-/** @file
- The Smart Card Edge Protocol provides an abstraction for device to provide Smart
- Card support.
-
- This protocol allows UEFI applications to interface with a Smart Card during
- boot process for authentication or data signing/decryption, especially if the
- application has to make use of PKI.
-
- Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __SMART_CARD_EDGE_H__
-#define __SMART_CARD_EDGE_H__
-
-#define EFI_SMART_CARD_EDGE_PROTOCOL_GUID \
- { \
- 0xd317f29b, 0xa325, 0x4712, {0x9b, 0xf1, 0xc6, 0x19, 0x54, 0xdc, 0x19, 0x8c} \
- }
-
-typedef struct _EFI_SMART_CARD_EDGE_PROTOCOL EFI_SMART_CARD_EDGE_PROTOCOL;
-
-//
-// Maximum size for a Smart Card AID (Application IDentifier)
-//
-#define SCARD_AID_MAXSIZE 0x0010
-//
-// Size of CSN (Card Serial Number)
-//
-#define SCARD_CSN_SIZE 0x0010
-//
-// Current specification version 1.00
-//
-#define SMART_CARD_EDGE_PROTOCOL_VERSION_1 0x00000100
-//
-// Parameters type definition
-//
-typedef UINT8 SMART_CARD_AID[SCARD_AID_MAXSIZE];
-typedef UINT8 SMART_CARD_CSN[SCARD_CSN_SIZE];
-
-//
-// Type of data elements in credentials list
-//
-// value of tag field for header, the number of containers
-//
-#define SC_EDGE_TAG_HEADER 0x0000
-//
-// value of tag field for certificate
-//
-#define SC_EDGE_TAG_CERT 0x0001
-//
-// value of tag field for key index associated with certificate
-//
-#define SC_EDGE_TAG_KEY_ID 0x0002
-//
-// value of tag field for key type
-//
-#define SC_EDGE_TAG_KEY_TYPE 0x0003
-//
-// value of tag field for key size
-//
-#define SC_EDGE_TAG_KEY_SIZE 0x0004
-
-//
-// Length of L fields of TLV items
-//
-//
-// size of L field for header
-//
-#define SC_EDGE_L_SIZE_HEADER 1
-//
-// size of L field for certificate (big endian)
-//
-#define SC_EDGE_L_SIZE_CERT 2
-//
-// size of L field for key index
-//
-#define SC_EDGE_L_SIZE_KEY_ID 1
-//
-// size of L field for key type
-//
-#define SC_EDGE_L_SIZE_KEY_TYPE 1
-//
-// size of L field for key size (big endian)
-//
-#define SC_EDGE_L_SIZE_KEY_SIZE 2
-
-//
-// Some TLV items have a fixed value for L field
-//
-// value of L field for header
-//
-#define SC_EDGE_L_VALUE_HEADER 1
-//
-// value of L field for key index
-//
-#define SC_EDGE_L_VALUE_KEY_ID 1
-//
-// value of L field for key type
-//
-#define SC_EDGE_L_VALUE_KEY_TYPE 1
-//
-// value of L field for key size
-//
-#define SC_EDGE_L_VALUE_KEY_SIZE 2
-
-//
-// Possible values for key type
-//
-//
-// RSA decryption
-//
-#define SC_EDGE_RSA_EXCHANGE 0x01
-//
-// RSA signature
-//
-#define SC_EDGE_RSA_SIGNATURE 0x02
-//
-// ECDSA signature
-//
-#define SC_EDGE_ECDSA_256 0x03
-//
-// ECDSA signature
-//
-#define SC_EDGE_ECDSA_384 0x04
-//
-// ECDSA signature
-//
-#define SC_EDGE_ECDSA_521 0x05
-//
-// ECDH agreement
-//
-#define SC_EDGE_ECDH_256 0x06
-//
-// ECDH agreement
-//
-#define SC_EDGE_ECDH_384 0x07
-//
-// ECDH agreement
-//
-#define SC_EDGE_ECDH_521 0x08
-
-//
-// Padding methods GUIDs for signature
-//
-//
-// RSASSA- PKCS#1-V1.5 padding method, for signature
-//
-#define EFI_PADDING_RSASSA_PKCS1V1P5_GUID \
- { \
- 0x9317ec24, 0x7cb0, 0x4d0e, {0x8b, 0x32, 0x2e, 0xd9, 0x20, 0x9c, 0xd8, 0xaf} \
- }
-//
-// RSASSA-PSS padding method, for signature
-//
-#define EFI_PADDING_RSASSA_PSS_GUID \
- { \
- 0x7b2349e0, 0x522d, 0x4f8e, {0xb9, 0x27, 0x69, 0xd9, 0x7c, 0x9e, 0x79, 0x5f} \
- }
-
-//
-// Padding methods GUIDs for decryption
-//
-//
-// No padding, for decryption
-//
-#define EFI_PADDING_NONE_GUID \
- { \
- 0x3629ddb1, 0x228c, 0x452e, {0xb6, 0x16, 0x09, 0xed, 0x31, 0x6a, 0x97, 0x00} \
- }
-//
-// RSAES-PKCS#1-V1.5 padding, for decryption
-//
-#define EFI_PADDING_RSAES_PKCS1V1P5_GUID \
- { \
- 0xe1c1d0a9, 0x40b1, 0x4632, {0xbd, 0xcc, 0xd9, 0xd6, 0xe5, 0x29, 0x56, 0x31} \
- }
-//
-// RSAES-OAEP padding, for decryption
-//
-#define EFI_PADDING_RSAES_OAEP_GUID \
- { \
- 0xc1e63ac4, 0xd0cf, 0x4ce6, {0x83, 0x5b, 0xee, 0xd0, 0xe6, 0xa8, 0xa4, 0x5b} \
- }
-
-/**
- This function retrieves the context driver.
-
- The GetContextfunction returns the context of the protocol, the application
- identifiers supported by the protocol and the number and the CSN unique identifier
- of Smart Cards that are present and supported by protocol.
