fidl_fuchsia_security_keymint/

fidl_fuchsia_security_keymint.rs

// WARNING: This file is machine generated by fidlgen.

#![warn(clippy::all)]
#![allow(unused_parens, unused_mut, unused_imports, nonstandard_style)]

use bitflags::bitflags;
use fidl::client::QueryResponseFut;
use fidl::encoding::{MessageBufFor, ProxyChannelBox, ResourceDialect};
use fidl::endpoints::{ControlHandle as _, Responder as _};
pub use fidl_fuchsia_security_keymint__common::*;
use futures::future::{self, MaybeDone, TryFutureExt};
use zx_status;

#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Hash)]
pub struct SealingKeysMarker;

impl fidl::endpoints::ProtocolMarker for SealingKeysMarker {
    type Proxy = SealingKeysProxy;
    type RequestStream = SealingKeysRequestStream;
    #[cfg(target_os = "fuchsia")]
    type SynchronousProxy = SealingKeysSynchronousProxy;

    const DEBUG_NAME: &'static str = "fuchsia.security.keymint.SealingKeys";
}
impl fidl::endpoints::DiscoverableProtocolMarker for SealingKeysMarker {}
pub type SealingKeysCreateSealingKeyResult = Result<Vec<u8>, CreateError>;
pub type SealingKeysSealResult = Result<Vec<u8>, SealError>;
pub type SealingKeysUnsealResult = Result<Vec<u8>, UnsealError>;

pub trait SealingKeysProxyInterface: Send + Sync {
    type CreateSealingKeyResponseFut: std::future::Future<Output = Result<SealingKeysCreateSealingKeyResult, fidl::Error>>
        + Send;
    fn r#create_sealing_key(&self, key_info: &[u8]) -> Self::CreateSealingKeyResponseFut;
    type SealResponseFut: std::future::Future<Output = Result<SealingKeysSealResult, fidl::Error>>
        + Send;
    fn r#seal(&self, key_info: &[u8], key_blob: &[u8], secret: &[u8]) -> Self::SealResponseFut;
    type UnsealResponseFut: std::future::Future<Output = Result<SealingKeysUnsealResult, fidl::Error>>
        + Send;
    fn r#unseal(
        &self,
        key_info: &[u8],
        key_blob: &[u8],
        sealed_secret: &[u8],
    ) -> Self::UnsealResponseFut;
}
#[derive(Debug)]
#[cfg(target_os = "fuchsia")]
pub struct SealingKeysSynchronousProxy {
    client: fidl::client::sync::Client,
}

#[cfg(target_os = "fuchsia")]
impl fidl::endpoints::SynchronousProxy for SealingKeysSynchronousProxy {
    type Proxy = SealingKeysProxy;
    type Protocol = SealingKeysMarker;

    fn from_channel(inner: fidl::Channel) -> Self {
        Self::new(inner)
    }

    fn into_channel(self) -> fidl::Channel {
        self.client.into_channel()
    }

    fn as_channel(&self) -> &fidl::Channel {
        self.client.as_channel()
    }
}

#[cfg(target_os = "fuchsia")]
impl SealingKeysSynchronousProxy {
    pub fn new(channel: fidl::Channel) -> Self {
        let protocol_name = <SealingKeysMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME;
        Self { client: fidl::client::sync::Client::new(channel, protocol_name) }
    }

    pub fn into_channel(self) -> fidl::Channel {
        self.client.into_channel()
    }

    /// Waits until an event arrives and returns it. It is safe for other
    /// threads to make concurrent requests while waiting for an event.
    pub fn wait_for_event(
        &self,
        deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysEvent, fidl::Error> {
        SealingKeysEvent::decode(self.client.wait_for_event(deadline)?)
    }

