]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
projects / mirror_edk2.git / blob
? search:


2b79354fbd9805f9b3e5925100b04ec7d6e245b1
[mirror_edk2.git] / SecurityPkg / UserIdentification / UsbCredentialProviderDxe / UsbCredentialProvider.c
1 /** @file
2 Usb Credential Provider driver implemenetation.
3
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "UsbCredentialProvider.h"
16
17 CREDENTIAL_TABLE *mUsbTable = NULL;
18 USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL;
19 USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL;
20
21 //
22 // Used for save password credential and form browser
23 // And used as provider identifier
24 //
25 EFI_GUID mUsbCredentialGuid = USB_CREDENTIAL_PROVIDER_GUID;
26
27 HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {
28 {
29 {
30 HARDWARE_DEVICE_PATH,
31 HW_VENDOR_DP,
32 {
33 (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
34 (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
35 }
36 },
37 { 0x9463f883, 0x48f6, 0x4a7a, { 0x97, 0x2d, 0x9f, 0x8f, 0x38, 0xf2, 0xdd, 0x91 } }
38 },
39 {
40 END_DEVICE_PATH_TYPE,
41 END_ENTIRE_DEVICE_PATH_SUBTYPE,
42 {
43 (UINT8) (END_DEVICE_PATH_LENGTH),
44 (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
45 }
46 }
47 };
48
49 EFI_USER_CREDENTIAL_PROTOCOL gUsbCredentialProviderDriver = {
50 USB_CREDENTIAL_PROVIDER_GUID,
51 EFI_USER_CREDENTIAL_CLASS_SECURE_CARD,
52 CredentialEnroll,
53 CredentialForm,
54 CredentialTile,
55 CredentialTitle,
56 CredentialUser,
57 CredentialSelect,
58 CredentialDeselect,
59 CredentialDefault,
60 CredentialGetInfo,
61 CredentialGetNextInfo
62 };
63
64
65 /**
66 Get string by string id from HII Interface.
67
68
69 @param[in] Id String ID to get the string from.
70
71 @retval CHAR16 * String from ID.
72 @retval NULL If error occurs.
73
74 **/
75 CHAR16 *
76 GetStringById (
77 IN EFI_STRING_ID Id
78 )
79 {
80 //
81 // Get the current string for the current Language
82 //
83 return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL);
84 }
85
86
87 /**
88 Expand password table size.
89
90 **/
91 VOID
92 ExpandTableSize (
93 VOID
94 )
95 {
96 CREDENTIAL_TABLE *NewTable;
97 UINTN Count;
98
99 Count = mUsbTable->MaxCount + USB_TABLE_INC;
100 //
101 // Create new credential table.
102 //
103 NewTable = AllocateZeroPool (
104 sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +
105 Count * sizeof (USB_INFO)
106 );
107 ASSERT (NewTable != NULL);
108
109 NewTable->MaxCount = Count;
110 NewTable->Count = mUsbTable->Count;
111
112 //
113 // Copy old entries.
114 //
115 CopyMem (
116 &NewTable->UserInfo,
117 &mUsbTable->UserInfo,
118 mUsbTable->Count * sizeof (USB_INFO)
119 );
120 FreePool (mUsbTable);
121 mUsbTable = NewTable;
122 }
123
124
125 /**
126 Add or delete info in table, and sync with NV variable.
127
128 @param[in] Index The index of the password in table. The index begin from 1.
129 If index is found in table, delete the info, else add the
130 into to table.
131 @param[in] Info The new password info to add into table.
132
133 @retval EFI_INVALID_PARAMETER Info is NULL when save the info.
134 @retval EFI_SUCCESS Modify the table successfully.
135 @retval Others Failed to modify the table.
