/*
 * Copyright (c) 2020 Belledonne Communications SARL.
 *
 * This file is part of bctoolbox.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

#ifndef BCTBX_CRYPTO_HH
#define BCTBX_CRYPTO_HH

#include <vector>
#include <memory>

namespace bctoolbox {
/**
 * @brief Random number generator interface
 *
 * This wrapper provides an interface to a RNG.
 * Two ways to get some random numbers:
 *  - calling the static class functions(cRandomize) : do not use this to feed cryptographic functions
 *  - instanciate a RNG object and call the randomize method : use this one for cryptographic quality random
 *
 * Any call (including creation), may throw an exception if some error are detected on the random source
 */
class RNG {
	public:
		/**
		 * fill a buffer with random numbers
		 * @param[in,out]	buffer 	The buffer to be filled with random (callers responsability to allocate memory)
		 * @param[in]		size	size in bytes of the random generated, buffer must be at least of this size
		 **/
		void randomize(uint8_t *buffer, const size_t size);

		/**
		 * return a random vector of given size
		 * @param[in]		size	size in bytes of the random generated
		 **/
		std::vector<uint8_t> randomize(const size_t size);


		/**
		 * generates a 32 bits random unsigned number
		 **/
		uint32_t randomize();

		/**
		 * fill a buffer with random numbers
		 * @param[in,out]	buffer 	The buffer to be filled with random (callers responsability to allocate memory)
		 * @param[in]		size	size in bytes of the random generated, buffer must be at least of this size
		 *
		 * @note This function uses a shared RNG context, do not use it to generate sensitive material
		 **/
		static void cRandomize(uint8_t *buffer, size_t size);
		/**
		 * generates a 32 bits random unsigned number
		 *
		 * @note This function uses a shared RNG context, do not use it to generate sensitive material
		 **/
		static uint32_t cRandomize();

		RNG();
		~RNG();
	private:
		struct Impl;
		std::unique_ptr<Impl> pImpl;
		static std::unique_ptr<Impl> pImplClass;
}; //class RNG


/*****************************************************************************/
/***                      Hash related function                            ***/
/*****************************************************************************/
/**
 * @brief SHA256 buffer size definition
 */
struct SHA256 {
	/// maximum output size for SHA256 is 32 bytes
	static constexpr size_t ssize() {return 32;}
};

/**
 * @brief SHA384 buffer size definition
 */
struct SHA384 {
	/// maximum output size for SHA384 is 48 bytes
	static constexpr size_t ssize() {return 48;}
};

/**
 * @brief SHA512 buffer size definition
 */
struct SHA512 {
	/// maximum output size for SHA512 is 64 bytes
	static constexpr size_t ssize() {return 64;}
};


/**
 * @brief templated HMAC
 *
 * @tparam	hashAlgo	the hash algorithm used: SHA256, SHA384, SHA512
 *
 * @param[in]	key		HMAC key
 * @param[in]	input		HMAC input
 *
 * @return an array of size matching the selected hash algorithm output size
 *
 */
template <typename hashAlgo>
std::vector<uint8_t> HMAC(const std::vector<uint8_t> &key, const std::vector<uint8_t> &input);
/* declare template specialisations */
template <> std::vector<uint8_t>  HMAC<SHA256>(const std::vector<uint8_t> &key, const std::vector<uint8_t> &input);
template <> std::vector<uint8_t>  HMAC<SHA384>(const std::vector<uint8_t> &key, const std::vector<uint8_t> &input);
template <> std::vector<uint8_t>  HMAC<SHA512>(const std::vector<uint8_t> &key, const std::vector<uint8_t> &input);