    /// Generates a new sealing key to seal and unseal secrets.
    ///
    /// |key_info| is information to be cryptographically bound to the returned key.
    ///   * The client will have to supply it in all uses (other than key deletion) of the returned
    ///     key.
    ///   * It serves two purposes: (1) internally by the key manager to identify the key owner and
    ///     (2) as a password to mitigate potential attacks from the key manager and as well as
    ///     other clients.
    ///   * It is recommended to include sufficient entropy in it (using it as a password) to
    ///     mitigage potential attacks from the secure world (the key manager's execution
    ///     environment) or from other clients.
    ///   * It is acceptible to pass a constant if deriving and persisting a password is too
    ///     cumbersome and the client fully trust the secure world and there are not many other
    ///     clients.
    ///
    /// The client is responsible for persisting both |key_info| and the returned |key_blob|.
    /// The key blob is encrypted with a TEE-private key. It is guaranteed to be unique for each
    /// call (even with the same key info). It can be stored in unsecure storage.
    ///
    /// Returns:
    ///   * The sealing key if everything worked.
    ///   * FAILED_CREATE if the key creation failed, e.g., the |key_info| was empty.
    pub fn r#create_sealing_key(
        &self,
        mut key_info: &[u8],
        ___deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysCreateSealingKeyResult, fidl::Error> {
        let _response = self.client.send_query::<
            SealingKeysCreateSealingKeyRequest,
            fidl::encoding::ResultType<SealingKeysCreateSealingKeyResponse, CreateError>,
        >(
            (key_info,),
            0x5a191cbb6a8081bc,
            fidl::encoding::DynamicFlags::empty(),
            ___deadline,
        )?;
        Ok(_response.map(|x| x.key_blob))
    }

    /// Seals a secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the seal operation.
    ///
    /// Returns:
    ///   * The sealed secret if everything worked.
    ///   * FAILED_SEAL if the sealing failed, e.g., sealing key info or blob mismatch.
    pub fn r#seal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut secret: &[u8],
        ___deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysSealResult, fidl::Error> {
        let _response = self.client.send_query::<
            SealingKeysSealRequest,
            fidl::encoding::ResultType<SealingKeysSealResponse, SealError>,
        >(
            (key_info, key_blob, secret,),
            0x10d41255013918d1,
            fidl::encoding::DynamicFlags::empty(),
            ___deadline,
        )?;
        Ok(_response.map(|x| x.sealed_secret))
    }

    /// Unseals a sealed secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///   * The key blob has to match the one used to seal the secret.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the unseal operation.
    ///
    /// Returns:
    ///   * The unsealed secret if everything worked.
    ///   * FAILED_UNSEAL if the unsealing failed, e.g., sealing key info or blob mismatch.
    pub fn r#unseal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut sealed_secret: &[u8],
        ___deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysUnsealResult, fidl::Error> {
        let _response = self.client.send_query::<
            SealingKeysUnsealRequest,
            fidl::encoding::ResultType<SealingKeysUnsealResponse, UnsealError>,
        >(
            (key_info, key_blob, sealed_secret,),
            0x7037d75ecb579c83,
            fidl::encoding::DynamicFlags::empty(),
            ___deadline,
        )?;
        Ok(_response.map(|x| x.unsealed_secret))
    }
}

#[cfg(target_os = "fuchsia")]
impl From<SealingKeysSynchronousProxy> for zx::Handle {
    fn from(value: SealingKeysSynchronousProxy) -> Self {
        value.into_channel().into()
    }
}

#[cfg(target_os = "fuchsia")]
impl From<fidl::Channel> for SealingKeysSynchronousProxy {
    fn from(value: fidl::Channel) -> Self {
        Self::new(value)
    }
}

#[cfg(target_os = "fuchsia")]
impl fidl::endpoints::FromClient for SealingKeysSynchronousProxy {
    type Protocol = SealingKeysMarker;

    fn from_client(value: fidl::endpoints::ClientEnd<SealingKeysMarker>) -> Self {
        Self::new(value.into_channel())
    }
}

#[derive(Debug, Clone)]
pub struct SealingKeysProxy {
    client: fidl::client::Client<fidl::encoding::DefaultFuchsiaResourceDialect>,
}

impl fidl::endpoints::Proxy for SealingKeysProxy {
    type Protocol = SealingKeysMarker;

    fn from_channel(inner: ::fidl::AsyncChannel) -> Self {
        Self::new(inner)
    }

    fn into_channel(self) -> Result<::fidl::AsyncChannel, Self> {
        self.client.into_channel().map_err(|client| Self { client })
    }

    fn as_channel(&self) -> &::fidl::AsyncChannel {
        self.client.as_channel()
    }
}

impl SealingKeysProxy {
    /// Create a new Proxy for fuchsia.security.keymint/SealingKeys.
    pub fn new(channel: ::fidl::AsyncChannel) -> Self {
        let protocol_name = <SealingKeysMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME;
        Self { client: fidl::client::Client::new(channel, protocol_name) }
    }