136
137 **/
138 EFI_STATUS
139 ModifyTable (
140 IN UINTN Index,
141 IN USB_INFO * Info OPTIONAL
142 )
143 {
144 EFI_STATUS Status;
145
146 if (Index < mUsbTable->Count) {
147 //
148 // Delete the specified entry
149 //
150 mUsbTable->Count--;
151 if (Index != mUsbTable->Count) {
152 CopyMem (
153 &mUsbTable->UserInfo[Index],
154 &mUsbTable->UserInfo[mUsbTable->Count],
155 sizeof (USB_INFO)
156 );
157 }
158 } else {
159 //
160 // Add a new entry
161 //
162 if (Info == NULL) {
163 return EFI_INVALID_PARAMETER;
164 }
165
166 if (mUsbTable->Count >= mUsbTable->MaxCount) {
167 ExpandTableSize ();
168 }
169
170 CopyMem (
171 &mUsbTable->UserInfo[mUsbTable->Count],
172 Info,
173 sizeof (USB_INFO)
174 );
175 mUsbTable->Count++;
176 }
177
178 //
179 // Save the credential table.
180 //
181 Status = gRT->SetVariable (
182 L"UsbCredential",
183 &mUsbCredentialGuid,
184 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
185 mUsbTable->Count * sizeof (USB_INFO),
186 &mUsbTable->UserInfo
187 );
188 return Status;
189 }
190
191
192 /**
193 Create a credential table
194
195 @retval EFI_SUCCESS Create a credential table successfully.
196 @retval Others Failed to create a password.
197
198 **/
199 EFI_STATUS
200 InitCredentialTable (
201 VOID
202 )
203 {
204 EFI_STATUS Status;
205 UINT8 *Var;
206 UINTN VarSize;
207
208 //
209 // Get Usb credential data from NV variable.
210 //
211 VarSize = 0;
212 Var = NULL;
213 Status = gRT->GetVariable (
214 L"UsbCredential",
215 &mUsbCredentialGuid,
216 NULL,
217 &VarSize,
218 Var
219 );
220 if (Status == EFI_BUFFER_TOO_SMALL) {
221 Var = AllocateZeroPool (VarSize);
222 if (Var == NULL) {
223 return EFI_OUT_OF_RESOURCES;
224 }
225 Status = gRT->GetVariable (
226 L"UsbCredential",
227 &mUsbCredentialGuid,
228 NULL,
229 &VarSize,
230 Var
231 );
232 }
233 if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
234 return Status;
235 }
236
237 //
238 // Init Usb credential table.
239 //
240 mUsbTable = AllocateZeroPool (
241 sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +
242 USB_TABLE_INC * sizeof (USB_INFO) +
243 VarSize
244 );
245 if (mUsbTable == NULL) {
246 FreePool (Var);
247 return EFI_OUT_OF_RESOURCES;
248 }
249
250 mUsbTable->Count = VarSize / sizeof (USB_INFO);
251 mUsbTable->MaxCount = mUsbTable->Count + USB_TABLE_INC;
252 if (Var != NULL) {
253 CopyMem (mUsbTable->UserInfo, Var, VarSize);
254 FreePool (Var);
255 }
256 return EFI_SUCCESS;
257 }
258
259
260 /**
261 Read the specified file by FileName in the Usb key and return the file size in BufferSize
262 and file content in Buffer.
263 Note: the caller is responsible to free the buffer memory.
264
265 @param FileName File to read.
266 @param Buffer Returned with data read from the file.
267 @param BufferSize Size of the data buffer.
268
269 @retval EFI_SUCCESS The command completed successfully.
270 @retval EFI_OUT_OF_RESOURCES Resource allocation failed.
271 @retval EFI_NOT_FOUND File not found.
272 @retval EFI_DEVICE_ERROR Device I/O error.
