]> git.proxmox.com Git - mirror_edk2.git/blob - MdePkg/Include/Protocol/SmartCardEdge.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdePkg: Add UEFI2.5 Smart Card Edge protocol definitions
[mirror_edk2.git] / MdePkg / Include / Protocol / SmartCardEdge.h
1 /** @file
2 The Smart Card Edge Protocol provides an abstraction for device to provide Smart
3 Card support.
4
5 This protocol allows UEFI applications to interface with a Smart Card during
6 boot process for authentication or data signing/decryption, especially if the
7 application has to make use of PKI.
8
9 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
10 This program and the accompanying materials
11 are licensed and made available under the terms and conditions of the BSD License
12 which accompanies this distribution. The full text of the license may be found at
13 http://opensource.org/licenses/bsd-license.php
14
15 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
16 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
17
18 **/
19
20 #ifndef __SMART_CARD_EDGE_H__
21 #define __SMART_CARD_EDGE_H__
22
23 #define EFI_SMART_CARD_EDGE_PROTOCOL_GUID \
24 { \
25 0xd317f29b, 0xa325, 0x4712, {0x9b, 0xf1, 0xc6, 0x19, 0x54, 0xdc, 0x19, 0x8c} \
26 }
27
28 typedef struct _EFI_SMART_CARD_EDGE_PROTOCOL EFI_SMART_CARD_EDGE_PROTOCOL;
29
30 //
31 // Maximum size for a Smart Card AID (Application IDentifier)
32 //
33 #define SCARD_AID_MAXSIZE 0x0010
34 //
35 // Size of CSN (Card Serial Number)
36 //
37 #define SCARD_CSN_SIZE 0x0010
38 //
39 // Current specification version 1.00
40 //
41 #define SMART_CARD_EDGE_PROTOCOL_VERSION_1 0x00000100
42 //
43 // Parameters type definition
44 //
45 typedef UINT8 SMART_CARD_AID[SCARD_AID_MAXSIZE];
46 typedef UINT8 SMART_CARD_CSN[SCARD_CSN_SIZE];
47
48 //
49 // Type of data elements in credentials list
50 //
51 // value of tag field for header, the number of containers
52 //
53 #define SC_EDGE_TAG_HEADER 0x0000
54 //
55 // value of tag field for certificate
56 //
57 #define SC_EDGE_TAG_CERT 0x0001
58 //
59 // value of tag field for key index associated with certificate
60 //
61 #define SC_EDGE_TAG_KEY_ID 0x0002
62 //
63 // value of tag field for key type
64 //
65 #define SC_EDGE_TAG_KEY_TYPE 0x0003
66 //
67 // value of tag field for key size
68 //
69 #define SC_EDGE_TAG_KEY_SIZE 0x0004
70
71 //
72 // Length of L fields of TLV items
73 //
74 //
75 // size of L field for header
76 //
77 #define SC_EDGE_L_SIZE_HEADER 1
78 //
79 // size of L field for certificate (big endian)
80 //
81 #define SC_EDGE_L_SIZE_CERT 2
82 //
83 // size of L field for key index
84 //
85 #define SC_EDGE_L_SIZE_KEY_ID 1
86 //
87 // size of L field for key type
88 //
89 #define SC_EDGE_L_SIZE_KEY_TYPE 1
90 //
91 // size of L field for key size (big endian)
92 //
93 #define SC_EDGE_L_SIZE_KEY_SIZE 2
94
95 //
96 // Some TLV items have a fixed value for L field
97 //
98 // value of L field for header
99 //
100 #define SC_EDGE_L_VALUE_HEADER 1
101 //
102 // value of L field for key index
103 //
104 #define SC_EDGE_L_VALUE_KEY_ID 1
105 //
106 // value of L field for key type
107 //
108 #define SC_EDGE_L_VALUE_KEY_TYPE 1
109 //
110 // value of L field for key size
111 //
112 #define SC_EDGE_L_VALUE_KEY_SIZE 2
113
114 //
115 // Possible values for key type
116 //
117 //
118 // RSA decryption
119 //
120 #define SC_EDGE_RSA_EXCHANGE 0x01
121 //
122 // RSA signature
123 //
124 #define SC_EDGE_RSA_SIGNATURE 0x02
