# Copyright 2016 Joseph Birr-Pixton.
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

import subprocess
import glob
import hashlib
import os

TOP = '../../../../../'

def dump(bin, type):
    return '-----BEGIN %s-----\n%s-----END %s-----\n' % \
            (type, bin.encode('base64'), type)

def gen(outfile, paramfile, hashfn):
    param = open(paramfile).read()

    rand = os.urandom(64)
    hash = getattr(hashlib, hashfn)(rand).digest()

    proc = subprocess.Popen(['openssl', 'pkeyutl',
        '-inkey', 'priv.pem',
        '-sign',
        '-pkeyopt', 'rsa_padding_mode:pss',
        '-pkeyopt', 'rsa_pss_saltlen:-1',
        '-pkeyopt', 'digest:%s' % hashfn
        ],
        stdout = subprocess.PIPE,
        stdin = subprocess.PIPE)

    sig, _ = proc.communicate(hash)

    with open(outfile, 'w') as f:
        print >>f, dump(open('pub.der').read(), 'PUBLIC KEY')
        print >>f, dump(param, 'ALGORITHM')
        print >>f, dump(rand, 'DATA')

        assert len(sig) == 256 # only works with 2048-bit keys
        # turn it into a DER bitstring
        print >>f, dump('\x03\x82\x01\x01\x00' + sig, 'SIGNATURE')

if __name__ == '__main__':
    subprocess.check_call('openssl genrsa -out priv.pem 2048', shell = True)
    subprocess.check_call('openssl rsa -pubout -out pub.pem -in priv.pem', shell = True)
    subprocess.check_call('openssl asn1parse -inform pem -in pub.pem -out pub.der', shell = True)
    gen('rsa-pss-sha256-salt32.pem', TOP + 'src/data/alg-pss-sha256.der', 'sha256')
    gen('rsa-pss-sha384-salt48.pem', TOP + 'src/data/alg-pss-sha384.der', 'sha384')
    gen('rsa-pss-sha512-salt64.pem', TOP + 'src/data/alg-pss-sha512.der', 'sha512')