]>
Commit | Line | Data |
---|---|---|
0c18794e | 1 | /** @file\r |
2 | The internal header file includes the common header files, defines\r | |
3 | internal structure and functions used by AuthService module.\r | |
4 | \r | |
36bdec3c CZ |
5 | Caution: This module requires additional review when modified.\r |
6 | This driver will have external input - variable data. It may be input in SMM mode.\r | |
7 | This external input must be validated carefully to avoid security issue like\r | |
8 | buffer overflow, integer overflow.\r | |
9 | Variable attribute should also be checked to avoid authentication bypass.\r | |
10 | The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r | |
11 | which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r | |
12 | may not be modified without authorization. If platform fails to protect these resources, \r | |
13 | the authentication service provided in this driver will be broken, and the behavior is undefined.\r | |
14 | \r | |
4ccef561 | 15 | Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r |
2d3fb919 | 16 | This program and the accompanying materials\r |
17 | are licensed and made available under the terms and conditions of the BSD License\r | |
18 | which accompanies this distribution. The full text of the license may be found at\r | |
0c18794e | 19 | http://opensource.org/licenses/bsd-license.php\r |
20 | \r | |
2d3fb919 | 21 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r |
0c18794e | 22 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r |
23 | \r | |
24 | **/\r | |
25 | \r | |
26 | #ifndef _AUTHSERVICE_H_\r | |
27 | #define _AUTHSERVICE_H_\r | |
28 | \r | |
29 | #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r | |
30 | #define EFI_CERT_TYPE_RSA2048_SIZE 256\r | |
31 | \r | |
32 | ///\r | |
2d3fb919 | 33 | /// Size of AuthInfo prior to the data payload.\r |
0c18794e | 34 | ///\r |
2d3fb919 | 35 | #define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \\r |
36 | (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \\r | |
37 | sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r | |
38 | \r | |
39 | #define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r | |
40 | (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)\r | |
41 | \r | |
42 | #define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r | |
43 | (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))\r | |
0c18794e | 44 | \r |
45 | ///\r | |
46 | /// "AuthVarKeyDatabase" variable for the Public Key store.\r | |
47 | ///\r | |
48 | #define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"\r | |
0c18794e | 49 | \r |
f6e23353 | 50 | ///\r |
51 | /// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r | |
52 | /// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r | |
53 | /// \r | |
54 | ///\r | |
55 | #define EFI_CERT_DB_NAME L"certdb"\r | |
f6e23353 | 56 | \r |
d912bad7 | 57 | ///\r |
58 | /// Struct to record signature requirement defined by UEFI spec.\r | |
59 | /// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.\r | |
60 | ///\r | |
61 | typedef struct {\r | |
62 | EFI_GUID SigType;\r | |
63 | // Expected SignatureHeader size in Bytes.\r | |
64 | UINT32 SigHeaderSize;\r | |
65 | // Expected SignatureData size in Bytes.\r | |
66 | UINT32 SigDataSize;\r | |
67 | } EFI_SIGNATURE_ITEM;\r | |
0c18794e | 68 | \r |
ed47ae02 | 69 | typedef enum {\r |
70 | AuthVarTypePk,\r | |
71 | AuthVarTypeKek,\r | |
785d84ea | 72 | AuthVarTypePriv,\r |
73 | AuthVarTypePayload\r | |
ed47ae02 | 74 | } AUTHVAR_TYPE;\r |
75 | \r | |
76 | #pragma pack(1)\r | |
77 | typedef struct {\r | |
78 | EFI_GUID VendorGuid;\r | |
79 | UINT32 CertNodeSize;\r | |
80 | UINT32 NameSize;\r | |
81 | UINT32 CertDataSize;\r | |
82 | /// CHAR16 VariableName[NameSize];\r | |
