/*
 *
 * Copyright 2018 gRPC authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

#ifndef GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H
#define GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H

#include <grpc/support/port_platform.h>

#include <stdbool.h>

#include "src/core/tsi/alts/crypt/gsec.h"

constexpr size_t kZeroCopyFrameMessageType = 0x06;
constexpr size_t kZeroCopyFrameLengthFieldSize = 4;
constexpr size_t kZeroCopyFrameMessageTypeFieldSize = 4;
constexpr size_t kZeroCopyFrameHeaderSize =
    kZeroCopyFrameLengthFieldSize + kZeroCopyFrameMessageTypeFieldSize;

// Limit k on number of frames such that at most 2^(8 * k) frames can be sent.
constexpr size_t kAltsRecordProtocolRekeyFrameLimit = 8;
constexpr size_t kAltsRecordProtocolFrameLimit = 5;

/* An implementation of alts record protocol. The API is thread-compatible. */

typedef struct iovec iovec_t;

typedef struct alts_iovec_record_protocol alts_iovec_record_protocol;

/**
 * This method gets the length of record protocol frame header.
 */
size_t alts_iovec_record_protocol_get_header_length();

/**
 * This method gets the length of record protocol frame tag.
 *
 * - rp: an alts_iovec_record_protocol instance.
 *
 * On success, the method returns the length of record protocol frame tag.
 * Otherwise, it returns zero.
 */
size_t alts_iovec_record_protocol_get_tag_length(
    const alts_iovec_record_protocol* rp);

/**
 * This method returns maximum allowed unprotected data size, given maximum
 * protected frame size.
 *
 * - rp: an alts_iovec_record_protocol instance.
 * - max_protected_frame_size: maximum protected frame size.
 *
 * On success, the method returns the maximum allowed unprotected data size.
 * Otherwise, it returns zero.
 */
size_t alts_iovec_record_protocol_max_unprotected_data_size(
    const alts_iovec_record_protocol* rp, size_t max_protected_frame_size);

/**
 * This method performs integrity-only protect operation on a
 * alts_iovec_record_protocol instance, i.e., compute frame header and tag. The
 * caller needs to allocate the memory for header and tag prior to calling this
 * method.
 *
 * - rp: an alts_iovec_record_protocol instance.
 * - unprotected_vec: an iovec array containing unprotected data.
 * - unprotected_vec_length: the array length of unprotected_vec.
 * - header: an iovec containing the output frame header.
 * - tag: an iovec containing the output frame tag.
 * - error_details: a buffer containing an error message if the method does not
 *   function correctly. It is OK to pass nullptr into error_details.
 *
 * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
 * error status code along with its details specified in error_details (if
 * error_details is not nullptr).
 */
grpc_status_code alts_iovec_record_protocol_integrity_only_protect(
    alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec,
    size_t unprotected_vec_length, iovec_t header, iovec_t tag,
    char** error_details);

/**
 * This method performs integrity-only unprotect operation on a
 * alts_iovec_record_protocol instance, i.e., verify frame header and tag.
 *
 * - rp: an alts_iovec_record_protocol instance.
 * - protected_vec: an iovec array containing protected data.
 * - protected_vec_length: the array length of protected_vec.
 * - header: an iovec containing the frame header.
 * - tag: an iovec containing the frame tag.
 * - error_details: a buffer containing an error message if the method does not
 *   function correctly. It is OK to pass nullptr into error_details.
 *
 * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
 * error status code along with its details specified in error_details (if
 * error_details is not nullptr).
 */
grpc_status_code alts_iovec_record_protocol_integrity_only_unprotect(
    alts_iovec_record_protocol* rp, const iovec_t* protected_vec,
    size_t protected_vec_length, iovec_t header, iovec_t tag,
    char** error_details);

/**
 * This method performs privacy-integrity protect operation on a
 * alts_iovec_record_protocol instance, i.e., compute a protected frame. The
 * caller needs to allocate the memory for the protected frame prior to calling
 * this method.
 *
 * - rp: an alts_iovec_record_protocol instance.
 * - unprotected_vec: an iovec array containing unprotected data.
 * - unprotected_vec_length: the array length of unprotected_vec.
 * - protected_frame: an iovec containing the output protected frame.
 * - error_details: a buffer containing an error message if the method does not
 *   function correctly. It is OK to pass nullptr into error_details.
 *
 * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
 * error status code along with its details specified in error_details (if
 * error_details is not nullptr).
 */
grpc_status_code alts_iovec_record_protocol_privacy_integrity_protect(
    alts_iovec_record_protocol* rp, const iovec_t* unprotected_vec,
    size_t unprotected_vec_length, iovec_t protected_frame,
    char** error_details);

/**
 * This method performs privacy-integrity unprotect operation on a
 * alts_iovec_record_protocol instance given a full protected frame, i.e.,
 * compute the unprotected data. The caller needs to allocated the memory for
 * the unprotected data prior to calling this method.
 *
 * - rp: an alts_iovec_record_protocol instance.
 * - header: an iovec containing the frame header.
 * - protected_vec: an iovec array containing protected data including the tag.
 * - protected_vec_length: the array length of protected_vec.
 * - unprotected_data: an iovec containing the output unprotected data.
 * - error_details: a buffer containing an error message if the method does not
 *   function correctly. It is OK to pass nullptr into error_details.
 *
 * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
 * error status code along with its details specified in error_details (if
 * error_details is not nullptr).
 */
grpc_status_code alts_iovec_record_protocol_privacy_integrity_unprotect(
    alts_iovec_record_protocol* rp, iovec_t header,
    const iovec_t* protected_vec, size_t protected_vec_length,
    iovec_t unprotected_data, char** error_details);

/**
 * This method creates an alts_iovec_record_protocol instance, given a
 * gsec_aead_crypter instance, a flag indicating if the created instance will be
 * used at the client or server side, and a flag indicating if the created
 * instance will be used for integrity-only mode or privacy-integrity mode. The
 * ownership of gsec_aead_crypter instance is transferred to this new object.
 *
 * - crypter: a gsec_aead_crypter instance used to perform AEAD decryption.
 * - overflow_size: overflow size of counter in bytes.
 * - is_client: a flag indicating if the alts_iovec_record_protocol instance
 *   will be used at the client or server side.
 * - is_integrity_only: a flag indicating if the alts_iovec_record_protocol
 *   instance will be used for integrity-only or privacy-integrity mode.
 * - is_protect: a flag indicating if the alts_grpc_record_protocol instance
 *   will be used for protect or unprotect.
 * - rp: an alts_iovec_record_protocol instance to be returned from
 *   the method.
 * - error_details: a buffer containing an error message if the method does not
 *   function correctly. It is OK to pass nullptr into error_details.
 *
 * On success, the method returns GRPC_STATUS_OK. Otherwise, it returns an
 * error status code along with its details specified in error_details (if
 * error_details is not nullptr).
 */
grpc_status_code alts_iovec_record_protocol_create(
    gsec_aead_crypter* crypter, size_t overflow_size, bool is_client,
    bool is_integrity_only, bool is_protect, alts_iovec_record_protocol** rp,
    char** error_details);

/**
 * This method destroys an alts_iovec_record_protocol instance by de-allocating
 * all of its occupied memory. A gsec_aead_crypter instance passed in at
 * gsec_alts_crypter instance creation time will be destroyed in this method.
 */
void alts_iovec_record_protocol_destroy(alts_iovec_record_protocol* rp);

#endif /* GRPC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_IOVEC_RECORD_PROTOCOL_H \
        */