    /// Get a Stream of events from the remote end of the protocol.
    ///
    /// # Panics
    ///
    /// Panics if the event stream was already taken.
    pub fn take_event_stream(&self) -> SealingKeysEventStream {
        SealingKeysEventStream { event_receiver: self.client.take_event_receiver() }
    }

    /// Generates a new sealing key to seal and unseal secrets.
    ///
    /// |key_info| is information to be cryptographically bound to the returned key.
    ///   * The client will have to supply it in all uses (other than key deletion) of the returned
    ///     key.
    ///   * It serves two purposes: (1) internally by the key manager to identify the key owner and
    ///     (2) as a password to mitigate potential attacks from the key manager and as well as
    ///     other clients.
    ///   * It is recommended to include sufficient entropy in it (using it as a password) to
    ///     mitigage potential attacks from the secure world (the key manager's execution
    ///     environment) or from other clients.
    ///   * It is acceptible to pass a constant if deriving and persisting a password is too
    ///     cumbersome and the client fully trust the secure world and there are not many other
    ///     clients.
    ///
    /// The client is responsible for persisting both |key_info| and the returned |key_blob|.
    /// The key blob is encrypted with a TEE-private key. It is guaranteed to be unique for each
    /// call (even with the same key info). It can be stored in unsecure storage.
    ///
    /// Returns:
    ///   * The sealing key if everything worked.
    ///   * FAILED_CREATE if the key creation failed, e.g., the |key_info| was empty.
    pub fn r#create_sealing_key(
        &self,
        mut key_info: &[u8],
    ) -> fidl::client::QueryResponseFut<
        SealingKeysCreateSealingKeyResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    > {
        SealingKeysProxyInterface::r#create_sealing_key(self, key_info)
    }

    /// Seals a secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the seal operation.
    ///
    /// Returns:
    ///   * The sealed secret if everything worked.
    ///   * FAILED_SEAL if the sealing failed, e.g., sealing key info or blob mismatch.
    pub fn r#seal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut secret: &[u8],
    ) -> fidl::client::QueryResponseFut<
        SealingKeysSealResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    > {
        SealingKeysProxyInterface::r#seal(self, key_info, key_blob, secret)
    }

    /// Unseals a sealed secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///   * The key blob has to match the one used to seal the secret.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the unseal operation.
    ///
    /// Returns:
    ///   * The unsealed secret if everything worked.
    ///   * FAILED_UNSEAL if the unsealing failed, e.g., sealing key info or blob mismatch.
    pub fn r#unseal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut sealed_secret: &[u8],
    ) -> fidl::client::QueryResponseFut<
        SealingKeysUnsealResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    > {
        SealingKeysProxyInterface::r#unseal(self, key_info, key_blob, sealed_secret)
    }
}

impl SealingKeysProxyInterface for SealingKeysProxy {
    type CreateSealingKeyResponseFut = fidl::client::QueryResponseFut<
        SealingKeysCreateSealingKeyResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    >;
    fn r#create_sealing_key(&self, mut key_info: &[u8]) -> Self::CreateSealingKeyResponseFut {
        fn _decode(
            mut _buf: Result<<fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc, fidl::Error>,
        ) -> Result<SealingKeysCreateSealingKeyResult, fidl::Error> {
            let _response = fidl::client::decode_transaction_body::<
                fidl::encoding::ResultType<SealingKeysCreateSealingKeyResponse, CreateError>,
                fidl::encoding::DefaultFuchsiaResourceDialect,
                0x5a191cbb6a8081bc,
            >(_buf?)?;
            Ok(_response.map(|x| x.key_blob))
        }
        self.client.send_query_and_decode::<
            SealingKeysCreateSealingKeyRequest,
            SealingKeysCreateSealingKeyResult,
        >(
            (key_info,),
            0x5a191cbb6a8081bc,
            fidl::encoding::DynamicFlags::empty(),
            _decode,
        )
    }

