fidl_fuchsia_security_keymint/

fidl_fuchsia_security_keymint.rs

// WARNING: This file is machine generated by fidlgen.

#![warn(clippy::all)]
#![allow(unused_parens, unused_mut, unused_imports, nonstandard_style)]

use bitflags::bitflags;
use fidl::client::QueryResponseFut;
use fidl::encoding::{MessageBufFor, ProxyChannelBox, ResourceDialect};
use fidl::endpoints::{ControlHandle as _, Responder as _};
pub use fidl_fuchsia_security_keymint__common::*;
use futures::future::{self, MaybeDone, TryFutureExt};
use zx_status;

#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Hash)]
pub struct AdminMarker;

impl fidl::endpoints::ProtocolMarker for AdminMarker {
    type Proxy = AdminProxy;
    type RequestStream = AdminRequestStream;
    #[cfg(target_os = "fuchsia")]
    type SynchronousProxy = AdminSynchronousProxy;

    const DEBUG_NAME: &'static str = "fuchsia.security.keymint.Admin";
}
impl fidl::endpoints::DiscoverableProtocolMarker for AdminMarker {}
pub type AdminDeleteAllKeysResult = Result<(), DeleteError>;

pub trait AdminProxyInterface: Send + Sync {
    type DeleteAllKeysResponseFut: std::future::Future<Output = Result<AdminDeleteAllKeysResult, fidl::Error>>
        + Send;
    fn r#delete_all_keys(&self) -> Self::DeleteAllKeysResponseFut;
}
#[derive(Debug)]
#[cfg(target_os = "fuchsia")]
pub struct AdminSynchronousProxy {
    client: fidl::client::sync::Client,
}

#[cfg(target_os = "fuchsia")]
impl fidl::endpoints::SynchronousProxy for AdminSynchronousProxy {
    type Proxy = AdminProxy;
    type Protocol = AdminMarker;

    fn from_channel(inner: fidl::Channel) -> Self {
        Self::new(inner)
    }

    fn into_channel(self) -> fidl::Channel {
        self.client.into_channel()
    }

    fn as_channel(&self) -> &fidl::Channel {
        self.client.as_channel()
    }
}

#[cfg(target_os = "fuchsia")]
impl AdminSynchronousProxy {
    pub fn new(channel: fidl::Channel) -> Self {
        let protocol_name = <AdminMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME;
        Self { client: fidl::client::sync::Client::new(channel, protocol_name) }
    }

    pub fn into_channel(self) -> fidl::Channel {
        self.client.into_channel()
    }

    /// Waits until an event arrives and returns it. It is safe for other
    /// threads to make concurrent requests while waiting for an event.
    pub fn wait_for_event(
        &self,
        deadline: zx::MonotonicInstant,
    ) -> Result<AdminEvent, fidl::Error> {
        AdminEvent::decode(self.client.wait_for_event(deadline)?)
    }

    /// Deletes all keymint-managed keys that rely on TEE state. For example, keys tagged with
    /// `Tag::ROLLBACK_RESISTANCE` may be rendered unusable due to bumping a securely managed
    /// anti-rollback counter or keys tagged with `Tag::USER_SECURE_ID` may be rendered unusable
    /// due to securely stored user ID bindings. The precise set of affected keys depends on the
    /// TEE implementation supporting keymint.
    pub fn r#delete_all_keys(
        &self,
        ___deadline: zx::MonotonicInstant,
    ) -> Result<AdminDeleteAllKeysResult, fidl::Error> {
        let _response = self.client.send_query::<
            fidl::encoding::EmptyPayload,
            fidl::encoding::ResultType<fidl::encoding::EmptyStruct, DeleteError>,
        >(
            (),
            0x7865f60b70087392,
            fidl::encoding::DynamicFlags::empty(),
            ___deadline,
        )?;
        Ok(_response.map(|x| x))
    }
}

#[cfg(target_os = "fuchsia")]
impl From<AdminSynchronousProxy> for zx::NullableHandle {
    fn from(value: AdminSynchronousProxy) -> Self {
        value.into_channel().into()
    }
}

#[cfg(target_os = "fuchsia")]
impl From<fidl::Channel> for AdminSynchronousProxy {
    fn from(value: fidl::Channel) -> Self {
        Self::new(value)
    }
}

#[cfg(target_os = "fuchsia")]
impl fidl::endpoints::FromClient for AdminSynchronousProxy {
    type Protocol = AdminMarker;

    fn from_client(value: fidl::endpoints::ClientEnd<AdminMarker>) -> Self {
        Self::new(value.into_channel())
    }
}

#[derive(Debug, Clone)]
pub struct AdminProxy {
    client: fidl::client::Client<fidl::encoding::DefaultFuchsiaResourceDialect>,
}

impl fidl::endpoints::Proxy for AdminProxy {
    type Protocol = AdminMarker;

    fn from_channel(inner: ::fidl::AsyncChannel) -> Self {
        Self::new(inner)
    }

    fn into_channel(self) -> Result<::fidl::AsyncChannel, Self> {
        self.client.into_channel().map_err(|client| Self { client })
    }

    fn as_channel(&self) -> &::fidl::AsyncChannel {
        self.client.as_channel()
    }
}

impl AdminProxy {
    /// Create a new Proxy for fuchsia.security.keymint/Admin.
    pub fn new(channel: ::fidl::AsyncChannel) -> Self {
        let protocol_name = <AdminMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME;
        Self { client: fidl::client::Client::new(channel, protocol_name) }
    }

    /// Get a Stream of events from the remote end of the protocol.
    ///
    /// # Panics
    ///
    /// Panics if the event stream was already taken.
    pub fn take_event_stream(&self) -> AdminEventStream {
        AdminEventStream { event_receiver: self.client.take_event_receiver() }
    }

    /// Deletes all keymint-managed keys that rely on TEE state. For example, keys tagged with
    /// `Tag::ROLLBACK_RESISTANCE` may be rendered unusable due to bumping a securely managed
    /// anti-rollback counter or keys tagged with `Tag::USER_SECURE_ID` may be rendered unusable
    /// due to securely stored user ID bindings. The precise set of affected keys depends on the
    /// TEE implementation supporting keymint.
    pub fn r#delete_all_keys(
        &self,
    ) -> fidl::client::QueryResponseFut<
        AdminDeleteAllKeysResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    > {
        AdminProxyInterface::r#delete_all_keys(self)
    }
}

impl AdminProxyInterface for AdminProxy {
    type DeleteAllKeysResponseFut = fidl::client::QueryResponseFut<
        AdminDeleteAllKeysResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    >;
    fn r#delete_all_keys(&self) -> Self::DeleteAllKeysResponseFut {
        fn _decode(
            mut _buf: Result<<fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc, fidl::Error>,
        ) -> Result<AdminDeleteAllKeysResult, fidl::Error> {
            let _response = fidl::client::decode_transaction_body::<
                fidl::encoding::ResultType<fidl::encoding::EmptyStruct, DeleteError>,
                fidl::encoding::DefaultFuchsiaResourceDialect,
                0x7865f60b70087392,
            >(_buf?)?;
            Ok(_response.map(|x| x))
        }
        self.client.send_query_and_decode::<fidl::encoding::EmptyPayload, AdminDeleteAllKeysResult>(
            (),
            0x7865f60b70087392,
            fidl::encoding::DynamicFlags::empty(),
            _decode,
        )
    }
}

pub struct AdminEventStream {
    event_receiver: fidl::client::EventReceiver<fidl::encoding::DefaultFuchsiaResourceDialect>,
}

impl std::marker::Unpin for AdminEventStream {}

impl futures::stream::FusedStream for AdminEventStream {
    fn is_terminated(&self) -> bool {
        self.event_receiver.is_terminated()
    }
}

impl futures::Stream for AdminEventStream {
    type Item = Result<AdminEvent, fidl::Error>;

    fn poll_next(
        mut self: std::pin::Pin<&mut Self>,
        cx: &mut std::task::Context<'_>,
    ) -> std::task::Poll<Option<Self::Item>> {
        match futures::ready!(futures::stream::StreamExt::poll_next_unpin(
            &mut self.event_receiver,
            cx
        )?) {
            Some(buf) => std::task::Poll::Ready(Some(AdminEvent::decode(buf))),
            None => std::task::Poll::Ready(None),
        }
    }
}