-
- If AidTableSize, AidTable, CsnTableSize, CsnTable or VersionProtocol is NULL,
- the function does not fail but does not fill in such variables.
-
- In case AidTableSize indicates a buffer too small to hold all the protocol AID table,
- only the first AidTableSize items of the table are returned in AidTable.
-
- In case CsnTableSize indicates a buffer too small to hold the entire table of
- Smart Card CSN present, only the first CsnTableSize items of the table are returned
- in CsnTable.
-
- VersionScEdgeProtocol returns the version of the EFI_SMART_CARD_EDGE_PROTOCOL this
- driver uses. For this protocol specification value is SMART_CARD_EDGE_PROTOCOL_VERSION_1.
-
- In case of Smart Card removal the internal CSN list is immediately updated, even if
- a connection is opened with that Smart Card.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[out] NumberAidSupported Number of AIDs this protocol supports.
- @param[in, out] AidTableSize On input, number of items allocated for the
- AID table. On output, number of items returned
- by protocol.
- @param[out] AidTable Table of the AIDs supported by the protocol.
- @param[out] NumberSCPresent Number of currently present Smart Cards that
- are supported by protocol.
- @param[in, out] CsnTableSize On input, the number of items the buffer CSN
- table can contain. On output, the number of
- items returned by the protocol.
- @param[out] CsnTable Table of the CSN of the Smart Card present and
- supported by protocol.
- @param[out] VersionScEdgeProtocol EFI_SMART_CARD_EDGE_PROTOCOL version.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER NumberSCPresent is NULL.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_CONTEXT) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- OUT UINTN *NumberAidSupported,
- IN OUT UINTN *AidTableSize OPTIONAL,
- OUT SMART_CARD_AID *AidTable OPTIONAL,
- OUT UINTN *NumberSCPresent,
- IN OUT UINTN *CsnTableSize OPTIONAL,
- OUT SMART_CARD_CSN *CsnTable OPTIONAL,
- OUT UINT32 *VersionScEdgeProtocol OPTIONAL
- );
-
-/**
- This function establish a connection with a Smart Card the protocol support.
-
- In case of success the SCardHandle can be used.
-
- If the ScardCsn is NULL the connection is established with the first Smart Card
- the protocol finds in its table of Smart Card present and supported. Else it
- establish context with the Smart Card whose CSN given by ScardCsn.
-
- If ScardAid is not NULL the function returns the Smart Card AID the protocol supports.
- After a successful connect the SCardHandle will remain existing even in case Smart Card
- removed from Smart Card reader, but all function invoking this SCardHandle will fail.
- SCardHandle is released only on Disconnect.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[out] SCardHandle Handle on Smart Card connection.
- @param[in] ScardCsn CSN of the Smart Card the connection has to be
- established.
- @param[out] ScardAid AID of the Smart Card the connection has been
- established.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER SCardHandle is NULL.
- @retval EFI_NO_MEDIA No Smart Card supported by protocol is present,
- Smart Card with CSN ScardCsn or Reader has been
- removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_CONNECT) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- OUT EFI_HANDLE *SCardHandle,
- IN UINT8 *ScardCsn OPTIONAL,
- OUT UINT8 *ScardAid OPTIONAL
- );
-
-/**
- This function releases a connection previously established by Connect.
-
- The Disconnect function releases the connection previously established by
- a Connect. In case the Smart Card or the Smart Card reader has been removed
- before this call, this function returns EFI_SUCCESS.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection to release.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_DISCONNECT) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle
- );
-
-/**
- This function returns the Smart Card serial number.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[out] Csn The Card Serial number, 16 bytes array.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_CSN) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- OUT UINT8 Csn[SCARD_CSN_SIZE]
- );
-
-/**
- This function returns the name of the Smart Card reader used for this connection.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in, out] ReaderNameLength On input, a pointer to the variable that holds
- the maximal size, in bytes, of ReaderName.
- On output, the required size, in bytes, for ReaderName.
- @param[out] ReaderName A pointer to a NULL terminated string that will
- contain the reader name.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER ReaderNameLength is NULL.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_READER_NAME) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN OUT UINTN *ReaderNameLength,
- OUT CHAR16 *ReaderName OPTIONAL
- );
-
-/**
- This function authenticates a Smart Card user by presenting a PIN code.
-
- The VerifyPinfunction presents a PIN code to the Smart Card.
-
- If Smart Card found the PIN code correct the user is considered authenticated
- to current application, and the function returns TRUE.
-
- Negative or null PinSize value rejected if PinCodeis not NULL.
-
- A NULL PinCodebuffer means the application didn't know the PIN, in that case:
- - If PinSize value is negative the caller only wants to know if the current
- chain of the elements Smart Card Edge protocol, Smart Card Reader protocol
- and Smart Card Reader supports the Secure Pin Entry PCSC V2 functionality.
- - If PinSize value is positive or null the caller ask to perform the verify
- PIN using the Secure PIN Entry functionality.
-
- In PinCode buffer, the PIN value is always given in plaintext, in case of secure
- messaging the SMART_CARD_EDGE_PROTOCOL will be in charge of all intermediate
- treatments to build the correct Smart Card APDU.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] PinSize PIN code buffer size.
- @param[in] PinCode PIN code to present to the Smart Card.
- @param[out] PinResult Result of PIN code presentation to the Smart Card.
- TRUE when Smard Card founds the PIN code correct.
- @param[out] RemainingAttempts Number of attempts still possible.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_UNSUPPORTED Pinsize < 0 and Secure PIN Entry functionality not
- supported.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER Bad value for PinSize: value not supported by Smart
- Card or, negative with PinCode not null.
- @retval EFI_INVALID_PARAMETER PinResult is NULL.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_VERIFY_PIN) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN INT32 PinSize,
- IN UINT8 *PinCode,
- OUT BOOLEAN *PinResult,
- OUT UINT32 *RemainingAttempts OPTIONAL
- );
-
-/**
- This function gives the remaining number of attempts for PIN code presentation.