    type SealResponseFut = fidl::client::QueryResponseFut<
        SealingKeysSealResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    >;
    fn r#seal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut secret: &[u8],
    ) -> Self::SealResponseFut {
        fn _decode(
            mut _buf: Result<<fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc, fidl::Error>,
        ) -> Result<SealingKeysSealResult, fidl::Error> {
            let _response = fidl::client::decode_transaction_body::<
                fidl::encoding::ResultType<SealingKeysSealResponse, SealError>,
                fidl::encoding::DefaultFuchsiaResourceDialect,
                0x10d41255013918d1,
            >(_buf?)?;
            Ok(_response.map(|x| x.sealed_secret))
        }
        self.client.send_query_and_decode::<SealingKeysSealRequest, SealingKeysSealResult>(
            (key_info, key_blob, secret),
            0x10d41255013918d1,
            fidl::encoding::DynamicFlags::empty(),
            _decode,
        )
    }

    type UnsealResponseFut = fidl::client::QueryResponseFut<
        SealingKeysUnsealResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    >;
    fn r#unseal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut sealed_secret: &[u8],
    ) -> Self::UnsealResponseFut {
        fn _decode(
            mut _buf: Result<<fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc, fidl::Error>,
        ) -> Result<SealingKeysUnsealResult, fidl::Error> {
            let _response = fidl::client::decode_transaction_body::<
                fidl::encoding::ResultType<SealingKeysUnsealResponse, UnsealError>,
                fidl::encoding::DefaultFuchsiaResourceDialect,
                0x7037d75ecb579c83,
            >(_buf?)?;
            Ok(_response.map(|x| x.unsealed_secret))
        }
        self.client.send_query_and_decode::<SealingKeysUnsealRequest, SealingKeysUnsealResult>(
            (key_info, key_blob, sealed_secret),
            0x7037d75ecb579c83,
            fidl::encoding::DynamicFlags::empty(),
            _decode,
        )
    }
}

pub struct SealingKeysEventStream {
    event_receiver: fidl::client::EventReceiver<fidl::encoding::DefaultFuchsiaResourceDialect>,
}

impl std::marker::Unpin for SealingKeysEventStream {}

impl futures::stream::FusedStream for SealingKeysEventStream {
    fn is_terminated(&self) -> bool {
        self.event_receiver.is_terminated()
    }
}

impl futures::Stream for SealingKeysEventStream {
    type Item = Result<SealingKeysEvent, fidl::Error>;

    fn poll_next(
        mut self: std::pin::Pin<&mut Self>,
        cx: &mut std::task::Context<'_>,
    ) -> std::task::Poll<Option<Self::Item>> {
        match futures::ready!(futures::stream::StreamExt::poll_next_unpin(
            &mut self.event_receiver,
            cx
        )?) {
            Some(buf) => std::task::Poll::Ready(Some(SealingKeysEvent::decode(buf))),
            None => std::task::Poll::Ready(None),
        }
    }
}

#[derive(Debug)]
pub enum SealingKeysEvent {}

impl SealingKeysEvent {
    /// Decodes a message buffer as a [`SealingKeysEvent`].
    fn decode(
        mut buf: <fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc,
    ) -> Result<SealingKeysEvent, fidl::Error> {
        let (bytes, _handles) = buf.split_mut();
        let (tx_header, _body_bytes) = fidl::encoding::decode_transaction_header(bytes)?;
        debug_assert_eq!(tx_header.tx_id, 0);
        match tx_header.ordinal {
            _ => Err(fidl::Error::UnknownOrdinal {
                ordinal: tx_header.ordinal,
                protocol_name: <SealingKeysMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME,
            }),
        }
    }
}

