/*
 * Copyright (C) 2020 The Android Open Source Project
 *
 * Permission is hereby granted, free of charge, to any person
 * obtaining a copy of this software and associated documentation
 * files (the "Software"), to deal in the Software without
 * restriction, including without limitation the rights to use, copy,
 * modify, merge, publish, distribute, sublicense, and/or sell copies
 * of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

#ifdef AVB_INSIDE_LIBAVB_AFTL_H
#error "You can't include avb_aftl_types.h in the public header libavb_aftl.h."
#endif

#ifndef AVB_COMPILATION
#error "Never include this file, it may only be used from internal avb code."
#endif

#ifndef AVB_AFTL_TYPES_H_
#define AVB_AFTL_TYPES_H_

#include <libavb/libavb.h>

#ifdef __cplusplus
extern "C" {
#endif

#define AVB_AFTL_UINT64_MAX 0xfffffffffffffffful
#define AVB_AFTL_HASH_SIZE 32ul
#define AVB_AFTL_SIGNATURE_SIZE 512ul
/* Raw key size used for signature validation. */
#define AVB_AFTL_PUB_KEY_SIZE 1032ul
/* Limit AftlImage size to 64KB. */
#define AVB_AFTL_MAX_AFTL_IMAGE_SIZE 65536ul
/* Limit version.incremental size to 256 characters. */
#define AVB_AFTL_MAX_VERSION_INCREMENTAL_SIZE 256ul
/* AFTL trees require at most 64 hashes to reconstruct the root */
#define AVB_AFTL_MAX_PROOF_SIZE 64 * AVB_AFTL_HASH_SIZE
/* Max URL limit. */
#define AVB_AFTL_MAX_URL_SIZE 2048ul
/* Minimum valid size for a FirmwareInfo leaf. Derived from a minimal json
   response that contains only the vbmeta_hash. */
#define AVB_AFTL_MIN_FW_INFO_SIZE 103ul
/* Minimum valid size for a TrillianLogRootDescriptor. See the
   TrillianLogRootDescriptor struct for details. The values here cover:
   version: sizeof(uint16_t)
   tree_size: sizeof(uint64_t)
   root_hash_size: sizeof(uint8_t)
   root_hash: AVB_AFTL_HASH_SIZE
   timestamp; sizeof(uint64_t)
   revision; sizeof(uint64_t)
   metadata_size: sizeof(uint16_t)
   metadata is optional, so it's not required for the minimum size. */
#define AVB_AFTL_MIN_TLRD_SIZE                                \
  (sizeof(uint16_t) + sizeof(uint64_t) + sizeof(uint8_t) +    \
   AVB_AFTL_HASH_SIZE + sizeof(uint64_t) + sizeof(uint64_t) + \
   sizeof(uint16_t))
/* Minimum valid size for an AftlIcpEntry structure. See the
   AftlIcpEntry struct for details. The values here cover:
   log_url_size: sizeof(uint32_t)
   leaf_index: sizeof(uint64_t)
   log_root_descriptor_size: sizeof(uint32_t)
   fw_info_leaf_size: sizeof(uint32_t)
   log_root_sig_size: sizeof(uint32_t)
   proof_hash_count: sizeof(uint8_t)
   inc_proof_size: sizeof(uint32_t)
   log_url: 4 (shortest practical URL)
   log_root_descriptor: AVB_AFTL_MIN_TLRD_SIZE
   fw_info_leaf: AVB_AFTL_MIN_FW_INFO_SIZE
   log_root_signature: AVB_AFTL_SIGNATURE_SIZE
   proofs: AVB_AFTL_HASH_SIZE as there must be at least one hash. */
#define AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE                                       \
  (sizeof(uint32_t) + sizeof(uint64_t) + sizeof(uint32_t) + sizeof(uint32_t) + \
   sizeof(uint32_t) + sizeof(uint8_t) + sizeof(uint32_t) + 4 +                 \
   AVB_AFTL_MIN_TLRD_SIZE + AVB_AFTL_MIN_FW_INFO_SIZE +                        \
   AVB_AFTL_SIGNATURE_SIZE + AVB_AFTL_HASH_SIZE)
/* The maximum AftlIcpEntrySize is the max AftlImage size minus the size
   of the AftlImageHeader. */
#define AVB_AFTL_MAX_AFTL_ICP_ENTRY_SIZE \
  (AVB_AFTL_MAX_AFTL_IMAGE_SIZE - sizeof(AftlImageHeader))
/* The maximum FirmwareInfo is the max AftlImage size minus the
   size of the smallest valid AftlIcpEntry. */
#define AVB_AFTL_MAX_FW_INFO_SIZE \
  (AVB_AFTL_MAX_AFTL_IMAGE_SIZE - AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE)
/* The maximum metadata size in a TrillianLogRootDescriptor for AFTL is the
   max AftlImage size minus the smallest valid AftlIcpEntry size. */
#define AVB_AFTL_MAX_METADATA_SIZE \
  (AVB_AFTL_MAX_AFTL_IMAGE_SIZE - AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE)
/* The maximum TrillianLogRootDescriptor is the size of the smallest valid
TrillianLogRootDescriptor + the largest possible metadata size. */
#define AVB_AFTL_MAX_TLRD_SIZE \
  (AVB_AFTL_MIN_TLRD_SIZE + AVB_AFTL_MAX_METADATA_SIZE)

/* Data structure containing AFTL header information. */
typedef struct AftlImageHeader {
  uint32_t magic;
  uint32_t required_icp_version_major;
  uint32_t required_icp_version_minor;
  uint32_t image_size; /* Total size of the AftlImage, including this header */
  uint16_t icp_count;
} AVB_ATTR_PACKED AftlImageHeader;

/* Data structure containing a Trillian LogRootDescriptor, from
   https://github.com/google/trillian/blob/master/trillian.proto#L255
   The log_root_signature is calculated over this structure. */
typedef struct TrillianLogRootDescriptor {
  uint16_t version;
  uint64_t tree_size;
  uint8_t root_hash_size;
  uint8_t* root_hash;
  uint64_t timestamp;
  uint64_t revision;
  uint16_t metadata_size;
  uint8_t* metadata;
} TrillianLogRootDescriptor;

/* Data structure containing the firmware image info stored in the
   transparency log. This is defined in
   https://android.googlesource.com/platform/external/avb/+/master/proto/aftl.proto
 */
typedef struct FirmwareInfo {
  uint32_t vbmeta_hash_size;
  uint8_t* vbmeta_hash;
  uint8_t* json_data;
} FirmwareInfo;

/* Data structure containing AFTL inclusion proof data from a single
   transparency log. */
typedef struct AftlIcpEntry {
  uint32_t log_url_size;
  uint64_t leaf_index;
  uint32_t log_root_descriptor_size;
  uint32_t fw_info_leaf_size;
  uint16_t log_root_sig_size;
  uint8_t proof_hash_count;
  uint32_t inc_proof_size;
  uint8_t* log_url;
  TrillianLogRootDescriptor log_root_descriptor;
  FirmwareInfo fw_info_leaf;
  uint8_t* log_root_signature;
  uint8_t proofs[/*proof_hash_count*/][AVB_AFTL_HASH_SIZE];
} AVB_ATTR_PACKED AftlIcpEntry;

/* Main data structure for an AFTL image. */
typedef struct AftlImage {
  AftlImageHeader header;
  AftlIcpEntry** entries;
} AVB_ATTR_PACKED AftlImage;

#ifdef __cplusplus
}
#endif

#endif /* AVB_AFTL_TYPES_H_ */