/*
 * Copyright (C) 2019 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

syntax = "proto3";

package nugget.app.identity;

import "nugget/app/identity/identity_defs.proto";
import "nugget/app/identity/identity_types.proto";
import "nugget/protobuf/options.proto";

// Identity is the app used to implement Android's Identity HAL.
//
// The documentation for the HAL applies to this implementation.
service Identity {
  option (nugget.protobuf.app_id) = "IDENTITY";
  option (nugget.protobuf.app_name) = "Identity";
  option (nugget.protobuf.app_version) = 1;
  option (nugget.protobuf.request_buffer_size) = 2048;
  option (nugget.protobuf.response_buffer_size) = 2048;

  // RPCs for the Identity HAL
  rpc WICinitialize (WICinitializeRequest) returns (WICinitializeResponse);
  rpc WICinitializeForUpdate (WICinitializeForUpdateRequest) returns (WICinitializeForUpdateResponse);
  rpc WICcreateCredentialKey (WICcreateCredentialKeyRequest) returns (WICcreateCredentialKeyResponse);
  rpc WICstartPersonalization (WICstartPersonalizationRequest) returns (WICstartPersonalizationResponse);
  rpc WICaddAccessControlProfile (WICaddAccessControlProfileRequest) returns (WICaddAccessControlProfileResponse);
  rpc WICbeginAddEntry (WICbeginAddEntryRequest) returns (WICbeginAddEntryResponse);
  rpc WICaddEntryValue (WICaddEntryValueRequest) returns (WICaddEntryValueResponse);
  rpc WICfinishAddingEntries (WICfinishAddingEntriesRequest) returns (WICfinishAddingEntriesResponse);
  rpc ICinitialize (ICinitializeRequest) returns (ICinitializeResponse);
  rpc ICcreateEphemeralKeyPair (ICcreateEphemeralKeyPairRequest) returns (ICcreateEphemeralKeyPairResponse);
  rpc ICgenerateSigningKeyPair (ICgenerateSigningKeyPairRequest) returns (ICgenerateSigningKeyPairResponse);
  rpc ICcreateAuthChallenge (ICcreateAuthChallengeRequest) returns (ICcreateAuthChallengeResponse);
  rpc ICstartRetrieveEntries (ICstartRetrieveEntriesRequest) returns (ICstartRetrieveEntriesResponse);
  rpc ICsetAuthToken (ICsetAuthTokenRequest) returns (ICsetAuthTokenResponse);
  rpc ICpushReaderCert (ICpushReaderCertRequest) returns (ICpushReaderCertResponse);
  rpc ICvalidateAccessControlProfile (ICvalidateAccessControlProfileRequest) returns (ICvalidateAccessControlProfileResponse);
  rpc ICvalidateRequestMessage (ICvalidateRequestMessageRequest) returns (ICvalidateRequestMessageResponse);
  rpc ICcalcMacKey (ICcalcMacKeyRequest) returns (ICcalcMacKeyResponse);
  rpc ICstartRetrieveEntryValue (ICstartRetrieveEntryValueRequest) returns (ICstartRetrieveEntryValueResponse);
  rpc ICretrieveEntryValue (ICretrieveEntryValueRequest) returns (ICretrieveEntryValueResponse);
  rpc ICfinishRetrieval (ICfinishRetrievalRequest) returns (ICfinishRetrievalResponse);
  rpc ICdeleteCredential (ICdeleteCredentialRequest) returns (ICdeleteCredentialResponse);
  rpc ICproveOwnership (ICproveOwnershipRequest) returns (ICproveOwnershipResponse);
  rpc GetSessionId (GetSessionIdRequest) returns (GetSessionIdResponse);
  rpc SessionShutdown(SessionShutdownRequest) returns (SessionShutdownResponse);
  rpc SessionInitialize (SessionInitializeRequest) returns (SessionInitializeResponse);
  rpc SessionSetReaderEphemeralPublicKey (SessionSetReaderEphemeralPublicKeyRequest) returns (SessionSetReaderEphemeralPublicKeyResponse);
  rpc SessionSetSessionTranscript (SessionSetSessionTranscriptRequest) returns (SessionSetSessionTranscriptResponse);
}

enum RequestType {
  unknown = 0;
  provision = 1;
  presentation = 2;
  session = 3;
}