-
- The number of attempts to present a correct PIN is limited and depends on Smart
- Card and on PIN.
-
- This function will retrieve the number of remaining possible attempts.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[out] RemainingAttempts Number of attempts still possible.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER RemainingAttempts is NULL.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_PIN_REMAINING) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- OUT UINT32 *RemainingAttempts
- );
-
-/**
- This function returns a specific data from Smart Card.
-
- The function is generic for any kind of data, but driver and application must
- share an EFI_GUID that identify the data.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] DataId The type identifier of the data to get.
- @param[in, out] DataSize On input, in bytes, the size of Data. On output,
- in bytes, the size of buffer required to store
- the specified data.
- @param[out] Data The data buffer in which the data is returned.
- The type of the data buffer is associated with
- the DataId. Ignored if *DataSize is 0.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER DataId is NULL.
- @retval EFI_INVALID_PARAMETER DataSize is NULL.
- @retval EFI_INVALID_PARAMETER Data is NULL, and *DataSize is not zero.
- @retval EFI_NOT_FOUND DataId unknown for this driver.
- @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the specified
- data and the required size is returned in DataSize.
- @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
- PIN not verified.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_DATA) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN EFI_GUID *DataId,
- IN OUT UINTN *DataSize,
- OUT VOID *Data OPTIONAL
- );
-
-/**
- This function retrieve credentials store into the Smart Card.
-
- The function returns a series of items in TLV (Tag Length Value) format.
-
- First TLV item is the header item that gives the number of following
- containers (0x00, 0x01, Nb containers).
-
- All these containers are a series of 4 TLV items:
- - The certificate item (0x01, certificate size, certificate)
- - The Key identifier item (0x02, 0x01, key index)
- - The key type item (0x03, 0x01, key type)
- - The key size item (0x04, 0x02, key size), key size in number of bits.
- Numeric multi-bytes values are on big endian format, most significant byte first:
- - The L field value for certificate (2 bytes)
- - The L field value for key size (2 bytes)
- - The value field for key size (2 bytes)
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in, out] CredentialSize On input, in bytes, the size of buffer to store
- the list of credential.
- On output, in bytes, the size of buffer required
- to store the entire list of credentials.
-
- @param[out] CredentialList List of credentials stored into the Smart Card.
- A list of TLV (Tag Length Value) elements organized
- in containers array.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER CredentialSize is NULL.
- @retval EFI_INVALID_PARAMETER CredentialList is NULL, if CredentialSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL The size of CredentialList is too small for the
- specified data and the required size is returned in
- CredentialSize.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_CREDENTIAL) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN OUT UINTN *CredentialSize,
- OUT UINT8 *CredentialList OPTIONAL
- );
-
-/**
- This function signs an already hashed data with a Smart Card private key.
-
- This function signs data, actually it is the hash of these data that is given
- to the function.
-
- SignatureData buffer shall be big enough for signature. Signature size is
- function key size and key type.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] KeyId Identifier of the key container, retrieved
- in a key index item of credentials.
- @param[in] KeyType The key type, retrieved in a key type item of
- credentials.
-
- @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
- - EFI_HASH_ALGORITHM_SHA1_GUID
- - EFI_HASH_ALGORITHM_SHA256_GUID
- - EFI_HASH_ALGORITHM_SHA384_GUID
- - EFI_HASH_ALGORITHM_SHA512_GUID
- @param[in] PaddingMethod Padding method used jointly with hash algorithm,
- one of:
- - EFI_PADDING_RSASSA_PKCS1V1P5_GUID
- - EFI_PADDING_RSASSA_PSS_GUID
- @param[in] HashedData Hash of the data to sign. Size is function of the
- HashAlgorithm.
-
- @param[out] SignatureData Resulting signature with private key KeyId. Size
- is function of the KeyType and key size retrieved
- in the associated key size item of credentials.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER KeyId is not valid.
- @retval EFI_INVALID_PARAMETER KeyType is not valid or not corresponding to KeyId.
- @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
- @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
- @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
- @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
- @retval EFI_INVALID_PARAMETER HashedData is NULL.
- @retval EFI_INVALID_PARAMETER SignatureData is NULL.
- @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
- PIN not verified.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_SIGN_DATA) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN UINTN KeyId,
- IN UINTN KeyType,
- IN EFI_GUID *HashAlgorithm,
- IN EFI_GUID *PaddingMethod,
- IN UINT8 *HashedData,
- OUT UINT8 *SignatureData
- );
-
-/**
- This function decrypts data with a PKI/RSA Smart Card private key.
-
- The function decrypts some PKI/RSA encrypted data with private key securely
- stored into the Smart Card.
-
- The KeyId must reference a key of type SC_EDGE_RSA_EXCHANGE.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] KeyId Identifier of the key container, retrieved
- in a key index item of credentials.
- @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
- - EFI_HASH_ALGORITHM_SHA1_GUID
- - EFI_HASH_ALGORITHM_SHA256_GUID
- - EFI_HASH_ALGORITHM_SHA384_GUID
- - EFI_HASH_ALGORITHM_SHA512_GUID
- @param[in] PaddingMethod Padding method used jointly with hash algorithm,
- one of:
- - EFI_PADDING_NONE_GUID
- - EFI_PADDING_RSAES_PKCS1V1P5_GUID
- - EFI_PADDING_RSAES_OAEP_GUID
- @param[in] EncryptedSize Size of data to decrypt.
- @param[in] EncryptedData Data to decrypt
- @param[in, out] PlaintextSize On input, in bytes, the size of buffer to store
- the decrypted data.
- On output, in bytes, the size of buffer required
- to store the decrypted data.
- @param[out] PlaintextData Buffer for decrypted data, padding removed.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER KeyId is not valid or associated key not of type
- SC_EDGE_RSA_EXCHANGE.
- @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
- @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
- @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
- @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
- @retval EFI_INVALID_PARAMETER EncryptedSize is 0.
