[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / AuthService.h

/** @file\r
  The internal header file includes the common header files, defines\r
  internal structure and functions used by AuthService module.\r
\r
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#ifndef _AUTHSERVICE_H_\r
#define _AUTHSERVICE_H_\r
\r
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r
#define EFI_CERT_TYPE_RSA2048_SIZE        256\r
\r
///\r
/// Size of AuthInfo prior to the data payload\r
///\r
#define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r
\r
///\r
/// "AuthVarKeyDatabase" variable for the Public Key store.\r
///\r
#define AUTHVAR_KEYDB_NAME      L"AuthVarKeyDatabase"\r
#define AUTHVAR_KEYDB_NAME_SIZE 38\r
\r
///\r
/// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.\r
///\r
#define MAX_KEYDB_SIZE  (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)\r
#define MAX_KEY_NUM     (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)\r
\r
///\r
/// Item number of support signature types.\r
///\r
#define SIGSUPPORT_NUM 2\r
\r
\r
/**\r
  Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
\r
  @param[in]  VariableName                Name of Variable to be found.\r
  @param[in]  VendorGuid                  Variable vendor GUID.\r
\r
  @param[in]  Data                        Data pointer.\r
  @param[in]  DataSize                    Size of Data found. If size is less than the\r
                                          data, this value contains the required size.\r
  @param[in]  Variable                    The variable information which is used to keep track of variable usage.\r
  @param[in]  Attributes                  Attribute value of the variable.\r
\r
  @return EFI_INVALID_PARAMETER           Invalid parameter\r
  @return EFI_WRITE_PROTECTED             Variable is write-protected and needs authentication with\r
                                          EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
  @return EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
                                          set, but the AuthInfo does NOT pass the validation \r
                                          check carried out by the firmware. \r
  @return EFI_SUCCESS                     Variable is not write-protected, or passed validation successfully.\r
\r
**/\r
EFI_STATUS\r
ProcessVariable (\r
  IN     CHAR16                             *VariableName,\r
  IN     EFI_GUID                           *VendorGuid,\r
  IN     VOID                               *Data,\r
  IN     UINTN                              DataSize,\r
  IN     VARIABLE_POINTER_TRACK             *Variable,\r
  IN     UINT32                             Attributes\r
  );\r
\r
/**\r
  Initializes for authenticated varibale service.\r
\r
  @retval EFI_SUCCESS           Function successfully executed.\r
  @retval EFI_OUT_OF_RESOURCES  Fail to allocate enough memory resource.\r
\r
**/\r
EFI_STATUS\r
AutenticatedVariableServiceInitialize (\r
  VOID\r
  );\r
\r
/**\r
  Initializes for cryptlib service before use, include register algrithm and allocate scratch.\r
\r
**/\r
VOID\r
CryptLibraryInitialize (\r
  VOID\r
  );\r
\r
/**\r
  Process variable with platform key for verification.\r
\r
  @param[in]  VariableName                Name of Variable to be found.\r
  @param[in]  VendorGuid                  Variable vendor GUID.\r
  @param[in]  Data                        Data pointer.\r
  @param[in]  DataSize                    Size of Data found. If size is less than the\r
                                          data, this value contains the required size.\r
  @param[in]  Variable                    The variable information which is used to keep track of variable usage.\r
  @param[in]  Attributes                  Attribute value of the variable.\r
  @param[in]  IsPk                        Indicate whether it is to process pk.\r
