// Code generated by cmd/cgo; DO NOT EDIT.

//line /builddir/build/BUILD/go-go-1.12.8-2-openssl-fips/src/crypto/internal/boring/ecdsa.go:1:1
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// +build linux
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan

package boring

// #include "goboringcrypto.h"
import _ "unsafe"
import (
	"crypto"
	"encoding/asn1"
	"errors"
	"math/big"
	"runtime"
	"unsafe"
)

type ecdsaSignature struct {
	R, S *big.Int
}

type PrivateKeyECDSA struct {
	key * /*line :29:7*/_Ctype_struct_ec_key_st /*line :29:18*/
}

func (k *PrivateKeyECDSA) finalize() {
	func() { _cgo0 := /*line :33:32*/k.key; _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_EC_KEY_free(_cgo0); }()
}

type PublicKeyECDSA struct {
	key * /*line :37:7*/_Ctype_struct_ec_key_st /*line :37:18*/
}

func (k *PublicKeyECDSA) finalize() {
	func() { _cgo0 := /*line :41:32*/k.key; _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_EC_KEY_free(_cgo0); }()
}

var errUnknownCurve = errors.New("boringcrypto: unknown elliptic curve")
var errUnsupportedCurve = errors.New("boringcrypto: unsupported elliptic curve")

func curveNID(curve string) ( /*line :47:30*/_Ctype_int /*line :47:35*/, error) {
	switch curve {
	case "P-224":
		return 0, errUnsupportedCurve
	case "P-256":
		return ( /*line :52:10*/_Ciconst_GO_NID_X9_62_prime256v1 /*line :52:34*/), nil
	case "P-384":
		return ( /*line :54:10*/_Ciconst_GO_NID_secp384r1 /*line :54:27*/), nil
	case "P-521":
		return ( /*line :56:10*/_Ciconst_GO_NID_secp521r1 /*line :56:27*/), nil
	}
	return 0, errUnknownCurve
}

func NewPublicKeyECDSA(curve string, X, Y *big.Int) (*PublicKeyECDSA, error) {
	key, err := newECKey(curve, X, Y)
	if err != nil {
		return nil, err
	}
	k := &PublicKeyECDSA{key}
	// Note: Because of the finalizer, any time k.key is passed to cgo,
	// that call must be followed by a call to runtime.KeepAlive(k),
	// to make sure k is not collected (and finalized) before the cgo
	// call returns.
	runtime.SetFinalizer(k, (*PublicKeyECDSA).finalize)
	return k, nil
}

func newECKey(curve string, X, Y *big.Int) (* /*line :75:46*/_Ctype_struct_ec_key_st /*line :75:57*/, error) {
	nid, err := curveNID(curve)
	if err != nil {
		return nil, err
	}
	key := ( /*line :80:9*/_Cfunc__goboringcrypto_EC_KEY_new_by_curve_name /*line :80:50*/)(nid)
	if key == nil {
		return nil, fail("EC_KEY_new_by_curve_name")
	}
	group := func() *_Ctype_struct_ec_group_st{ _cgo0 := /*line :84:47*/key; _cgoCheckPointer(_cgo0); return _Cfunc__goboringcrypto_EC_KEY_get0_group(_cgo0); }()
	pt := func() *_Ctype_struct_ec_point_st{ _cgo0 := /*line :85:39*/group; _cgoCheckPointer(_cgo0); return _Cfunc__goboringcrypto_EC_POINT_new(_cgo0); }()
	if pt == nil {
		func() { _cgo0 := /*line :87:33*/key; _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_EC_KEY_free(_cgo0); }()
		return nil, fail("EC_POINT_new")
	}
	bx := bigToBN(X)
	by := bigToBN(Y)
	ok := bx != nil && by != nil && func() _Ctype_int{ _cgo0 := /*line :92:88*/group; _cgo1 := /*line :92:95*/pt; _cgo2 := /*line :92:99*/bx; _cgo3 := /*line :92:103*/by; var _cgo4 *_Ctype_struct_bignum_ctx = /*line :92:107*/nil; _cgoCheckPointer(_cgo0); _cgoCheckPointer(_cgo1); _cgoCheckPointer(_cgo2); _cgoCheckPointer(_cgo3); return _Cfunc__goboringcrypto_EC_POINT_set_affine_coordinates_GFp(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4); }() != 0 &&
		func() _Ctype_int{ _cgo0 := /*line :93:43*/key; _cgo1 := /*line :93:48*/pt; _cgoCheckPointer(_cgo0); _cgoCheckPointer(_cgo1); return _Cfunc__goboringcrypto_EC_KEY_set_public_key(_cgo0, _cgo1); }() != 0
	if bx != nil {
		func() { _cgo0 := /*line :95:29*/bx; _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_BN_free(_cgo0); }()
	}
	if by != nil {
		func() { _cgo0 := /*line :98:29*/by; _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_BN_free(_cgo0); }()
	}
	func() { _cgo0 := /*line :100:34*/pt; _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_EC_POINT_free(_cgo0); }()
	if !ok {
		func() { _cgo0 := /*line :102:33*/key; _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_EC_KEY_free(_cgo0); }()
		return nil, fail("EC_POINT_set_affine_coordinates_GFp")
	}
	return key, nil
}