125 //
126 // ECDSA signature
127 //
128 #define SC_EDGE_ECDSA_256 0x03
129 //
130 // ECDSA signature
131 //
132 #define SC_EDGE_ECDSA_384 0x04
133 //
134 // ECDSA signature
135 //
136 #define SC_EDGE_ECDSA_521 0x05
137 //
138 // ECDH agreement
139 //
140 #define SC_EDGE_ECDH_256 0x06
141 //
142 // ECDH agreement
143 //
144 #define SC_EDGE_ECDH_384 0x07
145 //
146 // ECDH agreement
147 //
148 #define SC_EDGE_ECDH_521 0x08
149
150 //
151 // Padding methods GUIDs for signature
152 //
153 //
154 // RSASSA- PKCS#1-V1.5 padding method, for signature
155 //
156 #define EFI_PADDING_RSASSA_PKCS1V1P5_GUID \
157 { \
158 0x9317ec24, 0x7cb0, 0x4d0e, {0x8b, 0x32, 0x2e, 0xd9, 0x20, 0x9c, 0xd8, 0xaf} \
159 }
160 //
161 // RSASSA-PSS padding method, for signature
162 //
163 #define EFI_PADDING_RSASSA_PSS_GUID \
164 { \
165 0x7b2349e0, 0x522d, 0x4f8e, {0xb9, 0x27, 0x69, 0xd9, 0x7c, 0x9e, 0x79, 0x5f} \
166 }
167
168 //
169 // Padding methods GUIDs for decryption
170 //
171 //
172 // No padding, for decryption
173 //
174 #define EFI_PADDING_NONE_GUID \
175 { \
176 0x3629ddb1, 0x228c, 0x452e, {0xb6, 0x16, 0x09, 0xed, 0x31, 0x6a, 0x97, 0x00} \
177 }
178 //
179 // RSAES-PKCS#1-V1.5 padding, for decryption
180 //
181 #define EFI_PADDING_RSAES_PKCS1V1P5_GUID \
182 { \
183 0xe1c1d0a9, 0x40b1, 0x4632, {0xbd, 0xcc, 0xd9, 0xd6, 0xe5, 0x29, 0x56, 0x31} \
184 }
185 //
186 // RSAES-OAEP padding, for decryption
187 //
188 #define EFI_PADDING_RSAES_OAEP_GUID \
189 { \
190 0xc1e63ac4, 0xd0cf, 0x4ce6, {0x83, 0x5b, 0xee, 0xd0, 0xe6, 0xa8, 0xa4, 0x5b} \
191 }
192
193 /**
194 This function retrieves the context driver.
195
196 The GetContextfunction returns the context of the protocol, the application
197 identifiers supported by the protocol and the number and the CSN unique identifier
198 of Smart Cards that are present and supported by protocol.
199
200 If AidTableSize, AidTable, CsnTableSize, CsnTable or VersionProtocol is NULL,
201 the function does not fail but does not fill in such variables.
202
203 In case AidTableSize indicates a buffer too small to hold all the protocol AID table,
204 only the first AidTableSize items of the table are returned in AidTable.
205
206 In case CsnTableSize indicates a buffer too small to hold the entire table of
207 Smart Card CSN present, only the first CsnTableSize items of the table are returned
208 in CsnTable.
209
210 VersionScEdgeProtocol returns the version of the EFI_SMART_CARD_EDGE_PROTOCOL this
211 driver uses. For this protocol specification value is SMART_CARD_EDGE_PROTOCOL_VERSION_1.
212
213 In case of Smart Card removal the internal CSN list is immediately updated, even if
214 a connection is opened with that Smart Card.
215
216 @param[in] This Indicates a pointer to the calling context.
217 @param[out] NumberAidSupported Number of AIDs this protocol supports.
218 @param[in, out] AidTableSize On input, number of items allocated for the
219 AID table. On output, number of items returned
220 by protocol.
221 @param[out] AidTable Table of the AIDs supported by the protocol.
222 @param[out] NumberSCPresent Number of currently present Smart Cards that
223 are supported by protocol.
224 @param[in, out] CsnTableSize On input, the number of items the buffer CSN
225 table can contain. On output, the number of
226 items returned by the protocol.
227 @param[out] CsnTable Table of the CSN of the Smart Card present and
228 supported by protocol.
