// Copyright 2017 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SRC_SECURITY_FCRYPTO_BYTES_H_
#define SRC_SECURITY_FCRYPTO_BYTES_H_

#include <stddef.h>
#include <stdint.h>
#include <zircon/types.h>

#include <memory>

#include <fbl/macros.h>

// |crypto::Bytes| is a small helper class that simply wraps a buffer.  It saves on some boilerplate
// when allocating a buffer.  More importantly, when going out of scope, the destructor guarantees
// that the buffer will be zeroed in a way that will not be optimized away.  Any buffer that holds
// cryptographically sensitive random data should be a |Bytes| and get its data via a call to
// |Bytes::Randomize|.
namespace crypto {

class __EXPORT Bytes final {
 public:
  Bytes();
  ~Bytes();

  // Accessors
  const uint8_t* get() const { return buf_.get(); }
  uint8_t* get() { return buf_.get(); }
  size_t len() const { return len_; }

  // Resizes the underlying buffer to |len| bytes and fills it with random data.
  zx_status_t Randomize() { return Randomize(len_); }
  zx_status_t Randomize(size_t len);

  // Resize the underlying buffer.  If the new length is shorter, the data is truncated.  If it is
  // longer, it is padded with the given |fill| value.
  zx_status_t Resize(size_t size, uint8_t fill = 0);

  // Copies |len| bytes from |src| to |dst_off| in the underlying buffer.  Resizes the buffer as
  // needed, padding with zeros.
  zx_status_t Copy(const void* src, size_t len, zx_off_t dst_off = 0);
  zx_status_t Copy(const Bytes& src, zx_off_t dst_off = 0) {
    return Copy(src.get(), src.len(), dst_off);
  }

  // Array access operators.  Assert that |off| is not out of bounds.
  const uint8_t& operator[](zx_off_t off) const;
  uint8_t& operator[](zx_off_t off);

  // Comparison operators.  These are guaranteed to be constant-time.
  bool operator==(const Bytes& other) const;
  bool operator!=(const Bytes& other) const { return !(*this == other); }

 private:
  DISALLOW_COPY_AND_ASSIGN_ALLOW_MOVE(Bytes);

  // The underlying buffer.
  std::unique_ptr<uint8_t[]> buf_;
  // Length in bytes of memory currently allocated to the underlying buffer.
  size_t len_;
};

}  // namespace crypto

#endif  // SRC_SECURITY_FCRYPTO_BYTES_H_