// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H
#define COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H

#include <string>

#include "base/callback_forward.h"
#include "components/proximity_auth/cryptauth/proto/securemessage.pb.h"

namespace proximity_auth {

// Interface of delegate responsible for cryptographic operations based on the
// secure message library. This interface is asynchronous as the current
// implementation on ChromeOS communicates with a daemon process over IPC.
class SecureMessageDelegate {
 public:
  // Fields specifying how to create a SecureMessage.
  struct CreateOptions {
    CreateOptions();
    ~CreateOptions();

    // The scheme used to encrypt the message.
    securemessage::EncScheme encryption_scheme;
    // The scheme used to sign the message.
    securemessage::SigScheme signature_scheme;
    // Additional data that is used as part of the signature computation but not
    // included in the message contents.
    std::string associated_data;
    // Plain-text data included in the message header.
    std::string public_metadata;
    // Identifies the key to use for verifying the message signature.
    std::string verification_key_id;
    // Identifies the key to use for decrypting the message.
    std::string decryption_key_id;
  };

  // Fields specifying how to unwrap a SecureMessage.
  struct UnwrapOptions {
    UnwrapOptions();
    ~UnwrapOptions();

    // The scheme used to decrypt the message.
    securemessage::EncScheme encryption_scheme;
    // The scheme used to verify the message signature.
    securemessage::SigScheme signature_scheme;
    // Additional data that is used as part of the signature computation but not
    // included in the message contents.
    std::string associated_data;
  };

  SecureMessageDelegate();
  virtual ~SecureMessageDelegate();

  // Generates a new asymmetric key pair.
  typedef base::Callback<void(const std::string& public_key,
                              const std::string& private_key)>
      GenerateKeyPairCallback;
  virtual void GenerateKeyPair(const GenerateKeyPairCallback& callback) = 0;

  // Derives a symmetric key from our private key and the remote device's
  // public key.
  typedef base::Callback<void(const std::string& derived_key)>
      DeriveKeyCallback;
  virtual void DeriveKey(const std::string& private_key,
                         const std::string& public_key,
                         const DeriveKeyCallback& callback) = 0;

  // Creates a new secure message with a |payload| given the |key| and
  // |create_options| specifying the cryptographic details.
  // |callback| will be invoked with the serialized SecureMessage upon success
  // or the empty string upon failure.
  typedef base::Callback<void(const std::string& secure_message)>
      CreateSecureMessageCallback;
  virtual void CreateSecureMessage(
      const std::string& payload,
      const std::string& key,
      const CreateOptions& create_options,
      const CreateSecureMessageCallback& callback) = 0;

  // Unwraps |secure_message| given the |key| and |unwrap_options| specifying
  // the cryptographic details.
  // |callback| will be invoked with true for the |verified| argument if the
  // message was verified and decrypted successfully. The |payload| and
  // |header| fields will be non-empty if the message was verified successfully.
  typedef base::Callback<void(bool verified,
                              const std::string& payload,
                              const securemessage::Header& header)>
      UnwrapSecureMessageCallback;
  virtual void UnwrapSecureMessage(
      const std::string& serialized_message,
      const std::string& key,
      const UnwrapOptions& unwrap_options,
      const UnwrapSecureMessageCallback& callback) = 0;
};

}  // namespace proximity_auth

#endif  // COMPONENTS_PROXIMITY_AUTH_SECURE_MESSAGE_DELEGATE_H