/* Software-based Mobile Trusted Module (MTM) Emulator
 * Copyright (C) 2004-2010 Mario Strasser <mast@gmx.net>
 *
 * This module is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published
 * by the Free Software Foundation; either version 2 of the License,
 * or (at your option) any later version.
 *
 * This module is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * $Id$
 */

#ifndef _MTM_STRUCTURES_H_
#define _MTM_STRUCTURES_H_

#include "tpm/tpm_structures.h"
#include "crypto/sha1.h"

/*
 * Ordinals
 * The command ordinals provide the index value for each command.
 */
#define MTM_ORD_InstallRIM                      (66 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_LoadVerificationKey             (67 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_LoadVerificationRootKeyDisable  (68 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_VerifyRIMCert                   (69 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_VerifyRIMCertAndExtend          (72 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_IncrementBootstrapCounter       (73 + TPM_PROTECTED_COMMAND)
#define MTM_ORD_SetVerifiedPCRSelection         (74 + TPM_PROTECTED_COMMAND)

/*
 * TPM_CAPABILITY_AREA Values for TPM_GetCapability
 */
#define TPM_CAP_MTM_PERMANENT_DATA        0x0000000A

/*
 * MTM_COUNTER_REFERENCE ([MTM], Section 5.1)
 * MTM counter reference structure
 */
#define MTM_COUNTER_SELECT_NONE           0
#define MTM_COUNTER_SELECT_BOOTSTRAP      1
#define MTM_COUNTER_SELECT_RIMPROTECT     2
#define MTM_COUNTER_SELECT_STORAGEPROTECT 3
#define MTM_COUNTER_SELECT_MAX            3
typedef struct MTM_COUNTER_REFERENCE_STRUCT {
  BYTE counterSelection;
  TPM_ACTUAL_COUNT counterValue;
} MTM_COUNTER_REFERENCE;
#define sizeof_MTM_COUNTER_REFERENCE(s) (1 + 4)

/*
 * TPM_VERIFICATION_KEY_ID ([MTM], Section 5.3)
 */
typedef UINT32 TPM_VERIFICATION_KEY_ID;
#define TPM_VERIFICATION_KEY_ID_NONE     0xFFFFFFFF
#define TPM_VERIFICATION_KEY_ID_INTERNAL 0xFFFFFFFE

/*
 * TPM_VERIFICATION_KEY_USAGE ([MTM], Section 5.3)
 */
#define TPM_VERIFICATION_KEY_USAGE_MTM_MASK            0x00ff
#define TPM_VERIFICATION_KEY_USAGE_AGENT_MASK          0x0f00
#define TPM_VERIFICATION_KEY_USAGE_VENDOR_MASK         0xf000
#define TPM_VERIFICATION_KEY_USAGE_SIGN_RIMCERT        0x0001
#define TPM_VERIFICATION_KEY_USAGE_SIGN_RIMAUTH        0x0002
#define TPM_VERIFICATION_KEY_USAGE_INCREMENT_BOOTSTRAP 0x0004

/*
 * TPM_VERIFICATION_KEY_HANDLE ([MTM], Section 5.3)
 * Handle used to refer to TPM_VERIFICATION_KEY structures
 */
typedef UINT32 TPM_VERIFICATION_KEY_HANDLE;

/*
 * TPM_VERIFICATION_KEY ([MTM], Section 5.3)
 * The TPM_VERIFICATION_KEY structure is used for representing keys in
 * the authorization hierarchy used to authorize RIM_Certs for a MTM.
 */
#define TPM_TAG_VERIFICATION_KEY 0x0301
typedef struct TPM_VERIFICATION_KEY_STRUCT {
  TPM_STRUCTURE_TAG tag;
  UINT16 usageFlags;
  TPM_VERIFICATION_KEY_ID parentId;
  TPM_VERIFICATION_KEY_ID myId;
  MTM_COUNTER_REFERENCE referenceCounter;
  TPM_ALGORITHM_ID keyAlgorithm;
  TPM_SIG_SCHEME keyScheme;
  BYTE extensionDigestSize;
  BYTE* extensionDigestData;
  UINT32 keySize;
  BYTE* keyData;
  UINT32 integrityCheckSize;
  BYTE* integrityCheckData;
} TPM_VERIFICATION_KEY;
#define sizeof_TPM_VERIFICATION_KEY(s) (2 + 2 + 4 + 4 \
  + sizeof_MTM_COUNTER_REFERENCE(s.referenceCounter) + 4 + 2 + 1 \
  + s.extensionDigestSize + 4 + s.keySize + 4 + s.integrityCheckSize)
#define free_TPM_VERIFICATION_KEY(s) { \
  if (s.extensionDigestSize > 0) tpm_free(s.extensionDigestData); \
  if (s.keySize > 0) tpm_free(s.keyData); \
  if (s.integrityCheckSize > 0) tpm_free(s.integrityCheckData); }