273
274 **/
275 EFI_STATUS
276 GetFileData (
277 IN CHAR16 *FileName,
278 OUT VOID **Buffer,
279 OUT UINTN *BufferSize
280 )
281 {
282 EFI_STATUS Status;
283 UINTN Index;
284 UINTN HandleCount;
285 UINTN ScratchBufferSize;
286 EFI_HANDLE *HandleBuffer;
287 EFI_FILE *RootFs;
288 EFI_FILE *FileHandle;
289 EFI_FILE_INFO *FileInfo;
290 EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *SimpleFileSystem;
291 EFI_BLOCK_IO_PROTOCOL *BlkIo;
292
293 FileInfo = NULL;
294 FileHandle = NULL;
295
296 Status = gBS->LocateHandleBuffer (
297 ByProtocol,
298 &gEfiSimpleFileSystemProtocolGuid,
299 NULL,
300 &HandleCount,
301 &HandleBuffer
302 );
303 if (EFI_ERROR (Status)) {
304 DEBUG ((DEBUG_ERROR, "Can not Locate SimpleFileSystemProtocol\n"));
305 goto Done;
306 }
307
308 //
309 // Find and open the file in removable media disk.
310 //
311 for (Index = 0; Index < HandleCount; Index++) {
312 Status = gBS->HandleProtocol (
313 HandleBuffer[Index],
314 &gEfiBlockIoProtocolGuid,
315 (VOID **) &BlkIo
316 );
317 if (EFI_ERROR (Status)) {
318 continue;
319 }
320
321 if (BlkIo->Media->RemovableMedia) {
322 Status = gBS->HandleProtocol (
323 HandleBuffer[Index],
324 &gEfiSimpleFileSystemProtocolGuid,
325 (VOID **) &SimpleFileSystem
326 );
327 if (EFI_ERROR (Status)) {
328 continue;
329 }
330
331 Status = SimpleFileSystem->OpenVolume (
332 SimpleFileSystem,
333 &RootFs
334 );
335 if (EFI_ERROR (Status)) {
336 continue;
337 }
338
339 Status = RootFs->Open (
340 RootFs,
341 &FileHandle,
342 FileName,
343 EFI_FILE_MODE_READ,
344 0
345 );
346 if (!EFI_ERROR (Status)) {
347 break;
348 }
349 }
350 }
351
352 FreePool (HandleBuffer);
353
354 if (Index >= HandleCount) {
355 DEBUG ((DEBUG_ERROR, "Can not found the token file!\n"));
356 Status = EFI_NOT_FOUND;
357 goto Done;
358 }
359
360 //
361 // Figure out how big the file is.
362 //
363 ScratchBufferSize = 0;
364 Status = FileHandle->GetInfo (
365 FileHandle,
366 &gEfiFileInfoGuid,
367 &ScratchBufferSize,
368 NULL
369 );
370 if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
371 DEBUG ((DEBUG_ERROR, "Can not obtain file size info!\n"));
372 Status = EFI_DEVICE_ERROR;
373 goto Done;
374 }
375
376 FileInfo = AllocateZeroPool (ScratchBufferSize);
377 if (FileInfo == NULL) {
378 DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token file!\n"));
379 Status = EFI_OUT_OF_RESOURCES;
380 goto Done;
381 }
382
383 Status = FileHandle->GetInfo (
384 FileHandle,
385 &gEfiFileInfoGuid,
386 &ScratchBufferSize,
387 FileInfo
388 );
389 if (EFI_ERROR (Status)) {
390 DEBUG ((DEBUG_ERROR, "Can not obtain file info from the token file!\n"));
391 Status = EFI_DEVICE_ERROR;
392 goto Done;
393 }
394
395 //
396 // Allocate a buffer for the file.
397 //
398 *BufferSize = (UINT32) FileInfo->FileSize;
399 *Buffer = AllocateZeroPool (*BufferSize);
400 if (*Buffer == NULL) {
401 DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n"));
402 Status = EFI_OUT_OF_RESOURCES;
403 goto Done;
404 }
405
406 //
407 // Load file into the allocated memory.
408 //
409 Status = FileHandle->Read (FileHandle, BufferSize, *Buffer);
410 if (EFI_ERROR (Status)) {
411 FreePool (*Buffer);
412 DEBUG ((DEBUG_ERROR, "Can not read the token file!\n"));
413 Status = EFI_DEVICE_ERROR;
414 goto Done;
415 }
416
417 //
418 // Close file.