229 @param[out] VersionScEdgeProtocol EFI_SMART_CARD_EDGE_PROTOCOL version.
230
231 @retval EFI_SUCCESS The requested command completed successfully.
232 @retval EFI_INVALID_PARAMETER This is NULL.
233 @retval EFI_INVALID_PARAMETER NumberSCPresent is NULL.
234
235 **/
236 typedef
237 EFI_STATUS
238 (EFIAPI *EFI_SMART_CARD_EDGE_GET_CONTEXT) (
239 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
240 OUT UINTN *NumberAidSupported,
241 IN OUT UINTN *AidTableSize OPTIONAL,
242 OUT SMART_CARD_AID *AidTable OPTIONAL,
243 OUT UINTN *NumberSCPresent,
244 IN OUT UINTN *CsnTableSize OPTIONAL,
245 OUT SMART_CARD_CSN *CsnTable OPTIONAL,
246 OUT UINT32 *VersionScEdgeProtocol OPTIONAL
247 );
248
249 /**
250 This function establish a connection with a Smart Card the protocol support.
251
252 In case of success the SCardHandle can be used.
253
254 If the ScardCsn is NULL the connection is established with the first Smart Card
255 the protocol finds in its table of Smart Card present and supported. Else it
256 establish context with the Smart Card whose CSN given by ScardCsn.
257
258 If ScardAid is not NULL the function returns the Smart Card AID the protocol supports.
259 After a successful connect the SCardHandle will remain existing even in case Smart Card
260 removed from Smart Card reader, but all function invoking this SCardHandle will fail.
261 SCardHandle is released only on Disconnect.
262
263 @param[in] This Indicates a pointer to the calling context.
264 @param[out] SCardHandle Handle on Smart Card connection.
265 @param[in] ScardCsn CSN of the Smart Card the connection has to be
266 established.
267 @param[out] ScardAid AID of the Smart Card the connection has been
268 established.
269
270 @retval EFI_SUCCESS The requested command completed successfully.
271 @retval EFI_INVALID_PARAMETER This is NULL.
272 @retval EFI_INVALID_PARAMETER SCardHandle is NULL.
273 @retval EFI_NO_MEDIA No Smart Card supported by protocol is present,
274 Smart Card with CSN ScardCsn or Reader has been
275 removed. A Disconnect should be performed.
276
277 **/
278 typedef
279 EFI_STATUS
280 (EFIAPI *EFI_SMART_CARD_EDGE_CONNECT) (
281 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
282 OUT EFI_HANDLE *SCardHandle,
283 IN UINT8 *ScardCsn OPTIONAL,
284 OUT UINT8 *ScardAid OPTIONAL
285 );
286
287 /**
288 This function releases a connection previously established by Connect.
289
290 The Disconnect function releases the connection previously established by
291 a Connect. In case the Smart Card or the Smart Card reader has been removed
292 before this call, this function returns EFI_SUCCESS.
293
294 @param[in] This Indicates a pointer to the calling context.
295 @param[in] SCardHandle Handle on Smart Card connection to release.
296
297 @retval EFI_SUCCESS The requested command completed successfully.
298 @retval EFI_INVALID_PARAMETER This is NULL.
299 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
300
301 **/
302 typedef
303 EFI_STATUS
304 (EFIAPI *EFI_SMART_CARD_EDGE_DISCONNECT) (
305 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
306 IN EFI_HANDLE SCardHandle
307 );
308
309 /**
310 This function returns the Smart Card serial number.
311
312 @param[in] This Indicates a pointer to the calling context.
313 @param[in] SCardHandle Handle on Smart Card connection.
314 @param[out] Csn The Card Serial number, 16 bytes array.
315
316 @retval EFI_SUCCESS The requested command completed successfully.
317 @retval EFI_INVALID_PARAMETER This is NULL.
318 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
319 @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
320 has been removed. A Disconnect should be performed.
321
322 **/
323 typedef
324 EFI_STATUS
325 (EFIAPI *EFI_SMART_CARD_EDGE_GET_CSN) (
326 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
327 IN EFI_HANDLE SCardHandle,
328 OUT UINT8 Csn[SCARD_CSN_SIZE]
329 );
330
331 /**
332 This function returns the name of the Smart Card reader used for this connection.
333
334 @param[in] This Indicates a pointer to the calling context.