// WICinitialize
message WICinitializeRequest{
  bool testCredential = 1;
}
message WICinitializeResponse{
  Result result = 1;
}

// WICinitializeForUpdate
message WICinitializeForUpdateRequest{
  bool testCredential = 1;
  bytes docType = 2;
  bytes encryptedCredentialKeys = 3;
}

message WICinitializeForUpdateResponse{
  Result result = 1;
}

// WICcreateCredentialKey
message WICcreateCredentialKeyRequest{
}

message WICcreateCredentialKeyResponse{
  Result result = 1;
  bytes publickey = 2;
}

// WICstartPersonalization
message WICstartPersonalizationRequest{
  uint32 accessControlProfileCount = 1;
  bytes entryCounts = 2;
  bytes docType = 3;
  uint32 expectedProofOfProvisioningSize = 4;
  bool supportInt32EntryCounts = 5;
}
message WICstartPersonalizationResponse{
  Result result = 1;
}

// WICaddAccessControlProfile
message WICaddAccessControlProfileRequest{
  uint32 id = 1;
  bytes readerCertificate = 2;
  bool userAuthenticationRequired = 3;
  uint64 timeoutMillis = 4;
  uint64 secureUserId = 5;
}
message WICaddAccessControlProfileResponse{
  Result result = 1;
  bytes mac = 2;
}

// WICbeginAddEntry
message WICbeginAddEntryRequest{
  bytes accessControlProfileIds = 1;
  string nameSpace = 2;
  string name = 3;
  uint64 entrySize = 4;
}
message WICbeginAddEntryResponse{
  Result result = 1;
}

// WICaddEntryValue
message WICaddEntryValueRequest{
  bytes accessControlProfileIds = 1;
  string nameSpace = 2;
  string name = 3;
  bytes content = 4;
}
message WICaddEntryValueResponse{
  Result result = 1;
  bytes encrypted_content = 2;
}

// WICfinishAddingEntries
message WICfinishAddingEntriesRequest{
  bytes docType = 1;
  bool testCredential = 2;
}

message WICfinishAddingEntriesResponse{
  Result result = 1;
  bytes signatureOfToBeSigned = 2;
  bytes credentialData = 3;
}

// ICinitialize
message ICinitializeRequest{
  bool testCredential = 1;
  bytes docType = 2;
  bytes encryptedCredentialKeys = 3;
  uint32 oemHalVersion = 4;
  uint32 sessionId = 5;
}

message ICinitializeResponse{
  Result result = 1;
}

// ICcreateEphemeralKeyPair
message ICcreateEphemeralKeyPairRequest{
}

message ICcreateEphemeralKeyPairResponse{
  Result result = 1;
  bytes ephemeralPriv = 2;
}

// ICgenerateSigningKeyPair
message ICgenerateSigningKeyPairRequest{
  bytes docType = 1;
}

message ICgenerateSigningKeyPairResponse{
  Result result = 1;
  bytes SigningKeyBlob =2;
  bytes signingPubKey =3;
}

// ICcreateAuthChallenge
message ICcreateAuthChallengeRequest{
}

message ICcreateAuthChallengeResponse{
  Result result = 1;
  uint64 challenge = 2;
}

// ICstartRetrieveEntries
message ICstartRetrieveEntriesRequest{
}

message ICstartRetrieveEntriesResponse{
  Result result = 1;
}

// ICsetAuthToken
message ICsetAuthTokenRequest{
  uint64 challenge = 1;
  uint64 secureUserId = 2;
  uint64 authenticatorId = 3;
  uint32 hardwareAuthenticatorType = 4;
  uint64 timeStamp = 5;
  bytes mac = 6;
  uint64 verificationTokenChallenge = 7;
  uint64 verificationTokenTimestamp =8;
  uint32 verificationTokenSecurityLevel =9;
  bytes verificationTokenMac = 10;
}

