]>
Commit | Line | Data |
---|---|---|
78a78855 FT |
1 | /** @file |
2 | The Smart Card Edge Protocol provides an abstraction for device to provide Smart | |
3 | Card support. | |
4 | ||
5 | This protocol allows UEFI applications to interface with a Smart Card during | |
6 | boot process for authentication or data signing/decryption, especially if the | |
7 | application has to make use of PKI. | |
8 | ||
9 | Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> | |
10 | This program and the accompanying materials | |
11 | are licensed and made available under the terms and conditions of the BSD License | |
12 | which accompanies this distribution. The full text of the license may be found at | |
13 | http://opensource.org/licenses/bsd-license.php | |
14 | ||
15 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, | |
16 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. | |
17 | ||
18 | **/ | |
19 | ||
20 | #ifndef __SMART_CARD_EDGE_H__ | |
21 | #define __SMART_CARD_EDGE_H__ | |
22 | ||
23 | #define EFI_SMART_CARD_EDGE_PROTOCOL_GUID \ | |
24 | { \ | |
25 | 0xd317f29b, 0xa325, 0x4712, {0x9b, 0xf1, 0xc6, 0x19, 0x54, 0xdc, 0x19, 0x8c} \ | |
26 | } | |
27 | ||
28 | typedef struct _EFI_SMART_CARD_EDGE_PROTOCOL EFI_SMART_CARD_EDGE_PROTOCOL; | |
29 | ||
30 | // | |
31 | // Maximum size for a Smart Card AID (Application IDentifier) | |
32 | // | |
33 | #define SCARD_AID_MAXSIZE 0x0010 | |
34 | // | |
35 | // Size of CSN (Card Serial Number) | |
36 | // | |
37 | #define SCARD_CSN_SIZE 0x0010 | |
38 | // | |
39 | // Current specification version 1.00 | |
40 | // | |
41 | #define SMART_CARD_EDGE_PROTOCOL_VERSION_1 0x00000100 | |
42 | // | |
43 | // Parameters type definition | |
44 | // | |
45 | typedef UINT8 SMART_CARD_AID[SCARD_AID_MAXSIZE]; | |
46 | typedef UINT8 SMART_CARD_CSN[SCARD_CSN_SIZE]; | |
47 | ||
48 | // | |
49 | // Type of data elements in credentials list | |
50 | // | |
51 | // value of tag field for header, the number of containers | |
52 | // | |
53 | #define SC_EDGE_TAG_HEADER 0x0000 | |
54 | // | |
55 | // value of tag field for certificate | |
56 | // | |
57 | #define SC_EDGE_TAG_CERT 0x0001 | |
58 | // | |
59 | // value of tag field for key index associated with certificate | |
60 | // | |
61 | #define SC_EDGE_TAG_KEY_ID 0x0002 | |
62 | // | |
63 | // value of tag field for key type | |
64 | // | |
65 | #define SC_EDGE_TAG_KEY_TYPE 0x0003 | |
66 | // | |
67 | // value of tag field for key size | |
68 | // | |
69 | #define SC_EDGE_TAG_KEY_SIZE 0x0004 | |
70 | ||
71 | // | |
72 | // Length of L fields of TLV items | |
73 | // | |
74 | // | |
75 | // size of L field for header | |
76 | // | |
77 | #define SC_EDGE_L_SIZE_HEADER 1 | |
78 | // | |
79 | // size of L field for certificate (big endian) | |
80 | // | |
81 | #define SC_EDGE_L_SIZE_CERT 2 | |
82 | // | |
83 | // size of L field for key index | |
84 | // | |
85 | #define SC_EDGE_L_SIZE_KEY_ID 1 | |
86 | // | |
87 | // size of L field for key type | |
88 | // | |
89 | #define SC_EDGE_L_SIZE_KEY_TYPE 1 | |
90 | // | |
91 | // size of L field for key size (big endian) | |
92 | // | |
93 | #define SC_EDGE_L_SIZE_KEY_SIZE 2 | |
94 | ||
95 | // | |
96 | // Some TLV items have a fixed value for L field | |
97 | // | |
98 | // value of L field for header | |
99 | // | |
100 | #define SC_EDGE_L_VALUE_HEADER 1 | |
101 | // | |
102 | // value of L field for key index | |
103 | // | |
104 | #define SC_EDGE_L_VALUE_KEY_ID 1 | |
105 | // | |
106 | // value of L field for key type | |
107 | // | |
108 | #define SC_EDGE_L_VALUE_KEY_TYPE 1 | |
109 | // | |
110 | // value of L field for key size | |
111 | // | |
112 | #define SC_EDGE_L_VALUE_KEY_SIZE 2 | |
113 | ||
114 | // | |
115 | // Possible values for key type | |
116 | // | |
117 | // | |
118 | // RSA decryption | |
119 | // | |
120 | #define SC_EDGE_RSA_EXCHANGE 0x01 | |
121 | // | |
122 | // RSA signature | |
123 | // | |