#[derive(Debug)]
pub enum AdminEvent {}

impl AdminEvent {
    /// Decodes a message buffer as a [`AdminEvent`].
    fn decode(
        mut buf: <fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc,
    ) -> Result<AdminEvent, fidl::Error> {
        let (bytes, _handles) = buf.split_mut();
        let (tx_header, _body_bytes) = fidl::encoding::decode_transaction_header(bytes)?;
        debug_assert_eq!(tx_header.tx_id, 0);
        match tx_header.ordinal {
            _ => Err(fidl::Error::UnknownOrdinal {
                ordinal: tx_header.ordinal,
                protocol_name: <AdminMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME,
            }),
        }
    }
}

/// A Stream of incoming requests for fuchsia.security.keymint/Admin.
pub struct AdminRequestStream {
    inner: std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>,
    is_terminated: bool,
}

impl std::marker::Unpin for AdminRequestStream {}

impl futures::stream::FusedStream for AdminRequestStream {
    fn is_terminated(&self) -> bool {
        self.is_terminated
    }
}

impl fidl::endpoints::RequestStream for AdminRequestStream {
    type Protocol = AdminMarker;
    type ControlHandle = AdminControlHandle;

    fn from_channel(channel: ::fidl::AsyncChannel) -> Self {
        Self { inner: std::sync::Arc::new(fidl::ServeInner::new(channel)), is_terminated: false }
    }

    fn control_handle(&self) -> Self::ControlHandle {
        AdminControlHandle { inner: self.inner.clone() }
    }

    fn into_inner(
        self,
    ) -> (::std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>, bool)
    {
        (self.inner, self.is_terminated)
    }

    fn from_inner(
        inner: std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>,
        is_terminated: bool,
    ) -> Self {
        Self { inner, is_terminated }
    }
}

impl futures::Stream for AdminRequestStream {
    type Item = Result<AdminRequest, fidl::Error>;

    fn poll_next(
        mut self: std::pin::Pin<&mut Self>,
        cx: &mut std::task::Context<'_>,
    ) -> std::task::Poll<Option<Self::Item>> {
        let this = &mut *self;
        if this.inner.check_shutdown(cx) {
            this.is_terminated = true;
            return std::task::Poll::Ready(None);
        }
        if this.is_terminated {
            panic!("polled AdminRequestStream after completion");
        }
        fidl::encoding::with_tls_decode_buf::<_, fidl::encoding::DefaultFuchsiaResourceDialect>(
            |bytes, handles| {
                match this.inner.channel().read_etc(cx, bytes, handles) {
                    std::task::Poll::Ready(Ok(())) => {}
                    std::task::Poll::Pending => return std::task::Poll::Pending,
                    std::task::Poll::Ready(Err(zx_status::Status::PEER_CLOSED)) => {
                        this.is_terminated = true;
                        return std::task::Poll::Ready(None);
                    }
                    std::task::Poll::Ready(Err(e)) => {
                        return std::task::Poll::Ready(Some(Err(fidl::Error::ServerRequestRead(
                            e.into(),
                        ))));
                    }
                }

                // A message has been received from the channel
                let (header, _body_bytes) = fidl::encoding::decode_transaction_header(bytes)?;

                std::task::Poll::Ready(Some(match header.ordinal {
                    0x7865f60b70087392 => {
                        header.validate_request_tx_id(fidl::MethodType::TwoWay)?;
                        let mut req = fidl::new_empty!(
                            fidl::encoding::EmptyPayload,
                            fidl::encoding::DefaultFuchsiaResourceDialect
                        );
                        fidl::encoding::Decoder::<fidl::encoding::DefaultFuchsiaResourceDialect>::decode_into::<fidl::encoding::EmptyPayload>(&header, _body_bytes, handles, &mut req)?;
                        let control_handle = AdminControlHandle { inner: this.inner.clone() };
                        Ok(AdminRequest::DeleteAllKeys {
                            responder: AdminDeleteAllKeysResponder {
                                control_handle: std::mem::ManuallyDrop::new(control_handle),
                                tx_id: header.tx_id,
                            },
                        })
                    }
                    _ => Err(fidl::Error::UnknownOrdinal {
                        ordinal: header.ordinal,
                        protocol_name: <AdminMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME,
                    }),
                }))
            },
        )
    }
}

/// Provides administrative operations for key management.
#[derive(Debug)]
pub enum AdminRequest {
    /// Deletes all keymint-managed keys that rely on TEE state. For example, keys tagged with
    /// `Tag::ROLLBACK_RESISTANCE` may be rendered unusable due to bumping a securely managed
    /// anti-rollback counter or keys tagged with `Tag::USER_SECURE_ID` may be rendered unusable
    /// due to securely stored user ID bindings. The precise set of affected keys depends on the
    /// TEE implementation supporting keymint.
    DeleteAllKeys { responder: AdminDeleteAllKeysResponder },
}

impl AdminRequest {
    #[allow(irrefutable_let_patterns)]
    pub fn into_delete_all_keys(self) -> Option<(AdminDeleteAllKeysResponder)> {
        if let AdminRequest::DeleteAllKeys { responder } = self { Some((responder)) } else { None }
    }

    /// Name of the method defined in FIDL
    pub fn method_name(&self) -> &'static str {
        match *self {
            AdminRequest::DeleteAllKeys { .. } => "delete_all_keys",
        }
    }
}

#[derive(Debug, Clone)]
pub struct AdminControlHandle {
    inner: std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>,
}

impl fidl::endpoints::ControlHandle for AdminControlHandle {
    fn shutdown(&self) {
        self.inner.shutdown()
    }

    fn shutdown_with_epitaph(&self, status: zx_status::Status) {
        self.inner.shutdown_with_epitaph(status)
    }

    fn is_closed(&self) -> bool {
        self.inner.channel().is_closed()
    }
    fn on_closed(&self) -> fidl::OnSignalsRef<'_> {
        self.inner.channel().on_closed()
    }

    #[cfg(target_os = "fuchsia")]
    fn signal_peer(
        &self,
        clear_mask: zx::Signals,
        set_mask: zx::Signals,
    ) -> Result<(), zx_status::Status> {
        use fidl::Peered;
        self.inner.channel().signal_peer(clear_mask, set_mask)
    }
}

impl AdminControlHandle {}

#[must_use = "FIDL methods require a response to be sent"]
#[derive(Debug)]
pub struct AdminDeleteAllKeysResponder {
    control_handle: std::mem::ManuallyDrop<AdminControlHandle>,
    tx_id: u32,
}

/// Set the the channel to be shutdown (see [`AdminControlHandle::shutdown`])
/// if the responder is dropped without sending a response, so that the client
/// doesn't hang. To prevent this behavior, call `drop_without_shutdown`.
impl std::ops::Drop for AdminDeleteAllKeysResponder {
    fn drop(&mut self) {
        self.control_handle.shutdown();
        // Safety: drops once, never accessed again
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
    }
}

impl fidl::endpoints::Responder for AdminDeleteAllKeysResponder {
    type ControlHandle = AdminControlHandle;

    fn control_handle(&self) -> &AdminControlHandle {
        &self.control_handle
    }

    fn drop_without_shutdown(mut self) {
        // Safety: drops once, never accessed again due to mem::forget
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
        // Prevent Drop from running (which would shut down the channel)
        std::mem::forget(self);
    }
}

impl AdminDeleteAllKeysResponder {
    /// Sends a response to the FIDL transaction.
    ///
    /// Sets the channel to shutdown if an error occurs.
    pub fn send(self, mut result: Result<(), DeleteError>) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        if _result.is_err() {
            self.control_handle.shutdown();
        }
        self.drop_without_shutdown();
        _result
    }

    /// Similar to "send" but does not shutdown the channel if an error occurs.
    pub fn send_no_shutdown_on_err(
        self,
        mut result: Result<(), DeleteError>,
    ) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        self.drop_without_shutdown();
        _result
    }

    fn send_raw(&self, mut result: Result<(), DeleteError>) -> Result<(), fidl::Error> {
        self.control_handle.inner.send::<fidl::encoding::ResultType<
            fidl::encoding::EmptyStruct,
            DeleteError,
        >>(
            result,
            self.tx_id,
            0x7865f60b70087392,
            fidl::encoding::DynamicFlags::empty(),
        )
    }
}