message ICsetAuthTokenResponse{
  Result result = 1;
}

// ICpushReaderCert
message ICpushReaderCertRequest{
  bytes x509Cert = 1;
  uint32 tbsCertificateOffset = 2;
  uint32 tbsCertificateSize = 3;
  uint32 signatureOffset = 4;
  uint32 signatureSize = 5;
  uint32 publicKeyOffset = 6;
  uint32 publicKeySize = 7;
  uint32 signAlg = 8;
}

message ICpushReaderCertResponse{
  Result result = 1;
}

// ICvalidateAccessControlProfile
message ICvalidateAccessControlProfileRequest{
  uint32 id = 1;
  bytes readerCertificate = 2;
  bool userAuthenticationRequired = 3;
  uint32 timeoutMillis = 4;
  uint64 secureUserId = 5;
  bytes mac = 6;
  uint32 publicKeyOffset = 7;
  uint32 publicKeysize = 8;
}

message ICvalidateAccessControlProfileResponse{
  Result result = 1;
  bool accessGranted = 2;
}

// ICvalidateRequestMessage
message ICvalidateRequestMessageRequest{
  bytes sessionTranscript = 1;
  bytes requestMessage = 2;
  uint32 coseSignAlg = 3;
  bytes readerSignatureOfToBeSigned = 4;
}

message ICvalidateRequestMessageResponse{
  Result result = 1;
}

// ICcalcMacKey
message ICcalcMacKeyRequest{
  bytes sessionTranscript = 1;
  bytes readerEphemeralPublicKey = 2;
  bytes signingKeyBlob = 3;
  bytes docType = 4;
  uint32 numNamespacesWithValues = 5;
  uint32 expectedProofOfProvisioningSize = 6;
}

message ICcalcMacKeyResponse{
  Result result = 1;
}

// ICstartRetrieveEntryValue
message ICstartRetrieveEntryValueRequest{
  string nameSpace = 1;
  string name = 2;
  uint32 newNamespaceNumEntries = 3;
  uint32 entrySize = 4;
  bytes accessControlProfileIds = 5;
}

message ICstartRetrieveEntryValueResponse{
  AccessResult accessCheckResult = 1;
  uint32 sessionCookie = 2;
}

// ICretrieveEntryValue
message ICretrieveEntryValueRequest{
  bytes encryptedContent = 1;
  string nameSpace = 2;
  string name = 3;
  bytes accessControlProfileIds = 4;
  uint32 sessionCookie = 5;
}

message ICretrieveEntryValueResponse{
  Result result = 1;
  bytes content = 2;
}

// ICfinishRetrieval
message ICfinishRetrievalRequest{
}

message ICfinishRetrievalResponse{
  Result result = 1;
  bytes mac = 2;
}

// ICdeleteCredential
message ICdeleteCredentialRequest{
  bytes docType = 1;
  bytes challenge = 2;
  bool includeChallenge = 3;
  uint32 proofOfDeletionCborSize = 4;
}

message ICdeleteCredentialResponse{
  Result result = 1;
  bytes signatureOfToBeSigned = 2;
}

// ICproveOwnership
message ICproveOwnershipRequest{
  bytes docType = 1;
  bool testCredential = 2;
  bytes challenge = 3;
  uint32 proofOfOwnershipCborSize = 4;
}

message ICproveOwnershipResponse{
  Result result = 1;
  bytes signatureOfToBeSigned = 2;
}

// GetSessionId
message GetSessionIdRequest{
  RequestType requestType = 1;
}

message GetSessionIdResponse{
  Result result = 1;
  uint32 id = 2;
}

// SessionShutdown
message SessionShutdownRequest{
  RequestType requestType = 1;
}

message SessionShutdownResponse{
  Result result = 1;
}

// SessionInitialize
message SessionInitializeRequest{
}

message SessionInitializeResponse{
  Result result = 1;
  uint64 authChallenge = 2;
  bytes ephemeralPrivateKey = 3;
}

// SessionSetReaderEphemeralPublicKey
message SessionSetReaderEphemeralPublicKeyRequest{
  bytes readerEphemeralPublicKey = 1;
}

message SessionSetReaderEphemeralPublicKeyResponse{
  Result result = 1;
}

// SessionSetSessionTranscript
message SessionSetSessionTranscriptRequest{
  bytes sessionTranscript = 1;
}

message SessionSetSessionTranscriptResponse{
  Result result = 1;
}