SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h

   1 /** @file
   2   The internal header file includes the common header files, defines
   3   internal structure and functions used by ImageVerificationLib.
   4
   5 Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
   6 This program and the accompanying materials
   7 are licensed and made available under the terms and conditions of the BSD License
   8 which accompanies this distribution.  The full text of the license may be found at
   9 http://opensource.org/licenses/bsd-license.php
  10
  11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  13
  14 **/
  15
  16 #ifndef __IMAGEVERIFICATIONLIB_H__
  17 #define __IMAGEVERIFICATIONLIB_H__
  18
  19 #include <Library/UefiDriverEntryPoint.h>
  20 #include <Library/DebugLib.h>
  21 #include <Library/BaseMemoryLib.h>
  22 #include <Library/UefiBootServicesTableLib.h>
  23 #include <Library/UefiRuntimeServicesTableLib.h>
  24 #include <Library/UefiLib.h>
  25 #include <Library/BaseLib.h>
  26 #include <Library/MemoryAllocationLib.h>
  27 #include <Library/BaseCryptLib.h>
  28 #include <Library/PcdLib.h>
  29 #include <Library/DevicePathLib.h>
  30 #include <Library/SecurityManagementLib.h>
  31 #include <Library/PeCoffLib.h>
  32 #include <Protocol/FirmwareVolume2.h>
  33 #include <Protocol/DevicePath.h>
  34 #include <Protocol/BlockIo.h>
  35 #include <Protocol/SimpleFileSystem.h>
  36 #include <Protocol/VariableWrite.h>
  37 #include <Guid/ImageAuthentication.h>
  38 #include <Guid/AuthenticatedVariableFormat.h>
  39 #include <IndustryStandard/PeImage.h>
  40
  41 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
  42 #define EFI_CERT_TYPE_RSA2048_SIZE        256
  43 #define MAX_NOTIFY_STRING_LEN             64
  44 #define TWO_BYTE_ENCODE                   0x82
  45
  46 #define ALIGNMENT_SIZE                    8
  47 #define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)
  48
  49 //
  50 // Image type definitions
  51 //
  52 #define IMAGE_UNKNOWN                         0x00000000
  53 #define IMAGE_FROM_FV                         0x00000001
  54 #define IMAGE_FROM_OPTION_ROM                 0x00000002
  55 #define IMAGE_FROM_REMOVABLE_MEDIA            0x00000003
  56 #define IMAGE_FROM_FIXED_MEDIA                0x00000004
  57
  58 //
  59 // Authorization policy bit definition
  60 //
  61 #define ALWAYS_EXECUTE                         0x00000000
  62 #define NEVER_EXECUTE                          0x00000001
  63 #define ALLOW_EXECUTE_ON_SECURITY_VIOLATION    0x00000002
  64 #define DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003
  65 #define DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004
  66 #define QUERY_USER_ON_SECURITY_VIOLATION       0x00000005
  67
  68 //
  69 // Support hash types
  70 //
  71 #define HASHALG_SHA1                           0x00000000
  72 #define HASHALG_SHA224                         0x00000001
  73 #define HASHALG_SHA256                         0x00000002
  74 #define HASHALG_SHA384                         0x00000003
  75 #define HASHALG_SHA512                         0x00000004
  76 #define HASHALG_MAX                            0x00000005
  77
  78 //
  79 // Set max digest size as SHA256 Output (32 bytes) by far
  80 //
  81 #define MAX_DIGEST_SIZE    SHA256_DIGEST_SIZE
  82 //
  83 //
  84 // PKCS7 Certificate definition
  85 //
  86 typedef struct {
  87   WIN_CERTIFICATE Hdr;
  88   UINT8           CertData[1];
  89 } WIN_CERTIFICATE_EFI_PKCS;
  90
  91
  92 /**
  93   Retrieves the size, in bytes, of the context buffer required for hash operations.
  94
  95   @return  The size, in bytes, of the context buffer required for hash operations.
  96
  97 **/
  98 typedef
  99 UINTN
 100 (EFIAPI *HASH_GET_CONTEXT_SIZE)(
 101   VOID
 102   );
 103
 104 /**
 105   Initializes user-supplied memory pointed by HashContext as hash context for
 106   subsequent use.
 107
 108   If HashContext is NULL, then ASSERT().
 109
 110   @param[in, out]  HashContext  Pointer to  Context being initialized.
 111
 112   @retval TRUE   HASH context initialization succeeded.
 113   @retval FALSE  HASH context initialization failed.
 114
 115 **/
 116 typedef
 117 BOOLEAN
 118 (EFIAPI *HASH_INIT)(
 119   IN OUT  VOID  *HashContext
 120   );
 121
 122
 123 /**
 124   Performs digest on a data buffer of the specified length. This function can
 125   be called multiple times to compute the digest of long or discontinuous data streams.
 126
 127   If HashContext is NULL, then ASSERT().
 128
 129   @param[in, out]  HashContext  Pointer to the MD5 context.
 130   @param[in]       Data         Pointer to the buffer containing the data to be hashed.
 131   @param[in]       DataLength   Length of Data buffer in bytes.
 132
 133   @retval TRUE     HASH data digest succeeded.
 134   @retval FALSE    Invalid HASH context. After HashFinal function has been called, the
 135                    HASH context cannot be reused.
 136
 137 **/
 138 typedef
 139 BOOLEAN
 140 (EFIAPI *HASH_UPDATE)(
 141   IN OUT  VOID        *HashContext,
 142   IN      CONST VOID  *Data,
 143   IN      UINTN       DataLength
 144   );
 145
 146 /**
 147   Completes hash computation and retrieves the digest value into the specified
 148   memory. After this function has been called, the context cannot be used again.
 149
 150   If HashContext is NULL, then ASSERT().
 151   If HashValue is NULL, then ASSERT().
 152
 153   @param[in, out]  HashContext  Pointer to the MD5 context
 154   @param[out]      HashValue    Pointer to a buffer that receives the HASH digest
 155                                 value.
 156
 157   @retval TRUE   HASH digest computation succeeded.
 158   @retval FALSE  HASH digest computation failed.
 159
 160 **/
 161 typedef
 162 BOOLEAN
 163 (EFIAPI *HASH_FINAL)(
 164   IN OUT  VOID   *HashContext,
 165   OUT     UINT8  *HashValue
 166   );
 167
 168
 169 //
 170 // Hash Algorithm Table
 171 //
 172 typedef struct {
 173   //
 174   // Name for Hash Algorithm
 175   //
 176   CHAR16                   *Name;
 177   //
 178   // Digest Length
 179   //
 180   UINTN                    DigestLength;
 181   //
 182   // Hash Algorithm OID ASN.1 Value
 183   //
 184   UINT8                    *OidValue;
 185   //
 186   // Length of Hash OID Value
 187   //
 188   UINTN                    OidLength;
 189   //
 190   // Pointer to Hash GetContentSize function
 191   //
 192   HASH_GET_CONTEXT_SIZE    GetContextSize;
 193   //
 194   // Pointer to Hash Init function
 195   //
 196   HASH_INIT                HashInit;
 197   //
 198   // Pointer to Hash Update function
 199   //
 200   HASH_UPDATE              HashUpdate;
 201   //
 202   // Pointer to Hash Final function
 203   //
 204   HASH_FINAL               HashFinal;
 205 } HASH_TABLE;
 206
 207 #endif