335 @param[in] SCardHandle Handle on Smart Card connection.
336 @param[in, out] ReaderNameLength On input, a pointer to the variable that holds
337 the maximal size, in bytes, of ReaderName.
338 On output, the required size, in bytes, for ReaderName.
339 @param[out] ReaderName A pointer to a NULL terminated string that will
340 contain the reader name.
341
342 @retval EFI_SUCCESS The requested command completed successfully.
343 @retval EFI_INVALID_PARAMETER This is NULL.
344 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
345 @retval EFI_INVALID_PARAMETER ReaderNameLength is NULL.
346 @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
347 has been removed. A Disconnect should be performed.
348
349 **/
350 typedef
351 EFI_STATUS
352 (EFIAPI *EFI_SMART_CARD_EDGE_GET_READER_NAME) (
353 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
354 IN EFI_HANDLE SCardHandle,
355 IN OUT UINTN *ReaderNameLength,
356 OUT CHAR16 *ReaderName OPTIONAL
357 );
358
359 /**
360 This function authenticates a Smart Card user by presenting a PIN code.
361
362 The VerifyPinfunction presents a PIN code to the Smart Card.
363
364 If Smart Card found the PIN code correct the user is considered authenticated
365 to current application, and the function returns TRUE.
366
367 Negative or null PinSize value rejected if PinCodeis not NULL.
368
369 A NULL PinCodebuffer means the application didn't know the PIN, in that case:
370 - If PinSize value is negative the caller only wants to know if the current
371 chain of the elements Smart Card Edge protocol, Smart Card Reader protocol
372 and Smart Card Reader supports the Secure Pin Entry PCSC V2 functionality.
373 - If PinSize value is positive or null the caller ask to perform the verify
374 PIN using the Secure PIN Entry functionality.
375
376 In PinCode buffer, the PIN value is always given in plaintext, in case of secure
377 messaging the SMART_CARD_EDGE_PROTOCOL will be in charge of all intermediate
378 treatments to build the correct Smart Card APDU.
379
380 @param[in] This Indicates a pointer to the calling context.
381 @param[in] SCardHandle Handle on Smart Card connection.
382 @param[in] PinSize PIN code buffer size.
383 @param[in] PinCode PIN code to present to the Smart Card.
384 @param[out] PinResult Result of PIN code presentation to the Smart Card.
385 TRUE when Smard Card founds the PIN code correct.
386 @param[out] RemainingAttempts Number of attempts still possible.
387
388 @retval EFI_SUCCESS The requested command completed successfully.
389 @retval EFI_UNSUPPORTED Pinsize < 0 and Secure PIN Entry functionality not
390 supported.
391 @retval EFI_INVALID_PARAMETER This is NULL.
392 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
393 @retval EFI_INVALID_PARAMETER Bad value for PinSize: value not supported by Smart
394 Card or, negative with PinCode not null.
395 @retval EFI_INVALID_PARAMETER PinResult is NULL.
396 @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
397 has been removed. A Disconnect should be performed.
398
399 **/
400 typedef
401 EFI_STATUS
402 (EFIAPI *EFI_SMART_CARD_EDGE_VERIFY_PIN) (
403 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
404 IN EFI_HANDLE SCardHandle,
405 IN INT32 PinSize,
406 IN UINT8 *PinCode,
407 OUT BOOLEAN *PinResult,
408 OUT UINT32 *RemainingAttempts OPTIONAL
409 );
410
411 /**
412 This function gives the remaining number of attempts for PIN code presentation.
413
414 The number of attempts to present a correct PIN is limited and depends on Smart
415 Card and on PIN.
416
417 This function will retrieve the number of remaining possible attempts.
418
419 @param[in] This Indicates a pointer to the calling context.
420 @param[in] SCardHandle Handle on Smart Card connection.
421 @param[out] RemainingAttempts Number of attempts still possible.
422
423 @retval EFI_SUCCESS The requested command completed successfully.
424 @retval EFI_INVALID_PARAMETER This is NULL.
425 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
426 @retval EFI_INVALID_PARAMETER RemainingAttempts is NULL.
427 @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
428 has been removed. A Disconnect should be performed.
