1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <openssl/ecdsa.h>
18
19#include "ecdsa_operation.h"
20#include "openssl_utils.h"
21
22namespace keymaster {
23
24EcdsaOperation::~EcdsaOperation() {
25    if (ecdsa_key_ != NULL)
26        EC_KEY_free(ecdsa_key_);
27}
28
29keymaster_error_t EcdsaOperation::Update(const Buffer& input, Buffer* /* output */) {
30    switch (purpose()) {
31    default:
32        return KM_ERROR_UNIMPLEMENTED;
33    case KM_PURPOSE_SIGN:
34    case KM_PURPOSE_VERIFY:
35        return StoreData(input);
36    }
37}
38
39keymaster_error_t EcdsaOperation::StoreData(const Buffer& input) {
40    if (!data_.reserve(data_.available_read() + input.available_read()) ||
41        !data_.write(input.peek_read(), input.available_read()))
42        return KM_ERROR_MEMORY_ALLOCATION_FAILED;
43    return KM_ERROR_OK;
44}
45
46keymaster_error_t EcdsaSignOperation::Finish(const Buffer& /* signature */, Buffer* output) {
47    output->Reinitialize(ECDSA_size(ecdsa_key_));
48    unsigned int siglen;
49    if (!ECDSA_sign(0 /* type -- ignored */, data_.peek_read(), data_.available_read(),
50                    output->peek_write(), &siglen, ecdsa_key_))
51        return KM_ERROR_UNKNOWN_ERROR;
52    output->advance_write(siglen);
53    return KM_ERROR_OK;
54}
55
56keymaster_error_t EcdsaVerifyOperation::Finish(const Buffer& signature, Buffer* /* output */) {
57    int result = ECDSA_verify(0 /* type -- ignored */, data_.peek_read(), data_.available_read(),
58                              signature.peek_read(), signature.available_read(), ecdsa_key_);
59    if (result < 0)
60        return KM_ERROR_UNKNOWN_ERROR;
61    else if (result == 0)
62        return KM_ERROR_VERIFICATION_FAILED;
63    else
64        return KM_ERROR_OK;
65}
66
67}  // namespace keymaster
68