/// A Stream of incoming requests for fuchsia.security.keymint/SealingKeys.
pub struct SealingKeysRequestStream {
    inner: std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>,
    is_terminated: bool,
}

impl std::marker::Unpin for SealingKeysRequestStream {}

impl futures::stream::FusedStream for SealingKeysRequestStream {
    fn is_terminated(&self) -> bool {
        self.is_terminated
    }
}

impl fidl::endpoints::RequestStream for SealingKeysRequestStream {
    type Protocol = SealingKeysMarker;
    type ControlHandle = SealingKeysControlHandle;

    fn from_channel(channel: ::fidl::AsyncChannel) -> Self {
        Self { inner: std::sync::Arc::new(fidl::ServeInner::new(channel)), is_terminated: false }
    }

    fn control_handle(&self) -> Self::ControlHandle {
        SealingKeysControlHandle { inner: self.inner.clone() }
    }

    fn into_inner(
        self,
    ) -> (::std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>, bool)
    {
        (self.inner, self.is_terminated)
    }

    fn from_inner(
        inner: std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>,
        is_terminated: bool,
    ) -> Self {
        Self { inner, is_terminated }
    }
}

impl futures::Stream for SealingKeysRequestStream {
    type Item = Result<SealingKeysRequest, fidl::Error>;

    fn poll_next(
        mut self: std::pin::Pin<&mut Self>,
        cx: &mut std::task::Context<'_>,
    ) -> std::task::Poll<Option<Self::Item>> {
        let this = &mut *self;
        if this.inner.check_shutdown(cx) {
            this.is_terminated = true;
            return std::task::Poll::Ready(None);
        }
        if this.is_terminated {
            panic!("polled SealingKeysRequestStream after completion");
        }
        fidl::encoding::with_tls_decode_buf::<_, fidl::encoding::DefaultFuchsiaResourceDialect>(
            |bytes, handles| {
                match this.inner.channel().read_etc(cx, bytes, handles) {
                    std::task::Poll::Ready(Ok(())) => {}
                    std::task::Poll::Pending => return std::task::Poll::Pending,
                    std::task::Poll::Ready(Err(zx_status::Status::PEER_CLOSED)) => {
                        this.is_terminated = true;
                        return std::task::Poll::Ready(None);
                    }
                    std::task::Poll::Ready(Err(e)) => {
                        return std::task::Poll::Ready(Some(Err(fidl::Error::ServerRequestRead(
                            e.into(),
                        ))))
                    }
                }

                // A message has been received from the channel
                let (header, _body_bytes) = fidl::encoding::decode_transaction_header(bytes)?;

                std::task::Poll::Ready(Some(match header.ordinal {
                    0x5a191cbb6a8081bc => {
                        header.validate_request_tx_id(fidl::MethodType::TwoWay)?;
                        let mut req = fidl::new_empty!(
                            SealingKeysCreateSealingKeyRequest,
                            fidl::encoding::DefaultFuchsiaResourceDialect
                        );
                        fidl::encoding::Decoder::<fidl::encoding::DefaultFuchsiaResourceDialect>::decode_into::<SealingKeysCreateSealingKeyRequest>(&header, _body_bytes, handles, &mut req)?;
                        let control_handle = SealingKeysControlHandle { inner: this.inner.clone() };
                        Ok(SealingKeysRequest::CreateSealingKey {
                            key_info: req.key_info,

                            responder: SealingKeysCreateSealingKeyResponder {
                                control_handle: std::mem::ManuallyDrop::new(control_handle),
                                tx_id: header.tx_id,
                            },
                        })
                    }
                    0x10d41255013918d1 => {
                        header.validate_request_tx_id(fidl::MethodType::TwoWay)?;
                        let mut req = fidl::new_empty!(
                            SealingKeysSealRequest,
                            fidl::encoding::DefaultFuchsiaResourceDialect
                        );
                        fidl::encoding::Decoder::<fidl::encoding::DefaultFuchsiaResourceDialect>::decode_into::<SealingKeysSealRequest>(&header, _body_bytes, handles, &mut req)?;
                        let control_handle = SealingKeysControlHandle { inner: this.inner.clone() };
                        Ok(SealingKeysRequest::Seal {
                            key_info: req.key_info,
                            key_blob: req.key_blob,
                            secret: req.secret,

