecodeString(test.MsgHex)
				if err != nil {
					return nil, fmt.Errorf("failed to decode message hex in test case %d/%d: %s", group.ID, test.ID, err)
				}
				op := e.algo + "/" + "sigGen"
				if group.ComponentTest {
					if len(msg) != h.size {
						return nil, fmt.Errorf("test case %d/%d contains message %q of length %d, but expected length %d", group.ID, test.ID, test.MsgHex, len(msg), h.size)
					}
					op += "/componentTest"
				}
				m.TransactAsync(op, 2, [][]byte{[]byte(group.Curve), sigGenPrivateKey, []byte(group.HashAlgo), msg}, func(result [][]byte) error {
					testResp.RHex = hex.EncodeToString(result[0])
					testResp.SHex = hex.EncodeToString(result[1])
					response.Tests = append(response.Tests, testResp)
					return nil
				})

			case "sigVer":
				p := e.primitives[group.HashAlgo]
				_, ok := p.(*hashPrimitive)
				if !ok {
					return nil, fmt.Errorf("unsupported hash algorithm %q in test group %d", group.HashAlgo, group.ID)
				}

				msg, err := hex.DecodeString(test.MsgHex)
				if err != nil {
					return nil, fmt.Errorf("failed to decode message hex in test case %d/%d: %s", group.ID, test.ID, err)
				}
				qx, err := hex.DecodeString(test.QxHex)
				if err != nil {
					return nil, fmt.Errorf("failed to decode qx in test case %d/%d: %s", group.ID, test.ID, err)
				}
				qy, err := hex.DecodeString(test.QyHex)
				if err != nil {
					return nil, fmt.Errorf("failed to decode qy in test case %d/%d: %s", group.ID, test.ID, err)
				}
				r, err := hex.DecodeString(test.RHex)
				if err != nil {
					return nil, fmt.Errorf("failed to decode R in test case %d/%d: %s", group.ID, test.ID, err)
				}
				s, err := hex.DecodeString(test.SHex)
				if err != nil {
					return nil, fmt.Errorf("failed to decode S in test case %d/%d: %s", group.ID, test.ID, err)
				}
				m.TransactAsync(e.algo+"/"+"sigVer", 1, [][]byte{[]byte(group.Curve), []byte(group.HashAlgo), msg, qx, qy, r, s}, func(result [][]byte) error {
					// result[0] should be a single byte: zero if false, one if true
					switch {
					case bytes.Equal(result[0], []byte{00}):
						f := false
						testResp.Passed = &f
					case bytes.Equal(result[0], []byte{01}):
						t := true
						testResp.Passed = &t
					default:
						return fmt.Errorf("signature verification returned unexpected result: %q", result[0])
					}
					response.Tests = append(response.Tests, testResp)
					return nil
				})

			default:
				return nil, fmt.Errorf("invalid mode %q in ECDSA vector set", parsed.Mode)
			}
		}

		m.Barrier(func() {
			ret = append(ret, response)
		})
	}

	if err := m.Flush(); err != nil {
		return nil, err
	}

	return ret, nil
}