[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / EsalVariableDxeSal / AuthService.h

/** @file\r
  The internal header file includes the common header files, defines\r
  internal structure and functions used by AuthService module.\r
\r
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#ifndef _AUTHSERVICE_H_\r
#define _AUTHSERVICE_H_\r
\r
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r
#define EFI_CERT_TYPE_RSA2048_SIZE        256\r
\r
///\r
/// Size of AuthInfo prior to the data payload\r
///\r
#define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r
\r
///\r
/// Item number of support signature types.\r
///\r
#define SIGSUPPORT_NUM 2\r
\r
/**\r
  Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.\r
\r
  @param[in]  Data                        The data pointer.\r
  @param[in]  DataSize                    The size of Data found. If size is less than the\r
                                          data, this value contains the required size.\r
  @param[in]  VirtualMode                 The current calling mode for this function.\r
  @param[in]  Global                      The context of this Extended SAL Variable Services Class call.\r
  @param[in]  Variable                    The variable information which is used to keep track of variable usage.\r
  @param[in]  Attributes                  The attribute value of the variable.\r
  @param[out] KeyIndex                    The output index of corresponding public key in database.\r
  @param[out] MonotonicCount              The output value of corresponding Monotonic Count.\r
\r
  @retval EFI_INVALID_PARAMETER           Invalid parameter.\r
  @retval EFI_WRITE_PROTECTED             The variable is write-protected and needs authentication with\r
                                          EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
  @retval EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
                                          set, but the AuthInfo does NOT pass the validation \r
                                          check carried out by the firmware. \r
  @retval EFI_SUCCESS                     The variable is not write-protected, or passed validation successfully.\r
\r
**/\r
EFI_STATUS\r
VerifyVariable (\r
  IN  VOID                      *Data,\r
  IN  UINTN                     DataSize,\r
  IN  BOOLEAN                   VirtualMode,\r
  IN  ESAL_VARIABLE_GLOBAL      *Global,\r
  IN  VARIABLE_POINTER_TRACK    *Variable,\r
  IN  UINT32                    Attributes OPTIONAL,\r
  OUT UINT32                    *KeyIndex OPTIONAL,\r
  OUT UINT64                    *MonotonicCount OPTIONAL\r
  );\r
\r
/**\r
  Initializes for authenticated varibale service.\r
\r
  @retval EFI_SUCCESS           The function successfully executed.\r
  @retval EFI_OUT_OF_RESOURCES  Failed to allocate enough memory resources.\r
\r
**/\r
EFI_STATUS\r
AutenticatedVariableServiceInitialize (\r
  VOID\r
  );\r
\r
/**\r
  Initializes for cryptlib service before use, include register algrithm and allocate scratch.\r
\r
**/\r
VOID\r
CryptLibraryInitialize (\r
  VOID\r
  );\r
\r
/**\r
  Process variable with platform key for verification.\r
\r
  @param[in]  VariableName                The name of Variable to be found.\r
  @param[in]  VendorGuid                  Variable vendor GUID.\r
  @param[in]  Data                        The data pointer.\r
  @param[in]  DataSize                    The size of Data found. If size is less than the\r
                                          data, this value contains the required size.\r
  @param[in]  VirtualMode                 The current calling mode for this function.\r
  @param[in]  Global                      The context of this Extended SAL Variable Services Class call.\r
  @param[in]  Variable                    The variable information which is used to keep track of variable usage.\r
  @param[in]  Attributes                  The attribute value of the variable.\r
  @param[in]  IsPk                        Indicates whether to process pk.\r
\r
  @retval EFI_INVALID_PARAMETER           Invalid parameter.\r