                            responder: SealingKeysSealResponder {
                                control_handle: std::mem::ManuallyDrop::new(control_handle),
                                tx_id: header.tx_id,
                            },
                        })
                    }
                    0x7037d75ecb579c83 => {
                        header.validate_request_tx_id(fidl::MethodType::TwoWay)?;
                        let mut req = fidl::new_empty!(
                            SealingKeysUnsealRequest,
                            fidl::encoding::DefaultFuchsiaResourceDialect
                        );
                        fidl::encoding::Decoder::<fidl::encoding::DefaultFuchsiaResourceDialect>::decode_into::<SealingKeysUnsealRequest>(&header, _body_bytes, handles, &mut req)?;
                        let control_handle = SealingKeysControlHandle { inner: this.inner.clone() };
                        Ok(SealingKeysRequest::Unseal {
                            key_info: req.key_info,
                            key_blob: req.key_blob,
                            sealed_secret: req.sealed_secret,

                            responder: SealingKeysUnsealResponder {
                                control_handle: std::mem::ManuallyDrop::new(control_handle),
                                tx_id: header.tx_id,
                            },
                        })
                    }
                    _ => Err(fidl::Error::UnknownOrdinal {
                        ordinal: header.ordinal,
                        protocol_name:
                            <SealingKeysMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME,
                    }),
                }))
            },
        )
    }
}

/// Allows a client to generate sealing keys and then use these keys to seal and unseal secrets.
/// Sealed secrets are safe for offline storage.
///
/// Note that (un)seal is synonymous with (un)wrap, e.g., wrapping an encryption key is the same
/// as sealing an encryption key.
#[derive(Debug)]
pub enum SealingKeysRequest {
    /// Generates a new sealing key to seal and unseal secrets.
    ///
    /// |key_info| is information to be cryptographically bound to the returned key.
    ///   * The client will have to supply it in all uses (other than key deletion) of the returned
    ///     key.
    ///   * It serves two purposes: (1) internally by the key manager to identify the key owner and
    ///     (2) as a password to mitigate potential attacks from the key manager and as well as
    ///     other clients.
    ///   * It is recommended to include sufficient entropy in it (using it as a password) to
    ///     mitigage potential attacks from the secure world (the key manager's execution
    ///     environment) or from other clients.
    ///   * It is acceptible to pass a constant if deriving and persisting a password is too
    ///     cumbersome and the client fully trust the secure world and there are not many other
    ///     clients.
    ///
    /// The client is responsible for persisting both |key_info| and the returned |key_blob|.
    /// The key blob is encrypted with a TEE-private key. It is guaranteed to be unique for each
    /// call (even with the same key info). It can be stored in unsecure storage.
    ///
    /// Returns:
    ///   * The sealing key if everything worked.
    ///   * FAILED_CREATE if the key creation failed, e.g., the |key_info| was empty.
    CreateSealingKey { key_info: Vec<u8>, responder: SealingKeysCreateSealingKeyResponder },
    /// Seals a secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the seal operation.
    ///
    /// Returns:
    ///   * The sealed secret if everything worked.
    ///   * FAILED_SEAL if the sealing failed, e.g., sealing key info or blob mismatch.
    Seal {
        key_info: Vec<u8>,
        key_blob: Vec<u8>,
        secret: Vec<u8>,
        responder: SealingKeysSealResponder,
    },
    /// Unseals a sealed secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///   * The key blob has to match the one used to seal the secret.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the unseal operation.
    ///
    /// Returns:
    ///   * The unsealed secret if everything worked.
    ///   * FAILED_UNSEAL if the unsealing failed, e.g., sealing key info or blob mismatch.
    Unseal {
        key_info: Vec<u8>,
        key_blob: Vec<u8>,
        sealed_secret: Vec<u8>,
        responder: SealingKeysUnsealResponder,
    },
}

impl SealingKeysRequest {
    #[allow(irrefutable_let_patterns)]
    pub fn into_create_sealing_key(
        self,
    ) -> Option<(Vec<u8>, SealingKeysCreateSealingKeyResponder)> {
        if let SealingKeysRequest::CreateSealingKey { key_info, responder } = self {
            Some((key_info, responder))
        } else {
            None
        }
    }

    #[allow(irrefutable_let_patterns)]
    pub fn into_seal(self) -> Option<(Vec<u8>, Vec<u8>, Vec<u8>, SealingKeysSealResponder)> {
        if let SealingKeysRequest::Seal { key_info, key_blob, secret, responder } = self {
            Some((key_info, key_blob, secret, responder))
        } else {
            None
        }
    }