419 //
420 Status = FileHandle->Close (FileHandle);
421 if (EFI_ERROR (Status)) {
422 FreePool (*Buffer);
423 DEBUG ((DEBUG_ERROR, "Can not close the token file !\n"));
424 Status = EFI_DEVICE_ERROR;
425 }
426
427 Done:
428
429 if (FileInfo != NULL) {
430 FreePool (FileInfo);
431 }
432
433 return Status;
434 }
435
436
437 /**
438 Hash the data to get credential.
439
440 @param[in] Buffer Points to the data buffer
441 @param[in] BufferSize The size of data in buffer, in bytes.
442 @param[out] Credential Points to the hashed result
443
444 @retval TRUE Hash the data successfully.
445 @retval FALSE Failed to hash the data.
446
447 **/
448 BOOLEAN
449 GenerateCredential (
450 IN UINT8 *Buffer,
451 IN UINTN BufferSize,
452 OUT UINT8 *Credential
453 )
454 {
455 BOOLEAN Status;
456 UINTN HashSize;
457 VOID *Hash;
458
459 HashSize = Sha1GetContextSize ();
460 Hash = AllocatePool (HashSize);
461 ASSERT (Hash != NULL);
462
463 Status = Sha1Init (Hash);
464 if (!Status) {
465 goto Done;
466 }
467
468 Status = Sha1Update (Hash, Buffer, BufferSize);
469 if (!Status) {
470 goto Done;
471 }
472
473 Status = Sha1Final (Hash, Credential);
474
475 Done:
476 FreePool (Hash);
477 return Status;
478 }
479
480
481 /**
482 Read the token file, and default the Token is saved at the begining of the file.
483
484 @param[out] Token Token read from a Token file.
485
486 @retval EFI_SUCCESS Read a Token successfully.
487 @retval Others Fails to read a Token.
488
489 **/
490 EFI_STATUS
491 GetToken (
492 OUT UINT8 *Token
493 )
494 {
495 EFI_STATUS Status;
496 UINT8 *Buffer;
497 UINTN BufSize;
498 CHAR16 *TokenFile;
499
500 BufSize = 0;
501 Buffer = NULL;
502 TokenFile = FixedPcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);
503 Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize);
504 if (EFI_ERROR (Status)) {
505 DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", TokenFile, Status));
506 return Status;
507 }
508
509 if (!GenerateCredential (Buffer, BufSize, Token)) {
510 DEBUG ((DEBUG_ERROR, "Generate credential from read data failed!\n"));
511 FreePool (Buffer);
512 return EFI_SECURITY_VIOLATION;
513 }
514
515 FreePool (Buffer);
516 return EFI_SUCCESS;
517 }
518
519
520 /**
521 Find a user infomation record by the information record type.
522
523 This function searches all user information records of User from beginning
524 until either the information is found or there are no more user infomation
525 record. A match occurs when a Info.InfoType field matches the user information
526 record type.
527
528 @param[in] User Points to the user profile record to search.
529 @param[in] InfoType The infomation type to be searched.
530 @param[out] Info Points to the user info found, the caller is responsible
531 to free.
532
533 @retval EFI_SUCCESS Find the user information successfully.
534 @retval Others Fail to find the user information.
535
536 **/
537 EFI_STATUS
538 FindUserInfoByType (
539 IN EFI_USER_PROFILE_HANDLE User,
540 IN UINT8 InfoType,
541 OUT EFI_USER_INFO **Info
542 )
543 {
544 EFI_STATUS Status;
545 EFI_USER_INFO *UserInfo;
546 UINTN UserInfoSize;
547 EFI_USER_INFO_HANDLE UserInfoHandle;
548 EFI_USER_MANAGER_PROTOCOL *UserManager;
549
550 //
551 // Find user information by information type.
