/*
* Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
*
*/


#include "dsasignerimpl.h"
#include "pluginconfig.h"

using namespace SoftwareCrypto;

// Implementation of CDSASignerImpl 
CDSASignerImpl* CDSASignerImpl::NewL(const CKey& aKey)
	{
	CDSASignerImpl* self = CDSASignerImpl::NewLC(aKey);
	CleanupStack::Pop(self);
	return self;
	}
	
CDSASignerImpl* CDSASignerImpl::NewLC(const CKey& aKey)
	{
	CDSASignerImpl* self = new(ELeave) CDSASignerImpl();
	CleanupStack::PushL(self);
	self->ConstructL(aKey);
	return self;
	}

CDSASignerImpl::CDSASignerImpl() 
	{
	}
	
CDSASignerImpl::~CDSASignerImpl()
	{
	}
	
void CDSASignerImpl::ConstructL(const CKey& aKey)
	{
	CSignerImpl::ConstructL(aKey);
	}

CExtendedCharacteristics* CDSASignerImpl::CreateExtendedCharacteristicsL()
	{
	// All Symbian software plug-ins have unlimited concurrency, cannot be reserved
	// for exclusive use and are not CERTIFIED to be standards compliant.
	return CExtendedCharacteristics::NewL(KMaxTInt, EFalse);
	}

const CExtendedCharacteristics* CDSASignerImpl::GetExtendedCharacteristicsL()
	{
	return CDSASignerImpl::CreateExtendedCharacteristicsL();
	}

TUid CDSASignerImpl::ImplementationUid() const
	{
	return KCryptoPluginDsaSignerUid;
	}
	
void CDSASignerImpl::SetKeyL(const CKey& aPrivateKey) 
	{
	DoSetKeyL(aPrivateKey);
	Reset();
	}

TInt CDSASignerImpl::GetMaximumInputLengthL() const 
	{
	return KSha1HashLength;
	}

void CDSASignerImpl::SignL(const TDesC8& aInput, CCryptoParams& aSignature) 
	{
	
	//see HAC 11.56 or DSS section 5
	//I'll follow HAC as I like its description better
	//We don't check that r and s are non both non-null like the DSS
	//states you _optionally_ can.  The chances of this are _incredibly_ small.
	//You've got a much better chance of a bit failure ocurring in the hardware
	//than this.

	const TInteger& tQ=iKey->GetBigIntL(KDsaKeyParameterQUid);
		
	// a) Select a random secret integer (k | 0 < k < q)
	RInteger qminus1 = RInteger::NewL(tQ);
	CleanupStack::PushL(qminus1);
	--qminus1;
	RInteger k = RInteger::NewRandomL(TInteger::One(), qminus1);
	CleanupStack::PopAndDestroy(&qminus1);
	CleanupStack::PushL(k);
	
	
	// b) compute r = (g^k mod p) mod q
	
	const TInteger& tG=iKey->GetBigIntL(KDsaKeyParameterGUid);
	const TInteger& tP=iKey->GetBigIntL(KDsaKeyParameterPUid);
	RInteger r = TInteger::ModularExponentiateL(tG, k, tP);
	CleanupStack::PushL(r);
	r %=tQ;
	
	
	// c) compute k^(-1) mod q

	RInteger kinv = k.InverseModL(tQ);
	CleanupStack::PushL(kinv);


	// d) compute s = k^(-1) * {h(m) + xr} mod q
	// Note that in order to be interoperable, compliant with the DSS, and
	// secure, aInput must be the result of a SHA-1 hash

	RInteger hm = RInteger::NewL(aInput);
	CleanupStack::PushL(hm);
	
	const TInteger& tX=iKey->GetBigIntL(KDsaKeyParameterXUid);	
	RInteger s = tX.TimesL(r);
	CleanupStack::PushL(s);
	s += hm;
	s *= kinv;
	s %= tQ;


	// e) signature for m is the pair (r,s)
	aSignature.AddL(r, KDsaSignatureParameterRUid);
	aSignature.AddL(s, KDsaSignatureParameterSUid);
	
	CleanupStack::PopAndDestroy(5, &k);
	}