use anyhow::{Context, Result};
use sev::firmware::guest::{AttestationReport, DerivedKey, Firmware, GuestFieldSelect};
use base64::prelude::{Engine, BASE64_URL_SAFE};

fn request_hardware_report(data: [u8; 64]) -> Result<AttestationReport> {
    let mut fw = Firmware::open().context("unable to open /dev/sev-guest")?;
    fw.get_report(None, Some(data), Some(0)).context("unable to fetch attestation report")
}

pub fn get_report_as_base64(data: [u8; 64]) -> Result<String> {
    let report = request_hardware_report(data)?;
    Ok(BASE64_URL_SAFE.encode(bincode::serialize(&report)?))
}

pub fn get_derived_key() -> Result<String> {
    let mut fw = Firmware::open()?;
    let request =
        DerivedKey::new(false, GuestFieldSelect(u64::from_str_radix("11111", 2)?), 1, 0, 0);
    let derived_key: [u8; 32] = fw.get_derived_key(None, request)?;
    Ok(BASE64_URL_SAFE.encode(derived_key))
}