// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.


#ifndef CHAPS_CHAPS_INTERFACE_H_
#define CHAPS_CHAPS_INTERFACE_H_

#include <string>
#include <vector>

#include <base/macros.h>
#include <chromeos/secure_blob.h>

#include "chaps/chaps.h"

namespace chaps {

// ChapsInterface provides an abstract interface closely matching the
// interfaces generated by dbus-c++ but hiding any dbus-c++ specifics.  See
// chaps_interface.xml for the dbus-c++ interface definition.
//
// Implemented By:
// - ChapsProxyImpl: On the Chaps client side; sends calls over IPC.
// - ChapsServiceImpl: On the Chaps daemon side; receives and implements IPC
//   calls.
// - ChapsServiceRedirect: An alternative implementation on the daemon side
//   which receives IPC calls and forwards to a PKCS #11 library.
class ChapsInterface {
 public:
  ChapsInterface() {}
  virtual ~ChapsInterface() {}

  // The following methods map to PKCS #11 calls. Each method name is identical
  // to the corresponding PKCS #11 function name except for the "C_" prefix.

  // PKCS #11 v2.20 section 11.5 page 106.
  virtual uint32_t GetSlotList(const chromeos::SecureBlob& isolate_credential,
                               bool token_present,
                               std::vector<uint64_t>* slot_list) = 0;
  // PKCS #11 v2.20 section 11.5 page 108.
  virtual uint32_t GetSlotInfo(const chromeos::SecureBlob& isolate_credential,
                               uint64_t slot_id,
                               std::vector<uint8_t>* slot_description,
                               std::vector<uint8_t>* manufacturer_id,
                               uint64_t* flags,
                               uint8_t* hardware_version_major,
                               uint8_t* hardware_version_minor,
                               uint8_t* firmware_version_major,
                               uint8_t* firmware_version_minor) = 0;
  // PKCS #11 v2.20 section 11.5 page 109.
  virtual uint32_t GetTokenInfo(const chromeos::SecureBlob& isolate_credential,
                                uint64_t slot_id,
                                std::vector<uint8_t>* label,
                                std::vector<uint8_t>* manufacturer_id,
                                std::vector<uint8_t>* model,
                                std::vector<uint8_t>* serial_number,
                                uint64_t* flags,
                                uint64_t* max_session_count,
                                uint64_t* session_count,
                                uint64_t* max_session_count_rw,
                                uint64_t* session_count_rw,
                                uint64_t* max_pin_len,
                                uint64_t* min_pin_len,
                                uint64_t* total_public_memory,
                                uint64_t* free_public_memory,
                                uint64_t* total_private_memory,
                                uint64_t* free_private_memory,
                                uint8_t* hardware_version_major,
                                uint8_t* hardware_version_minor,
                                uint8_t* firmware_version_major,
                                uint8_t* firmware_version_minor) = 0;
  // PKCS #11 v2.20 section 11.5 page 111.
  virtual uint32_t GetMechanismList(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t slot_id,
      std::vector<uint64_t>* mechanism_list) = 0;
  // PKCS #11 v2.20 section 11.5 page 112.
  virtual uint32_t GetMechanismInfo(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t slot_id,
      uint64_t mechanism_type,
      uint64_t* min_key_size,
      uint64_t* max_key_size,
      uint64_t* flags) = 0;
  // PKCS #11 v2.20 section 11.5 page 113.
  virtual uint32_t InitToken(const chromeos::SecureBlob& isolate_credential,
                             uint64_t slot_id,
                             const std::string* so_pin,
                             const std::vector<uint8_t>& label) = 0;
  // PKCS #11 v2.20 section 11.5 page 115.
  virtual uint32_t InitPIN(const chromeos::SecureBlob& isolate_credential,
                           uint64_t session_id, const std::string* pin) = 0;
  // PKCS #11 v2.20 section 11.5 page 116.
  virtual uint32_t SetPIN(const chromeos::SecureBlob& isolate_credential,
                          uint64_t session_id,
                          const std::string* old_pin,