429
430 **/
431 typedef
432 EFI_STATUS
433 (EFIAPI *EFI_SMART_CARD_EDGE_GET_PIN_REMAINING) (
434 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
435 IN EFI_HANDLE SCardHandle,
436 OUT UINT32 *RemainingAttempts
437 );
438
439 /**
440 This function returns a specific data from Smart Card.
441
442 The function is generic for any kind of data, but driver and application must
443 share an EFI_GUID that identify the data.
444
445 @param[in] This Indicates a pointer to the calling context.
446 @param[in] SCardHandle Handle on Smart Card connection.
447 @param[in] DataId The type identifier of the data to get.
448 @param[in, out] DataSize On input, in bytes, the size of Data. On output,
449 in bytes, the size of buffer required to store
450 the specified data.
451 @param[out] Data The data buffer in which the data is returned.
452 The type of the data buffer is associated with
453 the DataId. Ignored if *DataSize is 0.
454
455 @retval EFI_SUCCESS The requested command completed successfully.
456 @retval EFI_INVALID_PARAMETER This is NULL.
457 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
458 @retval EFI_INVALID_PARAMETER DataId is NULL.
459 @retval EFI_INVALID_PARAMETER DataSize is NULL.
460 @retval EFI_INVALID_PARAMETER Data is NULL, and *DataSize is not zero.
461 @retval EFI_NOT_FOUND DataId unknown for this driver.
462 @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the specified
463 data and the required size is returned in DataSize.
464 @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
465 PIN not verified.
466 @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
467 has been removed. A Disconnect should be performed.
468
469 **/
470 typedef
471 EFI_STATUS
472 (EFIAPI *EFI_SMART_CARD_EDGE_GET_DATA) (
473 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
474 IN EFI_HANDLE SCardHandle,
475 IN EFI_GUID *DataId,
476 IN OUT UINTN *DataSize,
477 OUT VOID *Data OPTIONAL
478 );
479
480 /**
481 This function retrieve credentials store into the Smart Card.
482
483 The function returns a series of items in TLV (Tag Length Value) format.
484
485 First TLV item is the header item that gives the number of following
486 containers (0x00, 0x01, Nb containers).
487
488 All these containers are a series of 4 TLV items:
489 - The certificate item (0x01, certificate size, certificate)
490 - The Key identifier item (0x02, 0x01, key index)
491 - The key type item (0x03, 0x01, key type)
492 - The key size item (0x04, 0x02, key size), key size in number of bits.
493 Numeric multi-bytes values are on big endian format, most significant byte first:
494 - The L field value for certificate (2 bytes)
495 - The L field value for key size (2 bytes)
496 - The value field for key size (2 bytes)
497
498 @param[in] This Indicates a pointer to the calling context.
499 @param[in] SCardHandle Handle on Smart Card connection.
500 @param[in, out] CredentialSize On input, in bytes, the size of buffer to store
501 the list of credential.
502 On output, in bytes, the size of buffer required
503 to store the entire list of credentials.
504
505 @param[out] CredentialList List of credentials stored into the Smart Card.
506 A list of TLV (Tag Length Value) elements organized
507 in containers array.
508
509 @retval EFI_SUCCESS The requested command completed successfully.
510 @retval EFI_INVALID_PARAMETER This is NULL.
511 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
512 @retval EFI_INVALID_PARAMETER CredentialSize is NULL.
513 @retval EFI_INVALID_PARAMETER CredentialList is NULL, if CredentialSize is not zero.
514 @retval EFI_BUFFER_TOO_SMALL The size of CredentialList is too small for the
515 specified data and the required size is returned in
516 CredentialSize.
517 @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
518 has been removed. A Disconnect should be performed.
519
520 **/
521 typedef
522 EFI_STATUS
523 (EFIAPI *EFI_SMART_CARD_EDGE_GET_CREDENTIAL) (
524 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
525 IN EFI_HANDLE SCardHandle,
526 IN OUT UINTN *CredentialSize,
527 OUT UINT8 *CredentialList OPTIONAL
528 );
529
530 /**
531 This function signs an already hashed data with a Smart Card private key.
532
533 This function signs data, actually it is the hash of these data that is given
534 to the function.
535
536 SignatureData buffer shall be big enough for signature. Signature size is
537 function key size and key type.