83 | /// UINT8 CertData[CertDataSize];\r | |
84 | } AUTH_CERT_DB_DATA;\r | |
85 | #pragma pack()\r | |
86 | \r | |
0c18794e | 87 | /**\r |
88 | Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r | |
89 | \r | |
dc204d5a JY |
90 | Caution: This function may receive untrusted input.\r |
91 | This function may be invoked in SMM mode, and datasize and data are external input.\r | |
92 | This function will do basic validation, before parse the data.\r | |
93 | This function will parse the authentication carefully to avoid security issues, like\r | |
94 | buffer overflow, integer overflow.\r | |
95 | This function will check attribute carefully to avoid authentication bypass.\r | |
96 | \r | |
0c18794e | 97 | @param[in] VariableName Name of Variable to be found.\r |
98 | @param[in] VendorGuid Variable vendor GUID.\r | |
99 | \r | |
100 | @param[in] Data Data pointer.\r | |
101 | @param[in] DataSize Size of Data found. If size is less than the\r | |
102 | data, this value contains the required size.\r | |
103 | @param[in] Variable The variable information which is used to keep track of variable usage.\r | |
104 | @param[in] Attributes Attribute value of the variable.\r | |
105 | \r | |
106 | @return EFI_INVALID_PARAMETER Invalid parameter\r | |
107 | @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with\r | |
108 | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r | |
109 | @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r | |
2d3fb919 | 110 | set, but the AuthInfo does NOT pass the validation\r |
111 | check carried out by the firmware.\r | |
0c18794e | 112 | @return EFI_SUCCESS Variable is not write-protected, or passed validation successfully.\r |
113 | \r | |
114 | **/\r | |
115 | EFI_STATUS\r | |
116 | ProcessVariable (\r | |
117 | IN CHAR16 *VariableName,\r | |
118 | IN EFI_GUID *VendorGuid,\r | |
119 | IN VOID *Data,\r | |
120 | IN UINTN DataSize,\r | |
121 | IN VARIABLE_POINTER_TRACK *Variable,\r | |
122 | IN UINT32 Attributes\r | |
123 | );\r | |
124 | \r | |
2d3fb919 | 125 | /**\r |
126 | Update platform mode.\r | |
127 | \r | |
128 | @param[in] Mode SETUP_MODE or USER_MODE.\r | |
129 | \r | |
130 | @return EFI_INVALID_PARAMETER Invalid parameter.\r | |
131 | @return EFI_SUCCESS Update platform mode successfully.\r | |
132 | \r | |
133 | **/\r | |
134 | EFI_STATUS\r | |
135 | UpdatePlatformMode (\r | |
136 | IN UINT32 Mode\r | |
137 | );\r | |
138 | \r | |
0c18794e | 139 | /**\r |
140 | Initializes for authenticated varibale service.\r | |
141 | \r | |
142 | @retval EFI_SUCCESS Function successfully executed.\r | |
143 | @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.\r | |
144 | \r | |
145 | **/\r | |
146 | EFI_STATUS\r | |
147 | AutenticatedVariableServiceInitialize (\r | |
148 | VOID\r | |
149 | );\r | |
150 | \r | |
151 | /**\r | |
152 | Initializes for cryptlib service before use, include register algrithm and allocate scratch.\r | |
153 | \r | |
154 | **/\r | |
155 | VOID\r | |
156 | CryptLibraryInitialize (\r | |
157 | VOID\r | |
158 | );\r | |
159 | \r | |
d912bad7 | 160 | /**\r |
161 | Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK variable.\r | |
162 | \r | |
163 | @param[in] VariableName Name of Variable to be check.\r | |
164 | @param[in] VendorGuid Variable vendor GUID.\r | |
165 | @param[in] Data Point to the variable data to be checked.\r | |
166 | @param[in] DataSize Size of Data.\r | |
167 | \r | |
168 | @return EFI_INVALID_PARAMETER Invalid signature list format.\r | |
169 | @return EFI_SUCCESS Passed signature list format check successfully.\r | |
170 | \r | |
171 | **/\r | |
172 | EFI_STATUS\r | |
173 | CheckSignatureListFormat(\r | |
174 | IN CHAR16 *VariableName,\r | |
175 | IN EFI_GUID *VendorGuid,\r | |