- @retval EFI_INVALID_PARAMETER EncryptedData is NULL.
- @retval EFI_INVALID_PARAMETER PlaintextSize is NULL.
- @retval EFI_INVALID_PARAMETER PlaintextData is NULL.
- @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
- PIN not verified.
- @retval EFI_BUFFER_TOO_SMALL PlaintextSize is too small for the plaintext data
- and the required size is returned in PlaintextSize.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_DECRYPT_DATA) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN UINTN KeyId,
- IN EFI_GUID *HashAlgorithm,
- IN EFI_GUID *PaddingMethod,
- IN UINTN EncryptedSize,
- IN UINT8 *EncryptedData,
- IN OUT UINTN *PlaintextSize,
- OUT UINT8 *PlaintextData
- );
-
-/**
- This function performs a secret Diffie Hellman agreement calculation that would
- be used to derive a symmetric encryption / decryption key.
-
- The function compute a DH agreement that should be diversified togenerate a symmetric
- key to proceed encryption or decryption.
-
- The application and the Smart Card shall agree on the diversification process.
-
- The KeyId must reference a key of one of the types: SC_EDGE_ECDH_256, SC_EDGE_ECDH_384
- or SC_EDGE_ECDH_521.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] KeyId Identifier of the key container, retrieved
- in a key index item of credentials.
- @param[in] dataQx Public key x coordinate. Size is the same as
- key size for KeyId. Stored in big endian format.
- @param[in] dataQy Public key y coordinate. Size is the same as
- key size for KeyId. Stored in big endian format.
- @param[out] DHAgreement Buffer for DH agreement computed. Size must be
- bigger or equal to key size for KeyId.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER KeyId is not valid.
- @retval EFI_INVALID_PARAMETER dataQx is NULL.
- @retval EFI_INVALID_PARAMETER dataQy is NULL.
- @retval EFI_INVALID_PARAMETER DHAgreement is NULL.
- @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
- PIN not verified.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN UINTN KeyId,
- IN UINT8 *dataQx,
- IN UINT8 *dataQy,
- OUT UINT8 *DHAgreement
- );
-
-///
-/// Smart card aware application invokes this protocol to get access to an inserted
-/// smart card in the reader or to the reader itself.
-///
-struct _EFI_SMART_CARD_EDGE_PROTOCOL {
- EFI_SMART_CARD_EDGE_GET_CONTEXT GetContext;
- EFI_SMART_CARD_EDGE_CONNECT Connect;
- EFI_SMART_CARD_EDGE_DISCONNECT Disconnect;
- EFI_SMART_CARD_EDGE_GET_CSN GetCsn;
- EFI_SMART_CARD_EDGE_GET_READER_NAME GetReaderName;
- EFI_SMART_CARD_EDGE_VERIFY_PIN VerifyPin;
- EFI_SMART_CARD_EDGE_GET_PIN_REMAINING GetPinRemaining;
- EFI_SMART_CARD_EDGE_GET_DATA GetData;
- EFI_SMART_CARD_EDGE_GET_CREDENTIAL GetCredential;
- EFI_SMART_CARD_EDGE_SIGN_DATA SignData;
- EFI_SMART_CARD_EDGE_DECRYPT_DATA DecryptData;
- EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT BuildDHAgreement;
-};
-
-extern EFI_GUID gEfiSmartCardEdgeProtocolGuid;
-
-#endif
-
+/** @file\r
+ The Smart Card Edge Protocol provides an abstraction for device to provide Smart\r
+ Card support.\r
+\r
+ This protocol allows UEFI applications to interface with a Smart Card during\r
+ boot process for authentication or data signing/decryption, especially if the\r
+ application has to make use of PKI.\r
+\r
+ Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __SMART_CARD_EDGE_H__\r
+#define __SMART_CARD_EDGE_H__\r
+\r
+#define EFI_SMART_CARD_EDGE_PROTOCOL_GUID \\r
+ { \\r
+ 0xd317f29b, 0xa325, 0x4712, {0x9b, 0xf1, 0xc6, 0x19, 0x54, 0xdc, 0x19, 0x8c} \\r
+ }\r
+\r
+typedef struct _EFI_SMART_CARD_EDGE_PROTOCOL EFI_SMART_CARD_EDGE_PROTOCOL;\r
+\r
+//\r
+// Maximum size for a Smart Card AID (Application IDentifier)\r
+//\r
+#define SCARD_AID_MAXSIZE 0x0010\r
+//\r
+// Size of CSN (Card Serial Number)\r
+//\r
+#define SCARD_CSN_SIZE 0x0010\r
+//\r
+// Current specification version 1.00\r
+//\r
+#define SMART_CARD_EDGE_PROTOCOL_VERSION_1 0x00000100\r
+//\r
+// Parameters type definition\r
+//\r
+typedef UINT8 SMART_CARD_AID[SCARD_AID_MAXSIZE];\r
+typedef UINT8 SMART_CARD_CSN[SCARD_CSN_SIZE];\r
+\r
+//\r
+// Type of data elements in credentials list\r
+//\r
+// value of tag field for header, the number of containers\r
+//\r
+#define SC_EDGE_TAG_HEADER 0x0000\r
+//\r
+// value of tag field for certificate\r
+//\r
+#define SC_EDGE_TAG_CERT 0x0001\r
+//\r
+// value of tag field for key index associated with certificate\r
+//\r
+#define SC_EDGE_TAG_KEY_ID 0x0002\r
+//\r
+// value of tag field for key type\r
+//\r
+#define SC_EDGE_TAG_KEY_TYPE 0x0003\r
+//\r
+// value of tag field for key size\r
+//\r
+#define SC_EDGE_TAG_KEY_SIZE 0x0004\r
+\r
+//\r
+// Length of L fields of TLV items\r
+//\r
+//\r
+// size of L field for header\r
+//\r
+#define SC_EDGE_L_SIZE_HEADER 1\r
+//\r
+// size of L field for certificate (big endian)\r
+//\r
+#define SC_EDGE_L_SIZE_CERT 2\r
+//\r
+// size of L field for key index\r
+//\r
+#define SC_EDGE_L_SIZE_KEY_ID 1\r
+//\r
+// size of L field for key type\r
+//\r
+#define SC_EDGE_L_SIZE_KEY_TYPE 1\r
+//\r
+// size of L field for key size (big endian)\r
+//\r
+#define SC_EDGE_L_SIZE_KEY_SIZE 2\r
+\r
+//\r
+// Some TLV items have a fixed value for L field\r
+//\r
+// value of L field for header\r
+//\r
+#define SC_EDGE_L_VALUE_HEADER 1\r
+//\r
+// value of L field for key index\r
+//\r
+#define SC_EDGE_L_VALUE_KEY_ID 1\r