538
539 @param[in] This Indicates a pointer to the calling context.
540 @param[in] SCardHandle Handle on Smart Card connection.
541 @param[in] KeyId Identifier of the key container, retrieved
542 in a key index item of credentials.
543 @param[in] KeyType The key type, retrieved in a key type item of
544 credentials.
545
546 @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
547 - EFI_HASH_ALGORITHM_SHA1_GUID
548 - EFI_HASH_ALGORITHM_SHA256_GUID
549 - EFI_HASH_ALGORITHM_SHA384_GUID
550 - EFI_HASH_ALGORITHM_SHA512_GUID
551 @param[in] PaddingMethod Padding method used jointly with hash algorithm,
552 one of:
553 - EFI_PADDING_RSASSA_PKCS1V1P5_GUID
554 - EFI_PADDING_RSASSA_PSS_GUID
555 @param[in] HashedData Hash of the data to sign. Size is function of the
556 HashAlgorithm.
557
558 @param[out] SignatureData Resulting signature with private key KeyId. Size
559 is function of the KeyType and key size retrieved
560 in the associated key size item of credentials.
561
562 @retval EFI_SUCCESS The requested command completed successfully.
563 @retval EFI_INVALID_PARAMETER This is NULL.
564 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
565 @retval EFI_INVALID_PARAMETER KeyId is not valid.
566 @retval EFI_INVALID_PARAMETER KeyType is not valid or not corresponding to KeyId.
567 @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
568 @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
569 @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
570 @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
571 @retval EFI_INVALID_PARAMETER HashedData is NULL.
572 @retval EFI_INVALID_PARAMETER SignatureData is NULL.
573 @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
574 PIN not verified.
575 @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
576 has been removed. A Disconnect should be performed.
577
578 **/
579 typedef
580 EFI_STATUS
581 (EFIAPI *EFI_SMART_CARD_EDGE_SIGN_DATA) (
582 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
583 IN EFI_HANDLE SCardHandle,
584 IN UINTN KeyId,
585 IN UINTN KeyType,
586 IN EFI_GUID *HashAlgorithm,
587 IN EFI_GUID *PaddingMethod,
588 IN UINT8 *HashedData,
589 OUT UINT8 *SignatureData
590 );
591
592 /**
593 This function decrypts data with a PKI/RSA Smart Card private key.
594
595 The function decrypts some PKI/RSA encrypted data with private key securely
596 stored into the Smart Card.
597
598 The KeyId must reference a key of type SC_EDGE_RSA_EXCHANGE.
599
600 @param[in] This Indicates a pointer to the calling context.
601 @param[in] SCardHandle Handle on Smart Card connection.
602 @param[in] KeyId Identifier of the key container, retrieved
603 in a key index item of credentials.
604 @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
605 - EFI_HASH_ALGORITHM_SHA1_GUID
606 - EFI_HASH_ALGORITHM_SHA256_GUID
607 - EFI_HASH_ALGORITHM_SHA384_GUID
608 - EFI_HASH_ALGORITHM_SHA512_GUID
609 @param[in] PaddingMethod Padding method used jointly with hash algorithm,
610 one of:
611 - EFI_PADDING_NONE_GUID
612 - EFI_PADDING_RSAES_PKCS1V1P5_GUID
613 - EFI_PADDING_RSAES_OAEP_GUID
614 @param[in] EncryptedSize Size of data to decrypt.
615 @param[in] EncryptedData Data to decrypt
616 @param[in, out] PlaintextSize On input, in bytes, the size of buffer to store
617 the decrypted data.
618 On output, in bytes, the size of buffer required
619 to store the decrypted data.
620 @param[out] PlaintextData Buffer for decrypted data, padding removed.
621
622 @retval EFI_SUCCESS The requested command completed successfully.
623 @retval EFI_INVALID_PARAMETER This is NULL.
624 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
625 @retval EFI_INVALID_PARAMETER KeyId is not valid or associated key not of type
626 SC_EDGE_RSA_EXCHANGE.
627 @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
628 @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
629 @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
630 @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
631 @retval EFI_INVALID_PARAMETER EncryptedSize is 0.
632 @retval EFI_INVALID_PARAMETER EncryptedData is NULL.
633 @retval EFI_INVALID_PARAMETER PlaintextSize is NULL.
