////////////////////////////////////////////////////////////////////////////////
// Copyright 2016 Google LLC.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////

// Contains functions that are used to create and parse derived keys created
// using the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
// NIST 800-108:
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
// AES-CMAC:
// http://tools.ietf.org/html/rfc4493
//
// Example usage:
//   using video::widevine::common::crypto_util::DeriveKey;
//   using widevine_server::sdk::VERSION_2_1;
//
//   std::string derived_key = DeriveKey(key_str,
//                                  label,
//                                  context,
//                                  SigningKeyMaterialSizeBits(VERSION_2_1));
//   std::string server_derived_key = GetServerSigningKey(derived_key);
//   std::string client_derived_key = GetClientSigninKey(derived_key);
#ifndef COMMON_SIGNING_KEY_UTIL_H_
#define COMMON_SIGNING_KEY_UTIL_H_

#include <string>

#include "base/macros.h"
#include "protos/public/license_protocol.pb.h"

namespace widevine {

// Returns the size of the signing key based on the License Protocol
// Version.  Signing keys for version 2.0 have a length of 256.  Signing
// keys for version 2.1 have a length of 512.
uint32_t SigningKeyMaterialSizeBits(ProtocolVersion protocol_version);

// Returns the client portion of the derived_key. The client portion
// depend on the size of the key.  Keys that are 512 bits in length
// are assumed to be version 2.1 keys.  The last 256 bits of those
// keys are returned.  Keys that are 256 bits in length are returned
// in there entirety, version 2.0 keys.
std::string GetClientSigningKey(const std::string& derived_key,
                           ProtocolVersion protocol_version);

// Returns the server portion of the derived_key. The server portion
// is the first 256 bits of the key.
std::string GetServerSigningKey(const std::string& derived_key);

}  // namespace widevine

#endif  // COMMON_SIGNING_KEY_UTIL_H_