124 | #define SC_EDGE_RSA_SIGNATURE 0x02 | |
125 | // | |
126 | // ECDSA signature | |
127 | // | |
128 | #define SC_EDGE_ECDSA_256 0x03 | |
129 | // | |
130 | // ECDSA signature | |
131 | // | |
132 | #define SC_EDGE_ECDSA_384 0x04 | |
133 | // | |
134 | // ECDSA signature | |
135 | // | |
136 | #define SC_EDGE_ECDSA_521 0x05 | |
137 | // | |
138 | // ECDH agreement | |
139 | // | |
140 | #define SC_EDGE_ECDH_256 0x06 | |
141 | // | |
142 | // ECDH agreement | |
143 | // | |
144 | #define SC_EDGE_ECDH_384 0x07 | |
145 | // | |
146 | // ECDH agreement | |
147 | // | |
148 | #define SC_EDGE_ECDH_521 0x08 | |
149 | ||
150 | // | |
151 | // Padding methods GUIDs for signature | |
152 | // | |
153 | // | |
154 | // RSASSA- PKCS#1-V1.5 padding method, for signature | |
155 | // | |
156 | #define EFI_PADDING_RSASSA_PKCS1V1P5_GUID \ | |
157 | { \ | |
158 | 0x9317ec24, 0x7cb0, 0x4d0e, {0x8b, 0x32, 0x2e, 0xd9, 0x20, 0x9c, 0xd8, 0xaf} \ | |
159 | } | |
160 | // | |
161 | // RSASSA-PSS padding method, for signature | |
162 | // | |
163 | #define EFI_PADDING_RSASSA_PSS_GUID \ | |
164 | { \ | |
165 | 0x7b2349e0, 0x522d, 0x4f8e, {0xb9, 0x27, 0x69, 0xd9, 0x7c, 0x9e, 0x79, 0x5f} \ | |
166 | } | |
167 | ||
168 | // | |
169 | // Padding methods GUIDs for decryption | |
170 | // | |
171 | // | |
172 | // No padding, for decryption | |
173 | // | |
174 | #define EFI_PADDING_NONE_GUID \ | |
175 | { \ | |
176 | 0x3629ddb1, 0x228c, 0x452e, {0xb6, 0x16, 0x09, 0xed, 0x31, 0x6a, 0x97, 0x00} \ | |
177 | } | |
178 | // | |
179 | // RSAES-PKCS#1-V1.5 padding, for decryption | |
180 | // | |
181 | #define EFI_PADDING_RSAES_PKCS1V1P5_GUID \ | |
182 | { \ | |
183 | 0xe1c1d0a9, 0x40b1, 0x4632, {0xbd, 0xcc, 0xd9, 0xd6, 0xe5, 0x29, 0x56, 0x31} \ | |
184 | } | |
185 | // | |
186 | // RSAES-OAEP padding, for decryption | |
187 | // | |
188 | #define EFI_PADDING_RSAES_OAEP_GUID \ | |
189 | { \ | |
190 | 0xc1e63ac4, 0xd0cf, 0x4ce6, {0x83, 0x5b, 0xee, 0xd0, 0xe6, 0xa8, 0xa4, 0x5b} \ | |
191 | } | |
192 | ||
193 | /** | |
194 | This function retrieves the context driver. | |
195 | ||
196 | The GetContextfunction returns the context of the protocol, the application | |
197 | identifiers supported by the protocol and the number and the CSN unique identifier | |
198 | of Smart Cards that are present and supported by protocol. | |
199 | ||
200 | If AidTableSize, AidTable, CsnTableSize, CsnTable or VersionProtocol is NULL, | |
201 | the function does not fail but does not fill in such variables. | |
202 | ||
203 | In case AidTableSize indicates a buffer too small to hold all the protocol AID table, | |
204 | only the first AidTableSize items of the table are returned in AidTable. | |
205 | ||
206 | In case CsnTableSize indicates a buffer too small to hold the entire table of | |
207 | Smart Card CSN present, only the first CsnTableSize items of the table are returned | |
208 | in CsnTable. | |
209 | ||
210 | VersionScEdgeProtocol returns the version of the EFI_SMART_CARD_EDGE_PROTOCOL this | |
211 | driver uses. For this protocol specification value is SMART_CARD_EDGE_PROTOCOL_VERSION_1. | |
212 | ||
213 | In case of Smart Card removal the internal CSN list is immediately updated, even if | |
214 | a connection is opened with that Smart Card. | |
215 | ||
216 | @param[in] This Indicates a pointer to the calling context. | |
217 | @param[out] NumberAidSupported Number of AIDs this protocol supports. | |
218 | @param[in, out] AidTableSize On input, number of items allocated for the | |
219 | AID table. On output, number of items returned | |
220 | by protocol. | |
221 | @param[out] AidTable Table of the AIDs supported by the protocol. | |
222 | @param[out] NumberSCPresent Number of currently present Smart Cards that | |
223 | are supported by protocol. | |
224 | @param[in, out] CsnTableSize On input, the number of items the buffer CSN | |
225 | table can contain. On output, the number of | |