    #[allow(irrefutable_let_patterns)]
    pub fn into_unseal(self) -> Option<(Vec<u8>, Vec<u8>, Vec<u8>, SealingKeysUnsealResponder)> {
        if let SealingKeysRequest::Unseal { key_info, key_blob, sealed_secret, responder } = self {
            Some((key_info, key_blob, sealed_secret, responder))
        } else {
            None
        }
    }

    /// Name of the method defined in FIDL
    pub fn method_name(&self) -> &'static str {
        match *self {
            SealingKeysRequest::CreateSealingKey { .. } => "create_sealing_key",
            SealingKeysRequest::Seal { .. } => "seal",
            SealingKeysRequest::Unseal { .. } => "unseal",
        }
    }
}

#[derive(Debug, Clone)]
pub struct SealingKeysControlHandle {
    inner: std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>,
}

impl fidl::endpoints::ControlHandle for SealingKeysControlHandle {
    fn shutdown(&self) {
        self.inner.shutdown()
    }
    fn shutdown_with_epitaph(&self, status: zx_status::Status) {
        self.inner.shutdown_with_epitaph(status)
    }

    fn is_closed(&self) -> bool {
        self.inner.channel().is_closed()
    }
    fn on_closed(&self) -> fidl::OnSignalsRef<'_> {
        self.inner.channel().on_closed()
    }

    #[cfg(target_os = "fuchsia")]
    fn signal_peer(
        &self,
        clear_mask: zx::Signals,
        set_mask: zx::Signals,
    ) -> Result<(), zx_status::Status> {
        use fidl::Peered;
        self.inner.channel().signal_peer(clear_mask, set_mask)
    }
}

impl SealingKeysControlHandle {}

#[must_use = "FIDL methods require a response to be sent"]
#[derive(Debug)]
pub struct SealingKeysCreateSealingKeyResponder {
    control_handle: std::mem::ManuallyDrop<SealingKeysControlHandle>,
    tx_id: u32,
}

/// Set the the channel to be shutdown (see [`SealingKeysControlHandle::shutdown`])
/// if the responder is dropped without sending a response, so that the client
/// doesn't hang. To prevent this behavior, call `drop_without_shutdown`.
impl std::ops::Drop for SealingKeysCreateSealingKeyResponder {
    fn drop(&mut self) {
        self.control_handle.shutdown();
        // Safety: drops once, never accessed again
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
    }
}

impl fidl::endpoints::Responder for SealingKeysCreateSealingKeyResponder {
    type ControlHandle = SealingKeysControlHandle;

    fn control_handle(&self) -> &SealingKeysControlHandle {
        &self.control_handle
    }

    fn drop_without_shutdown(mut self) {
        // Safety: drops once, never accessed again due to mem::forget
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
        // Prevent Drop from running (which would shut down the channel)
        std::mem::forget(self);
    }
}

impl SealingKeysCreateSealingKeyResponder {
    /// Sends a response to the FIDL transaction.
    ///
    /// Sets the channel to shutdown if an error occurs.
    pub fn send(self, mut result: Result<&[u8], CreateError>) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        if _result.is_err() {
            self.control_handle.shutdown();
        }
        self.drop_without_shutdown();
        _result
    }

    /// Similar to "send" but does not shutdown the channel if an error occurs.
    pub fn send_no_shutdown_on_err(
        self,
        mut result: Result<&[u8], CreateError>,
    ) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        self.drop_without_shutdown();
        _result
    }

    fn send_raw(&self, mut result: Result<&[u8], CreateError>) -> Result<(), fidl::Error> {
        self.control_handle.inner.send::<fidl::encoding::ResultType<
            SealingKeysCreateSealingKeyResponse,
            CreateError,
        >>(
            result.map(|key_blob| (key_blob,)),
            self.tx_id,
            0x5a191cbb6a8081bc,
            fidl::encoding::DynamicFlags::empty(),
        )
    }
}