\r
  @return EFI_INVALID_PARAMETER           Invalid parameter\r
  @return EFI_SECURITY_VIOLATION          The variable does NOT pass the validation \r
                                          check carried out by the firmware. \r
  @return EFI_SUCCESS                     Variable passed validation successfully.\r
\r
**/\r
EFI_STATUS\r
ProcessVarWithPk (\r
  IN  CHAR16                    *VariableName,\r
  IN  EFI_GUID                  *VendorGuid,\r
  IN  VOID                      *Data,\r
  IN  UINTN                     DataSize,\r
  IN  VARIABLE_POINTER_TRACK    *Variable,\r
  IN  UINT32                    Attributes OPTIONAL,\r
  IN  BOOLEAN                   IsPk\r
  );\r
\r
/**\r
  Process variable with key exchange key for verification.\r
\r
  @param[in]  VariableName                Name of Variable to be found.\r
  @param[in]  VendorGuid                  Variable vendor GUID.\r
  @param[in]  Data                        Data pointer.\r
  @param[in]  DataSize                    Size of Data found. If size is less than the\r
                                          data, this value contains the required size.\r
  @param[in]  Variable                    The variable information that is used to keep track of variable usage.\r
  @param[in]  Attributes                  Attribute value of the variable.\r
\r
  @return EFI_INVALID_PARAMETER           Invalid parameter.\r
  @return EFI_SECURITY_VIOLATION          The variable does NOT pass the validation \r
                                          check carried out by the firmware. \r
  @return EFI_SUCCESS                     Variable passed validation successfully.\r
\r
**/\r
EFI_STATUS\r
ProcessVarWithKek (\r
  IN  CHAR16                    *VariableName,\r
  IN  EFI_GUID                  *VendorGuid,\r
  IN  VOID                      *Data,\r
  IN  UINTN                     DataSize,\r
  IN  VARIABLE_POINTER_TRACK    *Variable,\r
  IN  UINT32                    Attributes OPTIONAL\r
  );\r
\r
/**\r
  Compare two EFI_TIME data.\r
\r
\r
  @param FirstTime           A pointer to the first EFI_TIME data.\r
  @param SecondTime          A pointer to the second EFI_TIME data.\r
\r
  @retval  TRUE              The FirstTime is not later than the SecondTime.\r
  @retval  FALSE             The FirstTime is later than the SecondTime.\r
\r
**/\r
BOOLEAN\r
CompareTimeStamp (\r
  IN EFI_TIME               *FirstTime,\r
  IN EFI_TIME               *SecondTime\r
  );\r
\r
\r
/**\r
  Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
\r
  @param[in]  VariableName                Name of Variable to be found.\r
  @param[in]  VendorGuid                  Variable vendor GUID.\r
  @param[in]  Data                        Data pointer.\r
  @param[in]  DataSize                    Size of Data found. If size is less than the\r
                                          data, this value contains the required size.\r
  @param[in]  Variable                    The variable information which is used to keep track of variable usage.\r
  @param[in]  Attributes                  Attribute value of the variable.\r
  @param[in]  Pk                          Verify against PK or KEK database.\r
  @param[out] VarDel                      Delete the variable or not.\r
\r
  @retval EFI_INVALID_PARAMETER           Invalid parameter.\r
  @retval EFI_SECURITY_VIOLATION          The variable does NOT pass the validation \r
                                          check carried out by the firmware. \r
  @retval EFI_OUT_OF_RESOURCES            Failed to process variable due to lack\r
                                          of resources.\r
  @retval EFI_SUCCESS                     Variable pass validation successfully.\r
\r
**/\r
EFI_STATUS\r
VerifyTimeBasedPayload (\r
  IN     CHAR16                             *VariableName,\r