634 @retval EFI_INVALID_PARAMETER PlaintextData is NULL.
635 @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
636 PIN not verified.
637 @retval EFI_BUFFER_TOO_SMALL PlaintextSize is too small for the plaintext data
638 and the required size is returned in PlaintextSize.
639 @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
640 has been removed. A Disconnect should be performed.
641
642 **/
643 typedef
644 EFI_STATUS
645 (EFIAPI *EFI_SMART_CARD_EDGE_DECRYPT_DATA) (
646 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
647 IN EFI_HANDLE SCardHandle,
648 IN UINTN KeyId,
649 IN EFI_GUID *HashAlgorithm,
650 IN EFI_GUID *PaddingMethod,
651 IN UINTN EncryptedSize,
652 IN UINT8 *EncryptedData,
653 IN OUT UINTN *PlaintextSize,
654 OUT UINT8 *PlaintextData
655 );
656
657 /**
658 This function performs a secret Diffie Hellman agreement calculation that would
659 be used to derive a symmetric encryption / decryption key.
660
661 The function compute a DH agreement that should be diversified togenerate a symmetric
662 key to proceed encryption or decryption.
663
664 The application and the Smart Card shall agree on the diversification process.
665
666 The KeyId must reference a key of one of the types: SC_EDGE_ECDH_256, SC_EDGE_ECDH_384
667 or SC_EDGE_ECDH_521.
668
669 @param[in] This Indicates a pointer to the calling context.
670 @param[in] SCardHandle Handle on Smart Card connection.
671 @param[in] KeyId Identifier of the key container, retrieved
672 in a key index item of credentials.
673 @param[in] dataQx Public key x coordinate. Size is the same as
674 key size for KeyId. Stored in big endian format.
675 @param[in] dataQy Public key y coordinate. Size is the same as
676 key size for KeyId. Stored in big endian format.
677 @param[out] DHAgreement Buffer for DH agreement computed. Size must be
678 bigger or equal to key size for KeyId.
679
680 @retval EFI_SUCCESS The requested command completed successfully.
681 @retval EFI_INVALID_PARAMETER This is NULL.
682 @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
683 @retval EFI_INVALID_PARAMETER KeyId is not valid.
684 @retval EFI_INVALID_PARAMETER dataQx is NULL.
685 @retval EFI_INVALID_PARAMETER dataQy is NULL.
686 @retval EFI_INVALID_PARAMETER DHAgreement is NULL.
687 @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
688 PIN not verified.
689 @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
690 has been removed. A Disconnect should be performed.
691
692 **/
693 typedef
694 EFI_STATUS
695 (EFIAPI *EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT) (
696 IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
697 IN EFI_HANDLE SCardHandle,
698 IN UINTN KeyId,
699 IN UINT8 *dataQx,
700 IN UINT8 *dataQy,
701 OUT UINT8 *DHAgreement
702 );
703
704 ///
705 /// Smart card aware application invokes this protocol to get access to an inserted
706 /// smart card in the reader or to the reader itself.
707 ///
708 struct _EFI_SMART_CARD_EDGE_PROTOCOL {
709 EFI_SMART_CARD_EDGE_GET_CONTEXT GetContext;
710 EFI_SMART_CARD_EDGE_CONNECT Connect;
711 EFI_SMART_CARD_EDGE_DISCONNECT Disconnect;
712 EFI_SMART_CARD_EDGE_GET_CSN GetCsn;
713 EFI_SMART_CARD_EDGE_GET_READER_NAME GetReaderName;
714 EFI_SMART_CARD_EDGE_VERIFY_PIN VerifyPin;
715 EFI_SMART_CARD_EDGE_GET_PIN_REMAINING GetPinRemaining;
716 EFI_SMART_CARD_EDGE_GET_DATA GetData;
717 EFI_SMART_CARD_EDGE_GET_CREDENTIAL GetCredential;
718 EFI_SMART_CARD_EDGE_SIGN_DATA SignData;
719 EFI_SMART_CARD_EDGE_DECRYPT_DATA DecryptData;
720 EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT BuildDHAgreement;
721 };
722
723 extern EFI_GUID gEfiSmartCardEdgeProtocolGuid;
724
725 #endif
726
EFI Development Kit II mirror for PVE