[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.h

/** @file\r
  The internal header file includes the common header files, defines\r
  internal structure and functions used by ImageVerificationLib.\r
\r
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#ifndef __IMAGEVERIFICATIONLIB_H__\r
#define __IMAGEVERIFICATIONLIB_H__\r
\r
#include <Library/UefiDriverEntryPoint.h>\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
#include <Library/UefiRuntimeServicesTableLib.h>\r
#include <Library/UefiLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/BaseCryptLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/DevicePathLib.h>\r
#include <Library/SecurityManagementLib.h>\r
#include <Library/PeCoffLib.h>\r
#include <Protocol/FirmwareVolume2.h>\r
#include <Protocol/DevicePath.h>\r
#include <Protocol/BlockIo.h>\r
#include <Protocol/SimpleFileSystem.h>\r
#include <Protocol/VariableWrite.h>\r
#include <Guid/ImageAuthentication.h>\r
#include <Guid/AuthenticatedVariableFormat.h>\r
#include <IndustryStandard/PeImage.h>\r
\r
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE  256\r
#define EFI_CERT_TYPE_RSA2048_SIZE         256\r
#define MAX_NOTIFY_STRING_LEN              64\r
#define TWO_BYTE_ENCODE                    0x82\r
\r
#define ALIGNMENT_SIZE  8\r
#define ALIGN_SIZE(a)  (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)\r
\r
//\r
// Image type definitions\r
//\r
#define IMAGE_UNKNOWN               0x00000000\r
#define IMAGE_FROM_FV               0x00000001\r
#define IMAGE_FROM_OPTION_ROM       0x00000002\r
#define IMAGE_FROM_REMOVABLE_MEDIA  0x00000003\r
#define IMAGE_FROM_FIXED_MEDIA      0x00000004\r
\r
//\r
// Authorization policy bit definition\r
//\r
#define ALWAYS_EXECUTE                       0x00000000\r
#define NEVER_EXECUTE                        0x00000001\r
#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION  0x00000002\r
#define DEFER_EXECUTE_ON_SECURITY_VIOLATION  0x00000003\r
#define DENY_EXECUTE_ON_SECURITY_VIOLATION   0x00000004\r
#define QUERY_USER_ON_SECURITY_VIOLATION     0x00000005\r
\r
//\r
// Support hash types\r
//\r
#define HASHALG_SHA1    0x00000000\r
#define HASHALG_SHA224  0x00000001\r
#define HASHALG_SHA256  0x00000002\r
#define HASHALG_SHA384  0x00000003\r
#define HASHALG_SHA512  0x00000004\r
#define HASHALG_MAX     0x00000005\r
\r
//\r
// Set max digest size as SHA512 Output (64 bytes) by far\r
//\r
#define MAX_DIGEST_SIZE  SHA512_DIGEST_SIZE\r
//\r
//\r
// PKCS7 Certificate definition\r
//\r
typedef struct {\r
  WIN_CERTIFICATE    Hdr;\r
  UINT8              CertData[1];\r
} WIN_CERTIFICATE_EFI_PKCS;\r
\r
/**\r
  Retrieves the size, in bytes, of the context buffer required for hash operations.\r
\r
  @return  The size, in bytes, of the context buffer required for hash operations.\r
\r
**/\r
typedef\r
UINTN\r
(EFIAPI *HASH_GET_CONTEXT_SIZE)(\r
  VOID\r
  );\r
\r
/**\r
  Initializes user-supplied memory pointed by HashContext as hash context for\r
  subsequent use.\r
\r
  If HashContext is NULL, then ASSERT().\r
\r
  @param[in, out]  HashContext  Pointer to  Context being initialized.\r
\r
  @retval TRUE   HASH context initialization succeeded.\r
  @retval FALSE  HASH context initialization failed.\r
\r
**/\r
typedef\r
BOOLEAN\r
(EFIAPI *HASH_INIT)(\r
  IN OUT  VOID  *HashContext\r
  );\r
\r
/**\r
  Performs digest on a data buffer of the specified length. This function can\r
  be called multiple times to compute the digest of long or discontinuous data streams.\r
\r
  If HashContext is NULL, then ASSERT().\r
\r
  @param[in, out]  HashContext  Pointer to the MD5 context.\r
  @param[in]       Data         Pointer to the buffer containing the data to be hashed.\r
  @param[in]       DataLength   Length of Data buffer in bytes.\r
\r
  @retval TRUE     HASH data digest succeeded.\r
  @retval FALSE    Invalid HASH context. After HashFinal function has been called, the\r
                   HASH context cannot be reused.\r
\r
**/\r
typedef\r
BOOLEAN\r
