/*
 * Copyright (C) 2016 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

// TODO(154013771): this is copied from vold and modified to remove un-needed
// methods and use std::string instead of KeyBuffer. We should instead
// create a library to support both.

#pragma once

#include <android-base/macros.h>
#include <keymasterV4_1/Keymaster.h>
#include <keymasterV4_1/authorization_set.h>

#include <memory>
#include <string>
#include <utility>

namespace android {
namespace kernel {

namespace km {

using namespace ::android::hardware::keymaster::V4_1;

// Surprisingly -- to me, at least -- this is totally fine.  You can re-define
// symbols that were brought in via a using directive (the "using namespace")
// above.  In general this seems like a dangerous thing to rely on, but in this
// case its implications are simple and straightforward: km::ErrorCode refers to
// the 4.0 ErrorCode, though we pull everything else from 4.1.
using ErrorCode = ::android::hardware::keymaster::V4_0::ErrorCode;
using V4_1_ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode;

}  // namespace km

using KmDevice = km::support::Keymaster;

// Wrapper for a Keymaster device
class Keymaster {
 public:
  Keymaster();
  // false if we failed to open the keymaster device.
  explicit operator bool() { return mDevice.get() != nullptr; }
  // Generate a key in the keymaster from the given params.
  bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
  // Import a key into the keymaster
  bool importKey(const km::AuthorizationSet& inParams, km::KeyFormat format,
                 const std::string& key, std::string* outKeyBlob);
  // Exports a keymaster key with STORAGE_KEY tag wrapped with a per-boot
  // ephemeral key
  bool exportKey(const std::string& kmKey, std::string* key);
  // If the keymaster supports it, permanently delete a key.
  bool deleteKey(const std::string& key);
  // Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.
  bool upgradeKey(const std::string& oldKey,
                  const km::AuthorizationSet& inParams, std::string* newKey);

 private:
  android::sp<KmDevice> mDevice;
  DISALLOW_COPY_AND_ASSIGN(Keymaster);
};

}  // namespace kernel
}  // namespace android