#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Hash)]
pub struct SealingKeysMarker;

impl fidl::endpoints::ProtocolMarker for SealingKeysMarker {
    type Proxy = SealingKeysProxy;
    type RequestStream = SealingKeysRequestStream;
    #[cfg(target_os = "fuchsia")]
    type SynchronousProxy = SealingKeysSynchronousProxy;

    const DEBUG_NAME: &'static str = "fuchsia.security.keymint.SealingKeys";
}
impl fidl::endpoints::DiscoverableProtocolMarker for SealingKeysMarker {}
pub type SealingKeysCreateSealingKeyResult = Result<Vec<u8>, CreateError>;
pub type SealingKeysSealResult = Result<Vec<u8>, SealError>;
pub type SealingKeysUnsealResult = Result<Vec<u8>, UnsealError>;
pub type SealingKeysUpgradeSealingKeyResult = Result<Vec<u8>, UpgradeError>;
pub type SealingKeysDeleteSealingKeyResult = Result<(), DeleteError>;

pub trait SealingKeysProxyInterface: Send + Sync {
    type CreateSealingKeyResponseFut: std::future::Future<Output = Result<SealingKeysCreateSealingKeyResult, fidl::Error>>
        + Send;
    fn r#create_sealing_key(&self, key_info: &[u8]) -> Self::CreateSealingKeyResponseFut;
    type SealResponseFut: std::future::Future<Output = Result<SealingKeysSealResult, fidl::Error>>
        + Send;
    fn r#seal(&self, key_info: &[u8], key_blob: &[u8], secret: &[u8]) -> Self::SealResponseFut;
    type UnsealResponseFut: std::future::Future<Output = Result<SealingKeysUnsealResult, fidl::Error>>
        + Send;
    fn r#unseal(
        &self,
        key_info: &[u8],
        key_blob: &[u8],
        sealed_secret: &[u8],
    ) -> Self::UnsealResponseFut;
    type UpgradeSealingKeyResponseFut: std::future::Future<Output = Result<SealingKeysUpgradeSealingKeyResult, fidl::Error>>
        + Send;
    fn r#upgrade_sealing_key(
        &self,
        key_info: &[u8],
        key_blob: &[u8],
    ) -> Self::UpgradeSealingKeyResponseFut;
    type DeleteSealingKeyResponseFut: std::future::Future<Output = Result<SealingKeysDeleteSealingKeyResult, fidl::Error>>
        + Send;
    fn r#delete_sealing_key(&self, key_blob: &[u8]) -> Self::DeleteSealingKeyResponseFut;
}
#[derive(Debug)]
#[cfg(target_os = "fuchsia")]
pub struct SealingKeysSynchronousProxy {
    client: fidl::client::sync::Client,
}

#[cfg(target_os = "fuchsia")]
impl fidl::endpoints::SynchronousProxy for SealingKeysSynchronousProxy {
    type Proxy = SealingKeysProxy;
    type Protocol = SealingKeysMarker;

    fn from_channel(inner: fidl::Channel) -> Self {
        Self::new(inner)
    }

    fn into_channel(self) -> fidl::Channel {
        self.client.into_channel()
    }

    fn as_channel(&self) -> &fidl::Channel {
        self.client.as_channel()
    }
}

#[cfg(target_os = "fuchsia")]
impl SealingKeysSynchronousProxy {
    pub fn new(channel: fidl::Channel) -> Self {
        let protocol_name = <SealingKeysMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME;
        Self { client: fidl::client::sync::Client::new(channel, protocol_name) }
    }

    pub fn into_channel(self) -> fidl::Channel {
        self.client.into_channel()
    }

    /// Waits until an event arrives and returns it. It is safe for other
    /// threads to make concurrent requests while waiting for an event.
    pub fn wait_for_event(
        &self,
        deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysEvent, fidl::Error> {
        SealingKeysEvent::decode(self.client.wait_for_event(deadline)?)
    }

    /// Generates a new sealing key to seal and unseal secrets.
    ///
    /// |key_info| is information to be cryptographically bound to the returned key.
    ///   * The client will have to supply it in all uses (other than key deletion) of the returned
    ///     key.
    ///   * It serves two purposes: (1) internally by the key manager to identify the key owner and
    ///     (2) as a password to mitigate potential attacks from the key manager and as well as
    ///     other clients.
    ///   * It is recommended to include sufficient entropy in it (using it as a password) to
    ///     mitigage potential attacks from the secure world (the key manager's execution
    ///     environment) or from other clients.
    ///   * It is acceptible to pass a constant if deriving and persisting a password is too
    ///     cumbersome and the client fully trust the secure world and there are not many other
    ///     clients.
    ///
    /// The client is responsible for persisting both |key_info| and the returned |key_blob|.
    /// The key blob is encrypted with a TEE-private key. It is guaranteed to be unique for each
    /// call (even with the same key info). It can be stored in unsecure storage.
    ///
    /// Returns:
    ///   * The sealing key if everything worked.
    ///   * FAILED_CREATE if the key creation failed, e.g., the |key_info| was empty.
    pub fn r#create_sealing_key(
        &self,
        mut key_info: &[u8],
        ___deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysCreateSealingKeyResult, fidl::Error> {
        let _response = self.client.send_query::<
            SealingKeysCreateSealingKeyRequest,
            fidl::encoding::ResultType<SealingKeysCreateSealingKeyResponse, CreateError>,
        >(
            (key_info,),
            0x5a191cbb6a8081bc,
            fidl::encoding::DynamicFlags::empty(),
            ___deadline,
        )?;
        Ok(_response.map(|x| x.key_blob))
    }

    /// Seals a secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the seal operation.
    ///
    /// Returns:
    ///   * The sealed secret if everything worked.
    ///   * KEY_REQUIRES_UPGRADE if keymint indicates that the sealing key requires upgrade.
    ///   * FAILED_SEAL if the sealing failed for another reason, e.g., sealing key info or blob
    ///     mismatch.
    pub fn r#seal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut secret: &[u8],
        ___deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysSealResult, fidl::Error> {
        let _response = self.client.send_query::<
            SealingKeysSealRequest,
            fidl::encoding::ResultType<SealingKeysSealResponse, SealError>,
        >(
            (key_info, key_blob, secret,),
            0x10d41255013918d1,
            fidl::encoding::DynamicFlags::empty(),
            ___deadline,
        )?;
        Ok(_response.map(|x| x.sealed_secret))
    }

    /// Unseals a sealed secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///   * The key blob has to match the one used to seal the secret.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the unseal operation.
    ///
    /// Returns:
    ///   * The unsealed secret if everything worked.
    ///   * KEY_REQUIRES_UPGRADE if keymint indicates that the sealing key requires upgrade.
    ///   * FAILED_UNSEAL if the unsealing failed for another reason, e.g., sealing key info or blob
    ///     mismatch.
    pub fn r#unseal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut sealed_secret: &[u8],
        ___deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysUnsealResult, fidl::Error> {
        let _response = self.client.send_query::<
            SealingKeysUnsealRequest,
            fidl::encoding::ResultType<SealingKeysUnsealResponse, UnsealError>,
        >(
            (key_info, key_blob, sealed_secret,),
            0x7037d75ecb579c83,
            fidl::encoding::DynamicFlags::empty(),
            ___deadline,
        )?;
        Ok(_response.map(|x| x.unsealed_secret))
    }

    /// Upgrades a sealing key that has been deemed out-of-date by keymint. The sealing key to
    /// upgrade is identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///   * The key blob has to match the blob returned when generating the sealing key.
    ///
    /// Note that after upgrading a key, both the old key and new key will be occupying limited key
    /// storage in keymint. This means that clients can unintentionally exhaust key storage in two
    /// ways:
    /// * Upgrading a key and failing to delete the old key after upgrade.
    /// * Successfully upgrading a key, failing to persist the new key, and later (e.g., after a
    ///   reboot) upgrading the key again.
    ///
    /// Both of the above missteps on the part of the client will "waste" one key slot in keymint,
    /// and repeated missteps (e.g., a boot loop that upgrades a key, fails to persist the new key,
    /// then reboots) can exhaust available key storage. Clients are responsible for old (upgraded)
    /// keys and persisting new (result of a successful key upgrade) to ensure that key slots are
    /// not wasted.
    ///
    ///  Returns
    ///   * The upgraded key blob if everything worked.
    ///   * FAILED_UPGRADE if the upgrade failed.
    pub fn r#upgrade_sealing_key(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        ___deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysUpgradeSealingKeyResult, fidl::Error> {
        let _response = self.client.send_query::<
            SealingKeysUpgradeSealingKeyRequest,
            fidl::encoding::ResultType<SealingKeysUpgradeSealingKeyResponse, UpgradeError>,
        >(
            (key_info, key_blob,),
            0x68584c5a799181e7,
            fidl::encoding::DynamicFlags::empty(),
            ___deadline,
        )?;
        Ok(_response.map(|x| x.key_blob))
    }