/*
 * TPM_RIM_CERTIFICATE ([MTM], Section 5.2)
 * A RIM Certificate is a structure authorizing a measurement value
 * that is extended using MTM_VerifyRIMCertAndExtend into a PCR
 * defined in the RIM Certificate.
 */
#define TPM_TAG_RIM_CERTIFICATE 0x0302
typedef struct TPM_RIM_CERTIFICATE_STRUCT {
  TPM_STRUCTURE_TAG tag;
  BYTE label[8];
  UINT32 rimVersion;
  MTM_COUNTER_REFERENCE referenceCounter;
  TPM_PCR_INFO_SHORT state;
  UINT32 measurementPcrIndex;
  TPM_PCRVALUE measurementValue;
  TPM_VERIFICATION_KEY_ID parentId;
  BYTE extensionDigestSize;
  BYTE *extensionDigestData;
  UINT32 integrityCheckSize;
  BYTE *integrityCheckData;
} TPM_RIM_CERTIFICATE;
#define sizeof_TPM_RIM_CERTIFICATE(s) (2 + 8 + 4 \
  + sizeof_MTM_COUNTER_REFERENCE(s.referenceCounter) \
  + sizeof_TPM_PCR_INFO_SHORT(s.state) \
  + 4 + 20 + 4 + 1 + s.extensionDigestSize \
  + 4 + s.integrityCheckSize)
#define free_TPM_RIM_CERTIFICATE(s) { \
  if (s.extensionDigestSize > 0) tpm_free(s.extensionDigestData); \
  if (s.integrityCheckSize > 0) tpm_free(s.integrityCheckData); }

/*
 * TPM_VERIFICATION_KEY_LOAD_METHODS ([MTM], Section 5.4)
 * Methods to load a TPM_VERIFICATION_KEY
 */
typedef BYTE TPM_VERIFICATION_KEY_LOAD_METHODS;
#define TPM_VERIFICATION_KEY_ROOT_LOAD                      0x01
#define TPM_VERIFICATION_KEY_INTEGRITY_CHECK_ROOT_DATA_LOAD 0x02
#define TPM_VERIFICATION_KEY_OWNER_AUTHORIZED_LOAD          0x04
#define TPM_VERIFICATION_KEY_CHAIN_AUTHORIZED_LOAD          0x08

/*
 * MTM_KEY_DATA
 * This structure contains the data for stored MTM verification keys.
 */
typedef struct MTM_KEY_DATA_STRUCT {
  BOOL valid;
  UINT16 usageFlags;
  TPM_VERIFICATION_KEY_ID parentId;
  TPM_VERIFICATION_KEY_ID myId;
  TPM_ALGORITHM_ID keyAlgorithm;
  TPM_SIG_SCHEME keyScheme;
  tpm_rsa_public_key_t key;
} MTM_KEY_DATA;
#define sizeof_MTM_KEY_DATA(s) ( \
  1 + 2 + 4 + 4 + 4 + 2 + sizeof_RSAPub(s.key))
#define free_MTM_KEY_DATA(s) { tpm_rsa_release_public_key(&s.key); }

/* 
 * MTM_PERMANENT_DATA ([MTM], Section 5.4)
 * The MTM_PERMANENT_DATA structure contains the permanent data associated
 * with a MTM that are used by the MTM commands. Note that there is an
 * alternative where there is only AIK but no EK defined.
 */
#define MTM_TAG_PERMANENT_DATA        0x0303
#define MTM_MAX_KEYS                  10
typedef struct MTM_PERMANENT_DATA_STRUCT {
  TPM_STRUCTURE_TAG tag;
  BYTE specMajor;
  BYTE specMinor;
  /* TPM_KEY aik; - not needed as the EK is always present */
  TPM_PCR_SELECTION verifiedPCRs;
  TPM_COUNT_ID counterRimProtectId;
  TPM_COUNT_ID counterStorageProtectId;
  TPM_VERIFICATION_KEY_LOAD_METHODS loadVerificationKeyMethods;
  BOOL integrityCheckRootValid;
  BYTE integrityCheckRootData[SHA1_DIGEST_LENGTH];
  TPM_SECRET internalVerificationKey;
  /* TPM_SECRET verificationAuth; - is a mirror of the ownerAuth */
  MTM_KEY_DATA keys[MTM_MAX_KEYS];
} MTM_PERMANENT_DATA;

static inline int sizeof_MTM_PERMANENT_DATA(MTM_PERMANENT_DATA *s)
{
  int i, size = 2 + 1 + 1 + 4 + 4 + 1 + 1 + 20;
  size += sizeof_TPM_PCR_SELECTION(s->verifiedPCRs);
  size += sizeof(s->integrityCheckRootData);
  for (i = 0; i < MTM_MAX_KEYS; i++) {
    if (s->keys[i].valid) {
      size += sizeof_MTM_KEY_DATA(s->keys[i]);
    } else {
      size += 1;
    }
  }
  return size;
}

static inline void free_MTM_PERMANENT_DATA(MTM_PERMANENT_DATA *s)
{
  int i;
  for (i = 0; i < MTM_MAX_KEYS; i++) {
    if (s->keys[i].valid) free_MTM_KEY_DATA(s->keys[i]);
  }
}

/*
 * The MTM_STANY_FLAGS structure houses additional flags that are
 * initialized by TPM_Init when the MTM boots.
 */
#define MTM_TAG_STANY_FLAGS 0x0304
typedef struct MTM_STANY_FLAGS_STRUCT {
  TPM_TAG tag;
  BOOL loadVerificationRootKeyEnabled;
} MTM_STANY_FLAGS;
#define sizeof_MTM_STANY_FLAGS(s) (2 + 1)

/*
 * MTM_DATA
 * Internal data of the MTM
 */
typedef struct tdMTM_DATA {
  struct {
    MTM_PERMANENT_DATA data;
  } permanent;
  struct {
  } stclear;
  struct {
    MTM_STANY_FLAGS flags;
  } stany;
} MTM_DATA;
#define sizeof_MTM_DATA(s) (sizeof_MTM_PERMANENT_DATA(&s.permanent.data) \
  + sizeof_MTM_STANY_FLAGS(s.stany.flags))
#define free_MTM_DATA(s) { free_MTM_PERMANENT_DATA(&s.permanent.data); }
 
#endif /* _MTM_STRUCTURES_H */