176 | IN VOID *Data,\r | |
177 | IN UINTN DataSize\r | |
178 | );\r | |
179 | \r | |
0c18794e | 180 | /**\r |
181 | Process variable with platform key for verification.\r | |
182 | \r | |
dc204d5a JY |
183 | Caution: This function may receive untrusted input.\r |
184 | This function may be invoked in SMM mode, and datasize and data are external input.\r | |
185 | This function will do basic validation, before parse the data.\r | |
186 | This function will parse the authentication carefully to avoid security issues, like\r | |
187 | buffer overflow, integer overflow.\r | |
188 | This function will check attribute carefully to avoid authentication bypass.\r | |
189 | \r | |
0c18794e | 190 | @param[in] VariableName Name of Variable to be found.\r |
191 | @param[in] VendorGuid Variable vendor GUID.\r | |
192 | @param[in] Data Data pointer.\r | |
193 | @param[in] DataSize Size of Data found. If size is less than the\r | |
194 | data, this value contains the required size.\r | |
195 | @param[in] Variable The variable information which is used to keep track of variable usage.\r | |
196 | @param[in] Attributes Attribute value of the variable.\r | |
197 | @param[in] IsPk Indicate whether it is to process pk.\r | |
198 | \r | |
199 | @return EFI_INVALID_PARAMETER Invalid parameter\r | |
2d3fb919 | 200 | @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r |
201 | check carried out by the firmware.\r | |
0c18794e | 202 | @return EFI_SUCCESS Variable passed validation successfully.\r |
203 | \r | |
204 | **/\r | |
205 | EFI_STATUS\r | |
206 | ProcessVarWithPk (\r | |
207 | IN CHAR16 *VariableName,\r | |
208 | IN EFI_GUID *VendorGuid,\r | |
209 | IN VOID *Data,\r | |
210 | IN UINTN DataSize,\r | |
211 | IN VARIABLE_POINTER_TRACK *Variable,\r | |
212 | IN UINT32 Attributes OPTIONAL,\r | |
213 | IN BOOLEAN IsPk\r | |
214 | );\r | |
215 | \r | |
216 | /**\r | |
217 | Process variable with key exchange key for verification.\r | |
218 | \r | |
dc204d5a JY |
219 | Caution: This function may receive untrusted input.\r |
220 | This function may be invoked in SMM mode, and datasize and data are external input.\r | |
221 | This function will do basic validation, before parse the data.\r | |
222 | This function will parse the authentication carefully to avoid security issues, like\r | |
223 | buffer overflow, integer overflow.\r | |
224 | This function will check attribute carefully to avoid authentication bypass.\r | |
225 | \r | |
0c18794e | 226 | @param[in] VariableName Name of Variable to be found.\r |
227 | @param[in] VendorGuid Variable vendor GUID.\r | |
228 | @param[in] Data Data pointer.\r | |
229 | @param[in] DataSize Size of Data found. If size is less than the\r | |
230 | data, this value contains the required size.\r | |
231 | @param[in] Variable The variable information that is used to keep track of variable usage.\r | |
232 | @param[in] Attributes Attribute value of the variable.\r | |
233 | \r | |
234 | @return EFI_INVALID_PARAMETER Invalid parameter.\r | |
2d3fb919 | 235 | @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r |
236 | check carried out by the firmware.\r | |
0c18794e | 237 | @return EFI_SUCCESS Variable passed validation successfully.\r |
238 | \r | |
239 | **/\r | |
240 | EFI_STATUS\r | |
241 | ProcessVarWithKek (\r | |
242 | IN CHAR16 *VariableName,\r | |
243 | IN EFI_GUID *VendorGuid,\r | |
244 | IN VOID *Data,\r | |
245 | IN UINTN DataSize,\r | |
246 | IN VARIABLE_POINTER_TRACK *Variable,\r | |
247 | IN UINT32 Attributes OPTIONAL\r | |
248 | );\r | |
249 | \r | |
2d3fb919 | 250 | /**\r |
251 | Merge two buffers which formatted as EFI_SIGNATURE_LIST. Only the new EFI_SIGNATURE_DATA\r | |
252 | will be appended to the original EFI_SIGNATURE_LIST, duplicate EFI_SIGNATURE_DATA\r | |