func NewPrivateKeyECDSA(curve string, X, Y *big.Int, D *big.Int) (*PrivateKeyECDSA, error) {
	key, err := newECKey(curve, X, Y)
	if err != nil {
		return nil, err
	}
	bd := bigToBN(D)
	ok := bd != nil && func() _Ctype_int{ _cgo0 := /*line :114:62*/key; _cgo1 := /*line :114:67*/bd; _cgoCheckPointer(_cgo0); _cgoCheckPointer(_cgo1); return _Cfunc__goboringcrypto_EC_KEY_set_private_key(_cgo0, _cgo1); }() != 0
	if bd != nil {
		func() { _cgo0 := /*line :116:29*/bd; _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_BN_free(_cgo0); }()
	}
	if !ok {
		func() { _cgo0 := /*line :119:33*/key; _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_EC_KEY_free(_cgo0); }()
		return nil, fail("EC_KEY_set_private_key")
	}
	k := &PrivateKeyECDSA{key}
	// Note: Because of the finalizer, any time k.key is passed to cgo,
	// that call must be followed by a call to runtime.KeepAlive(k),
	// to make sure k is not collected (and finalized) before the cgo
	// call returns.
	runtime.SetFinalizer(k, (*PrivateKeyECDSA).finalize)
	return k, nil
}

func SignECDSA(priv *PrivateKeyECDSA, hash []byte, h crypto.Hash) (r, s *big.Int, err error) {
	// We could use ECDSA_do_sign instead but would need to convert
	// the resulting BIGNUMs to *big.Int form. If we're going to do a
	// conversion, converting the ASN.1 form is more convenient and
	// likely not much more expensive.
	sig, err := SignMarshalECDSA(priv, hash, h)
	if err != nil {
		return nil, nil, err
	}
	var esig ecdsaSignature
	if _, err := asn1.Unmarshal(sig, &esig); err != nil {
		return nil, nil, err
	}
	return esig.R, esig.S, nil
}

func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte, h crypto.Hash) ([]byte, error) {
	size := func() _Ctype_size_t{ _cgo0 := /*line :148:39*/priv.key; _cgoCheckPointer(_cgo0); return _Cfunc__goboringcrypto_ECDSA_size(_cgo0); }()
	sig := make([]byte, size)
	md := cryptoHashToMD(h)
	if md == nil {
		panic("boring: invalid hash")
	}
	var sigLen  /*line :154:13*/_Ctype_size_t /*line :154:21*/
	if func() _Ctype_int{ _cgo0 := /*line :155:34*/md; var _cgo1 *_Ctype_uint8_t = /*line :155:38*/base(hash); var _cgo2 _Ctype_size_t = _Ctype_size_t(len(hash)); var _cgo3 *_Ctype_uint8_t = /*line :155:71*/(*_Ctype_uint8_t)(unsafe.Pointer(&sig[0])); var _cgo4 *_Ctype_size_t = /*line :155:110*/&sigLen; _cgo5 := /*line :155:119*/priv.key; _cgoCheckPointer(_cgo0); _cgoCheckPointer(_cgo5); return _Cfunc__goboringcrypto_ECDSA_sign(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4, _cgo5); }() == 0 {
		return nil, fail("ECDSA_sign")
	}
	runtime.KeepAlive(priv)
	return sig[:sigLen], nil
}