                          const std::string* new_pin) = 0;
  // PKCS #11 v2.20 section 11.6 page 117.
  virtual uint32_t OpenSession(const chromeos::SecureBlob& isolate_credential,
                               uint64_t slot_id, uint64_t flags,
                               uint64_t* session) = 0;
  // PKCS #11 v2.20 section 11.6 page 118.
  virtual uint32_t CloseSession(const chromeos::SecureBlob& isolate_credential,
                                uint64_t session) = 0;
  // PKCS #11 v2.20 section 11.6 page 120.
  virtual uint32_t CloseAllSessions(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t slot_id) = 0;
  // PKCS #11 v2.20 section 11.6 page 120.
  virtual uint32_t GetSessionInfo(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      uint64_t* slot_id,
      uint64_t* state,
      uint64_t* flags,
      uint64_t* device_error) = 0;
  // PKCS #11 v2.20 section 11.6 page 121.
  virtual uint32_t GetOperationState(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      std::vector<uint8_t>* operation_state) = 0;
  // PKCS #11 v2.20 section 11.6 page 123.
  virtual uint32_t SetOperationState(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      const std::vector<uint8_t>& operation_state,
      uint64_t encryption_key_handle,
      uint64_t authentication_key_handle) = 0;
  // PKCS #11 v2.20 section 11.6 page 125.
  virtual uint32_t Login(const chromeos::SecureBlob& isolate_credential,
                         uint64_t session_id,
                         uint64_t user_type,
                         const std::string* pin) = 0;
  // PKCS #11 v2.20 section 11.6 page 127.
  virtual uint32_t Logout(const chromeos::SecureBlob& isolate_credential,
                          uint64_t session_id) = 0;
  // PKCS #11 v2.20 section 11.7 page 128.
  virtual uint32_t CreateObject(const chromeos::SecureBlob& isolate_credential,
                                uint64_t session_id,
                                const std::vector<uint8_t>& attributes,
                                uint64_t* new_object_handle) = 0;
  // PKCS #11 v2.20 section 11.7 page 130.
  virtual uint32_t CopyObject(const chromeos::SecureBlob& isolate_credential,
                              uint64_t session_id,
                              uint64_t object_handle,
                              const std::vector<uint8_t>& attributes,
                              uint64_t* new_object_handle) = 0;
  // PKCS #11 v2.20 section 11.7 page 131.
  virtual uint32_t DestroyObject(const chromeos::SecureBlob& isolate_credential,
                                 uint64_t session_id,
                                 uint64_t object_handle) = 0;
  // PKCS #11 v2.20 section 11.7 page 132.
  virtual uint32_t GetObjectSize(const chromeos::SecureBlob& isolate_credential,
                                 uint64_t session_id,
                                 uint64_t object_handle,
                                 uint64_t* object_size) = 0;
  // PKCS #11 v2.20 section 11.7 page 133.
  virtual uint32_t GetAttributeValue(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      uint64_t object_handle,
      const std::vector<uint8_t>& attributes_in,
      std::vector<uint8_t>* attributes_out) = 0;
  // PKCS #11 v2.20 section 11.7 page 135.
  virtual uint32_t SetAttributeValue(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      uint64_t object_handle,
      const std::vector<uint8_t>& attributes) = 0;
  // PKCS #11 v2.20 section 11.7 page 136.
  virtual uint32_t FindObjectsInit(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      const std::vector<uint8_t>& attributes) = 0;
  // PKCS #11 v2.20 section 11.7 page 137.
  virtual uint32_t FindObjects(const chromeos::SecureBlob& isolate_credential,
                               uint64_t session_id,
                               uint64_t max_object_count,
                               std::vector<uint64_t>* object_list) = 0;
  // PKCS #11 v2.20 section 11.7 page 138.
  virtual uint32_t FindObjectsFinal(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id) = 0;
  // PKCS #11 v2.20 section 11.8 page 139.
  virtual uint32_t EncryptInit(const chromeos::SecureBlob& isolate_credential,
                               uint64_t session_id,
                               uint64_t mechanism_type,
                               const std::vector<uint8_t>& mechanism_parameter,
                               uint64_t key_handle) = 0;
  // PKCS #11 v2.20 section 11.8 page 140.