552 //
553 if (Info == NULL) {
554 return EFI_INVALID_PARAMETER;
555 }
556
557 Status = gBS->LocateProtocol (
558 &gEfiUserManagerProtocolGuid,
559 NULL,
560 (VOID **) &UserManager
561 );
562 if (EFI_ERROR (Status)) {
563 return EFI_NOT_FOUND;
564 }
565
566 //
567 // Get each user information.
568 //
569
570 UserInfoHandle = NULL;
571 UserInfo = NULL;
572 UserInfoSize = 0;
573 while (TRUE) {
574 Status = UserManager->GetNextInfo (UserManager, User, &UserInfoHandle);
575 if (EFI_ERROR (Status)) {
576 break;
577 }
578 //
579 // Get information.
580 //
581 Status = UserManager->GetInfo (
582 UserManager,
583 User,
584 UserInfoHandle,
585 UserInfo,
586 &UserInfoSize
587 );
588 if (Status == EFI_BUFFER_TOO_SMALL) {
589 if (UserInfo != NULL) {
590 FreePool (UserInfo);
591 }
592 UserInfo = AllocateZeroPool (UserInfoSize);
593 if (UserInfo == NULL) {
594 return EFI_OUT_OF_RESOURCES;
595 }
596 Status = UserManager->GetInfo (
597 UserManager,
598 User,
599 UserInfoHandle,
600 UserInfo,
601 &UserInfoSize
602 );
603 }
604 if (EFI_ERROR (Status)) {
605 break;
606 }
607
608 ASSERT (UserInfo != NULL);
609 if (UserInfo->InfoType == InfoType) {
610 *Info = UserInfo;
611 return EFI_SUCCESS;
612 }
613 }
614
615 if (UserInfo != NULL) {
616 FreePool (UserInfo);
617 }
618 return Status;
619 }
620
621
622 /**
623 This function initialize the data mainly used in form browser.
624
625 @retval EFI_SUCCESS Initialize form data successfully.
626 @retval Others Fail to Initialize form data.
627
628 **/
629 EFI_STATUS
630 InitFormBrowser (
631 VOID
632 )
633 {
634 USB_PROVIDER_CALLBACK_INFO *CallbackInfo;
635
636 //
637 // Initialize driver private data.
638 //
639 CallbackInfo = AllocateZeroPool (sizeof (USB_PROVIDER_CALLBACK_INFO));
640 if (CallbackInfo == NULL) {
641 return EFI_OUT_OF_RESOURCES;
642 }
643
644 CallbackInfo->DriverHandle = NULL;
645
646 //
647 // Publish HII data.
648 //
649 CallbackInfo->HiiHandle = HiiAddPackages (
650 &mUsbCredentialGuid,
651 CallbackInfo->DriverHandle,
652 UsbCredentialProviderStrings,
653 NULL
654 );
655 if (CallbackInfo->HiiHandle == NULL) {
656 return EFI_OUT_OF_RESOURCES;
657 }
658 mCallbackInfo = CallbackInfo;
659
660 return EFI_SUCCESS;
661 }
662
663
664 /**
665 Enroll a user on a credential provider.
666
667 This function enrolls and deletes a user profile using this credential provider.
668 If a user profile is successfully enrolled, it calls the User Manager Protocol
669 function Notify() to notify the user manager driver that credential information
670 has changed. If an enrolled user does exist, delete the user on the credential
671 provider.
672
673 @param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL.
674 @param[in] User The user profile to enroll.
675
676 @retval EFI_SUCCESS User profile was successfully enrolled.
677 @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the
678 user profile handle. Either the user profile cannot enroll
679 on any user profile or cannot enroll on a user profile
680 other than the current user profile.
681 @retval EFI_UNSUPPORTED This credential provider does not support enrollment in
682 the pre-OS.
683 @retval EFI_DEVICE_ERROR The new credential could not be created because of a device
684 error.