    /// Deletes a sealing key from keymint.
    ///
    /// This operation should be used to delete old (upgraded) keys.
    ///
    /// Returns
    ///  * Nothing if everything worked.
    ///  * FAILED_DELETE if deletion failed.
    pub fn r#delete_sealing_key(
        &self,
        mut key_blob: &[u8],
        ___deadline: zx::MonotonicInstant,
    ) -> Result<SealingKeysDeleteSealingKeyResult, fidl::Error> {
        let _response = self.client.send_query::<
            SealingKeysDeleteSealingKeyRequest,
            fidl::encoding::ResultType<fidl::encoding::EmptyStruct, DeleteError>,
        >(
            (key_blob,),
            0xad65bae761e8c3,
            fidl::encoding::DynamicFlags::empty(),
            ___deadline,
        )?;
        Ok(_response.map(|x| x))
    }
}

#[cfg(target_os = "fuchsia")]
impl From<SealingKeysSynchronousProxy> for zx::NullableHandle {
    fn from(value: SealingKeysSynchronousProxy) -> Self {
        value.into_channel().into()
    }
}

#[cfg(target_os = "fuchsia")]
impl From<fidl::Channel> for SealingKeysSynchronousProxy {
    fn from(value: fidl::Channel) -> Self {
        Self::new(value)
    }
}

#[cfg(target_os = "fuchsia")]
impl fidl::endpoints::FromClient for SealingKeysSynchronousProxy {
    type Protocol = SealingKeysMarker;

    fn from_client(value: fidl::endpoints::ClientEnd<SealingKeysMarker>) -> Self {
        Self::new(value.into_channel())
    }
}

#[derive(Debug, Clone)]
pub struct SealingKeysProxy {
    client: fidl::client::Client<fidl::encoding::DefaultFuchsiaResourceDialect>,
}

impl fidl::endpoints::Proxy for SealingKeysProxy {
    type Protocol = SealingKeysMarker;

    fn from_channel(inner: ::fidl::AsyncChannel) -> Self {
        Self::new(inner)
    }

    fn into_channel(self) -> Result<::fidl::AsyncChannel, Self> {
        self.client.into_channel().map_err(|client| Self { client })
    }

    fn as_channel(&self) -> &::fidl::AsyncChannel {
        self.client.as_channel()
    }
}

impl SealingKeysProxy {
    /// Create a new Proxy for fuchsia.security.keymint/SealingKeys.
    pub fn new(channel: ::fidl::AsyncChannel) -> Self {
        let protocol_name = <SealingKeysMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME;
        Self { client: fidl::client::Client::new(channel, protocol_name) }
    }

    /// Get a Stream of events from the remote end of the protocol.
    ///
    /// # Panics
    ///
    /// Panics if the event stream was already taken.
    pub fn take_event_stream(&self) -> SealingKeysEventStream {
        SealingKeysEventStream { event_receiver: self.client.take_event_receiver() }
    }

    /// Generates a new sealing key to seal and unseal secrets.
    ///
    /// |key_info| is information to be cryptographically bound to the returned key.
    ///   * The client will have to supply it in all uses (other than key deletion) of the returned
    ///     key.
    ///   * It serves two purposes: (1) internally by the key manager to identify the key owner and
    ///     (2) as a password to mitigate potential attacks from the key manager and as well as
    ///     other clients.
    ///   * It is recommended to include sufficient entropy in it (using it as a password) to
    ///     mitigage potential attacks from the secure world (the key manager's execution
    ///     environment) or from other clients.
    ///   * It is acceptible to pass a constant if deriving and persisting a password is too
    ///     cumbersome and the client fully trust the secure world and there are not many other
    ///     clients.
    ///
    /// The client is responsible for persisting both |key_info| and the returned |key_blob|.
    /// The key blob is encrypted with a TEE-private key. It is guaranteed to be unique for each
    /// call (even with the same key info). It can be stored in unsecure storage.
    ///
    /// Returns:
    ///   * The sealing key if everything worked.
    ///   * FAILED_CREATE if the key creation failed, e.g., the |key_info| was empty.
    pub fn r#create_sealing_key(
        &self,
        mut key_info: &[u8],
    ) -> fidl::client::QueryResponseFut<
        SealingKeysCreateSealingKeyResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    > {
        SealingKeysProxyInterface::r#create_sealing_key(self, key_info)
    }

    /// Seals a secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the seal operation.
    ///
    /// Returns:
    ///   * The sealed secret if everything worked.
    ///   * KEY_REQUIRES_UPGRADE if keymint indicates that the sealing key requires upgrade.
    ///   * FAILED_SEAL if the sealing failed for another reason, e.g., sealing key info or blob
    ///     mismatch.
    pub fn r#seal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut secret: &[u8],
    ) -> fidl::client::QueryResponseFut<
        SealingKeysSealResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    > {
        SealingKeysProxyInterface::r#seal(self, key_info, key_blob, secret)
    }

    /// Unseals a sealed secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///   * The key blob has to match the one used to seal the secret.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the unseal operation.
    ///
    /// Returns:
    ///   * The unsealed secret if everything worked.
    ///   * KEY_REQUIRES_UPGRADE if keymint indicates that the sealing key requires upgrade.
    ///   * FAILED_UNSEAL if the unsealing failed for another reason, e.g., sealing key info or blob
    ///     mismatch.
    pub fn r#unseal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut sealed_secret: &[u8],
    ) -> fidl::client::QueryResponseFut<
        SealingKeysUnsealResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    > {
        SealingKeysProxyInterface::r#unseal(self, key_info, key_blob, sealed_secret)
    }

    /// Upgrades a sealing key that has been deemed out-of-date by keymint. The sealing key to
    /// upgrade is identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///   * The key blob has to match the blob returned when generating the sealing key.
    ///
    /// Note that after upgrading a key, both the old key and new key will be occupying limited key
    /// storage in keymint. This means that clients can unintentionally exhaust key storage in two
    /// ways:
    /// * Upgrading a key and failing to delete the old key after upgrade.
    /// * Successfully upgrading a key, failing to persist the new key, and later (e.g., after a
    ///   reboot) upgrading the key again.
    ///
    /// Both of the above missteps on the part of the client will "waste" one key slot in keymint,
    /// and repeated missteps (e.g., a boot loop that upgrades a key, fails to persist the new key,
    /// then reboots) can exhaust available key storage. Clients are responsible for old (upgraded)
    /// keys and persisting new (result of a successful key upgrade) to ensure that key slots are
    /// not wasted.
    ///
    ///  Returns
    ///   * The upgraded key blob if everything worked.
    ///   * FAILED_UPGRADE if the upgrade failed.
    pub fn r#upgrade_sealing_key(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
    ) -> fidl::client::QueryResponseFut<
        SealingKeysUpgradeSealingKeyResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    > {
        SealingKeysProxyInterface::r#upgrade_sealing_key(self, key_info, key_blob)
    }