  IN     EFI_GUID                           *VendorGuid,\r
  IN     VOID                               *Data,\r
  IN     UINTN                              DataSize,\r
  IN     VARIABLE_POINTER_TRACK             *Variable,\r
  IN     UINT32                             Attributes,\r
  IN     BOOLEAN                            Pk,\r
  OUT    BOOLEAN                            *VarDel\r
  );\r
\r
extern UINT8  mPubKeyStore[MAX_KEYDB_SIZE];\r
extern UINT32 mPubKeyNumber;\r
extern VOID   *mHashCtx;\r
extern VOID   *mStorageArea;\r
  \r
#endif\r
Commit	Line	Data
0c18794e	1	/** @file\r
	2	The internal header file includes the common header files, defines\r
	3	internal structure and functions used by AuthService module.\r
	4	\r
	5	Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
	6	This program and the accompanying materials \r
	7	are licensed and made available under the terms and conditions of the BSD License \r
	8	which accompanies this distribution. The full text of the license may be found at \r
	9	http://opensource.org/licenses/bsd-license.php\r
	10	\r
	11	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	12	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	\r
	14	**/\r
	15	\r
	16	#ifndef _AUTHSERVICE_H_\r
	17	#define _AUTHSERVICE_H_\r
	18	\r
	19	#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r
	20	#define EFI_CERT_TYPE_RSA2048_SIZE 256\r
	21	\r
	22	///\r
	23	/// Size of AuthInfo prior to the data payload\r
	24	///\r
	25	#define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r
	26	\r
	27	///\r
	28	/// "AuthVarKeyDatabase" variable for the Public Key store.\r
	29	///\r
	30	#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"\r
	31	#define AUTHVAR_KEYDB_NAME_SIZE 38\r
	32	\r
	33	///\r
	34	/// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.\r
	35	///\r
	36	#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)\r
	37	#define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)\r
	38	\r
	39	///\r
	40	/// Item number of support signature types.\r
	41	///\r
	42	#define SIGSUPPORT_NUM 2\r
	43	\r
	44	\r
	45	/**\r
	46	Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
	47	\r
	48	@param[in] VariableName Name of Variable to be found.\r
	49	@param[in] VendorGuid Variable vendor GUID.\r
	50	\r
	51	@param[in] Data Data pointer.\r
	52	@param[in] DataSize Size of Data found. If size is less than the\r
	53	data, this value contains the required size.\r
	54	@param[in] Variable The variable information which is used to keep track of variable usage.\r
	55	@param[in] Attributes Attribute value of the variable.\r
	56	\r
	57	@return EFI_INVALID_PARAMETER Invalid parameter\r
	58	@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with\r
	59	EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
	60	@return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
	61	set, but the AuthInfo does NOT pass the validation \r
	62	check carried out by the firmware. \r
	63	@return EFI_SUCCESS Variable is not write-protected, or passed validation successfully.\r
	64	\r
65	**/\r
66	EFI_STATUS\r
67	ProcessVariable (\r
68	IN CHAR16 *VariableName,\r
69	IN EFI_GUID *VendorGuid,\r
70	IN VOID *Data,\r
71	IN UINTN DataSize,\r
72	IN VARIABLE_POINTER_TRACK *Variable,\r
73	IN UINT32 Attributes\r
74	);\r
75	\r
76	/**\r
77	Initializes for authenticated varibale service.\r
78	\r
79	@retval EFI_SUCCESS Function successfully executed.\r
80	@retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.\r
81	\r
82	**/\r
83	EFI_STATUS\r
84	AutenticatedVariableServiceInitialize (\r
85	VOID\r
86	);\r
87	\r
88	/**\r
89	Initializes for cryptlib service before use, include register algrithm and allocate scratch.\r
90	\r
91	**/\r
92	VOID\r
93	CryptLibraryInitialize (\r
94	VOID\r
95	);\r
96	\r
97	/**\r
98	Process variable with platform key for verification.\r
99	\r
100	@param[in] VariableName Name of Variable to be found.\r