  virtual uint32_t Encrypt(const chromeos::SecureBlob& isolate_credential,
                           uint64_t session_id,
                           const std::vector<uint8_t>& data_in,
                           uint64_t max_out_length,
                           uint64_t* actual_out_length,
                           std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.8 page 141.
  virtual uint32_t EncryptUpdate(const chromeos::SecureBlob& isolate_credential,
                                 uint64_t session_id,
                                 const std::vector<uint8_t>& data_in,
                                 uint64_t max_out_length,
                                 uint64_t* actual_out_length,
                                 std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.8 page 141.
  virtual uint32_t EncryptFinal(const chromeos::SecureBlob& isolate_credential,
                                uint64_t session_id,
                                uint64_t max_out_length,
                                uint64_t* actual_out_length,
                                std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.8 page 140,142: any errors terminate the active
  // encryption operation.
  virtual void EncryptCancel(const chromeos::SecureBlob& isolate_credential,
                             uint64_t session_id) = 0;
  // PKCS #11 v2.20 section 11.9 page 144.
  virtual uint32_t DecryptInit(const chromeos::SecureBlob& isolate_credential,
                               uint64_t session_id,
                               uint64_t mechanism_type,
                               const std::vector<uint8_t>& mechanism_parameter,
                               uint64_t key_handle) = 0;
  // PKCS #11 v2.20 section 11.9 page 145.
  virtual uint32_t Decrypt(const chromeos::SecureBlob& isolate_credential,
                           uint64_t session_id,
                           const std::vector<uint8_t>& data_in,
                           uint64_t max_out_length,
                           uint64_t* actual_out_length,
                           std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.9 page 146.
  virtual uint32_t DecryptUpdate(const chromeos::SecureBlob& isolate_credential,
                                 uint64_t session_id,
                                 const std::vector<uint8_t>& data_in,
                                 uint64_t max_out_length,
                                 uint64_t* actual_out_length,
                                 std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.9 page 146.
  virtual uint32_t DecryptFinal(const chromeos::SecureBlob& isolate_credential,
                                uint64_t session_id,
                                uint64_t max_out_length,
                                uint64_t* actual_out_length,
                                std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.9 page 145,146: any errors terminate the active
  // decryption operation.
  virtual void DecryptCancel(const chromeos::SecureBlob& isolate_credential,
                             uint64_t session_id) = 0;
  // PKCS #11 v2.20 section 11.10 page 148.
  virtual uint32_t DigestInit(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      uint64_t mechanism_type,
      const std::vector<uint8_t>& mechanism_parameter) = 0;
  // PKCS #11 v2.20 section 11.10 page 149.
  virtual uint32_t Digest(const chromeos::SecureBlob& isolate_credential,
                          uint64_t session_id,
                          const std::vector<uint8_t>& data_in,
                          uint64_t max_out_length,
                          uint64_t* actual_out_length,
                          std::vector<uint8_t>* digest) = 0;
  // PKCS #11 v2.20 section 11.10 page 150.
  virtual uint32_t DigestUpdate(const chromeos::SecureBlob& isolate_credential,
                                uint64_t session_id,
                                const std::vector<uint8_t>& data_in) = 0;
  // PKCS #11 v2.20 section 11.10 page 150.
  virtual uint32_t DigestKey(const chromeos::SecureBlob& isolate_credential,
                             uint64_t session_id,
                             uint64_t key_handle) = 0;
  // PKCS #11 v2.20 section 11.10 page 151.
  virtual uint32_t DigestFinal(const chromeos::SecureBlob& isolate_credential,
                               uint64_t session_id,
                               uint64_t max_out_length,