#[must_use = "FIDL methods require a response to be sent"]
#[derive(Debug)]
pub struct SealingKeysSealResponder {
    control_handle: std::mem::ManuallyDrop<SealingKeysControlHandle>,
    tx_id: u32,
}

/// Set the the channel to be shutdown (see [`SealingKeysControlHandle::shutdown`])
/// if the responder is dropped without sending a response, so that the client
/// doesn't hang. To prevent this behavior, call `drop_without_shutdown`.
impl std::ops::Drop for SealingKeysSealResponder {
    fn drop(&mut self) {
        self.control_handle.shutdown();
        // Safety: drops once, never accessed again
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
    }
}

impl fidl::endpoints::Responder for SealingKeysSealResponder {
    type ControlHandle = SealingKeysControlHandle;

    fn control_handle(&self) -> &SealingKeysControlHandle {
        &self.control_handle
    }

    fn drop_without_shutdown(mut self) {
        // Safety: drops once, never accessed again due to mem::forget
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
        // Prevent Drop from running (which would shut down the channel)
        std::mem::forget(self);
    }
}

impl SealingKeysSealResponder {
    /// Sends a response to the FIDL transaction.
    ///
    /// Sets the channel to shutdown if an error occurs.
    pub fn send(self, mut result: Result<&[u8], SealError>) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        if _result.is_err() {
            self.control_handle.shutdown();
        }
        self.drop_without_shutdown();
        _result
    }

    /// Similar to "send" but does not shutdown the channel if an error occurs.
    pub fn send_no_shutdown_on_err(
        self,
        mut result: Result<&[u8], SealError>,
    ) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        self.drop_without_shutdown();
        _result
    }

    fn send_raw(&self, mut result: Result<&[u8], SealError>) -> Result<(), fidl::Error> {
        self.control_handle
            .inner
            .send::<fidl::encoding::ResultType<SealingKeysSealResponse, SealError>>(
                result.map(|sealed_secret| (sealed_secret,)),
                self.tx_id,
                0x10d41255013918d1,
                fidl::encoding::DynamicFlags::empty(),
            )
    }
}

#[must_use = "FIDL methods require a response to be sent"]
#[derive(Debug)]
pub struct SealingKeysUnsealResponder {
    control_handle: std::mem::ManuallyDrop<SealingKeysControlHandle>,
    tx_id: u32,
}

/// Set the the channel to be shutdown (see [`SealingKeysControlHandle::shutdown`])
/// if the responder is dropped without sending a response, so that the client
/// doesn't hang. To prevent this behavior, call `drop_without_shutdown`.
impl std::ops::Drop for SealingKeysUnsealResponder {
    fn drop(&mut self) {
        self.control_handle.shutdown();
        // Safety: drops once, never accessed again
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
    }
}

impl fidl::endpoints::Responder for SealingKeysUnsealResponder {
    type ControlHandle = SealingKeysControlHandle;

    fn control_handle(&self) -> &SealingKeysControlHandle {
        &self.control_handle
    }

    fn drop_without_shutdown(mut self) {
        // Safety: drops once, never accessed again due to mem::forget
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
        // Prevent Drop from running (which would shut down the channel)
        std::mem::forget(self);
    }
}

impl SealingKeysUnsealResponder {
    /// Sends a response to the FIDL transaction.
    ///
    /// Sets the channel to shutdown if an error occurs.
    pub fn send(self, mut result: Result<&[u8], UnsealError>) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        if _result.is_err() {
            self.control_handle.shutdown();
        }
        self.drop_without_shutdown();
        _result
    }

    /// Similar to "send" but does not shutdown the channel if an error occurs.
    pub fn send_no_shutdown_on_err(
        self,
        mut result: Result<&[u8], UnsealError>,
    ) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        self.drop_without_shutdown();
        _result
    }

    fn send_raw(&self, mut result: Result<&[u8], UnsealError>) -> Result<(), fidl::Error> {
        self.control_handle
            .inner
            .send::<fidl::encoding::ResultType<SealingKeysUnsealResponse, UnsealError>>(
                result.map(|unsealed_secret| (unsealed_secret,)),
                self.tx_id,
                0x7037d75ecb579c83,
                fidl::encoding::DynamicFlags::empty(),
            )
    }
}

mod internal {
    use super::*;
}