226 | items returned by the protocol. | |
227 | @param[out] CsnTable Table of the CSN of the Smart Card present and | |
228 | supported by protocol. | |
229 | @param[out] VersionScEdgeProtocol EFI_SMART_CARD_EDGE_PROTOCOL version. | |
230 | ||
231 | @retval EFI_SUCCESS The requested command completed successfully. | |
232 | @retval EFI_INVALID_PARAMETER This is NULL. | |
233 | @retval EFI_INVALID_PARAMETER NumberSCPresent is NULL. | |
234 | ||
235 | **/ | |
236 | typedef | |
237 | EFI_STATUS | |
238 | (EFIAPI *EFI_SMART_CARD_EDGE_GET_CONTEXT) ( | |
239 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
240 | OUT UINTN *NumberAidSupported, | |
241 | IN OUT UINTN *AidTableSize OPTIONAL, | |
242 | OUT SMART_CARD_AID *AidTable OPTIONAL, | |
243 | OUT UINTN *NumberSCPresent, | |
244 | IN OUT UINTN *CsnTableSize OPTIONAL, | |
245 | OUT SMART_CARD_CSN *CsnTable OPTIONAL, | |
246 | OUT UINT32 *VersionScEdgeProtocol OPTIONAL | |
247 | ); | |
248 | ||
249 | /** | |
250 | This function establish a connection with a Smart Card the protocol support. | |
251 | ||
252 | In case of success the SCardHandle can be used. | |
253 | ||
254 | If the ScardCsn is NULL the connection is established with the first Smart Card | |
255 | the protocol finds in its table of Smart Card present and supported. Else it | |
256 | establish context with the Smart Card whose CSN given by ScardCsn. | |
257 | ||
258 | If ScardAid is not NULL the function returns the Smart Card AID the protocol supports. | |
259 | After a successful connect the SCardHandle will remain existing even in case Smart Card | |
260 | removed from Smart Card reader, but all function invoking this SCardHandle will fail. | |
261 | SCardHandle is released only on Disconnect. | |
262 | ||
263 | @param[in] This Indicates a pointer to the calling context. | |
264 | @param[out] SCardHandle Handle on Smart Card connection. | |
265 | @param[in] ScardCsn CSN of the Smart Card the connection has to be | |
266 | established. | |
267 | @param[out] ScardAid AID of the Smart Card the connection has been | |
268 | established. | |
269 | ||
270 | @retval EFI_SUCCESS The requested command completed successfully. | |
271 | @retval EFI_INVALID_PARAMETER This is NULL. | |
272 | @retval EFI_INVALID_PARAMETER SCardHandle is NULL. | |
273 | @retval EFI_NO_MEDIA No Smart Card supported by protocol is present, | |
274 | Smart Card with CSN ScardCsn or Reader has been | |
275 | removed. A Disconnect should be performed. | |
276 | ||
277 | **/ | |
278 | typedef | |
279 | EFI_STATUS | |
280 | (EFIAPI *EFI_SMART_CARD_EDGE_CONNECT) ( | |
281 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
282 | OUT EFI_HANDLE *SCardHandle, | |
283 | IN UINT8 *ScardCsn OPTIONAL, | |
284 | OUT UINT8 *ScardAid OPTIONAL | |
285 | ); | |
286 | ||
287 | /** | |
288 | This function releases a connection previously established by Connect. | |
289 | ||
290 | The Disconnect function releases the connection previously established by | |
291 | a Connect. In case the Smart Card or the Smart Card reader has been removed | |
292 | before this call, this function returns EFI_SUCCESS. | |
293 | ||
294 | @param[in] This Indicates a pointer to the calling context. | |
295 | @param[in] SCardHandle Handle on Smart Card connection to release. | |
296 | ||
297 | @retval EFI_SUCCESS The requested command completed successfully. | |
298 | @retval EFI_INVALID_PARAMETER This is NULL. | |
299 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
300 | ||
301 | **/ | |
302 | typedef | |
303 | EFI_STATUS | |
304 | (EFIAPI *EFI_SMART_CARD_EDGE_DISCONNECT) ( | |
305 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
306 | IN EFI_HANDLE SCardHandle | |
307 | ); | |
308 | ||
309 | /** | |
310 | This function returns the Smart Card serial number. | |
311 | ||
312 | @param[in] This Indicates a pointer to the calling context. | |
313 | @param[in] SCardHandle Handle on Smart Card connection. | |