  @retval EFI_SECURITY_VIOLATION          The variable does NOT pass the validation \r
                                          check carried out by the firmware. \r
  @retval EFI_SUCCESS                     The variable passed validation successfully.\r
\r
**/\r
EFI_STATUS\r
ProcessVarWithPk (\r
  IN  CHAR16                    *VariableName,\r
  IN  EFI_GUID                  *VendorGuid,\r
  IN  VOID                      *Data,\r
  IN  UINTN                     DataSize,\r
  IN  BOOLEAN                   VirtualMode,\r
  IN  ESAL_VARIABLE_GLOBAL      *Global,\r
  IN  VARIABLE_POINTER_TRACK    *Variable,\r
  IN  UINT32                    Attributes OPTIONAL,\r
  IN  BOOLEAN                   IsPk\r
  );\r
\r
/**\r
  Process variable with key exchange key for verification.\r
\r
  @param[in]  VariableName                The name of Variable to be found.\r
  @param[in]  VendorGuid                  The variable vendor GUID.\r
  @param[in]  Data                        The data pointer.\r
  @param[in]  DataSize                    Size of Data found. If size is less than the\r
                                          data, this value contains the required size.\r
  @param[in]  VirtualMode                 The current calling mode for this function.\r
  @param[in]  Global                      The context of this Extended SAL Variable Services Class call.\r
  @param[in]  Variable                    The variable information which is used to keep track of variable usage.\r
  @param[in]  Attributes                  The attribute value of the variable.\r
\r
  @retval EFI_INVALID_PARAMETER           Invalid parameter.\r
  @retval EFI_SECURITY_VIOLATION          The variable does NOT pass the validation \r
                                          check carried out by the firmware. \r
  @retval EFI_SUCCESS                     The variable passed validation successfully.\r
\r
**/\r
EFI_STATUS\r
ProcessVarWithKek (\r
  IN  CHAR16                               *VariableName,\r
  IN  EFI_GUID                             *VendorGuid,\r
  IN  VOID                                 *Data,\r
  IN  UINTN                                DataSize,\r
  IN  BOOLEAN                              VirtualMode,\r
  IN  ESAL_VARIABLE_GLOBAL                 *Global,\r
  IN  VARIABLE_POINTER_TRACK               *Variable,\r
  IN  UINT32                               Attributes OPTIONAL\r
  );\r
\r
#endif\r
Commit	Line	Data
0c18794e	1	/** @file\r
	2	The internal header file includes the common header files, defines\r
	3	internal structure and functions used by AuthService module.\r
	4	\r
	5	Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
	6	This program and the accompanying materials \r
	7	are licensed and made available under the terms and conditions of the BSD License \r
	8	which accompanies this distribution. The full text of the license may be found at \r
	9	http://opensource.org/licenses/bsd-license.php\r
	10	\r
	11	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	12	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	\r
	14	**/\r
	15	\r
	16	#ifndef _AUTHSERVICE_H_\r
	17	#define _AUTHSERVICE_H_\r
	18	\r
	19	#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r
	20	#define EFI_CERT_TYPE_RSA2048_SIZE 256\r
	21	\r
	22	///\r
	23	/// Size of AuthInfo prior to the data payload\r
	24	///\r
	25	#define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r
	26	\r
	27	///\r
	28	/// Item number of support signature types.\r
	29	///\r
	30	#define SIGSUPPORT_NUM 2\r
	31	\r
	32	/**\r
	33	Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.\r
	34	\r
	35	@param[in] Data The data pointer.\r
	36	@param[in] DataSize The size of Data found. If size is less than the\r
	37	data, this value contains the required size.\r
	38	@param[in] VirtualMode The current calling mode for this function.\r
	39	@param[in] Global The context of this Extended SAL Variable Services Class call.\r
	40	@param[in] Variable The variable information which is used to keep track of variable usage.\r