    /// Deletes a sealing key from keymint.
    ///
    /// This operation should be used to delete old (upgraded) keys.
    ///
    /// Returns
    ///  * Nothing if everything worked.
    ///  * FAILED_DELETE if deletion failed.
    pub fn r#delete_sealing_key(
        &self,
        mut key_blob: &[u8],
    ) -> fidl::client::QueryResponseFut<
        SealingKeysDeleteSealingKeyResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    > {
        SealingKeysProxyInterface::r#delete_sealing_key(self, key_blob)
    }
}

impl SealingKeysProxyInterface for SealingKeysProxy {
    type CreateSealingKeyResponseFut = fidl::client::QueryResponseFut<
        SealingKeysCreateSealingKeyResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    >;
    fn r#create_sealing_key(&self, mut key_info: &[u8]) -> Self::CreateSealingKeyResponseFut {
        fn _decode(
            mut _buf: Result<<fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc, fidl::Error>,
        ) -> Result<SealingKeysCreateSealingKeyResult, fidl::Error> {
            let _response = fidl::client::decode_transaction_body::<
                fidl::encoding::ResultType<SealingKeysCreateSealingKeyResponse, CreateError>,
                fidl::encoding::DefaultFuchsiaResourceDialect,
                0x5a191cbb6a8081bc,
            >(_buf?)?;
            Ok(_response.map(|x| x.key_blob))
        }
        self.client.send_query_and_decode::<
            SealingKeysCreateSealingKeyRequest,
            SealingKeysCreateSealingKeyResult,
        >(
            (key_info,),
            0x5a191cbb6a8081bc,
            fidl::encoding::DynamicFlags::empty(),
            _decode,
        )
    }

    type SealResponseFut = fidl::client::QueryResponseFut<
        SealingKeysSealResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    >;
    fn r#seal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut secret: &[u8],
    ) -> Self::SealResponseFut {
        fn _decode(
            mut _buf: Result<<fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc, fidl::Error>,
        ) -> Result<SealingKeysSealResult, fidl::Error> {
            let _response = fidl::client::decode_transaction_body::<
                fidl::encoding::ResultType<SealingKeysSealResponse, SealError>,
                fidl::encoding::DefaultFuchsiaResourceDialect,
                0x10d41255013918d1,
            >(_buf?)?;
            Ok(_response.map(|x| x.sealed_secret))
        }
        self.client.send_query_and_decode::<SealingKeysSealRequest, SealingKeysSealResult>(
            (key_info, key_blob, secret),
            0x10d41255013918d1,
            fidl::encoding::DynamicFlags::empty(),
            _decode,
        )
    }

    type UnsealResponseFut = fidl::client::QueryResponseFut<
        SealingKeysUnsealResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    >;
    fn r#unseal(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
        mut sealed_secret: &[u8],
    ) -> Self::UnsealResponseFut {
        fn _decode(
            mut _buf: Result<<fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc, fidl::Error>,
        ) -> Result<SealingKeysUnsealResult, fidl::Error> {
            let _response = fidl::client::decode_transaction_body::<
                fidl::encoding::ResultType<SealingKeysUnsealResponse, UnsealError>,
                fidl::encoding::DefaultFuchsiaResourceDialect,
                0x7037d75ecb579c83,
            >(_buf?)?;
            Ok(_response.map(|x| x.unsealed_secret))
        }
        self.client.send_query_and_decode::<SealingKeysUnsealRequest, SealingKeysUnsealResult>(
            (key_info, key_blob, sealed_secret),
            0x7037d75ecb579c83,
            fidl::encoding::DynamicFlags::empty(),
            _decode,
        )
    }

    type UpgradeSealingKeyResponseFut = fidl::client::QueryResponseFut<
        SealingKeysUpgradeSealingKeyResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    >;
    fn r#upgrade_sealing_key(
        &self,
        mut key_info: &[u8],
        mut key_blob: &[u8],
    ) -> Self::UpgradeSealingKeyResponseFut {
        fn _decode(
            mut _buf: Result<<fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc, fidl::Error>,
        ) -> Result<SealingKeysUpgradeSealingKeyResult, fidl::Error> {
            let _response = fidl::client::decode_transaction_body::<
                fidl::encoding::ResultType<SealingKeysUpgradeSealingKeyResponse, UpgradeError>,
                fidl::encoding::DefaultFuchsiaResourceDialect,
                0x68584c5a799181e7,
            >(_buf?)?;
            Ok(_response.map(|x| x.key_blob))
        }
        self.client.send_query_and_decode::<
            SealingKeysUpgradeSealingKeyRequest,
            SealingKeysUpgradeSealingKeyResult,
        >(
            (key_info, key_blob,),
            0x68584c5a799181e7,
            fidl::encoding::DynamicFlags::empty(),
            _decode,
        )
    }

    type DeleteSealingKeyResponseFut = fidl::client::QueryResponseFut<
        SealingKeysDeleteSealingKeyResult,
        fidl::encoding::DefaultFuchsiaResourceDialect,
    >;
    fn r#delete_sealing_key(&self, mut key_blob: &[u8]) -> Self::DeleteSealingKeyResponseFut {
        fn _decode(
            mut _buf: Result<<fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc, fidl::Error>,
        ) -> Result<SealingKeysDeleteSealingKeyResult, fidl::Error> {
            let _response = fidl::client::decode_transaction_body::<
                fidl::encoding::ResultType<fidl::encoding::EmptyStruct, DeleteError>,
                fidl::encoding::DefaultFuchsiaResourceDialect,
                0xad65bae761e8c3,
            >(_buf?)?;
            Ok(_response.map(|x| x))
        }
        self.client.send_query_and_decode::<
            SealingKeysDeleteSealingKeyRequest,
            SealingKeysDeleteSealingKeyResult,
        >(
            (key_blob,),
            0xad65bae761e8c3,
            fidl::encoding::DynamicFlags::empty(),
            _decode,
        )
    }
}

pub struct SealingKeysEventStream {
    event_receiver: fidl::client::EventReceiver<fidl::encoding::DefaultFuchsiaResourceDialect>,
}

impl std::marker::Unpin for SealingKeysEventStream {}

impl futures::stream::FusedStream for SealingKeysEventStream {
    fn is_terminated(&self) -> bool {
        self.event_receiver.is_terminated()
    }
}

impl futures::Stream for SealingKeysEventStream {
    type Item = Result<SealingKeysEvent, fidl::Error>;

    fn poll_next(
        mut self: std::pin::Pin<&mut Self>,
        cx: &mut std::task::Context<'_>,
    ) -> std::task::Poll<Option<Self::Item>> {
        match futures::ready!(futures::stream::StreamExt::poll_next_unpin(
            &mut self.event_receiver,
            cx
        )?) {
            Some(buf) => std::task::Poll::Ready(Some(SealingKeysEvent::decode(buf))),
            None => std::task::Poll::Ready(None),
        }
    }
}

#[derive(Debug)]
pub enum SealingKeysEvent {}

impl SealingKeysEvent {
    /// Decodes a message buffer as a [`SealingKeysEvent`].
    fn decode(
        mut buf: <fidl::encoding::DefaultFuchsiaResourceDialect as fidl::encoding::ResourceDialect>::MessageBufEtc,
    ) -> Result<SealingKeysEvent, fidl::Error> {
        let (bytes, _handles) = buf.split_mut();
        let (tx_header, _body_bytes) = fidl::encoding::decode_transaction_header(bytes)?;
        debug_assert_eq!(tx_header.tx_id, 0);
        match tx_header.ordinal {
            _ => Err(fidl::Error::UnknownOrdinal {
                ordinal: tx_header.ordinal,
                protocol_name: <SealingKeysMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME,
            }),
        }
    }
}

/// A Stream of incoming requests for fuchsia.security.keymint/SealingKeys.
pub struct SealingKeysRequestStream {
    inner: std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>,
    is_terminated: bool,
}

impl std::marker::Unpin for SealingKeysRequestStream {}

impl futures::stream::FusedStream for SealingKeysRequestStream {
    fn is_terminated(&self) -> bool {
        self.is_terminated
    }
}

impl fidl::endpoints::RequestStream for SealingKeysRequestStream {
    type Protocol = SealingKeysMarker;
    type ControlHandle = SealingKeysControlHandle;

    fn from_channel(channel: ::fidl::AsyncChannel) -> Self {
        Self { inner: std::sync::Arc::new(fidl::ServeInner::new(channel)), is_terminated: false }
    }

    fn control_handle(&self) -> Self::ControlHandle {
        SealingKeysControlHandle { inner: self.inner.clone() }
    }

    fn into_inner(
        self,
    ) -> (::std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>, bool)
    {
        (self.inner, self.is_terminated)
    }

    fn from_inner(
        inner: std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>,
        is_terminated: bool,
    ) -> Self {
        Self { inner, is_terminated }
    }
}

impl futures::Stream for SealingKeysRequestStream {
    type Item = Result<SealingKeysRequest, fidl::Error>;

    fn poll_next(
        mut self: std::pin::Pin<&mut Self>,
        cx: &mut std::task::Context<'_>,
    ) -> std::task::Poll<Option<Self::Item>> {
        let this = &mut *self;
        if this.inner.check_shutdown(cx) {
            this.is_terminated = true;
            return std::task::Poll::Ready(None);
        }
        if this.is_terminated {
            panic!("polled SealingKeysRequestStream after completion");
        }
        fidl::encoding::with_tls_decode_buf::<_, fidl::encoding::DefaultFuchsiaResourceDialect>(
            |bytes, handles| {
                match this.inner.channel().read_etc(cx, bytes, handles) {
                    std::task::Poll::Ready(Ok(())) => {}
                    std::task::Poll::Pending => return std::task::Poll::Pending,
                    std::task::Poll::Ready(Err(zx_status::Status::PEER_CLOSED)) => {
                        this.is_terminated = true;
                        return std::task::Poll::Ready(None);
                    }
                    std::task::Poll::Ready(Err(e)) => {
                        return std::task::Poll::Ready(Some(Err(fidl::Error::ServerRequestRead(
                            e.into(),
                        ))));
                    }
                }