(EFIAPI *HASH_UPDATE)(\r
  IN OUT  VOID        *HashContext,\r
  IN      CONST VOID  *Data,\r
  IN      UINTN       DataLength\r
  );\r
\r
/**\r
  Completes hash computation and retrieves the digest value into the specified\r
  memory. After this function has been called, the context cannot be used again.\r
\r
  If HashContext is NULL, then ASSERT().\r
  If HashValue is NULL, then ASSERT().\r
\r
  @param[in, out]  HashContext  Pointer to the MD5 context\r
  @param[out]      HashValue    Pointer to a buffer that receives the HASH digest\r
                                value.\r
\r
  @retval TRUE   HASH digest computation succeeded.\r
  @retval FALSE  HASH digest computation failed.\r
\r
**/\r
typedef\r
BOOLEAN\r
(EFIAPI *HASH_FINAL)(\r
  IN OUT  VOID   *HashContext,\r
  OUT     UINT8  *HashValue\r
  );\r
\r
//\r
// Hash Algorithm Table\r
//\r
typedef struct {\r
  //\r
  // Name for Hash Algorithm\r
  //\r
  CHAR16                   *Name;\r
  //\r
  // Digest Length\r
  //\r
  UINTN                    DigestLength;\r
  //\r
  // Hash Algorithm OID ASN.1 Value\r
  //\r
  UINT8                    *OidValue;\r
  //\r
  // Length of Hash OID Value\r
  //\r
  UINTN                    OidLength;\r
  //\r
  // Pointer to Hash GetContentSize function\r
  //\r
  HASH_GET_CONTEXT_SIZE    GetContextSize;\r
  //\r
  // Pointer to Hash Init function\r
  //\r
  HASH_INIT                HashInit;\r
  //\r
  // Pointer to Hash Update function\r
  //\r
  HASH_UPDATE              HashUpdate;\r
  //\r
  // Pointer to Hash Final function\r
  //\r
  HASH_FINAL               HashFinal;\r
} HASH_TABLE;\r
\r
#endif\r
Commit	Line	Data
0c18794e	1	/** @file\r
	2	The internal header file includes the common header files, defines\r
	3	internal structure and functions used by ImageVerificationLib.\r
	4	\r
20333c6d	5	Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
289b714b	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
0c18794e	7	\r
	8	**/\r
	9	\r
	10	#ifndef __IMAGEVERIFICATIONLIB_H__\r
	11	#define __IMAGEVERIFICATIONLIB_H__\r
	12	\r
	13	#include <Library/UefiDriverEntryPoint.h>\r
	14	#include <Library/DebugLib.h>\r
	15	#include <Library/BaseMemoryLib.h>\r
	16	#include <Library/UefiBootServicesTableLib.h>\r
	17	#include <Library/UefiRuntimeServicesTableLib.h>\r
	18	#include <Library/UefiLib.h>\r
	19	#include <Library/BaseLib.h>\r
	20	#include <Library/MemoryAllocationLib.h>\r
	21	#include <Library/BaseCryptLib.h>\r
	22	#include <Library/PcdLib.h>\r
	23	#include <Library/DevicePathLib.h>\r
	24	#include <Library/SecurityManagementLib.h>\r
28186d45	25	#include <Library/PeCoffLib.h>\r
0c18794e	26	#include <Protocol/FirmwareVolume2.h>\r
	27	#include <Protocol/DevicePath.h>\r
	28	#include <Protocol/BlockIo.h>\r
	29	#include <Protocol/SimpleFileSystem.h>\r
	30	#include <Protocol/VariableWrite.h>\r
	31	#include <Guid/ImageAuthentication.h>\r
beda2356	32	#include <Guid/AuthenticatedVariableFormat.h>\r
0c18794e	33	#include <IndustryStandard/PeImage.h>\r
0c18794e	34	\r
c411b485 MK	35	#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r
	36	#define EFI_CERT_TYPE_RSA2048_SIZE 256\r
	37	#define MAX_NOTIFY_STRING_LEN 64\r
	38	#define TWO_BYTE_ENCODE 0x82\r
0c18794e	39	\r
c411b485 MK	40	#define ALIGNMENT_SIZE 8\r
c411b485 MK	41	#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)\r
6de4c35f	42	\r
0c18794e	43	//\r
	44	// Image type definitions\r
	45	//\r
c411b485 MK	46	#define IMAGE_UNKNOWN 0x00000000\r
	47	#define IMAGE_FROM_FV 0x00000001\r
	48	#define IMAGE_FROM_OPTION_ROM 0x00000002\r
	49	#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003\r
	50	#define IMAGE_FROM_FIXED_MEDIA 0x00000004\r
0c18794e	51	\r
	52	//\r
	53	// Authorization policy bit definition\r
	54	//\r
c411b485 MK	55	#define ALWAYS_EXECUTE 0x00000000\r
	56	#define NEVER_EXECUTE 0x00000001\r
	57	#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002\r
	58	#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r
	59	#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r