685 @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
686
687 **/
688 EFI_STATUS
689 EFIAPI
690 CredentialEnroll (
691 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
692 IN EFI_USER_PROFILE_HANDLE User
693 )
694 {
695 EFI_STATUS Status;
696 UINTN Index;
697 USB_INFO UsbInfo;
698 EFI_USER_INFO *UserInfo;
699 EFI_INPUT_KEY Key;
700 EFI_USER_MANAGER_PROTOCOL *UserManager;
701 UINT8 *UserId;
702 UINT8 *NewUserId;
703 EFI_TPL OldTpl;
704 CHAR16 *QuestionStr;
705 CHAR16 *PromptStr;
706
707 if ((This == NULL) || (User == NULL)) {
708 return EFI_INVALID_PARAMETER;
709 }
710
711 Status = gBS->LocateProtocol (
712 &gEfiUserManagerProtocolGuid,
713 NULL,
714 (VOID **) &UserManager
715 );
716 if (EFI_ERROR (Status)) {
717 return EFI_UNSUPPORTED;
718 }
719
720 //
721 // Get User Identifier
722 //
723 UserInfo = NULL;
724 Status = FindUserInfoByType (
725 User,
726 EFI_USER_INFO_IDENTIFIER_RECORD,
727 &UserInfo
728 );
729 if (EFI_ERROR (Status)) {
730 return EFI_INVALID_PARAMETER;
731 }
732
733 //
734 // If User exists in mUsbTable, delete User.
735 //
736 for (Index = 0; Index < mUsbTable->Count; Index++) {
737 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
738 NewUserId = (UINT8 *) (UserInfo + 1);
739 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
740 //
741 // Delete the exist Token.
742 //
743 FreePool (UserInfo);
744 return ModifyTable (Index, NULL);
745 }
746 }
747
748 //
749 // Get Token and User ID to UsbInfo.
750 //
751 Status = GetToken (UsbInfo.Token);
752 if (EFI_ERROR (Status)) {
753 QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));
754 PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));
755 OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
756 gBS->RestoreTPL (TPL_APPLICATION);
757 CreatePopUp (
758 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
759 &Key,
760 QuestionStr,
761 L"",
762 PromptStr,
763 NULL
764 );
765 gBS->RaiseTPL (OldTpl);
766 FreePool (QuestionStr);
767 FreePool (PromptStr);
768 FreePool (UserInfo);
769 return Status;
770 }
771 CopyMem (
772 UsbInfo.UserId,
773 (UINT8 *) (UserInfo + 1),
774 sizeof (EFI_USER_INFO_IDENTIFIER)
775 );
776 FreePool (UserInfo);
777
778 //
779 // Save the new added entry.
780 //
781 Status = ModifyTable (mUsbTable->Count, &UsbInfo);
782 if (EFI_ERROR (Status)) {
783 return Status;
784 }
785
786 //
787 // Notify the user manager driver that credential information has changed.
788 //
789 UserManager->Notify (UserManager, mCallbackInfo->DriverHandle);
790
791 return EFI_SUCCESS;
792 }
793
794
795 /**
796 Returns the user interface information used during user identification.
797
798 This function returns information about the form used when interacting with the
799 user during user identification. The form is the first enabled form in the form-set
800 class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If
801 the user credential provider does not require a form to identify the user, then this
802 function should return EFI_NOT_FOUND.
803
804 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
805 @param[out] Hii On return, holds the HII database handle.
806 @param[out] FormSetId On return, holds the identifier of the form set which contains
807 the form used during user identification.
808 @param[out] FormId On return, holds the identifier of the form used during user
809 identification.
810
811 @retval EFI_SUCCESS Form returned successfully.
812 @retval EFI_NOT_FOUND Form not returned.
813 @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.