+//\r
+// value of L field for key type\r
+//\r
+#define SC_EDGE_L_VALUE_KEY_TYPE 1\r
+//\r
+// value of L field for key size\r
+//\r
+#define SC_EDGE_L_VALUE_KEY_SIZE 2\r
+\r
+//\r
+// Possible values for key type\r
+//\r
+//\r
+// RSA decryption\r
+//\r
+#define SC_EDGE_RSA_EXCHANGE 0x01\r
+//\r
+// RSA signature\r
+//\r
+#define SC_EDGE_RSA_SIGNATURE 0x02\r
+//\r
+// ECDSA signature\r
+//\r
+#define SC_EDGE_ECDSA_256 0x03\r
+//\r
+// ECDSA signature\r
+//\r
+#define SC_EDGE_ECDSA_384 0x04\r
+//\r
+// ECDSA signature\r
+//\r
+#define SC_EDGE_ECDSA_521 0x05\r
+//\r
+// ECDH agreement\r
+//\r
+#define SC_EDGE_ECDH_256 0x06\r
+//\r
+// ECDH agreement\r
+//\r
+#define SC_EDGE_ECDH_384 0x07\r
+//\r
+// ECDH agreement\r
+//\r
+#define SC_EDGE_ECDH_521 0x08\r
+\r
+//\r
+// Padding methods GUIDs for signature\r
+//\r
+//\r
+// RSASSA- PKCS#1-V1.5 padding method, for signature\r
+//\r
+#define EFI_PADDING_RSASSA_PKCS1V1P5_GUID \\r
+ { \\r
+ 0x9317ec24, 0x7cb0, 0x4d0e, {0x8b, 0x32, 0x2e, 0xd9, 0x20, 0x9c, 0xd8, 0xaf} \\r
+ }\r
+\r
+extern EFI_GUID gEfiPaddingRsassaPkcs1V1P5Guid;\r
+\r
+//\r
+// RSASSA-PSS padding method, for signature\r
+//\r
+#define EFI_PADDING_RSASSA_PSS_GUID \\r
+ { \\r
+ 0x7b2349e0, 0x522d, 0x4f8e, {0xb9, 0x27, 0x69, 0xd9, 0x7c, 0x9e, 0x79, 0x5f} \\r
+ }\r
+\r
+extern EFI_GUID gEfiPaddingRsassaPssGuid;\r
+\r
+//\r
+// Padding methods GUIDs for decryption\r
+//\r
+//\r
+// No padding, for decryption\r
+//\r
+#define EFI_PADDING_NONE_GUID \\r
+ { \\r
+ 0x3629ddb1, 0x228c, 0x452e, {0xb6, 0x16, 0x09, 0xed, 0x31, 0x6a, 0x97, 0x00} \\r
+ }\r
+\r
+extern EFI_GUID gEfiPaddingNoneGuid;\r
+\r
+//\r
+// RSAES-PKCS#1-V1.5 padding, for decryption\r
+//\r
+#define EFI_PADDING_RSAES_PKCS1V1P5_GUID \\r
+ { \\r
+ 0xe1c1d0a9, 0x40b1, 0x4632, {0xbd, 0xcc, 0xd9, 0xd6, 0xe5, 0x29, 0x56, 0x31} \\r
+ }\r
+\r
+extern EFI_GUID gEfiPaddingRsaesPkcs1V1P5Guid;\r
+\r
+//\r
+// RSAES-OAEP padding, for decryption\r
+//\r
+#define EFI_PADDING_RSAES_OAEP_GUID \\r
+ { \\r
+ 0xc1e63ac4, 0xd0cf, 0x4ce6, {0x83, 0x5b, 0xee, 0xd0, 0xe6, 0xa8, 0xa4, 0x5b} \\r
+ }\r
+\r
+extern EFI_GUID gEfiPaddingRsaesOaepGuid;\r
+\r
+/**\r
+ This function retrieves the context driver.\r
+\r
+ The GetContextfunction returns the context of the protocol, the application\r
+ identifiers supported by the protocol and the number and the CSN unique identifier\r
+ of Smart Cards that are present and supported by protocol.\r
+\r
+ If AidTableSize, AidTable, CsnTableSize, CsnTable or VersionProtocol is NULL,\r
+ the function does not fail but does not fill in such variables.\r
+\r
+ In case AidTableSize indicates a buffer too small to hold all the protocol AID table,\r
+ only the first AidTableSize items of the table are returned in AidTable.\r
+\r
+ In case CsnTableSize indicates a buffer too small to hold the entire table of\r
+ Smart Card CSN present, only the first CsnTableSize items of the table are returned\r
+ in CsnTable.\r
+\r
+ VersionScEdgeProtocol returns the version of the EFI_SMART_CARD_EDGE_PROTOCOL this\r
+ driver uses. For this protocol specification value is SMART_CARD_EDGE_PROTOCOL_VERSION_1.\r
+\r
+ In case of Smart Card removal the internal CSN list is immediately updated, even if\r
+ a connection is opened with that Smart Card.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[out] NumberAidSupported Number of AIDs this protocol supports.\r
+ @param[in, out] AidTableSize On input, number of items allocated for the\r
+ AID table. On output, number of items returned\r
+ by protocol.\r
+ @param[out] AidTable Table of the AIDs supported by the protocol.\r
+ @param[out] NumberSCPresent Number of currently present Smart Cards that\r
+ are supported by protocol.\r
+ @param[in, out] CsnTableSize On input, the number of items the buffer CSN\r
+ table can contain. On output, the number of\r
+ items returned by the protocol.\r
+ @param[out] CsnTable Table of the CSN of the Smart Card present and\r
+ supported by protocol.\r
+ @param[out] VersionScEdgeProtocol EFI_SMART_CARD_EDGE_PROTOCOL version.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER NumberSCPresent is NULL.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_CONTEXT) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ OUT UINTN *NumberAidSupported,\r
+ IN OUT UINTN *AidTableSize OPTIONAL,\r
+ OUT SMART_CARD_AID *AidTable OPTIONAL,\r
+ OUT UINTN *NumberSCPresent,\r
+ IN OUT UINTN *CsnTableSize OPTIONAL,\r
+ OUT SMART_CARD_CSN *CsnTable OPTIONAL,\r
+ OUT UINT32 *VersionScEdgeProtocol OPTIONAL\r
+ );\r
+\r
+/**\r
+ This function establish a connection with a Smart Card the protocol support.\r
+\r
+ In case of success the SCardHandle can be used.\r
+\r
+ If the ScardCsn is NULL the connection is established with the first Smart Card\r
+ the protocol finds in its table of Smart Card present and supported. Else it\r
+ establish context with the Smart Card whose CSN given by ScardCsn.\r
+\r
+ If ScardAid is not NULL the function returns the Smart Card AID the protocol supports.\r
+ After a successful connect the SCardHandle will remain existing even in case Smart Card\r
+ removed from Smart Card reader, but all function invoking this SCardHandle will fail.\r
+ SCardHandle is released only on Disconnect.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[out] SCardHandle Handle on Smart Card connection.\r
