/**
 * @file       activation.h
 * @brief      Activation TEE API
 * @author     Oleksandr Fadieiev (o.fadieiev@samsung.com)
 * @author     Andrii Kravchenko (a.kravchenko@samsung.com)
 * @version    1.0
 * @date       April 21, 2017
 * @copyright  In Samsung Ukraine R&D Center (SURC) under a contract between
 * @par        LLC "Samsung Electronics Ukraine Company" (Kiev, Ukraine) and
 * @par        "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
 * @par        Copyright: (c) Samsung Electronics Co, Ltd 2017. All rights reserved.
 */

#ifndef _ACTIVATION_H_
#define _ACTIVATION_H_

#include <stdint.h>
#include <string.h>

#ifdef __cplusplus
extern "C" {
#endif

#define kActivationMaxBufferSize (8192)
#define kActivationIvSize (12)
#define kActivationTagSize (16)

typedef enum {
  kActivationSuccess = 0,
  kActivationErrorGeneric = 1,
  kActivationErrorBadParameters = 2,
  kActivationErrorShortBuffer = 3,
  kActivationErrorDrk = 4,
  kActivationErrorTee = 5
} ActivationResult;

/**
 * Generates RSA session keypair. Stores RSA session private key and
 * returns x.509 certificate chain: DRK certificate and session RSA certificate
 * issued by DRK.
 *
 *
 * @param[out] drk_cert, drk_cert_size buffer large enough to contain DRK certificate
 * @param[out] rsa_cert, rsa_cert_size buffer large enough to contain x.509 certificate
 *                             of session RSA keypair
 *
 * @returns error code
 */
ActivationResult ActivationGenerateSessionCertificate(
    void *drk_cert, size_t *drk_cert_size,
    void *rsa_cert, size_t *rsa_cert_size);

/*
 * Stores AES key of server encrypted with RSA session public key
 * (@see ActivationGenerateSessionCertificate).
 *
 * @param[in] key, key_size encrypted AES key (received from server)
 *                          that will be used to generate activation credentials
 *
 * @returns error code
 */
ActivationResult ActivationStoreServerKey(
    const void *key,
    size_t key_size);

/**
 * Generates activation credentials using device unique data (like IMEI).
 * Activation credentials are encrypted with AES-GCM by previously stored AES key
 * (@see ActivationStoreServerKey).
 *
 * @param[in] buffer, buffer_size unique data to be encrypted
 * @param[out] enc, enc_size output buffer large enough to contain encrypted data
 * @param[out] iv, iv_size initialization vector which should be sent to server side
 * @param[out] tag, tag_size integrity of encrypted data which should be sent to server
 *
 * @returns error code
 */
ActivationResult ActivationGenerateCredentials(
    const uint8_t *buffer, size_t buffer_size,
    uint8_t *enc, size_t *enc_size,
    uint8_t *iv, size_t *iv_size,
    uint8_t *tag, size_t *tag_size);

#ifdef __cplusplus
}
#endif

#endif // _ACTIVATION_H_