                // A message has been received from the channel
                let (header, _body_bytes) = fidl::encoding::decode_transaction_header(bytes)?;

                std::task::Poll::Ready(Some(match header.ordinal {
                    0x5a191cbb6a8081bc => {
                        header.validate_request_tx_id(fidl::MethodType::TwoWay)?;
                        let mut req = fidl::new_empty!(
                            SealingKeysCreateSealingKeyRequest,
                            fidl::encoding::DefaultFuchsiaResourceDialect
                        );
                        fidl::encoding::Decoder::<fidl::encoding::DefaultFuchsiaResourceDialect>::decode_into::<SealingKeysCreateSealingKeyRequest>(&header, _body_bytes, handles, &mut req)?;
                        let control_handle = SealingKeysControlHandle { inner: this.inner.clone() };
                        Ok(SealingKeysRequest::CreateSealingKey {
                            key_info: req.key_info,

                            responder: SealingKeysCreateSealingKeyResponder {
                                control_handle: std::mem::ManuallyDrop::new(control_handle),
                                tx_id: header.tx_id,
                            },
                        })
                    }
                    0x10d41255013918d1 => {
                        header.validate_request_tx_id(fidl::MethodType::TwoWay)?;
                        let mut req = fidl::new_empty!(
                            SealingKeysSealRequest,
                            fidl::encoding::DefaultFuchsiaResourceDialect
                        );
                        fidl::encoding::Decoder::<fidl::encoding::DefaultFuchsiaResourceDialect>::decode_into::<SealingKeysSealRequest>(&header, _body_bytes, handles, &mut req)?;
                        let control_handle = SealingKeysControlHandle { inner: this.inner.clone() };
                        Ok(SealingKeysRequest::Seal {
                            key_info: req.key_info,
                            key_blob: req.key_blob,
                            secret: req.secret,

                            responder: SealingKeysSealResponder {
                                control_handle: std::mem::ManuallyDrop::new(control_handle),
                                tx_id: header.tx_id,
                            },
                        })
                    }
                    0x7037d75ecb579c83 => {
                        header.validate_request_tx_id(fidl::MethodType::TwoWay)?;
                        let mut req = fidl::new_empty!(
                            SealingKeysUnsealRequest,
                            fidl::encoding::DefaultFuchsiaResourceDialect
                        );
                        fidl::encoding::Decoder::<fidl::encoding::DefaultFuchsiaResourceDialect>::decode_into::<SealingKeysUnsealRequest>(&header, _body_bytes, handles, &mut req)?;
                        let control_handle = SealingKeysControlHandle { inner: this.inner.clone() };
                        Ok(SealingKeysRequest::Unseal {
                            key_info: req.key_info,
                            key_blob: req.key_blob,
                            sealed_secret: req.sealed_secret,

                            responder: SealingKeysUnsealResponder {
                                control_handle: std::mem::ManuallyDrop::new(control_handle),
                                tx_id: header.tx_id,
                            },
                        })
                    }
                    0x68584c5a799181e7 => {
                        header.validate_request_tx_id(fidl::MethodType::TwoWay)?;
                        let mut req = fidl::new_empty!(
                            SealingKeysUpgradeSealingKeyRequest,
                            fidl::encoding::DefaultFuchsiaResourceDialect
                        );
                        fidl::encoding::Decoder::<fidl::encoding::DefaultFuchsiaResourceDialect>::decode_into::<SealingKeysUpgradeSealingKeyRequest>(&header, _body_bytes, handles, &mut req)?;
                        let control_handle = SealingKeysControlHandle { inner: this.inner.clone() };
                        Ok(SealingKeysRequest::UpgradeSealingKey {
                            key_info: req.key_info,
                            key_blob: req.key_blob,

                            responder: SealingKeysUpgradeSealingKeyResponder {
                                control_handle: std::mem::ManuallyDrop::new(control_handle),
                                tx_id: header.tx_id,
                            },
                        })
                    }
                    0xad65bae761e8c3 => {
                        header.validate_request_tx_id(fidl::MethodType::TwoWay)?;
                        let mut req = fidl::new_empty!(
                            SealingKeysDeleteSealingKeyRequest,
                            fidl::encoding::DefaultFuchsiaResourceDialect
                        );
                        fidl::encoding::Decoder::<fidl::encoding::DefaultFuchsiaResourceDialect>::decode_into::<SealingKeysDeleteSealingKeyRequest>(&header, _body_bytes, handles, &mut req)?;
                        let control_handle = SealingKeysControlHandle { inner: this.inner.clone() };
                        Ok(SealingKeysRequest::DeleteSealingKey {
                            key_blob: req.key_blob,

                            responder: SealingKeysDeleteSealingKeyResponder {
                                control_handle: std::mem::ManuallyDrop::new(control_handle),
                                tx_id: header.tx_id,
                            },
                        })
                    }
                    _ => Err(fidl::Error::UnknownOrdinal {
                        ordinal: header.ordinal,
                        protocol_name:
                            <SealingKeysMarker as fidl::endpoints::ProtocolMarker>::DEBUG_NAME,
                    }),
                }))
            },
        )
    }
}