	60	#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005\r
0c18794e	61	\r
	62	//\r
	63	// Support hash types\r
	64	//\r
c411b485 MK	65	#define HASHALG_SHA1 0x00000000\r
	66	#define HASHALG_SHA224 0x00000001\r
	67	#define HASHALG_SHA256 0x00000002\r
	68	#define HASHALG_SHA384 0x00000003\r
	69	#define HASHALG_SHA512 0x00000004\r
	70	#define HASHALG_MAX 0x00000005\r
0c18794e	71	\r
0c18794e	72	//\r
20333c6d	73	// Set max digest size as SHA512 Output (64 bytes) by far\r
0c18794e	74	//\r
c411b485	75	#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE\r
0c18794e	76	//\r
	77	//\r
	78	// PKCS7 Certificate definition\r
	79	//\r
	80	typedef struct {\r
c411b485 MK	81	WIN_CERTIFICATE Hdr;\r
c411b485 MK	82	UINT8 CertData[1];\r
0c18794e	83	} WIN_CERTIFICATE_EFI_PKCS;\r
0c18794e	84	\r
0c18794e	85	/**\r
	86	Retrieves the size, in bytes, of the context buffer required for hash operations.\r
	87	\r
	88	@return The size, in bytes, of the context buffer required for hash operations.\r
	89	\r
	90	**/\r
	91	typedef\r
	92	UINTN\r
	93	(EFIAPI *HASH_GET_CONTEXT_SIZE)(\r
	94	VOID\r
	95	);\r
	96	\r
	97	/**\r
	98	Initializes user-supplied memory pointed by HashContext as hash context for\r
	99	subsequent use.\r
	100	\r
	101	If HashContext is NULL, then ASSERT().\r
	102	\r
	103	@param[in, out] HashContext Pointer to Context being initialized.\r
	104	\r
	105	@retval TRUE HASH context initialization succeeded.\r
	106	@retval FALSE HASH context initialization failed.\r
	107	\r
	108	**/\r
	109	typedef\r
	110	BOOLEAN\r
	111	(EFIAPI *HASH_INIT)(\r
	112	IN OUT VOID *HashContext\r
	113	);\r
	114	\r
0c18794e	115	/**\r
	116	Performs digest on a data buffer of the specified length. This function can\r
	117	be called multiple times to compute the digest of long or discontinuous data streams.\r
	118	\r
	119	If HashContext is NULL, then ASSERT().\r
	120	\r
	121	@param[in, out] HashContext Pointer to the MD5 context.\r
	122	@param[in] Data Pointer to the buffer containing the data to be hashed.\r
	123	@param[in] DataLength Length of Data buffer in bytes.\r
	124	\r
	125	@retval TRUE HASH data digest succeeded.\r
	126	@retval FALSE Invalid HASH context. After HashFinal function has been called, the\r
	127	HASH context cannot be reused.\r
	128	\r
	129	**/\r
	130	typedef\r
	131	BOOLEAN\r
	132	(EFIAPI *HASH_UPDATE)(\r
	133	IN OUT VOID *HashContext,\r
	134	IN CONST VOID *Data,\r
	135	IN UINTN DataLength\r
	136	);\r
	137	\r
	138	/**\r
	139	Completes hash computation and retrieves the digest value into the specified\r
	140	memory. After this function has been called, the context cannot be used again.\r
	141	\r
	142	If HashContext is NULL, then ASSERT().\r
	143	If HashValue is NULL, then ASSERT().\r
	144	\r
	145	@param[in, out] HashContext Pointer to the MD5 context\r
	146	@param[out] HashValue Pointer to a buffer that receives the HASH digest\r
	147	value.\r
	148	\r
	149	@retval TRUE HASH digest computation succeeded.\r
	150	@retval FALSE HASH digest computation failed.\r
	151	\r
	152	**/\r
	153	typedef\r
	154	BOOLEAN\r
	155	(EFIAPI *HASH_FINAL)(\r
	156	IN OUT VOID *HashContext,\r
	157	OUT UINT8 *HashValue\r
	158	);\r
	159	\r
0c18794e	160	//\r
	161	// Hash Algorithm Table\r
	162	//\r
	163	typedef struct {\r
	164	//\r
	165	// Name for Hash Algorithm\r
	166	//\r
	167	CHAR16 *Name;\r
	168	//\r
	169	// Digest Length\r
	170	//\r
	171	UINTN DigestLength;\r
	172	//\r
	173	// Hash Algorithm OID ASN.1 Value\r
	174	//\r
	175	UINT8 *OidValue;\r
	176	//\r
	177	// Length of Hash OID Value\r
	178	//\r
	179	UINTN OidLength;\r
	180	//\r
	181	// Pointer to Hash GetContentSize function\r
	182	//\r
	183	HASH_GET_CONTEXT_SIZE GetContextSize;\r
	184	//\r
	185	// Pointer to Hash Init function\r
	186	//\r
	187	HASH_INIT HashInit;\r
	188	//\r
	189	// Pointer to Hash Update function\r
	190	//\r
	191	HASH_UPDATE HashUpdate;\r
	192	//\r
	193	// Pointer to Hash Final function\r
	194	//\r
	195	HASH_FINAL HashFinal;\r
	196	} HASH_TABLE;\r
	197	\r
2e728930	198	#endif\r