func VerifyECDSA(pub *PublicKeyECDSA, msg []byte, r, s *big.Int, h crypto.Hash) bool {
	// We could use ECDSA_do_verify instead but would need to convert
	// r and s to BIGNUM form. If we're going to do a conversion, marshaling
	// to ASN.1 is more convenient and likely not much more expensive.
	sig, err := asn1.Marshal(ecdsaSignature{r, s})
	if err != nil {
		return false
	}
	md := cryptoHashToMD(h)
	if md == nil {
		panic("boring: invalid hash")
	}
	ok := func() _Ctype_int{ _cgo0 := /*line :174:39*/md; var _cgo1 *_Ctype_uint8_t = /*line :174:43*/base(msg); var _cgo2 _Ctype_size_t = _Ctype_size_t(len(msg)); var _cgo3 *_Ctype_uint8_t = /*line :174:74*/(*_Ctype_uint8_t)(unsafe.Pointer(&sig[0])); var _cgo4 _Ctype_size_t = _Ctype_size_t(len(sig)); _cgo5 := /*line :174:133*/pub.key; _cgoCheckPointer(_cgo0); _cgoCheckPointer(_cgo5); return _Cfunc__goboringcrypto_ECDSA_verify(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4, _cgo5); }() > 0
	runtime.KeepAlive(pub)
	return ok
}

func GenerateKeyECDSA(curve string) (X, Y, D *big.Int, err error) {
	nid, err := curveNID(curve)
	if err != nil {
		return nil, nil, nil, err
	}
	key := ( /*line :184:9*/_Cfunc__goboringcrypto_EC_KEY_new_by_curve_name /*line :184:50*/)(nid)
	if key == nil {
		return nil, nil, nil, fail("EC_KEY_new_by_curve_name")
	}
	defer func() func() { _cgo0 := /*line :188:38*/key; return func() { _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_EC_KEY_free(_cgo0); }}()()
	if func() _Ctype_int{ _cgo0 := /*line :189:43*/key; _cgoCheckPointer(_cgo0); return _Cfunc__goboringcrypto_EC_KEY_generate_key(_cgo0); }() == 0 {
		return nil, nil, nil, fail("EC_KEY_generate_key")
	}
	group := func() *_Ctype_struct_ec_group_st{ _cgo0 := /*line :192:47*/key; _cgoCheckPointer(_cgo0); return _Cfunc__goboringcrypto_EC_KEY_get0_group(_cgo0); }()
	pt := func() *_Ctype_struct_ec_point_st{ _cgo0 := /*line :193:49*/key; _cgoCheckPointer(_cgo0); return _Cfunc__goboringcrypto_EC_KEY_get0_public_key(_cgo0); }()
	bd := func() *_Ctype_struct_bignum_st{ _cgo0 := /*line :194:50*/key; _cgoCheckPointer(_cgo0); return _Cfunc__goboringcrypto_EC_KEY_get0_private_key(_cgo0); }()
	if pt == nil || bd == nil {
		return nil, nil, nil, fail("EC_KEY_get0_private_key")
	}
	bx := ( /*line :198:8*/_Cfunc__goboringcrypto_BN_new /*line :198:31*/)()
	if bx == nil {
		return nil, nil, nil, fail("BN_new")
	}
	defer func() func() { _cgo0 := /*line :202:34*/bx; return func() { _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_BN_free(_cgo0); }}()()
	by := ( /*line :203:8*/_Cfunc__goboringcrypto_BN_new /*line :203:31*/)()
	if by == nil {
		return nil, nil, nil, fail("BN_new")
	}
	defer func() func() { _cgo0 := /*line :207:34*/by; return func() { _cgoCheckPointer(_cgo0); _Cfunc__goboringcrypto_BN_free(_cgo0); }}()()
	if func() _Ctype_int{ _cgo0 := /*line :208:59*/group; _cgo1 := /*line :208:66*/pt; _cgo2 := /*line :208:70*/bx; _cgo3 := /*line :208:74*/by; var _cgo4 *_Ctype_struct_bignum_ctx = /*line :208:78*/nil; _cgoCheckPointer(_cgo0); _cgoCheckPointer(_cgo1); _cgoCheckPointer(_cgo2); _cgoCheckPointer(_cgo3); return _Cfunc__goboringcrypto_EC_POINT_get_affine_coordinates_GFp(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4); }() == 0 {
		return nil, nil, nil, fail("EC_POINT_get_affine_coordinates_GFp")
	}
	return bnToBig(bx), bnToBig(by), bnToBig(bd), nil
}