+ @param[in] ScardCsn CSN of the Smart Card the connection has to be\r
+ established.\r
+ @param[out] ScardAid AID of the Smart Card the connection has been\r
+ established.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER SCardHandle is NULL.\r
+ @retval EFI_NO_MEDIA No Smart Card supported by protocol is present,\r
+ Smart Card with CSN ScardCsn or Reader has been\r
+ removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_CONNECT) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ OUT EFI_HANDLE *SCardHandle,\r
+ IN UINT8 *ScardCsn OPTIONAL,\r
+ OUT UINT8 *ScardAid OPTIONAL\r
+ );\r
+\r
+/**\r
+ This function releases a connection previously established by Connect.\r
+\r
+ The Disconnect function releases the connection previously established by\r
+ a Connect. In case the Smart Card or the Smart Card reader has been removed\r
+ before this call, this function returns EFI_SUCCESS.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection to release.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_DISCONNECT) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle\r
+ );\r
+\r
+/**\r
+ This function returns the Smart Card serial number.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection.\r
+ @param[out] Csn The Card Serial number, 16 bytes array.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection\r
+ has been removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_CSN) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle,\r
+ OUT UINT8 Csn[SCARD_CSN_SIZE]\r
+ );\r
+\r
+/**\r
+ This function returns the name of the Smart Card reader used for this connection.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection.\r
+ @param[in, out] ReaderNameLength On input, a pointer to the variable that holds\r
+ the maximal size, in bytes, of ReaderName.\r
+ On output, the required size, in bytes, for ReaderName.\r
+ @param[out] ReaderName A pointer to a NULL terminated string that will\r
+ contain the reader name.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+ @retval EFI_INVALID_PARAMETER ReaderNameLength is NULL.\r
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection\r
+ has been removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_READER_NAME) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle,\r
+ IN OUT UINTN *ReaderNameLength,\r
+ OUT CHAR16 *ReaderName OPTIONAL\r
+ );\r
+\r
+/**\r
+ This function authenticates a Smart Card user by presenting a PIN code.\r
+\r
+ The VerifyPinfunction presents a PIN code to the Smart Card.\r
+\r
+ If Smart Card found the PIN code correct the user is considered authenticated\r
+ to current application, and the function returns TRUE.\r
+\r
+ Negative or null PinSize value rejected if PinCodeis not NULL.\r
+\r
+ A NULL PinCodebuffer means the application didn't know the PIN, in that case:\r
+ - If PinSize value is negative the caller only wants to know if the current\r
+ chain of the elements Smart Card Edge protocol, Smart Card Reader protocol\r
+ and Smart Card Reader supports the Secure Pin Entry PCSC V2 functionality.\r
+ - If PinSize value is positive or null the caller ask to perform the verify\r
+ PIN using the Secure PIN Entry functionality.\r
+\r
+ In PinCode buffer, the PIN value is always given in plaintext, in case of secure\r
+ messaging the SMART_CARD_EDGE_PROTOCOL will be in charge of all intermediate\r
+ treatments to build the correct Smart Card APDU.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection.\r
+ @param[in] PinSize PIN code buffer size.\r
+ @param[in] PinCode PIN code to present to the Smart Card.\r
+ @param[out] PinResult Result of PIN code presentation to the Smart Card.\r
+ TRUE when Smard Card founds the PIN code correct.\r
+ @param[out] RemainingAttempts Number of attempts still possible.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_UNSUPPORTED Pinsize < 0 and Secure PIN Entry functionality not\r
+ supported.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+ @retval EFI_INVALID_PARAMETER Bad value for PinSize: value not supported by Smart\r
+ Card or, negative with PinCode not null.\r
+ @retval EFI_INVALID_PARAMETER PinResult is NULL.\r
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection\r
+ has been removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_VERIFY_PIN) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle,\r
+ IN INT32 PinSize,\r
+ IN UINT8 *PinCode,\r
+ OUT BOOLEAN *PinResult,\r
+ OUT UINT32 *RemainingAttempts OPTIONAL\r
+ );\r
+\r
+/**\r
+ This function gives the remaining number of attempts for PIN code presentation.\r
+\r
+ The number of attempts to present a correct PIN is limited and depends on Smart\r
+ Card and on PIN.\r
+\r
+ This function will retrieve the number of remaining possible attempts.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection.\r
+ @param[out] RemainingAttempts Number of attempts still possible.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+ @retval EFI_INVALID_PARAMETER RemainingAttempts is NULL.\r
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection\r
+ has been removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_PIN_REMAINING) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle,\r
+ OUT UINT32 *RemainingAttempts\r
+ );\r
+\r
+/**\r
+ This function returns a specific data from Smart Card.\r