314 | @param[out] Csn The Card Serial number, 16 bytes array. | |
315 | ||
316 | @retval EFI_SUCCESS The requested command completed successfully. | |
317 | @retval EFI_INVALID_PARAMETER This is NULL. | |
318 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
319 | @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection | |
320 | has been removed. A Disconnect should be performed. | |
321 | ||
322 | **/ | |
323 | typedef | |
324 | EFI_STATUS | |
325 | (EFIAPI *EFI_SMART_CARD_EDGE_GET_CSN) ( | |
326 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
327 | IN EFI_HANDLE SCardHandle, | |
328 | OUT UINT8 Csn[SCARD_CSN_SIZE] | |
329 | ); | |
330 | ||
331 | /** | |
332 | This function returns the name of the Smart Card reader used for this connection. | |
333 | ||
334 | @param[in] This Indicates a pointer to the calling context. | |
335 | @param[in] SCardHandle Handle on Smart Card connection. | |
336 | @param[in, out] ReaderNameLength On input, a pointer to the variable that holds | |
337 | the maximal size, in bytes, of ReaderName. | |
338 | On output, the required size, in bytes, for ReaderName. | |
339 | @param[out] ReaderName A pointer to a NULL terminated string that will | |
340 | contain the reader name. | |
341 | ||
342 | @retval EFI_SUCCESS The requested command completed successfully. | |
343 | @retval EFI_INVALID_PARAMETER This is NULL. | |
344 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
345 | @retval EFI_INVALID_PARAMETER ReaderNameLength is NULL. | |
346 | @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection | |
347 | has been removed. A Disconnect should be performed. | |
348 | ||
349 | **/ | |
350 | typedef | |
351 | EFI_STATUS | |
352 | (EFIAPI *EFI_SMART_CARD_EDGE_GET_READER_NAME) ( | |
353 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
354 | IN EFI_HANDLE SCardHandle, | |
355 | IN OUT UINTN *ReaderNameLength, | |
356 | OUT CHAR16 *ReaderName OPTIONAL | |
357 | ); | |
358 | ||
359 | /** | |
360 | This function authenticates a Smart Card user by presenting a PIN code. | |
361 | ||
362 | The VerifyPinfunction presents a PIN code to the Smart Card. | |
363 | ||
364 | If Smart Card found the PIN code correct the user is considered authenticated | |
365 | to current application, and the function returns TRUE. | |
366 | ||
367 | Negative or null PinSize value rejected if PinCodeis not NULL. | |
368 | ||
369 | A NULL PinCodebuffer means the application didn't know the PIN, in that case: | |
370 | - If PinSize value is negative the caller only wants to know if the current | |
371 | chain of the elements Smart Card Edge protocol, Smart Card Reader protocol | |
372 | and Smart Card Reader supports the Secure Pin Entry PCSC V2 functionality. | |
373 | - If PinSize value is positive or null the caller ask to perform the verify | |
374 | PIN using the Secure PIN Entry functionality. | |
375 | ||
376 | In PinCode buffer, the PIN value is always given in plaintext, in case of secure | |
377 | messaging the SMART_CARD_EDGE_PROTOCOL will be in charge of all intermediate | |
378 | treatments to build the correct Smart Card APDU. | |
379 | ||
380 | @param[in] This Indicates a pointer to the calling context. | |
381 | @param[in] SCardHandle Handle on Smart Card connection. | |
382 | @param[in] PinSize PIN code buffer size. | |
383 | @param[in] PinCode PIN code to present to the Smart Card. | |
384 | @param[out] PinResult Result of PIN code presentation to the Smart Card. | |
385 | TRUE when Smard Card founds the PIN code correct. | |
386 | @param[out] RemainingAttempts Number of attempts still possible. | |
387 | ||
388 | @retval EFI_SUCCESS The requested command completed successfully. | |
389 | @retval EFI_UNSUPPORTED Pinsize < 0 and Secure PIN Entry functionality not | |
390 | supported. | |
391 | @retval EFI_INVALID_PARAMETER This is NULL. | |