                               uint64_t* actual_out_length,
                               std::vector<uint8_t>* digest) = 0;
  // PKCS #11 v2.20 section 11.10 page 149,151: any errors terminate the active
  // digest operation.
  virtual void DigestCancel(const chromeos::SecureBlob& isolate_credential,
                            uint64_t session_id) = 0;
  // PKCS #11 v2.20 section 11.11 page 152.
  virtual uint32_t SignInit(const chromeos::SecureBlob& isolate_credential,
                            uint64_t session_id,
                            uint64_t mechanism_type,
                            const std::vector<uint8_t>& mechanism_parameter,
                            uint64_t key_handle) = 0;
  // PKCS #11 v2.20 section 11.11 page 153.
  virtual uint32_t Sign(const chromeos::SecureBlob& isolate_credential,
                        uint64_t session_id,
                        const std::vector<uint8_t>& data,
                        uint64_t max_out_length,
                        uint64_t* actual_out_length,
                        std::vector<uint8_t>* signature) = 0;
  // PKCS #11 v2.20 section 11.11 page 154.
  virtual uint32_t SignUpdate(const chromeos::SecureBlob& isolate_credential,
                              uint64_t session_id,
                              const std::vector<uint8_t>& data_part) = 0;
  // PKCS #11 v2.20 section 11.11 page 154.
  virtual uint32_t SignFinal(const chromeos::SecureBlob& isolate_credential,
                             uint64_t session_id,
                             uint64_t max_out_length,
                             uint64_t* actual_out_length,
                             std::vector<uint8_t>* signature) = 0;
  // PKCS #11 v2.20 section 11.11 page 153,154: any errors terminate the active
  // signing operation.
  virtual void SignCancel(const chromeos::SecureBlob& isolate_credential,
                          uint64_t session_id) = 0;
  // PKCS #11 v2.20 section 11.11 page 155.
  virtual uint32_t SignRecoverInit(
     const chromeos::SecureBlob& isolate_credential,
     uint64_t session_id,
      uint64_t mechanism_type,
      const std::vector<uint8_t>& mechanism_parameter,
      uint64_t key_handle) = 0;
  // PKCS #11 v2.20 section 11.11 page 156.
  virtual uint32_t SignRecover(const chromeos::SecureBlob& isolate_credential,
                               uint64_t session_id,
                               const std::vector<uint8_t>& data,
                               uint64_t max_out_length,
                               uint64_t* actual_out_length,
                               std::vector<uint8_t>* signature) = 0;
  // PKCS #11 v2.20 section 11.12 page 157.
  virtual uint32_t VerifyInit(const chromeos::SecureBlob& isolate_credential,
                              uint64_t session_id,
                              uint64_t mechanism_type,
                              const std::vector<uint8_t>& mechanism_parameter,
                              uint64_t key_handle) = 0;
  // PKCS #11 v2.20 section 11.12 page 158.
  virtual uint32_t Verify(const chromeos::SecureBlob& isolate_credential,
                          uint64_t session_id,
                          const std::vector<uint8_t>& data,
                          const std::vector<uint8_t>& signature) = 0;
  // PKCS #11 v2.20 section 11.12 page 159.
  virtual uint32_t VerifyUpdate(const chromeos::SecureBlob& isolate_credential,
                                uint64_t session_id,
                                const std::vector<uint8_t>& data_part) = 0;
  // PKCS #11 v2.20 section 11.12 page 159.
  virtual uint32_t VerifyFinal(const chromeos::SecureBlob& isolate_credential,
                               uint64_t session_id,
                               const std::vector<uint8_t>& signature) = 0;
  // PKCS #11 v2.20 section 11.12 page 159: any errors terminate the active
  // verification operation.
  virtual void VerifyCancel(const chromeos::SecureBlob& isolate_credential,
                            uint64_t session_id) = 0;
  // PKCS #11 v2.20 section 11.12 page 161.
  virtual uint32_t VerifyRecoverInit(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      uint64_t mechanism_type,
      const std::vector<uint8_t>& mechanism_parameter,
      uint64_t key_handle) = 0;
  // PKCS #11 v2.20 section 11.12 page 161.
  virtual uint32_t VerifyRecover(const chromeos::SecureBlob& isolate_credential,
                                 uint64_t session_id,