+\r
+ The function is generic for any kind of data, but driver and application must\r
+ share an EFI_GUID that identify the data.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection.\r
+ @param[in] DataId The type identifier of the data to get.\r
+ @param[in, out] DataSize On input, in bytes, the size of Data. On output,\r
+ in bytes, the size of buffer required to store\r
+ the specified data.\r
+ @param[out] Data The data buffer in which the data is returned.\r
+ The type of the data buffer is associated with\r
+ the DataId. Ignored if *DataSize is 0.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+ @retval EFI_INVALID_PARAMETER DataId is NULL.\r
+ @retval EFI_INVALID_PARAMETER DataSize is NULL.\r
+ @retval EFI_INVALID_PARAMETER Data is NULL, and *DataSize is not zero.\r
+ @retval EFI_NOT_FOUND DataId unknown for this driver.\r
+ @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the specified\r
+ data and the required size is returned in DataSize.\r
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.\r
+ PIN not verified.\r
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection\r
+ has been removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_DATA) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle,\r
+ IN EFI_GUID *DataId,\r
+ IN OUT UINTN *DataSize,\r
+ OUT VOID *Data OPTIONAL\r
+ );\r
+\r
+/**\r
+ This function retrieve credentials store into the Smart Card.\r
+\r
+ The function returns a series of items in TLV (Tag Length Value) format.\r
+\r
+ First TLV item is the header item that gives the number of following\r
+ containers (0x00, 0x01, Nb containers).\r
+\r
+ All these containers are a series of 4 TLV items:\r
+ - The certificate item (0x01, certificate size, certificate)\r
+ - The Key identifier item (0x02, 0x01, key index)\r
+ - The key type item (0x03, 0x01, key type)\r
+ - The key size item (0x04, 0x02, key size), key size in number of bits.\r
+ Numeric multi-bytes values are on big endian format, most significant byte first:\r
+ - The L field value for certificate (2 bytes)\r
+ - The L field value for key size (2 bytes)\r
+ - The value field for key size (2 bytes)\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection.\r
+ @param[in, out] CredentialSize On input, in bytes, the size of buffer to store\r
+ the list of credential.\r
+ On output, in bytes, the size of buffer required\r
+ to store the entire list of credentials.\r
+\r
+ @param[out] CredentialList List of credentials stored into the Smart Card.\r
+ A list of TLV (Tag Length Value) elements organized\r
+ in containers array.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+ @retval EFI_INVALID_PARAMETER CredentialSize is NULL.\r
+ @retval EFI_INVALID_PARAMETER CredentialList is NULL, if CredentialSize is not zero.\r
+ @retval EFI_BUFFER_TOO_SMALL The size of CredentialList is too small for the\r
+ specified data and the required size is returned in\r
+ CredentialSize.\r
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection\r
+ has been removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_CREDENTIAL) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle,\r
+ IN OUT UINTN *CredentialSize,\r
+ OUT UINT8 *CredentialList OPTIONAL\r
+ );\r
+\r
+/**\r
+ This function signs an already hashed data with a Smart Card private key.\r
+\r
+ This function signs data, actually it is the hash of these data that is given\r
+ to the function.\r
+\r
+ SignatureData buffer shall be big enough for signature. Signature size is\r
+ function key size and key type.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection.\r
+ @param[in] KeyId Identifier of the key container, retrieved\r
+ in a key index item of credentials.\r
+ @param[in] KeyType The key type, retrieved in a key type item of\r
+ credentials.\r
+\r
+ @param[in] HashAlgorithm Hash algorithm used to hash the, one of:\r
+ - EFI_HASH_ALGORITHM_SHA1_GUID\r
+ - EFI_HASH_ALGORITHM_SHA256_GUID\r
+ - EFI_HASH_ALGORITHM_SHA384_GUID\r
+ - EFI_HASH_ALGORITHM_SHA512_GUID\r
+ @param[in] PaddingMethod Padding method used jointly with hash algorithm,\r
+ one of:\r
+ - EFI_PADDING_RSASSA_PKCS1V1P5_GUID\r
+ - EFI_PADDING_RSASSA_PSS_GUID\r
+ @param[in] HashedData Hash of the data to sign. Size is function of the\r
+ HashAlgorithm.\r
+\r
+ @param[out] SignatureData Resulting signature with private key KeyId. Size\r
+ is function of the KeyType and key size retrieved\r
+ in the associated key size item of credentials.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+ @retval EFI_INVALID_PARAMETER KeyId is not valid.\r
+ @retval EFI_INVALID_PARAMETER KeyType is not valid or not corresponding to KeyId.\r
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.\r
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.\r
+ @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.\r
+ @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.\r
+ @retval EFI_INVALID_PARAMETER HashedData is NULL.\r
+ @retval EFI_INVALID_PARAMETER SignatureData is NULL.\r
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.\r
+ PIN not verified.\r
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection\r
+ has been removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_SIGN_DATA) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle,\r
+ IN UINTN KeyId,\r
+ IN UINTN KeyType,\r
