/*
 * Copyright 2017 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.system.wifi.keystore@1.0;

/**
 * This is the root of the HAL module and is the interface returned when
 * loading an implementation of the Wi-Fi HAL. There must be at most one
 * module loaded in the system.
 */
interface IKeystore {
  /**
   * Return values for Keystore requests.
   */
  enum KeystoreStatusCode : uint32_t {
    /** No errors. */
    SUCCESS,
    ERROR_UNKNOWN
  };

  /**
   * Requests a binary blob from the keystore's key-value store.
   *
   * @param key the key into the keystore.
   * @return status KeystoreStatusCode of the operation.
   *         Possible status codes:
   *         |KeystoreStatusCode.SUCCESS|,
   *         |KeystoreStatusCode.ERROR_UNKNOWN|
   * @return value the value associated with |key| in the keystore.
   */
  getBlob(string key)
      generates (KeystoreStatusCode status, vec<uint8_t> value);

  /**
   * Requests the public key associated with the credential referred to by
   * |keyId|.
   *
   * @param keyId the key identifier associated with the credential.
   * @return status KeystoreStatusCode of the operation.
   *         Possible status codes:
   *         |KeystoreStatusCode.SUCCESS|,
   *         |KeystoreStatusCode.ERROR_UNKNOWN|
   * @return publicKey the public key associated with the credential.
   */
  getPublicKey(string keyId)
      generates (KeystoreStatusCode status, vec<uint8_t> publicKey);

  /**
   * Signs the digest in |dataToSign| with the private key associated with
   * the credential identified by |keyId|.  This is a raw RSA or ECDSA
   * operation that assumes |dataToSign| is already propertly digested and
   * padded if necessary for the type of key.
   *
   * @param keyId the key identifier associated with the credential.
   * @return status KeystoreStatusCode of the operation.
   *         Possible status codes:
   *         |KeystoreStatusCode.SUCCESS|,
   *         |KeystoreStatusCode.UNKNOWN|
   * @return signedData the signed data.
   */
  sign(string keyId, vec<uint8_t> dataToSign)
      generates (KeystoreStatusCode status, vec<uint8_t> signedData);
};