                                 const std::vector<uint8_t>& signature,
                                 uint64_t max_out_length,
                                 uint64_t* actual_out_length,
                                 std::vector<uint8_t>* data) = 0;
  // PKCS #11 v2.20 section 11.13 page 163.
  virtual uint32_t DigestEncryptUpdate(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      const std::vector<uint8_t>& data_in,
      uint64_t max_out_length,
      uint64_t* actual_out_length,
      std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.13 page 165.
  virtual uint32_t DecryptDigestUpdate(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      const std::vector<uint8_t>& data_in,
      uint64_t max_out_length,
      uint64_t* actual_out_length,
      std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.13 page 169.
  virtual uint32_t SignEncryptUpdate(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      const std::vector<uint8_t>& data_in,
      uint64_t max_out_length,
      uint64_t* actual_out_length,
      std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.13 page 171.
  virtual uint32_t DecryptVerifyUpdate(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      const std::vector<uint8_t>& data_in,
      uint64_t max_out_length,
      uint64_t* actual_out_length,
      std::vector<uint8_t>* data_out) = 0;
  // PKCS #11 v2.20 section 11.14 page 175.
  virtual uint32_t GenerateKey(const chromeos::SecureBlob& isolate_credential,
                               uint64_t session_id,
                               uint64_t mechanism_type,
                               const std::vector<uint8_t>& mechanism_parameter,
                               const std::vector<uint8_t>& attributes,
                               uint64_t* key_handle) = 0;
  // PKCS #11 v2.20 section 11.14 page 176.
  virtual uint32_t GenerateKeyPair(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      uint64_t mechanism_type,
      const std::vector<uint8_t>& mechanism_parameter,
      const std::vector<uint8_t>& public_attributes,
      const std::vector<uint8_t>& private_attributes,
      uint64_t* public_key_handle,
      uint64_t* private_key_handle) = 0;
  // PKCS #11 v2.20 section 11.14 page 178.
  virtual uint32_t WrapKey(const chromeos::SecureBlob& isolate_credential,
                           uint64_t session_id,
                           uint64_t mechanism_type,
                           const std::vector<uint8_t>& mechanism_parameter,
                           uint64_t wrapping_key_handle,
                           uint64_t key_handle,
                           uint64_t max_out_length,
                           uint64_t* actual_out_length,
                           std::vector<uint8_t>* wrapped_key) = 0;
  // PKCS #11 v2.20 section 11.14 page 180.
  virtual uint32_t UnwrapKey(const chromeos::SecureBlob& isolate_credential,
                             uint64_t session_id,
                             uint64_t mechanism_type,
                             const std::vector<uint8_t>& mechanism_parameter,
                             uint64_t wrapping_key_handle,
                             const std::vector<uint8_t>& wrapped_key,
                             const std::vector<uint8_t>& attributes,
                             uint64_t* key_handle) = 0;
  // PKCS #11 v2.20 section 11.14 page 182.
  virtual uint32_t DeriveKey(const chromeos::SecureBlob& isolate_credential,
                             uint64_t session_id,
                             uint64_t mechanism_type,
                             const std::vector<uint8_t>& mechanism_parameter,
                             uint64_t base_key_handle,
                             const std::vector<uint8_t>& attributes,
                             uint64_t* key_handle) = 0;
  // PKCS #11 v2.20 section 11.15 page 184.
  virtual uint32_t SeedRandom(const chromeos::SecureBlob& isolate_credential,
                              uint64_t session_id,
                              const std::vector<uint8_t>& seed) = 0;
  // PKCS #11 v2.20 section 11.15 page 184.
  virtual uint32_t GenerateRandom(
      const chromeos::SecureBlob& isolate_credential,
      uint64_t session_id,
      uint64_t num_bytes,
      std::vector<uint8_t>* random_data) = 0;

 private:
  DISALLOW_COPY_AND_ASSIGN(ChapsInterface);
};

}  // namespace chaps

#endif  // CHAPS_CHAPS_INTERFACE_H_