/**
 * @brief HKDF as described in RFC5869
 *	@par Compute:
 *	@code{.unparsed}
 *		PRK = HMAC-Hash(salt, IKM)
 *
 *		N = ceil(L/HashLen)
 *		T = T(1) | T(2) | T(3) | ... | T(N)
 *		OKM = first L octets of T
 *
 *		where:
 *		T(0) = empty string (zero length)
 *		T(1) = HMAC-Hash(PRK, T(0) | info | 0x01)
 *		T(2) = HMAC-Hash(PRK, T(1) | info | 0x02)
 *		T(3) = HMAC-Hash(PRK, T(2) | info | 0x03)
 *		...
 *	@endcode
 *
 * @tparam	hashAlgo	the hash algorithm to use
 * @tparam	infoType	the info parameter type : can be passed as a string or a std::vector<uint8_t>
 *
 * @param[in]	salt 		salt
 * @param[in]	ikm		input key material
 * @param[in]	info		a info string or buffer
 * @param[in]	okmSize		requested amount of data. (L in the RFC doc)
 *
 * @return the output key material
 *
 */
template <typename hashAlgo>
std::vector<uint8_t> HKDF(const std::vector<uint8_t> &salt, const std::vector<uint8_t> &ikm, const std::vector<uint8_t> &info, size_t okmSize);
template <typename hashAlgo>
std::vector<uint8_t> HKDF(const std::vector<uint8_t> &salt, const std::vector<uint8_t> &ikm, const std::string &info, size_t okmSize);
/* declare template specialisations */
template <> std::vector<uint8_t> HKDF<SHA256>(const std::vector<uint8_t> &salt, const std::vector<uint8_t> &ikm, const std::vector<uint8_t> &info, size_t outputSize);
template <> std::vector<uint8_t> HKDF<SHA256>(const std::vector<uint8_t> &salt, const std::vector<uint8_t> &ikm, const std::string &info, size_t outputSize);
template <> std::vector<uint8_t> HKDF<SHA512>(const std::vector<uint8_t> &salt, const std::vector<uint8_t> &ikm, const std::vector<uint8_t> &info, size_t outputSize);
template <> std::vector<uint8_t> HKDF<SHA512>(const std::vector<uint8_t> &salt, const std::vector<uint8_t> &ikm, const std::string &info, size_t outputSize);


/************************ AEAD interface *************************************/
// AEAD function defines
/**
 * @brief AES256GCM buffers size definition
 */
struct AES256GCM128 {
	/// key size is 32 bytes
	static constexpr size_t keySize(void) {return 32;};
	/// tag size is 16 bytes
	static constexpr size_t tagSize(void) {return 16;};
};

/**
 * @brief Encrypt and tag using scheme given as template parameter
 *
 * @param[in]	key		Encryption key
 * @param[in]	IV		Initialisation vector
 * @param[in]	plain		Plain text
 * @param[in]	AD		Additional data used in tag computation
 * @param[out]	tag		Generated authentication tag
 * @return	the cipher text
 */
template <typename AEADAlgo>
std::vector<uint8_t> AEADEncrypt(const std::vector<uint8_t> &key, const std::vector<uint8_t> IV, const std::vector<uint8_t> &plain, const std::vector<uint8_t> &AD,
		std::vector<uint8_t> &tag);

/**
 * @brief Authenticate and Decrypt using scheme given as template parameter
 *
 * @param[in]	key		Encryption key
 * @param[in]	IV		Initialisation vector
 * @param[in]	cipher		Cipher text
 * @param[in]	AD		Additional data used in tag computation
 * @param[in]	tag		Authentication tag
 * @param[out]	plain		A vector to store the plain text
 *
 * @return true if authentication tag match and decryption was successful
 */
template <typename AEADAlgo>
bool AEADDecrypt(const std::vector<uint8_t> &key, const std::vector<uint8_t> &IV, const std::vector<uint8_t> &cipher, const std::vector<uint8_t> &AD,
		const std::vector<uint8_t> &tag, std::vector<uint8_t> &plain);

/* declare AEAD template specialisations : AES256-GCM with 128 bits auth tag*/
template <> std::vector<uint8_t> AEADEncrypt<AES256GCM128>(const std::vector<uint8_t> &key, const std::vector<uint8_t> IV, const std::vector<uint8_t> &plain, const std::vector<uint8_t> &AD,
		std::vector<uint8_t> &tag);

template <> bool AEADDecrypt<AES256GCM128>(const std::vector<uint8_t> &key, const std::vector<uint8_t> &IV, const std::vector<uint8_t> &cipher, const std::vector<uint8_t> &AD,
		const std::vector<uint8_t> &tag, std::vector<uint8_t> &plain);

} // namespace bctoolbox
#endif // BCTBX_CRYPTO_HH