// Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
//
//  Reference implementation utilities of OEMCrypto APIs
//
#ifndef WVOEC_UTIL_BCC_VALIDATOR_H_
#define WVOEC_UTIL_BCC_VALIDATOR_H_

#include <sstream>
#include <string>
#include <vector>

#include "cbor_validator.h"
#include "cppbor.h"

namespace wvoec {
namespace util {
// Enums and struct to hold EC public key info
enum BccSignatureAlgorithm {
  kBccDefaultSignature = 0,
  kBccEdDsa = 1,
  kBccEcdsaSha256 = 2,
  kBccEcdsaSha384 = 3
};

enum BccCurve {
  kBccDefaultCurve = 0,
  kBccEd25519 = 1,
  kBccP256 = 2,
  kBccP384 = 3
};

struct BccPublicKeyInfo {
  BccSignatureAlgorithm signature_algorithm;
  BccCurve curve;
  // Raw EC key bytes extracted from BCC
  std::vector<uint8_t> key_bytes;
};

// BccValidator processes a Provisioning 4.0 device root of trust. It extracts
// and validates relevant pieces of information of BCC.
// Relevant documents:
// Android definition: go/remote-provisioning-hal#bcc.
// Google Dice Profile: go/dice-profile
class BccValidator : public CborValidator {
 public:
  explicit BccValidator() {}
  virtual ~BccValidator() override = default;
  BccValidator(const BccValidator&) = delete;
  BccValidator& operator=(const BccValidator&) = delete;
  // Verifies the Cbor struct of a client generated root of trust. This message
  // is part of an attestation model conforming to the Google Open Dice Profile.
  // This message is received from a client device to attest it is a valid
  // Widevine device.
  virtual CborMessageStatus Validate() override;
  // Outputs BCC in YAML.
  virtual std::string GetFormattedMessage() const override;

 private:
  // Processes CoseKey PubKeyEd25519 / PubKeyECDSA256, prints into |fmt_msgs|,
  // and extracts the PubKey to *|public_key_info|.
  CborMessageStatus ProcessSubjectPublicKeyInfo(
      const cppbor::Map& public_key_info_map,
      std::vector<std::string>& fmt_msgs, BccPublicKeyInfo* public_key_info);
  // Processes DiceChainEntryPayload, which contains subject public key, prints
  // into |fmt_msgs|, and extracts the PubKey to *|public_key_info|.
  CborMessageStatus ProcessDiceChainEntryPayload(
      const std::vector<uint8_t>& payload, std::vector<std::string>& fmt_msgs,
      BccPublicKeyInfo* public_key_info);
  // Verifies the raw EC signature |signature| with the public key
  // |signing_key|. |signature| extracted from BCC is not ASN.1 DER encoded.
  bool VerifySignature(const BccPublicKeyInfo& signing_key,
                       const std::vector<uint8_t>& message,
                       const std::vector<uint8_t>& signature);
  // Used to generate formatted message.
  std::stringstream msg_ss_;
};
}  // namespace util
}  // namespace wvoec
#endif  // WVOEC_UTIL_BCC_VALIDATOR_H_