101	@param[in] VendorGuid Variable vendor GUID.\r
102	@param[in] Data Data pointer.\r
103	@param[in] DataSize Size of Data found. If size is less than the\r
104	data, this value contains the required size.\r
105	@param[in] Variable The variable information which is used to keep track of variable usage.\r
106	@param[in] Attributes Attribute value of the variable.\r
107	@param[in] IsPk Indicate whether it is to process pk.\r
108	\r
109	@return EFI_INVALID_PARAMETER Invalid parameter\r
110	@return EFI_SECURITY_VIOLATION The variable does NOT pass the validation \r
111	check carried out by the firmware. \r
112	@return EFI_SUCCESS Variable passed validation successfully.\r
113	\r
114	**/\r
115	EFI_STATUS\r
116	ProcessVarWithPk (\r
117	IN CHAR16 *VariableName,\r
118	IN EFI_GUID *VendorGuid,\r
119	IN VOID *Data,\r
120	IN UINTN DataSize,\r
121	IN VARIABLE_POINTER_TRACK *Variable,\r
122	IN UINT32 Attributes OPTIONAL,\r
123	IN BOOLEAN IsPk\r
124	);\r
125	\r
126	/**\r
127	Process variable with key exchange key for verification.\r
128	\r
129	@param[in] VariableName Name of Variable to be found.\r
130	@param[in] VendorGuid Variable vendor GUID.\r
131	@param[in] Data Data pointer.\r
132	@param[in] DataSize Size of Data found. If size is less than the\r
133	data, this value contains the required size.\r
134	@param[in] Variable The variable information that is used to keep track of variable usage.\r
135	@param[in] Attributes Attribute value of the variable.\r
136	\r
137	@return EFI_INVALID_PARAMETER Invalid parameter.\r
138	@return EFI_SECURITY_VIOLATION The variable does NOT pass the validation \r
139	check carried out by the firmware. \r
140	@return EFI_SUCCESS Variable passed validation successfully.\r
141	\r
142	**/\r
143	EFI_STATUS\r
144	ProcessVarWithKek (\r
145	IN CHAR16 *VariableName,\r
146	IN EFI_GUID *VendorGuid,\r
147	IN VOID *Data,\r
148	IN UINTN DataSize,\r
149	IN VARIABLE_POINTER_TRACK *Variable,\r
150	IN UINT32 Attributes OPTIONAL\r
151	);\r
152	\r
153	/**\r
154	Compare two EFI_TIME data.\r
155	\r
156	\r
157	@param FirstTime A pointer to the first EFI_TIME data.\r
158	@param SecondTime A pointer to the second EFI_TIME data.\r
159	\r
160	@retval TRUE The FirstTime is not later than the SecondTime.\r
161	@retval FALSE The FirstTime is later than the SecondTime.\r
162	\r
163	**/\r
164	BOOLEAN\r
165	CompareTimeStamp (\r
166	IN EFI_TIME *FirstTime,\r
167	IN EFI_TIME *SecondTime\r
168	);\r
169	\r
170	\r
171	/**\r
172	Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
173	\r
174	@param[in] VariableName Name of Variable to be found.\r
175	@param[in] VendorGuid Variable vendor GUID.\r
176	@param[in] Data Data pointer.\r
177	@param[in] DataSize Size of Data found. If size is less than the\r
178	data, this value contains the required size.\r
179	@param[in] Variable The variable information which is used to keep track of variable usage.\r
180	@param[in] Attributes Attribute value of the variable.\r
181	@param[in] Pk Verify against PK or KEK database.\r
182	@param[out] VarDel Delete the variable or not.\r
183	\r
184	@retval EFI_INVALID_PARAMETER Invalid parameter.\r
185	@retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation \r
186	check carried out by the firmware. \r
187	@retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack\r
188	of resources.\r
189	@retval EFI_SUCCESS Variable pass validation successfully.\r
190	\r
191	**/\r
192	EFI_STATUS\r
193	VerifyTimeBasedPayload (\r
194	IN CHAR16 *VariableName,\r
195	IN EFI_GUID *VendorGuid,\r
196	IN VOID *Data,\r
197	IN UINTN DataSize,\r
198	IN VARIABLE_POINTER_TRACK *Variable,\r
199	IN UINT32 Attributes,\r
200	IN BOOLEAN Pk,\r
201	OUT BOOLEAN *VarDel\r
202	);\r
203	\r
204	extern UINT8 mPubKeyStore[MAX_KEYDB_SIZE];\r
205	extern UINT32 mPubKeyNumber;\r
206	extern VOID *mHashCtx;\r
207	extern VOID *mStorageArea;\r
208	\r
209	#endif\r