392 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
393 | @retval EFI_INVALID_PARAMETER Bad value for PinSize: value not supported by Smart | |
394 | Card or, negative with PinCode not null. | |
395 | @retval EFI_INVALID_PARAMETER PinResult is NULL. | |
396 | @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection | |
397 | has been removed. A Disconnect should be performed. | |
398 | ||
399 | **/ | |
400 | typedef | |
401 | EFI_STATUS | |
402 | (EFIAPI *EFI_SMART_CARD_EDGE_VERIFY_PIN) ( | |
403 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
404 | IN EFI_HANDLE SCardHandle, | |
405 | IN INT32 PinSize, | |
406 | IN UINT8 *PinCode, | |
407 | OUT BOOLEAN *PinResult, | |
408 | OUT UINT32 *RemainingAttempts OPTIONAL | |
409 | ); | |
410 | ||
411 | /** | |
412 | This function gives the remaining number of attempts for PIN code presentation. | |
413 | ||
414 | The number of attempts to present a correct PIN is limited and depends on Smart | |
415 | Card and on PIN. | |
416 | ||
417 | This function will retrieve the number of remaining possible attempts. | |
418 | ||
419 | @param[in] This Indicates a pointer to the calling context. | |
420 | @param[in] SCardHandle Handle on Smart Card connection. | |
421 | @param[out] RemainingAttempts Number of attempts still possible. | |
422 | ||
423 | @retval EFI_SUCCESS The requested command completed successfully. | |
424 | @retval EFI_INVALID_PARAMETER This is NULL. | |
425 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
426 | @retval EFI_INVALID_PARAMETER RemainingAttempts is NULL. | |
427 | @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection | |
428 | has been removed. A Disconnect should be performed. | |
429 | ||
430 | **/ | |
431 | typedef | |
432 | EFI_STATUS | |
433 | (EFIAPI *EFI_SMART_CARD_EDGE_GET_PIN_REMAINING) ( | |
434 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
435 | IN EFI_HANDLE SCardHandle, | |
436 | OUT UINT32 *RemainingAttempts | |
437 | ); | |
438 | ||
439 | /** | |
440 | This function returns a specific data from Smart Card. | |
441 | ||
442 | The function is generic for any kind of data, but driver and application must | |
443 | share an EFI_GUID that identify the data. | |
444 | ||
445 | @param[in] This Indicates a pointer to the calling context. | |
446 | @param[in] SCardHandle Handle on Smart Card connection. | |
447 | @param[in] DataId The type identifier of the data to get. | |
448 | @param[in, out] DataSize On input, in bytes, the size of Data. On output, | |
449 | in bytes, the size of buffer required to store | |
450 | the specified data. | |
451 | @param[out] Data The data buffer in which the data is returned. | |
452 | The type of the data buffer is associated with | |
453 | the DataId. Ignored if *DataSize is 0. | |
454 | ||
455 | @retval EFI_SUCCESS The requested command completed successfully. | |
456 | @retval EFI_INVALID_PARAMETER This is NULL. | |
457 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
458 | @retval EFI_INVALID_PARAMETER DataId is NULL. | |
459 | @retval EFI_INVALID_PARAMETER DataSize is NULL. | |
460 | @retval EFI_INVALID_PARAMETER Data is NULL, and *DataSize is not zero. | |
461 | @retval EFI_NOT_FOUND DataId unknown for this driver. | |
462 | @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the specified | |
463 | data and the required size is returned in DataSize. | |
464 | @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled. | |
465 | PIN not verified. | |
466 | @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection | |
467 | has been removed. A Disconnect should be performed. | |
468 | ||
469 | **/ | |
470 | typedef | |
471 | EFI_STATUS | |
472 | (EFIAPI *EFI_SMART_CARD_EDGE_GET_DATA) ( | |
473 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
474 | IN EFI_HANDLE SCardHandle, | |
475 | IN EFI_GUID *DataId, | |
476 | IN OUT UINTN *DataSize, | |
477 | OUT VOID *Data OPTIONAL | |
478 | ); | |
479 | ||
480 | /** | |
