/*
**
** Copyright 2018, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
**     http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/

#ifndef INCLUDE_KEYMASTER_OPENSSL_KEYMASTER_ENFORCEMENT_H_
#define INCLUDE_KEYMASTER_OPENSSL_KEYMASTER_ENFORCEMENT_H_

#include <keymaster/android_keymaster_messages.h>
#include <keymaster/keymaster_enforcement.h>

/*
 * Controls size of KAK used for Strongbox agreement.
 * This size must match the size of the com.android.trusty.keymint.kak keyslot
 * Defaults to 32 to allow devices which do not have a Strongbox to use the
 * keyslot in our sample code without configuration.
 */
#ifndef TRUSTY_KM_KAK_SIZE
#define TRUSTY_KM_KAK_SIZE 32
#endif

namespace keymaster {

class OpenSSLKeymasterEnforcement : public KeymasterEnforcement {
public:
    OpenSSLKeymasterEnforcement(uint32_t max_access_time_map_size,
                                uint32_t max_access_count_map_size)
            : KeymasterEnforcement(max_access_time_map_size,
                                   max_access_count_map_size) {}
    virtual ~OpenSSLKeymasterEnforcement() {}

    bool CreateKeyId(const keymaster_key_blob_t& key_blob,
                     km_id_t* keyid) const override;
    keymaster_error_t GetHmacSharingParameters(
            HmacSharingParameters* params) override;
    keymaster_error_t ComputeSharedHmac(
            const HmacSharingParametersArray& params_array,
            KeymasterBlob* sharingCheck) override;
    VerifyAuthorizationResponse VerifyAuthorization(
            const VerifyAuthorizationRequest& request) override;
    KmErrorOr<std::array<uint8_t, 32>> ComputeHmac(
            const std::vector<uint8_t>& data_to_mac) const override;
    keymaster_error_t GetHmacKey(keymaster_key_blob_t* key) const;
    keymaster_error_t GetUniqueIdKey(KeymasterKeyBlob* key) const;

private:
    static const size_t kKeyAgreementKeySize = TRUSTY_KM_KAK_SIZE;
    keymaster_error_t GetKeyAgreementKey(KeymasterKeyBlob* kak) const;
    bool have_saved_params_ = false;
    HmacSharingParameters saved_params_;
    KeymasterKeyBlob hmac_key_;
};

}  // namespace keymaster

#endif  // INCLUDE_KEYMASTER_OPENSSL_KEYMASTER_ENFORCEMENT_H_