814
815 **/
816 EFI_STATUS
817 EFIAPI
818 CredentialForm (
819 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
820 OUT EFI_HII_HANDLE *Hii,
821 OUT EFI_GUID *FormSetId,
822 OUT EFI_FORM_ID *FormId
823 )
824 {
825 if ((This == NULL) || (Hii == NULL) ||
826 (FormSetId == NULL) || (FormId == NULL)) {
827 return EFI_INVALID_PARAMETER;
828 }
829 return EFI_NOT_FOUND;
830 }
831
832
833 /**
834 Returns bitmap used to describe the credential provider type.
835
836 This optional function returns a bitmap which is less than or equal to the number
837 of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
838 is returned.
839
840 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
841 @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
842 bitmap information will be returned. On exit, points to the
843 width of the bitmap returned.
844 @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no
845 bitmap information will be returned. On exit, points to the
846 height of the bitmap returned.
847 @param[out] Hii On return, holds the HII database handle.
848 @param[out] Image On return, holds the HII image identifier.
849
850 @retval EFI_SUCCESS Image identifier returned successfully.
851 @retval EFI_NOT_FOUND Image identifier not returned.
852 @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.
853
854 **/
855 EFI_STATUS
856 EFIAPI
857 CredentialTile (
858 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
859 IN OUT UINTN *Width,
860 IN OUT UINTN *Height,
861 OUT EFI_HII_HANDLE *Hii,
862 OUT EFI_IMAGE_ID *Image
863 )
864 {
865 if ((This == NULL) || (Hii == NULL) || (Image == NULL)) {
866 return EFI_INVALID_PARAMETER;
867 }
868 return EFI_NOT_FOUND;
869 }
870
871
872 /**
873 Returns string used to describe the credential provider type.
874
875 This function returns a string which describes the credential provider. If no
876 such string exists, then EFI_NOT_FOUND is returned.
877
878 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
879 @param[out] Hii On return, holds the HII database handle.
880 @param[out] String On return, holds the HII string identifier.
881
882 @retval EFI_SUCCESS String identifier returned successfully.
883 @retval EFI_NOT_FOUND String identifier not returned.
884 @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.
885
886 **/
887 EFI_STATUS
888 EFIAPI
889 CredentialTitle (
890 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
891 OUT EFI_HII_HANDLE *Hii,
892 OUT EFI_STRING_ID *String
893 )
894 {
895 if ((This == NULL) || (Hii == NULL) || (String == NULL)) {
896 return EFI_INVALID_PARAMETER;
897 }
898 //
899 // Set Hii handle and String ID.
900 //
901 *Hii = mCallbackInfo->HiiHandle;
902 *String = STRING_TOKEN (STR_CREDENTIAL_TITLE);
903
904 return EFI_SUCCESS;
905 }
906
907
908 /**
909 Return the user identifier associated with the currently authenticated user.
910
911 This function returns the user identifier of the user authenticated by this credential
912 provider. This function is called after the credential-related information has been
913 submitted on a form OR after a call to Default() has returned that this credential is
914 ready to log on.
915
916 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
917 @param[in] User The user profile handle of the user profile currently being
918 considered by the user identity manager. If NULL, then no user
919 profile is currently under consideration.
920 @param[out] Identifier On return, points to the user identifier.
921
922 @retval EFI_SUCCESS User identifier returned successfully.
923 @retval EFI_NOT_READY No user identifier can be returned.
924 @retval EFI_ACCESS_DENIED The user has been locked out of this user credential.
925 @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.
926 @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be
927 found in user profile database.
928
929 **/
930 EFI_STATUS
931 EFIAPI
932 CredentialUser (
933 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
934 IN EFI_USER_PROFILE_HANDLE User,
935 OUT EFI_USER_INFO_IDENTIFIER *Identifier
936 )
937 {
938 EFI_STATUS Status;
939 UINTN Index;
940 EFI_USER_INFO *UserInfo;
941 UINT8 *UserId;
942 UINT8 *NewUserId;
943 UINT8 *UserToken;
944 UINT8 ReadToken[HASHED_CREDENTIAL_LEN];
945 EFI_INPUT_KEY Key;
946 EFI_TPL OldTpl;
947 CHAR16 *QuestionStr;
948 CHAR16 *PromptStr;
949
950 if ((This == NULL) || (Identifier == NULL)) {
951 return EFI_INVALID_PARAMETER;
952 }
953
954 if (User == NULL) {
955 //
956 // Verify the auto logon user, get user id by matched token.
