Validate some fields in PE image to make sure not access violation for later code.
[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.h
1 /** @file
2 The internal header file includes the common header files, defines
3 internal structure and functions used by ImageVerificationLib.
4
5 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #ifndef __IMAGEVERIFICATIONLIB_H__
17 #define __IMAGEVERIFICATIONLIB_H__
18
19 #include <Library/UefiDriverEntryPoint.h>
20 #include <Library/DebugLib.h>
21 #include <Library/BaseMemoryLib.h>
22 #include <Library/UefiBootServicesTableLib.h>
23 #include <Library/UefiRuntimeServicesTableLib.h>
24 #include <Library/UefiLib.h>
25 #include <Library/BaseLib.h>
26 #include <Library/MemoryAllocationLib.h>
27 #include <Library/BaseCryptLib.h>
28 #include <Library/PcdLib.h>
29 #include <Library/DevicePathLib.h>
30 #include <Library/SecurityManagementLib.h>
31 #include <Library/PeCoffLib.h>
32 #include <Protocol/FirmwareVolume2.h>
33 #include <Protocol/DevicePath.h>
34 #include <Protocol/BlockIo.h>
35 #include <Protocol/SimpleFileSystem.h>
36 #include <Protocol/VariableWrite.h>
37 #include <Guid/ImageAuthentication.h>
38 #include <Guid/AuthenticatedVariableFormat.h>
39 #include <IndustryStandard/PeImage.h>
40
41 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
42 #define EFI_CERT_TYPE_RSA2048_SIZE 256
43 #define MAX_NOTIFY_STRING_LEN 64
44 #define TWO_BYTE_ENCODE 0x82
45
46 //
47 // Image type definitions
48 //
49 #define IMAGE_UNKNOWN 0x00000000
50 #define IMAGE_FROM_FV 0x00000001
51 #define IMAGE_FROM_OPTION_ROM 0x00000002
52 #define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003
53 #define IMAGE_FROM_FIXED_MEDIA 0x00000004
54
55 //
56 // Authorization policy bit definition
57 //
58 #define ALWAYS_EXECUTE 0x00000000
59 #define NEVER_EXECUTE 0x00000001
60 #define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
61 #define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
62 #define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
63 #define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
64
65 //
66 // Support hash types
67 //
68 #define HASHALG_SHA1 0x00000000
69 #define HASHALG_SHA224 0x00000001
70 #define HASHALG_SHA256 0x00000002
71 #define HASHALG_SHA384 0x00000003
72 #define HASHALG_SHA512 0x00000004
73 #define HASHALG_MAX 0x00000005
74
75 //
76 // Set max digest size as SHA256 Output (32 bytes) by far
77 //
78 #define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
79 //
80 //
81 // PKCS7 Certificate definition
82 //
83 typedef struct {
84 WIN_CERTIFICATE Hdr;
85 UINT8 CertData[1];
86 } WIN_CERTIFICATE_EFI_PKCS;
87
88
89 /**
90 Retrieves the size, in bytes, of the context buffer required for hash operations.
91
92 @return The size, in bytes, of the context buffer required for hash operations.
93
94 **/
95 typedef
96 UINTN
97 (EFIAPI *HASH_GET_CONTEXT_SIZE)(
98 VOID
99 );
100
101 /**
102 Initializes user-supplied memory pointed by HashContext as hash context for
103 subsequent use.
104
105 If HashContext is NULL, then ASSERT().
106
107 @param[in, out] HashContext Pointer to Context being initialized.
108
109 @retval TRUE HASH context initialization succeeded.
110 @retval FALSE HASH context initialization failed.
111
112 **/
113 typedef
114 BOOLEAN
115 (EFIAPI *HASH_INIT)(
116 IN OUT VOID *HashContext
117 );
118
119
120 /**
121 Performs digest on a data buffer of the specified length. This function can
122 be called multiple times to compute the digest of long or discontinuous data streams.
123
124 If HashContext is NULL, then ASSERT().
125
126 @param[in, out] HashContext Pointer to the MD5 context.
127 @param[in] Data Pointer to the buffer containing the data to be hashed.
128 @param[in] DataLength Length of Data buffer in bytes.
129
130 @retval TRUE HASH data digest succeeded.
131 @retval FALSE Invalid HASH context. After HashFinal function has been called, the
132 HASH context cannot be reused.
133
134 **/
135 typedef
136 BOOLEAN
137 (EFIAPI *HASH_UPDATE)(
138 IN OUT VOID *HashContext,
139 IN CONST VOID *Data,
140 IN UINTN DataLength
141 );
142
143 /**
144 Completes hash computation and retrieves the digest value into the specified
145 memory. After this function has been called, the context cannot be used again.
146
147 If HashContext is NULL, then ASSERT().
148 If HashValue is NULL, then ASSERT().
149
150 @param[in, out] HashContext Pointer to the MD5 context
151 @param[out] HashValue Pointer to a buffer that receives the HASH digest
152 value.
153
154 @retval TRUE HASH digest computation succeeded.
155 @retval FALSE HASH digest computation failed.
156
157 **/
158 typedef
159 BOOLEAN
160 (EFIAPI *HASH_FINAL)(
161 IN OUT VOID *HashContext,
162 OUT UINT8 *HashValue
163 );
164
165
166 //
167 // Hash Algorithm Table
168 //
169 typedef struct {
170 //
171 // Name for Hash Algorithm
172 //
173 CHAR16 *Name;
174 //
175 // Digest Length
176 //
177 UINTN DigestLength;
178 //
179 // Hash Algorithm OID ASN.1 Value
180 //
181 UINT8 *OidValue;
182 //
183 // Length of Hash OID Value
184 //
185 UINTN OidLength;
186 //
187 // Pointer to Hash GetContentSize function
188 //
189 HASH_GET_CONTEXT_SIZE GetContextSize;
190 //
191 // Pointer to Hash Init function
192 //
193 HASH_INIT HashInit;
194 //
195 // Pointer to Hash Update function
196 //
197 HASH_UPDATE HashUpdate;
198 //
199 // Pointer to Hash Final function
200 //
201 HASH_FINAL HashFinal;
202 } HASH_TABLE;
203
204 #endif