// Copyright 2015 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_
#define TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_

#include <string>
#include <vector>

#include <base/macros.h>
#include <tpm_manager/proto_bindings/tpm_manager.pb.h>
#include <trousers/tss.h>

#include "tpm_manager/common/typedefs.h"
#include "tpm_manager/server/openssl_crypto_util_impl.h"
#include "tpm_manager/server/tpm_connection.h"
#include "tpm_manager/server/tpm_initializer.h"

namespace tpm_manager {

class LocalDataStore;
class TpmStatus;

// This class initializes a Tpm1.2 chip by taking ownership. Example use of
// this class is:
// LocalDataStore data_store;
// TpmStatusImpl status;
// OwnershipTakenCallBack callback;
// TpmInitializerImpl initializer(&data_store, &status, callback);
// initializer.InitializeTpm();
//
// If the tpm is unowned, InitializeTpm injects a random owner password,
// initializes and unrestricts the SRK, and persists the owner password to disk
// until all the owner dependencies are satisfied.
//
// The ownership taken callback must be provided when the tpm initializer is
// constructed and stay alive during the entire lifetime of the tpm initializer.
class TpmInitializerImpl : public TpmInitializer {
 public:
  // Does not take ownership of |local_data_store| or |tpm_status|.
  TpmInitializerImpl(LocalDataStore* local_data_store, TpmStatus* tpm_status);
  ~TpmInitializerImpl() override = default;

  // TpmInitializer methods.
  bool InitializeTpm() override;
  bool PreInitializeTpm() override;
  bool EnsurePersistentOwnerDelegate() override;
  void VerifiedBootHelper() override;
  DictionaryAttackResetStatus ResetDictionaryAttackLock() override;
  void PruneStoredPasswords() override;

 private:
  // This method checks if an EndorsementKey exists on the Tpm and creates it
  // if not. Returns true on success, else false.
  bool InitializeEndorsementKey();

  // This method takes ownership of the Tpm with the default TSS password.
  // Returns true on success, else false. The |connection| already has the
  // default owner password injected.
  bool TakeOwnership(TpmConnection* connection);

  // This method initializes the SRK if it does not exist, zero's the SRK
  // password and unrestricts its usage. Returns true on success, else false.
  // The |connection| already has the current owner password injected.
  bool InitializeSrk(TpmConnection* connection);

  // This method changes the Tpm owner password from the default TSS password
  // to the password provided in the |owner_password| argument.
  // Returns true on success, else false. The |connection| already has the old
  // owner password injected.
  bool ChangeOwnerPassword(TpmConnection* connection,
                           const std::string& owner_password);

  // Reads owner password and delegate from local data and stores them in
  // |owner_password| and |owner_delegate| respectively. For each input arg, if
  // it's nullptr, it will be ignored and neither written nor considered as an
  // error.
  //
  // Returns whether the read was successful.
  bool ReadOwnerAuthFromLocalData(std::string* owner_password,
                                  AuthDelegate* owner_delegate);

  // Creates delegate with the default label and store the result in |delegate|.
  // Returns |true| iff the operation succeeds.
  bool CreateDelegateWithDefaultLabel(AuthDelegate* delegate);

  // Creates a TPM owner delegate for future use.
  //
  // Parameters
  //   bound_pcrs - Specifies the PCRs to which the delegate is bound.
  //   delegate_family_label - Specifies the label of the created delegate
  //                           family. Should be equal to
  //                           |kDefaultDelegateFamilyLabel| in most cases. Non-
  //                           default values are primarily intended for testing
  //                           purposes.
  //   delegate_label - Specifies the label of the created delegate. Should be
  //                    equal to |kDefaultDelegateLabel| in most cases. Non-
  //                    default values are primarily intended for testing
  //                    purposes.
  //   delegate_blob - The blob for the owner delegate.
  //   delegate_secret - The delegate secret that will be required to perform
  //                     privileged operations in the future.
  bool CreateAuthDelegate(const std::vector<uint32_t>& bound_pcrs,
                          uint8_t delegate_family_label,
                          uint8_t delegate_label,
                          std::string* delegate_blob,
                          std::string* delegate_secret);

  // Retrieves a |data| attribute defined by |flag| and |sub_flag| from a TSS
  // |object_handle|. The |context_handle| is only used for TSS memory
  // management.
  bool GetDataAttribute(TSS_HCONTEXT context,
                        TSS_HOBJECT object,
                        TSS_FLAG flag,
                        TSS_FLAG sub_flag,
                        std::string* data);

  OpensslCryptoUtilImpl openssl_util_;
  LocalDataStore* local_data_store_;
  TpmStatus* tpm_status_;

  // If set, an auth error was encountered in a previous attempt of resetting DA
  // lock, and there was no auth update after the attempt.
  bool reset_da_lock_auth_failed_ = false;

  DISALLOW_COPY_AND_ASSIGN(TpmInitializerImpl);
};

}  // namespace tpm_manager

#endif  // TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_