/// Allows a client to generate sealing keys and then use these keys to seal and unseal secrets.
/// Sealed secrets are safe for offline storage.
///
/// Note that (un)seal is synonymous with (un)wrap, e.g., wrapping an encryption key is the same
/// as sealing an encryption key.
#[derive(Debug)]
pub enum SealingKeysRequest {
    /// Generates a new sealing key to seal and unseal secrets.
    ///
    /// |key_info| is information to be cryptographically bound to the returned key.
    ///   * The client will have to supply it in all uses (other than key deletion) of the returned
    ///     key.
    ///   * It serves two purposes: (1) internally by the key manager to identify the key owner and
    ///     (2) as a password to mitigate potential attacks from the key manager and as well as
    ///     other clients.
    ///   * It is recommended to include sufficient entropy in it (using it as a password) to
    ///     mitigage potential attacks from the secure world (the key manager's execution
    ///     environment) or from other clients.
    ///   * It is acceptible to pass a constant if deriving and persisting a password is too
    ///     cumbersome and the client fully trust the secure world and there are not many other
    ///     clients.
    ///
    /// The client is responsible for persisting both |key_info| and the returned |key_blob|.
    /// The key blob is encrypted with a TEE-private key. It is guaranteed to be unique for each
    /// call (even with the same key info). It can be stored in unsecure storage.
    ///
    /// Returns:
    ///   * The sealing key if everything worked.
    ///   * FAILED_CREATE if the key creation failed, e.g., the |key_info| was empty.
    CreateSealingKey { key_info: Vec<u8>, responder: SealingKeysCreateSealingKeyResponder },
    /// Seals a secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the seal operation.
    ///
    /// Returns:
    ///   * The sealed secret if everything worked.
    ///   * KEY_REQUIRES_UPGRADE if keymint indicates that the sealing key requires upgrade.
    ///   * FAILED_SEAL if the sealing failed for another reason, e.g., sealing key info or blob
    ///     mismatch.
    Seal {
        key_info: Vec<u8>,
        key_blob: Vec<u8>,
        secret: Vec<u8>,
        responder: SealingKeysSealResponder,
    },
    /// Unseals a sealed secret using a sealing key identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///   * The key blob has to match the one used to seal the secret.
    ///
    /// Note that the secret may be a key itself. It has no bearing on the unseal operation.
    ///
    /// Returns:
    ///   * The unsealed secret if everything worked.
    ///   * KEY_REQUIRES_UPGRADE if keymint indicates that the sealing key requires upgrade.
    ///   * FAILED_UNSEAL if the unsealing failed for another reason, e.g., sealing key info or blob
    ///     mismatch.
    Unseal {
        key_info: Vec<u8>,
        key_blob: Vec<u8>,
        sealed_secret: Vec<u8>,
        responder: SealingKeysUnsealResponder,
    },
    /// Upgrades a sealing key that has been deemed out-of-date by keymint. The sealing key to
    /// upgrade is identified by its info and blob:
    ///   * The key info has to match the one supplied when generating the sealing key.
    ///   * The key blob has to match the blob returned when generating the sealing key.
    ///
    /// Note that after upgrading a key, both the old key and new key will be occupying limited key
    /// storage in keymint. This means that clients can unintentionally exhaust key storage in two
    /// ways:
    /// * Upgrading a key and failing to delete the old key after upgrade.
    /// * Successfully upgrading a key, failing to persist the new key, and later (e.g., after a
    ///   reboot) upgrading the key again.
    ///
    /// Both of the above missteps on the part of the client will "waste" one key slot in keymint,
    /// and repeated missteps (e.g., a boot loop that upgrades a key, fails to persist the new key,
    /// then reboots) can exhaust available key storage. Clients are responsible for old (upgraded)
    /// keys and persisting new (result of a successful key upgrade) to ensure that key slots are
    /// not wasted.
    ///
    ///  Returns
    ///   * The upgraded key blob if everything worked.
    ///   * FAILED_UPGRADE if the upgrade failed.
    UpgradeSealingKey {
        key_info: Vec<u8>,
        key_blob: Vec<u8>,
        responder: SealingKeysUpgradeSealingKeyResponder,
    },
    /// Deletes a sealing key from keymint.
    ///
    /// This operation should be used to delete old (upgraded) keys.
    ///
    /// Returns
    ///  * Nothing if everything worked.
    ///  * FAILED_DELETE if deletion failed.
    DeleteSealingKey { key_blob: Vec<u8>, responder: SealingKeysDeleteSealingKeyResponder },
}

impl SealingKeysRequest {
    #[allow(irrefutable_let_patterns)]
    pub fn into_create_sealing_key(
        self,
    ) -> Option<(Vec<u8>, SealingKeysCreateSealingKeyResponder)> {
        if let SealingKeysRequest::CreateSealingKey { key_info, responder } = self {
            Some((key_info, responder))
        } else {
            None
        }
    }

    #[allow(irrefutable_let_patterns)]
    pub fn into_seal(self) -> Option<(Vec<u8>, Vec<u8>, Vec<u8>, SealingKeysSealResponder)> {
        if let SealingKeysRequest::Seal { key_info, key_blob, secret, responder } = self {
            Some((key_info, key_blob, secret, responder))
        } else {
            None
        }
    }

    #[allow(irrefutable_let_patterns)]
    pub fn into_unseal(self) -> Option<(Vec<u8>, Vec<u8>, Vec<u8>, SealingKeysUnsealResponder)> {
        if let SealingKeysRequest::Unseal { key_info, key_blob, sealed_secret, responder } = self {
            Some((key_info, key_blob, sealed_secret, responder))
        } else {
            None
        }
    }

    #[allow(irrefutable_let_patterns)]
    pub fn into_upgrade_sealing_key(
        self,
    ) -> Option<(Vec<u8>, Vec<u8>, SealingKeysUpgradeSealingKeyResponder)> {
        if let SealingKeysRequest::UpgradeSealingKey { key_info, key_blob, responder } = self {
            Some((key_info, key_blob, responder))
        } else {
            None
        }
    }

    #[allow(irrefutable_let_patterns)]
    pub fn into_delete_sealing_key(
        self,
    ) -> Option<(Vec<u8>, SealingKeysDeleteSealingKeyResponder)> {
        if let SealingKeysRequest::DeleteSealingKey { key_blob, responder } = self {
            Some((key_blob, responder))
        } else {
            None
        }
    }

    /// Name of the method defined in FIDL
    pub fn method_name(&self) -> &'static str {
        match *self {
            SealingKeysRequest::CreateSealingKey { .. } => "create_sealing_key",
            SealingKeysRequest::Seal { .. } => "seal",
            SealingKeysRequest::Unseal { .. } => "unseal",
            SealingKeysRequest::UpgradeSealingKey { .. } => "upgrade_sealing_key",
            SealingKeysRequest::DeleteSealingKey { .. } => "delete_sealing_key",
        }
    }
}

#[derive(Debug, Clone)]
pub struct SealingKeysControlHandle {
    inner: std::sync::Arc<fidl::ServeInner<fidl::encoding::DefaultFuchsiaResourceDialect>>,
}

impl fidl::endpoints::ControlHandle for SealingKeysControlHandle {
    fn shutdown(&self) {
        self.inner.shutdown()
    }

    fn shutdown_with_epitaph(&self, status: zx_status::Status) {
        self.inner.shutdown_with_epitaph(status)
    }

    fn is_closed(&self) -> bool {
        self.inner.channel().is_closed()
    }
    fn on_closed(&self) -> fidl::OnSignalsRef<'_> {
        self.inner.channel().on_closed()
    }

    #[cfg(target_os = "fuchsia")]
    fn signal_peer(
        &self,
        clear_mask: zx::Signals,
        set_mask: zx::Signals,
    ) -> Result<(), zx_status::Status> {
        use fidl::Peered;
        self.inner.channel().signal_peer(clear_mask, set_mask)
    }
}

impl SealingKeysControlHandle {}

#[must_use = "FIDL methods require a response to be sent"]
#[derive(Debug)]
pub struct SealingKeysCreateSealingKeyResponder {
    control_handle: std::mem::ManuallyDrop<SealingKeysControlHandle>,
    tx_id: u32,
}

/// Set the the channel to be shutdown (see [`SealingKeysControlHandle::shutdown`])
/// if the responder is dropped without sending a response, so that the client
/// doesn't hang. To prevent this behavior, call `drop_without_shutdown`.
impl std::ops::Drop for SealingKeysCreateSealingKeyResponder {
    fn drop(&mut self) {
        self.control_handle.shutdown();
        // Safety: drops once, never accessed again
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
    }
}

impl fidl::endpoints::Responder for SealingKeysCreateSealingKeyResponder {
    type ControlHandle = SealingKeysControlHandle;

    fn control_handle(&self) -> &SealingKeysControlHandle {
        &self.control_handle
    }

    fn drop_without_shutdown(mut self) {
        // Safety: drops once, never accessed again due to mem::forget
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
        // Prevent Drop from running (which would shut down the channel)
        std::mem::forget(self);
    }
}

impl SealingKeysCreateSealingKeyResponder {
    /// Sends a response to the FIDL transaction.
    ///
    /// Sets the channel to shutdown if an error occurs.
    pub fn send(self, mut result: Result<&[u8], CreateError>) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        if _result.is_err() {
            self.control_handle.shutdown();
        }
        self.drop_without_shutdown();
        _result
    }

    /// Similar to "send" but does not shutdown the channel if an error occurs.
    pub fn send_no_shutdown_on_err(
        self,
        mut result: Result<&[u8], CreateError>,
    ) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        self.drop_without_shutdown();
        _result
    }

    fn send_raw(&self, mut result: Result<&[u8], CreateError>) -> Result<(), fidl::Error> {
        self.control_handle.inner.send::<fidl::encoding::ResultType<
            SealingKeysCreateSealingKeyResponse,
            CreateError,
        >>(
            result.map(|key_blob| (key_blob,)),
            self.tx_id,
            0x5a191cbb6a8081bc,
            fidl::encoding::DynamicFlags::empty(),
        )
    }
}

#[must_use = "FIDL methods require a response to be sent"]
#[derive(Debug)]
pub struct SealingKeysSealResponder {
    control_handle: std::mem::ManuallyDrop<SealingKeysControlHandle>,
    tx_id: u32,
}