+ IN EFI_GUID *HashAlgorithm,\r
+ IN EFI_GUID *PaddingMethod,\r
+ IN UINT8 *HashedData,\r
+ OUT UINT8 *SignatureData\r
+ );\r
+\r
+/**\r
+ This function decrypts data with a PKI/RSA Smart Card private key.\r
+\r
+ The function decrypts some PKI/RSA encrypted data with private key securely\r
+ stored into the Smart Card.\r
+\r
+ The KeyId must reference a key of type SC_EDGE_RSA_EXCHANGE.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection.\r
+ @param[in] KeyId Identifier of the key container, retrieved\r
+ in a key index item of credentials.\r
+ @param[in] HashAlgorithm Hash algorithm used to hash the, one of:\r
+ - EFI_HASH_ALGORITHM_SHA1_GUID\r
+ - EFI_HASH_ALGORITHM_SHA256_GUID\r
+ - EFI_HASH_ALGORITHM_SHA384_GUID\r
+ - EFI_HASH_ALGORITHM_SHA512_GUID\r
+ @param[in] PaddingMethod Padding method used jointly with hash algorithm,\r
+ one of:\r
+ - EFI_PADDING_NONE_GUID\r
+ - EFI_PADDING_RSAES_PKCS1V1P5_GUID\r
+ - EFI_PADDING_RSAES_OAEP_GUID\r
+ @param[in] EncryptedSize Size of data to decrypt.\r
+ @param[in] EncryptedData Data to decrypt\r
+ @param[in, out] PlaintextSize On input, in bytes, the size of buffer to store\r
+ the decrypted data.\r
+ On output, in bytes, the size of buffer required\r
+ to store the decrypted data.\r
+ @param[out] PlaintextData Buffer for decrypted data, padding removed.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+ @retval EFI_INVALID_PARAMETER KeyId is not valid or associated key not of type\r
+ SC_EDGE_RSA_EXCHANGE.\r
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.\r
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.\r
+ @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.\r
+ @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.\r
+ @retval EFI_INVALID_PARAMETER EncryptedSize is 0.\r
+ @retval EFI_INVALID_PARAMETER EncryptedData is NULL.\r
+ @retval EFI_INVALID_PARAMETER PlaintextSize is NULL.\r
+ @retval EFI_INVALID_PARAMETER PlaintextData is NULL.\r
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.\r
+ PIN not verified.\r
+ @retval EFI_BUFFER_TOO_SMALL PlaintextSize is too small for the plaintext data\r
+ and the required size is returned in PlaintextSize.\r
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection\r
+ has been removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_DECRYPT_DATA) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle,\r
+ IN UINTN KeyId,\r
+ IN EFI_GUID *HashAlgorithm,\r
+ IN EFI_GUID *PaddingMethod,\r
+ IN UINTN EncryptedSize,\r
+ IN UINT8 *EncryptedData,\r
+ IN OUT UINTN *PlaintextSize,\r
+ OUT UINT8 *PlaintextData\r
+ );\r
+\r
+/**\r
+ This function performs a secret Diffie Hellman agreement calculation that would\r
+ be used to derive a symmetric encryption / decryption key.\r
+\r
+ The function compute a DH agreement that should be diversified togenerate a symmetric\r
+ key to proceed encryption or decryption.\r
+\r
+ The application and the Smart Card shall agree on the diversification process.\r
+\r
+ The KeyId must reference a key of one of the types: SC_EDGE_ECDH_256, SC_EDGE_ECDH_384\r
+ or SC_EDGE_ECDH_521.\r
+\r
+ @param[in] This Indicates a pointer to the calling context.\r
+ @param[in] SCardHandle Handle on Smart Card connection.\r
+ @param[in] KeyId Identifier of the key container, retrieved\r
+ in a key index item of credentials.\r
+ @param[in] dataQx Public key x coordinate. Size is the same as\r
+ key size for KeyId. Stored in big endian format.\r
+ @param[in] dataQy Public key y coordinate. Size is the same as\r
+ key size for KeyId. Stored in big endian format.\r
+ @param[out] DHAgreement Buffer for DH agreement computed. Size must be\r
+ bigger or equal to key size for KeyId.\r
+\r
+ @retval EFI_SUCCESS The requested command completed successfully.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.\r
+ @retval EFI_INVALID_PARAMETER KeyId is not valid.\r
+ @retval EFI_INVALID_PARAMETER dataQx is NULL.\r
+ @retval EFI_INVALID_PARAMETER dataQy is NULL.\r
+ @retval EFI_INVALID_PARAMETER DHAgreement is NULL.\r
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.\r
+ PIN not verified.\r
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection\r
+ has been removed. A Disconnect should be performed.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT) (\r
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,\r
+ IN EFI_HANDLE SCardHandle,\r
+ IN UINTN KeyId,\r
+ IN UINT8 *dataQx,\r
+ IN UINT8 *dataQy,\r
+ OUT UINT8 *DHAgreement\r
+ );\r
+\r
+///\r
+/// Smart card aware application invokes this protocol to get access to an inserted\r
+/// smart card in the reader or to the reader itself.\r
+///\r
+struct _EFI_SMART_CARD_EDGE_PROTOCOL {\r
+ EFI_SMART_CARD_EDGE_GET_CONTEXT GetContext;\r
+ EFI_SMART_CARD_EDGE_CONNECT Connect;\r
+ EFI_SMART_CARD_EDGE_DISCONNECT Disconnect;\r
+ EFI_SMART_CARD_EDGE_GET_CSN GetCsn;\r
+ EFI_SMART_CARD_EDGE_GET_READER_NAME GetReaderName;\r
+ EFI_SMART_CARD_EDGE_VERIFY_PIN VerifyPin;\r
+ EFI_SMART_CARD_EDGE_GET_PIN_REMAINING GetPinRemaining;\r
+ EFI_SMART_CARD_EDGE_GET_DATA GetData;\r
+ EFI_SMART_CARD_EDGE_GET_CREDENTIAL GetCredential;\r
+ EFI_SMART_CARD_EDGE_SIGN_DATA SignData;\r
+ EFI_SMART_CARD_EDGE_DECRYPT_DATA DecryptData;\r
+ EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT BuildDHAgreement;\r
+};\r
+\r
+extern EFI_GUID gEfiSmartCardEdgeProtocolGuid;\r
+\r
+#endif\r
+\r