481 | This function retrieve credentials store into the Smart Card. | |
482 | ||
483 | The function returns a series of items in TLV (Tag Length Value) format. | |
484 | ||
485 | First TLV item is the header item that gives the number of following | |
486 | containers (0x00, 0x01, Nb containers). | |
487 | ||
488 | All these containers are a series of 4 TLV items: | |
489 | - The certificate item (0x01, certificate size, certificate) | |
490 | - The Key identifier item (0x02, 0x01, key index) | |
491 | - The key type item (0x03, 0x01, key type) | |
492 | - The key size item (0x04, 0x02, key size), key size in number of bits. | |
493 | Numeric multi-bytes values are on big endian format, most significant byte first: | |
494 | - The L field value for certificate (2 bytes) | |
495 | - The L field value for key size (2 bytes) | |
496 | - The value field for key size (2 bytes) | |
497 | ||
498 | @param[in] This Indicates a pointer to the calling context. | |
499 | @param[in] SCardHandle Handle on Smart Card connection. | |
500 | @param[in, out] CredentialSize On input, in bytes, the size of buffer to store | |
501 | the list of credential. | |
502 | On output, in bytes, the size of buffer required | |
503 | to store the entire list of credentials. | |
504 | ||
505 | @param[out] CredentialList List of credentials stored into the Smart Card. | |
506 | A list of TLV (Tag Length Value) elements organized | |
507 | in containers array. | |
508 | ||
509 | @retval EFI_SUCCESS The requested command completed successfully. | |
510 | @retval EFI_INVALID_PARAMETER This is NULL. | |
511 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
512 | @retval EFI_INVALID_PARAMETER CredentialSize is NULL. | |
513 | @retval EFI_INVALID_PARAMETER CredentialList is NULL, if CredentialSize is not zero. | |
514 | @retval EFI_BUFFER_TOO_SMALL The size of CredentialList is too small for the | |
515 | specified data and the required size is returned in | |
516 | CredentialSize. | |
517 | @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection | |
518 | has been removed. A Disconnect should be performed. | |
519 | ||
520 | **/ | |
521 | typedef | |
522 | EFI_STATUS | |
523 | (EFIAPI *EFI_SMART_CARD_EDGE_GET_CREDENTIAL) ( | |
524 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
525 | IN EFI_HANDLE SCardHandle, | |
526 | IN OUT UINTN *CredentialSize, | |
527 | OUT UINT8 *CredentialList OPTIONAL | |
528 | ); | |
529 | ||
530 | /** | |
531 | This function signs an already hashed data with a Smart Card private key. | |
532 | ||
533 | This function signs data, actually it is the hash of these data that is given | |
534 | to the function. | |
535 | ||
536 | SignatureData buffer shall be big enough for signature. Signature size is | |
537 | function key size and key type. | |
538 | ||
539 | @param[in] This Indicates a pointer to the calling context. | |
540 | @param[in] SCardHandle Handle on Smart Card connection. | |
541 | @param[in] KeyId Identifier of the key container, retrieved | |
542 | in a key index item of credentials. | |
543 | @param[in] KeyType The key type, retrieved in a key type item of | |
544 | credentials. | |
545 | ||
546 | @param[in] HashAlgorithm Hash algorithm used to hash the, one of: | |
547 | - EFI_HASH_ALGORITHM_SHA1_GUID | |
548 | - EFI_HASH_ALGORITHM_SHA256_GUID | |
549 | - EFI_HASH_ALGORITHM_SHA384_GUID | |
550 | - EFI_HASH_ALGORITHM_SHA512_GUID | |
551 | @param[in] PaddingMethod Padding method used jointly with hash algorithm, | |
552 | one of: | |
553 | - EFI_PADDING_RSASSA_PKCS1V1P5_GUID | |
554 | - EFI_PADDING_RSASSA_PSS_GUID | |
555 | @param[in] HashedData Hash of the data to sign. Size is function of the | |
556 | HashAlgorithm. | |
557 | ||
558 | @param[out] SignatureData Resulting signature with private key KeyId. Size | |
559 | is function of the KeyType and key size retrieved | |
560 | in the associated key size item of credentials. | |