/// Set the the channel to be shutdown (see [`SealingKeysControlHandle::shutdown`])
/// if the responder is dropped without sending a response, so that the client
/// doesn't hang. To prevent this behavior, call `drop_without_shutdown`.
impl std::ops::Drop for SealingKeysSealResponder {
    fn drop(&mut self) {
        self.control_handle.shutdown();
        // Safety: drops once, never accessed again
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
    }
}

impl fidl::endpoints::Responder for SealingKeysSealResponder {
    type ControlHandle = SealingKeysControlHandle;

    fn control_handle(&self) -> &SealingKeysControlHandle {
        &self.control_handle
    }

    fn drop_without_shutdown(mut self) {
        // Safety: drops once, never accessed again due to mem::forget
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
        // Prevent Drop from running (which would shut down the channel)
        std::mem::forget(self);
    }
}

impl SealingKeysSealResponder {
    /// Sends a response to the FIDL transaction.
    ///
    /// Sets the channel to shutdown if an error occurs.
    pub fn send(self, mut result: Result<&[u8], SealError>) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        if _result.is_err() {
            self.control_handle.shutdown();
        }
        self.drop_without_shutdown();
        _result
    }

    /// Similar to "send" but does not shutdown the channel if an error occurs.
    pub fn send_no_shutdown_on_err(
        self,
        mut result: Result<&[u8], SealError>,
    ) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        self.drop_without_shutdown();
        _result
    }

    fn send_raw(&self, mut result: Result<&[u8], SealError>) -> Result<(), fidl::Error> {
        self.control_handle
            .inner
            .send::<fidl::encoding::ResultType<SealingKeysSealResponse, SealError>>(
                result.map(|sealed_secret| (sealed_secret,)),
                self.tx_id,
                0x10d41255013918d1,
                fidl::encoding::DynamicFlags::empty(),
            )
    }
}

#[must_use = "FIDL methods require a response to be sent"]
#[derive(Debug)]
pub struct SealingKeysUnsealResponder {
    control_handle: std::mem::ManuallyDrop<SealingKeysControlHandle>,
    tx_id: u32,
}

/// Set the the channel to be shutdown (see [`SealingKeysControlHandle::shutdown`])
/// if the responder is dropped without sending a response, so that the client
/// doesn't hang. To prevent this behavior, call `drop_without_shutdown`.
impl std::ops::Drop for SealingKeysUnsealResponder {
    fn drop(&mut self) {
        self.control_handle.shutdown();
        // Safety: drops once, never accessed again
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
    }
}

impl fidl::endpoints::Responder for SealingKeysUnsealResponder {
    type ControlHandle = SealingKeysControlHandle;

    fn control_handle(&self) -> &SealingKeysControlHandle {
        &self.control_handle
    }

    fn drop_without_shutdown(mut self) {
        // Safety: drops once, never accessed again due to mem::forget
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
        // Prevent Drop from running (which would shut down the channel)
        std::mem::forget(self);
    }
}

impl SealingKeysUnsealResponder {
    /// Sends a response to the FIDL transaction.
    ///
    /// Sets the channel to shutdown if an error occurs.
    pub fn send(self, mut result: Result<&[u8], UnsealError>) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        if _result.is_err() {
            self.control_handle.shutdown();
        }
        self.drop_without_shutdown();
        _result
    }

    /// Similar to "send" but does not shutdown the channel if an error occurs.
    pub fn send_no_shutdown_on_err(
        self,
        mut result: Result<&[u8], UnsealError>,
    ) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        self.drop_without_shutdown();
        _result
    }

    fn send_raw(&self, mut result: Result<&[u8], UnsealError>) -> Result<(), fidl::Error> {
        self.control_handle
            .inner
            .send::<fidl::encoding::ResultType<SealingKeysUnsealResponse, UnsealError>>(
                result.map(|unsealed_secret| (unsealed_secret,)),
                self.tx_id,
                0x7037d75ecb579c83,
                fidl::encoding::DynamicFlags::empty(),
            )
    }
}

#[must_use = "FIDL methods require a response to be sent"]
#[derive(Debug)]
pub struct SealingKeysUpgradeSealingKeyResponder {
    control_handle: std::mem::ManuallyDrop<SealingKeysControlHandle>,
    tx_id: u32,
}

/// Set the the channel to be shutdown (see [`SealingKeysControlHandle::shutdown`])
/// if the responder is dropped without sending a response, so that the client
/// doesn't hang. To prevent this behavior, call `drop_without_shutdown`.
impl std::ops::Drop for SealingKeysUpgradeSealingKeyResponder {
    fn drop(&mut self) {
        self.control_handle.shutdown();
        // Safety: drops once, never accessed again
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
    }
}

impl fidl::endpoints::Responder for SealingKeysUpgradeSealingKeyResponder {
    type ControlHandle = SealingKeysControlHandle;

    fn control_handle(&self) -> &SealingKeysControlHandle {
        &self.control_handle
    }

    fn drop_without_shutdown(mut self) {
        // Safety: drops once, never accessed again due to mem::forget
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
        // Prevent Drop from running (which would shut down the channel)
        std::mem::forget(self);
    }
}

impl SealingKeysUpgradeSealingKeyResponder {
    /// Sends a response to the FIDL transaction.
    ///
    /// Sets the channel to shutdown if an error occurs.
    pub fn send(self, mut result: Result<&[u8], UpgradeError>) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        if _result.is_err() {
            self.control_handle.shutdown();
        }
        self.drop_without_shutdown();
        _result
    }

    /// Similar to "send" but does not shutdown the channel if an error occurs.
    pub fn send_no_shutdown_on_err(
        self,
        mut result: Result<&[u8], UpgradeError>,
    ) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        self.drop_without_shutdown();
        _result
    }

    fn send_raw(&self, mut result: Result<&[u8], UpgradeError>) -> Result<(), fidl::Error> {
        self.control_handle.inner.send::<fidl::encoding::ResultType<
            SealingKeysUpgradeSealingKeyResponse,
            UpgradeError,
        >>(
            result.map(|key_blob| (key_blob,)),
            self.tx_id,
            0x68584c5a799181e7,
            fidl::encoding::DynamicFlags::empty(),
        )
    }
}

#[must_use = "FIDL methods require a response to be sent"]
#[derive(Debug)]
pub struct SealingKeysDeleteSealingKeyResponder {
    control_handle: std::mem::ManuallyDrop<SealingKeysControlHandle>,
    tx_id: u32,
}

/// Set the the channel to be shutdown (see [`SealingKeysControlHandle::shutdown`])
/// if the responder is dropped without sending a response, so that the client
/// doesn't hang. To prevent this behavior, call `drop_without_shutdown`.
impl std::ops::Drop for SealingKeysDeleteSealingKeyResponder {
    fn drop(&mut self) {
        self.control_handle.shutdown();
        // Safety: drops once, never accessed again
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
    }
}

impl fidl::endpoints::Responder for SealingKeysDeleteSealingKeyResponder {
    type ControlHandle = SealingKeysControlHandle;

    fn control_handle(&self) -> &SealingKeysControlHandle {
        &self.control_handle
    }

    fn drop_without_shutdown(mut self) {
        // Safety: drops once, never accessed again due to mem::forget
        unsafe { std::mem::ManuallyDrop::drop(&mut self.control_handle) };
        // Prevent Drop from running (which would shut down the channel)
        std::mem::forget(self);
    }
}

impl SealingKeysDeleteSealingKeyResponder {
    /// Sends a response to the FIDL transaction.
    ///
    /// Sets the channel to shutdown if an error occurs.
    pub fn send(self, mut result: Result<(), DeleteError>) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        if _result.is_err() {
            self.control_handle.shutdown();
        }
        self.drop_without_shutdown();
        _result
    }

    /// Similar to "send" but does not shutdown the channel if an error occurs.
    pub fn send_no_shutdown_on_err(
        self,
        mut result: Result<(), DeleteError>,
    ) -> Result<(), fidl::Error> {
        let _result = self.send_raw(result);
        self.drop_without_shutdown();
        _result
    }

    fn send_raw(&self, mut result: Result<(), DeleteError>) -> Result<(), fidl::Error> {
        self.control_handle.inner.send::<fidl::encoding::ResultType<
            fidl::encoding::EmptyStruct,
            DeleteError,
        >>(
            result,
            self.tx_id,
            0xad65bae761e8c3,
            fidl::encoding::DynamicFlags::empty(),
        )
    }
}

mod internal {
    use super::*;
}