Validate some fields in PE image to make sure not access violation for later code.
[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.h
CommitLineData
0c18794e 1/** @file\r
2 The internal header file includes the common header files, defines\r
3 internal structure and functions used by ImageVerificationLib.\r
4\r
bd0de396 5Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
0c18794e 6This program and the accompanying materials \r
7are licensed and made available under the terms and conditions of the BSD License \r
8which accompanies this distribution. The full text of the license may be found at \r
9http://opensource.org/licenses/bsd-license.php\r
10\r
11THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
12WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
14**/\r
15\r
16#ifndef __IMAGEVERIFICATIONLIB_H__\r
17#define __IMAGEVERIFICATIONLIB_H__\r
18\r
19#include <Library/UefiDriverEntryPoint.h>\r
20#include <Library/DebugLib.h>\r
21#include <Library/BaseMemoryLib.h>\r
22#include <Library/UefiBootServicesTableLib.h>\r
23#include <Library/UefiRuntimeServicesTableLib.h>\r
24#include <Library/UefiLib.h>\r
25#include <Library/BaseLib.h>\r
26#include <Library/MemoryAllocationLib.h>\r
27#include <Library/BaseCryptLib.h>\r
28#include <Library/PcdLib.h>\r
29#include <Library/DevicePathLib.h>\r
30#include <Library/SecurityManagementLib.h>\r
28186d45 31#include <Library/PeCoffLib.h>\r
0c18794e 32#include <Protocol/FirmwareVolume2.h>\r
33#include <Protocol/DevicePath.h>\r
34#include <Protocol/BlockIo.h>\r
35#include <Protocol/SimpleFileSystem.h>\r
36#include <Protocol/VariableWrite.h>\r
37#include <Guid/ImageAuthentication.h>\r
beda2356 38#include <Guid/AuthenticatedVariableFormat.h>\r
0c18794e 39#include <IndustryStandard/PeImage.h>\r
40\r
41#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r
42#define EFI_CERT_TYPE_RSA2048_SIZE 256\r
43#define MAX_NOTIFY_STRING_LEN 64\r
bd0de396 44#define TWO_BYTE_ENCODE 0x82\r
0c18794e 45\r
46//\r
47// Image type definitions\r
48//\r
49#define IMAGE_UNKNOWN 0x00000000\r
50#define IMAGE_FROM_FV 0x00000001\r
51#define IMAGE_FROM_OPTION_ROM 0x00000002\r
52#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003\r
53#define IMAGE_FROM_FIXED_MEDIA 0x00000004\r
54\r
55//\r
56// Authorization policy bit definition\r
57//\r
58#define ALWAYS_EXECUTE 0x00000000\r
59#define NEVER_EXECUTE 0x00000001\r
60#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002\r
61#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r
62#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r
63#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005\r
64\r
65//\r
66// Support hash types\r
67//\r
68#define HASHALG_SHA1 0x00000000\r
69#define HASHALG_SHA224 0x00000001\r
70#define HASHALG_SHA256 0x00000002\r
71#define HASHALG_SHA384 0x00000003\r
72#define HASHALG_SHA512 0x00000004\r
73#define HASHALG_MAX 0x00000005\r
74\r
75//\r
76// Set max digest size as SHA256 Output (32 bytes) by far\r
77//\r
78#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE \r
79//\r
80//\r
81// PKCS7 Certificate definition\r
82//\r
83typedef struct {\r
84 WIN_CERTIFICATE Hdr;\r
85 UINT8 CertData[1];\r
86} WIN_CERTIFICATE_EFI_PKCS;\r
87\r
88\r
89/**\r
90 Retrieves the size, in bytes, of the context buffer required for hash operations.\r
91\r
92 @return The size, in bytes, of the context buffer required for hash operations.\r
93\r
94**/\r
95typedef\r
96UINTN\r
97(EFIAPI *HASH_GET_CONTEXT_SIZE)(\r
98 VOID\r
99 );\r
100\r
101/**\r
102 Initializes user-supplied memory pointed by HashContext as hash context for\r
103 subsequent use.\r
104\r
105 If HashContext is NULL, then ASSERT().\r
106\r
107 @param[in, out] HashContext Pointer to Context being initialized.\r
108\r
109 @retval TRUE HASH context initialization succeeded.\r
110 @retval FALSE HASH context initialization failed.\r
111\r
112**/\r
113typedef\r
114BOOLEAN\r
115(EFIAPI *HASH_INIT)(\r
116 IN OUT VOID *HashContext\r
117 );\r
118\r
119\r
120/**\r
121 Performs digest on a data buffer of the specified length. This function can\r
122 be called multiple times to compute the digest of long or discontinuous data streams.\r
123\r
124 If HashContext is NULL, then ASSERT().\r
125\r
126 @param[in, out] HashContext Pointer to the MD5 context.\r
127 @param[in] Data Pointer to the buffer containing the data to be hashed.\r
128 @param[in] DataLength Length of Data buffer in bytes.\r
129\r
130 @retval TRUE HASH data digest succeeded.\r
131 @retval FALSE Invalid HASH context. After HashFinal function has been called, the\r
132 HASH context cannot be reused.\r
133\r
134**/\r
135typedef\r
136BOOLEAN\r
137(EFIAPI *HASH_UPDATE)(\r
138 IN OUT VOID *HashContext,\r
139 IN CONST VOID *Data,\r
140 IN UINTN DataLength\r
141 );\r
142\r
143/**\r
144 Completes hash computation and retrieves the digest value into the specified\r
145 memory. After this function has been called, the context cannot be used again.\r
146\r
147 If HashContext is NULL, then ASSERT().\r
148 If HashValue is NULL, then ASSERT().\r
149\r
150 @param[in, out] HashContext Pointer to the MD5 context\r
151 @param[out] HashValue Pointer to a buffer that receives the HASH digest\r
152 value.\r
153\r
154 @retval TRUE HASH digest computation succeeded.\r
155 @retval FALSE HASH digest computation failed.\r
156\r
157**/\r
158typedef\r
159BOOLEAN\r
160(EFIAPI *HASH_FINAL)(\r
161 IN OUT VOID *HashContext,\r
162 OUT UINT8 *HashValue\r
163 );\r
164\r
165\r
166//\r
167// Hash Algorithm Table\r
168//\r
169typedef struct {\r
170 //\r
171 // Name for Hash Algorithm\r
172 //\r
173 CHAR16 *Name;\r
174 //\r
175 // Digest Length\r
176 //\r
177 UINTN DigestLength;\r
178 //\r
179 // Hash Algorithm OID ASN.1 Value\r
180 //\r
181 UINT8 *OidValue;\r
182 //\r
183 // Length of Hash OID Value\r
184 //\r
185 UINTN OidLength;\r
186 //\r
187 // Pointer to Hash GetContentSize function\r
188 //\r
189 HASH_GET_CONTEXT_SIZE GetContextSize;\r
190 //\r
191 // Pointer to Hash Init function\r
192 //\r
193 HASH_INIT HashInit;\r
194 //\r
195 // Pointer to Hash Update function\r
196 //\r
197 HASH_UPDATE HashUpdate;\r
198 //\r
199 // Pointer to Hash Final function\r
200 //\r
201 HASH_FINAL HashFinal;\r
202} HASH_TABLE;\r
203\r
204#endif\r