253 | will be ignored.\r | |
254 | \r | |
732d199d | 255 | @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST.\r |
256 | @param[in] DataSize Size of Data buffer.\r | |
257 | @param[in] FreeBufSize Size of free data buffer \r | |
258 | @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended.\r | |
259 | @param[in] NewDataSize Size of NewData buffer.\r | |
260 | @param[out] MergedBufSize Size of the merged buffer\r | |
2d3fb919 | 261 | \r |
732d199d | 262 | @return EFI_BUFFER_TOO_SMALL if input Data buffer overflowed\r |
2d3fb919 | 263 | \r |
264 | **/\r | |
732d199d | 265 | EFI_STATUS\r |
2d3fb919 | 266 | AppendSignatureList (\r |
267 | IN OUT VOID *Data,\r | |
268 | IN UINTN DataSize,\r | |
732d199d | 269 | IN UINTN FreeBufSize,\r |
2d3fb919 | 270 | IN VOID *NewData,\r |
732d199d | 271 | IN UINTN NewDataSize,\r |
272 | OUT UINTN *MergedBufSize\r | |
2d3fb919 | 273 | );\r |
274 | \r | |
0c18794e | 275 | /**\r |
276 | Compare two EFI_TIME data.\r | |
277 | \r | |
278 | \r | |
279 | @param FirstTime A pointer to the first EFI_TIME data.\r | |
280 | @param SecondTime A pointer to the second EFI_TIME data.\r | |
281 | \r | |
282 | @retval TRUE The FirstTime is not later than the SecondTime.\r | |
283 | @retval FALSE The FirstTime is later than the SecondTime.\r | |
284 | \r | |
285 | **/\r | |
286 | BOOLEAN\r | |
287 | CompareTimeStamp (\r | |
288 | IN EFI_TIME *FirstTime,\r | |
289 | IN EFI_TIME *SecondTime\r | |
290 | );\r | |
291 | \r | |
292 | \r | |
293 | /**\r | |
294 | Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r | |
295 | \r | |
dc204d5a JY |
296 | Caution: This function may receive untrusted input.\r |
297 | This function may be invoked in SMM mode, and datasize and data are external input.\r | |
298 | This function will do basic validation, before parse the data.\r | |
299 | This function will parse the authentication carefully to avoid security issues, like\r | |
300 | buffer overflow, integer overflow.\r | |
301 | \r | |
0c18794e | 302 | @param[in] VariableName Name of Variable to be found.\r |
303 | @param[in] VendorGuid Variable vendor GUID.\r | |
304 | @param[in] Data Data pointer.\r | |
305 | @param[in] DataSize Size of Data found. If size is less than the\r | |
306 | data, this value contains the required size.\r | |
307 | @param[in] Variable The variable information which is used to keep track of variable usage.\r | |
308 | @param[in] Attributes Attribute value of the variable.\r | |
ed47ae02 | 309 | @param[in] AuthVarType Verify against PK or KEK database or private database.\r |
0c18794e | 310 | @param[out] VarDel Delete the variable or not.\r |
311 | \r | |
312 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r | |
2d3fb919 | 313 | @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r |
314 | check carried out by the firmware.\r | |
0c18794e | 315 | @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack\r |
316 | of resources.\r | |
317 | @retval EFI_SUCCESS Variable pass validation successfully.\r | |
318 | \r | |
319 | **/\r | |
320 | EFI_STATUS\r | |
321 | VerifyTimeBasedPayload (\r | |
322 | IN CHAR16 *VariableName,\r | |
323 | IN EFI_GUID *VendorGuid,\r | |
324 | IN VOID *Data,\r | |
325 | IN UINTN DataSize,\r | |
326 | IN VARIABLE_POINTER_TRACK *Variable,\r | |
327 | IN UINT32 Attributes,\r | |
ed47ae02 | 328 | IN AUTHVAR_TYPE AuthVarType,\r |
0c18794e | 329 | OUT BOOLEAN *VarDel\r |
330 | );\r | |
331 | \r | |
4ccef561 DG |
332 | extern UINT8 *mPubKeyStore;\r |
333 | extern UINT8 *mCertDbStore;\r | |
0c18794e | 334 | extern UINT32 mPubKeyNumber;\r |
335 | extern VOID *mHashCtx;\r | |
2d3fb919 | 336 | extern UINT8 *mSerializationRuntimeBuffer;\r |
337 | \r | |
0c18794e | 338 | #endif\r |