561 | ||
562 | @retval EFI_SUCCESS The requested command completed successfully. | |
563 | @retval EFI_INVALID_PARAMETER This is NULL. | |
564 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
565 | @retval EFI_INVALID_PARAMETER KeyId is not valid. | |
566 | @retval EFI_INVALID_PARAMETER KeyType is not valid or not corresponding to KeyId. | |
567 | @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL. | |
568 | @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid. | |
569 | @retval EFI_INVALID_PARAMETER PaddingMethod is NULL. | |
570 | @retval EFI_INVALID_PARAMETER PaddingMethod is not valid. | |
571 | @retval EFI_INVALID_PARAMETER HashedData is NULL. | |
572 | @retval EFI_INVALID_PARAMETER SignatureData is NULL. | |
573 | @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled. | |
574 | PIN not verified. | |
575 | @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection | |
576 | has been removed. A Disconnect should be performed. | |
577 | ||
578 | **/ | |
579 | typedef | |
580 | EFI_STATUS | |
581 | (EFIAPI *EFI_SMART_CARD_EDGE_SIGN_DATA) ( | |
582 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
583 | IN EFI_HANDLE SCardHandle, | |
584 | IN UINTN KeyId, | |
585 | IN UINTN KeyType, | |
586 | IN EFI_GUID *HashAlgorithm, | |
587 | IN EFI_GUID *PaddingMethod, | |
588 | IN UINT8 *HashedData, | |
589 | OUT UINT8 *SignatureData | |
590 | ); | |
591 | ||
592 | /** | |
593 | This function decrypts data with a PKI/RSA Smart Card private key. | |
594 | ||
595 | The function decrypts some PKI/RSA encrypted data with private key securely | |
596 | stored into the Smart Card. | |
597 | ||
598 | The KeyId must reference a key of type SC_EDGE_RSA_EXCHANGE. | |
599 | ||
600 | @param[in] This Indicates a pointer to the calling context. | |
601 | @param[in] SCardHandle Handle on Smart Card connection. | |
602 | @param[in] KeyId Identifier of the key container, retrieved | |
603 | in a key index item of credentials. | |
604 | @param[in] HashAlgorithm Hash algorithm used to hash the, one of: | |
605 | - EFI_HASH_ALGORITHM_SHA1_GUID | |
606 | - EFI_HASH_ALGORITHM_SHA256_GUID | |
607 | - EFI_HASH_ALGORITHM_SHA384_GUID | |
608 | - EFI_HASH_ALGORITHM_SHA512_GUID | |
609 | @param[in] PaddingMethod Padding method used jointly with hash algorithm, | |
610 | one of: | |
611 | - EFI_PADDING_NONE_GUID | |
612 | - EFI_PADDING_RSAES_PKCS1V1P5_GUID | |
613 | - EFI_PADDING_RSAES_OAEP_GUID | |
614 | @param[in] EncryptedSize Size of data to decrypt. | |
615 | @param[in] EncryptedData Data to decrypt | |
616 | @param[in, out] PlaintextSize On input, in bytes, the size of buffer to store | |
617 | the decrypted data. | |
618 | On output, in bytes, the size of buffer required | |
619 | to store the decrypted data. | |
620 | @param[out] PlaintextData Buffer for decrypted data, padding removed. | |
621 | ||
622 | @retval EFI_SUCCESS The requested command completed successfully. | |
623 | @retval EFI_INVALID_PARAMETER This is NULL. | |
624 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
625 | @retval EFI_INVALID_PARAMETER KeyId is not valid or associated key not of type | |
626 | SC_EDGE_RSA_EXCHANGE. | |
627 | @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL. | |
628 | @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid. | |
629 | @retval EFI_INVALID_PARAMETER PaddingMethod is NULL. | |
630 | @retval EFI_INVALID_PARAMETER PaddingMethod is not valid. | |
631 | @retval EFI_INVALID_PARAMETER EncryptedSize is 0. | |
632 | @retval EFI_INVALID_PARAMETER EncryptedData is NULL. | |
633 | @retval EFI_INVALID_PARAMETER PlaintextSize is NULL. | |
634 | @retval EFI_INVALID_PARAMETER PlaintextData is NULL. | |
635 | @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled. | |
636 | PIN not verified. | |
637 | @retval EFI_BUFFER_TOO_SMALL PlaintextSize is too small for the plaintext data | |
638 | and the required size is returned in PlaintextSize. | |