	41	@param[in] Attributes The attribute value of the variable.\r
	42	@param[out] KeyIndex The output index of corresponding public key in database.\r
	43	@param[out] MonotonicCount The output value of corresponding Monotonic Count.\r
	44	\r
	45	@retval EFI_INVALID_PARAMETER Invalid parameter.\r
	46	@retval EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with\r
	47	EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
	48	@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
	49	set, but the AuthInfo does NOT pass the validation \r
	50	check carried out by the firmware. \r
	51	@retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully.\r
	52	\r
	53	**/\r
	54	EFI_STATUS\r
	55	VerifyVariable (\r
	56	IN VOID *Data,\r
	57	IN UINTN DataSize,\r
	58	IN BOOLEAN VirtualMode,\r
	59	IN ESAL_VARIABLE_GLOBAL *Global,\r
	60	IN VARIABLE_POINTER_TRACK *Variable,\r
	61	IN UINT32 Attributes OPTIONAL,\r
	62	OUT UINT32 *KeyIndex OPTIONAL,\r
	63	OUT UINT64 *MonotonicCount OPTIONAL\r
	64	);\r
65	\r
66	/**\r
67	Initializes for authenticated varibale service.\r
68	\r
69	@retval EFI_SUCCESS The function successfully executed.\r
70	@retval EFI_OUT_OF_RESOURCES Failed to allocate enough memory resources.\r
71	\r
72	**/\r
73	EFI_STATUS\r
74	AutenticatedVariableServiceInitialize (\r
75	VOID\r
76	);\r
77	\r
78	/**\r
79	Initializes for cryptlib service before use, include register algrithm and allocate scratch.\r
80	\r
81	**/\r
82	VOID\r
83	CryptLibraryInitialize (\r
84	VOID\r
85	);\r
86	\r
87	/**\r
88	Process variable with platform key for verification.\r
89	\r
90	@param[in] VariableName The name of Variable to be found.\r
91	@param[in] VendorGuid Variable vendor GUID.\r
92	@param[in] Data The data pointer.\r
93	@param[in] DataSize The size of Data found. If size is less than the\r
94	data, this value contains the required size.\r
95	@param[in] VirtualMode The current calling mode for this function.\r
96	@param[in] Global The context of this Extended SAL Variable Services Class call.\r
97	@param[in] Variable The variable information which is used to keep track of variable usage.\r
98	@param[in] Attributes The attribute value of the variable.\r
99	@param[in] IsPk Indicates whether to process pk.\r
100	\r
101	@retval EFI_INVALID_PARAMETER Invalid parameter.\r
102	@retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation \r
103	check carried out by the firmware. \r
104	@retval EFI_SUCCESS The variable passed validation successfully.\r
105	\r
106	**/\r
107	EFI_STATUS\r
108	ProcessVarWithPk (\r
109	IN CHAR16 *VariableName,\r
110	IN EFI_GUID *VendorGuid,\r
111	IN VOID *Data,\r
112	IN UINTN DataSize,\r
113	IN BOOLEAN VirtualMode,\r
114	IN ESAL_VARIABLE_GLOBAL *Global,\r
115	IN VARIABLE_POINTER_TRACK *Variable,\r
116	IN UINT32 Attributes OPTIONAL,\r
117	IN BOOLEAN IsPk\r
118	);\r
119	\r
120	/**\r
121	Process variable with key exchange key for verification.\r
122	\r
123	@param[in] VariableName The name of Variable to be found.\r
124	@param[in] VendorGuid The variable vendor GUID.\r
125	@param[in] Data The data pointer.\r
126	@param[in] DataSize Size of Data found. If size is less than the\r
127	data, this value contains the required size.\r
128	@param[in] VirtualMode The current calling mode for this function.\r
129	@param[in] Global The context of this Extended SAL Variable Services Class call.\r
130	@param[in] Variable The variable information which is used to keep track of variable usage.\r
131	@param[in] Attributes The attribute value of the variable.\r
132	\r
133	@retval EFI_INVALID_PARAMETER Invalid parameter.\r
134	@retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation \r
135	check carried out by the firmware. \r
136	@retval EFI_SUCCESS The variable passed validation successfully.\r
137	\r
138	**/\r
139	EFI_STATUS\r
140	ProcessVarWithKek (\r
141	IN CHAR16 *VariableName,\r
142	IN EFI_GUID *VendorGuid,\r
143	IN VOID *Data,\r
144	IN UINTN DataSize,\r
145	IN BOOLEAN VirtualMode,\r
146	IN ESAL_VARIABLE_GLOBAL *Global,\r
147	IN VARIABLE_POINTER_TRACK *Variable,\r
148	IN UINT32 Attributes OPTIONAL\r
149	);\r
150	\r
151	#endif\r