/*
 * Copyright (C) 2009 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef __KEYSTORE_H__
#define __KEYSTORE_H__

#include <stdint.h>

// note state values overlap with ResponseCode for the purposes of the state() API
enum State {
    STATE_NO_ERROR      = 1,
    STATE_LOCKED        = 2,
    STATE_UNINITIALIZED = 3,
};

// must be in sync with KeyStore.java,
enum class ResponseCode : int32_t {
    NO_ERROR = STATE_NO_ERROR,            // 1
    LOCKED = STATE_LOCKED,                // 2
    UNINITIALIZED = STATE_UNINITIALIZED,  // 3
    SYSTEM_ERROR = 4,
    PROTOCOL_ERROR = 5,
    PERMISSION_DENIED = 6,
    KEY_NOT_FOUND = 7,
    VALUE_CORRUPTED = 8,
    UNDEFINED_ACTION = 9,
    WRONG_PASSWORD_0 = 10,
    WRONG_PASSWORD_1 = 11,
    WRONG_PASSWORD_2 = 12,
    WRONG_PASSWORD_3 = 13,  // MAX_RETRY = 4
    SIGNATURE_INVALID = 14,
    OP_AUTH_NEEDED = 15,  // Auth is needed for this operation before it can be used.
    KEY_ALREADY_EXISTS = 16,
    KEY_PERMANENTLY_INVALIDATED = 17,

    /**
     * Following three response codes are for logging purposes only.
     * The operations are logged at the end of the life cycle of an operation handle,
     * along with the reason for the end of the operation handle. For the operations
     * that fail in update and finish, the reason for failure is available with
     * the above response codes.
     * For the operations that are aborted in three different ways, the reason
     * for aborting is not available. The following enum values define the
     * three ways an operation can get aborted.
     */
    ABORT_CALLED = 18,
    PRUNED = 19,
    BINDER_DIED = 20,
};

/*
 * All the flags for import and insert calls.
 */
enum KeyStoreFlag : uint8_t {
    KEYSTORE_FLAG_NONE = 0,
    KEYSTORE_FLAG_ENCRYPTED = 1 << 0,
    KEYSTORE_FLAG_FALLBACK = 1 << 1,
    // KEYSTORE_FLAG_SUPER_ENCRYPTED is for blobs that are already encrypted by keymaster but have
    // an additional layer of password-based encryption applied.  The same encryption scheme is used
    // as KEYSTORE_FLAG_ENCRYPTED, but it's safe to remove super-encryption when the password is
    // cleared, rather than deleting blobs, and the error returned when attempting to use a
    // super-encrypted blob while keystore is locked is different.
    KEYSTORE_FLAG_SUPER_ENCRYPTED = 1 << 2,
    // KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION is for blobs that are part of device encryption
    // flow so it receives special treatment from keystore. For example this blob will not be super
    // encrypted, and it will be stored separately under an unique UID instead. This flag should
    // only be available to system uid.
    KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION = 1 << 3,
    KEYSTORE_FLAG_STRONGBOX = 1 << 4,
};

#endif