639 | @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection | |
640 | has been removed. A Disconnect should be performed. | |
641 | ||
642 | **/ | |
643 | typedef | |
644 | EFI_STATUS | |
645 | (EFIAPI *EFI_SMART_CARD_EDGE_DECRYPT_DATA) ( | |
646 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
647 | IN EFI_HANDLE SCardHandle, | |
648 | IN UINTN KeyId, | |
649 | IN EFI_GUID *HashAlgorithm, | |
650 | IN EFI_GUID *PaddingMethod, | |
651 | IN UINTN EncryptedSize, | |
652 | IN UINT8 *EncryptedData, | |
653 | IN OUT UINTN *PlaintextSize, | |
654 | OUT UINT8 *PlaintextData | |
655 | ); | |
656 | ||
657 | /** | |
658 | This function performs a secret Diffie Hellman agreement calculation that would | |
659 | be used to derive a symmetric encryption / decryption key. | |
660 | ||
661 | The function compute a DH agreement that should be diversified togenerate a symmetric | |
662 | key to proceed encryption or decryption. | |
663 | ||
664 | The application and the Smart Card shall agree on the diversification process. | |
665 | ||
666 | The KeyId must reference a key of one of the types: SC_EDGE_ECDH_256, SC_EDGE_ECDH_384 | |
667 | or SC_EDGE_ECDH_521. | |
668 | ||
669 | @param[in] This Indicates a pointer to the calling context. | |
670 | @param[in] SCardHandle Handle on Smart Card connection. | |
671 | @param[in] KeyId Identifier of the key container, retrieved | |
672 | in a key index item of credentials. | |
673 | @param[in] dataQx Public key x coordinate. Size is the same as | |
674 | key size for KeyId. Stored in big endian format. | |
675 | @param[in] dataQy Public key y coordinate. Size is the same as | |
676 | key size for KeyId. Stored in big endian format. | |
677 | @param[out] DHAgreement Buffer for DH agreement computed. Size must be | |
678 | bigger or equal to key size for KeyId. | |
679 | ||
680 | @retval EFI_SUCCESS The requested command completed successfully. | |
681 | @retval EFI_INVALID_PARAMETER This is NULL. | |
682 | @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. | |
683 | @retval EFI_INVALID_PARAMETER KeyId is not valid. | |
684 | @retval EFI_INVALID_PARAMETER dataQx is NULL. | |
685 | @retval EFI_INVALID_PARAMETER dataQy is NULL. | |
686 | @retval EFI_INVALID_PARAMETER DHAgreement is NULL. | |
687 | @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled. | |
688 | PIN not verified. | |
689 | @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection | |
690 | has been removed. A Disconnect should be performed. | |
691 | ||
692 | **/ | |
693 | typedef | |
694 | EFI_STATUS | |
695 | (EFIAPI *EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT) ( | |
696 | IN EFI_SMART_CARD_EDGE_PROTOCOL *This, | |
697 | IN EFI_HANDLE SCardHandle, | |
698 | IN UINTN KeyId, | |
699 | IN UINT8 *dataQx, | |
700 | IN UINT8 *dataQy, | |
701 | OUT UINT8 *DHAgreement | |
702 | ); | |
703 | ||
704 | /// | |
705 | /// Smart card aware application invokes this protocol to get access to an inserted | |
706 | /// smart card in the reader or to the reader itself. | |
707 | /// | |
708 | struct _EFI_SMART_CARD_EDGE_PROTOCOL { | |
709 | EFI_SMART_CARD_EDGE_GET_CONTEXT GetContext; | |
710 | EFI_SMART_CARD_EDGE_CONNECT Connect; | |
711 | EFI_SMART_CARD_EDGE_DISCONNECT Disconnect; | |
712 | EFI_SMART_CARD_EDGE_GET_CSN GetCsn; | |
713 | EFI_SMART_CARD_EDGE_GET_READER_NAME GetReaderName; | |
714 | EFI_SMART_CARD_EDGE_VERIFY_PIN VerifyPin; | |
715 | EFI_SMART_CARD_EDGE_GET_PIN_REMAINING GetPinRemaining; | |
716 | EFI_SMART_CARD_EDGE_GET_DATA GetData; | |
717 | EFI_SMART_CARD_EDGE_GET_CREDENTIAL GetCredential; | |
718 | EFI_SMART_CARD_EDGE_SIGN_DATA SignData; | |
719 | EFI_SMART_CARD_EDGE_DECRYPT_DATA DecryptData; | |
720 | EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT BuildDHAgreement; | |
721 | }; | |
722 | ||
723 | extern EFI_GUID gEfiSmartCardEdgeProtocolGuid; | |
724 | ||
725 | #endif | |
726 |