957 //
958 if (mUsbTable->Count == 0) {
959 return EFI_NOT_READY;
960 }
961
962 //
963 // No user selected, get token first and verify the user existed in user database.
964 //
965 Status = GetToken (ReadToken);
966 if (EFI_ERROR (Status)) {
967 return EFI_NOT_READY;
968 }
969
970 for (Index = 0; Index < mUsbTable->Count; Index++) {
971 //
972 // find the specified credential in the Usb credential database.
973 //
974 UserToken = mUsbTable->UserInfo[Index].Token;
975 if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {
976 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
977 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
978 return EFI_SUCCESS;
979 }
980 }
981
982 return EFI_NOT_READY;
983 }
984
985 //
986 // User is not NULL here. Read a token, and check whether the token matches with
987 // the selected user's Token. If not, try to find a token in token DB to matches
988 // with read token.
989 //
990
991 Status = GetToken (ReadToken);
992 if (EFI_ERROR (Status)) {
993 QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));
994 PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));
995 OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
996 gBS->RestoreTPL (TPL_APPLICATION);
997 CreatePopUp (
998 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
999 &Key,
1000 QuestionStr,
1001 L"",
1002 PromptStr,
1003 NULL
1004 );
1005 gBS->RaiseTPL (OldTpl);
1006 FreePool (QuestionStr);
1007 FreePool (PromptStr);
1008 return EFI_NOT_FOUND;
1009 }
1010
1011 //
1012 // Get the selected user's identifier.
1013 //
1014 Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, &UserInfo);
1015 if (EFI_ERROR (Status)) {
1016 return EFI_NOT_FOUND;
1017 }
1018
1019 //
1020 // Check the selected user's Token with the read token.
1021 //
1022 for (Index = 0; Index < mUsbTable->Count; Index++) {
1023 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
1024 NewUserId = (UINT8 *) (UserInfo + 1);
1025 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
1026 //
1027 // The user's ID is found in the UsbTable.
1028 //
1029 UserToken = mUsbTable->UserInfo[Index].Token;
1030 if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {
1031 //
1032 // The read token matches with the one in UsbTable.
1033 //
1034 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
1035 FreePool (UserInfo);
1036 return EFI_SUCCESS;
1037 }
1038 }
1039 }
1040
1041 FreePool (UserInfo);
1042
1043 return EFI_NOT_READY;
1044 }
1045
1046
1047 /**
1048 Indicate that user interface interaction has begun for the specified credential.
1049
1050 This function is called when a credential provider is selected by the user. If
1051 AutoLogon returns FALSE, then the user interface will be constructed by the User
1052 Identity Manager.
1053
1054 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1055 @param[out] AutoLogon On return, points to the credential provider's capabilities
1056 after the credential provider has been selected by the user.
1057
1058 @retval EFI_SUCCESS Credential provider successfully selected.
1059 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1060
1061 **/
1062 EFI_STATUS
1063 EFIAPI
1064 CredentialSelect (
1065 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1066 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1067 )
1068 {
1069 if ((This == NULL) || (AutoLogon == NULL)) {
1070 return EFI_INVALID_PARAMETER;
1071 }
1072
1073 *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO;
1074
1075 return EFI_SUCCESS;
1076 }
1077
1078
1079 /**
1080 Indicate that user interface interaction has ended for the specified credential.
1081
1082 This function is called when a credential provider is deselected by the user.
1083
1084 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1085
1086 @retval EFI_SUCCESS Credential provider successfully deselected.
1087
1088 **/
1089 EFI_STATUS
1090 EFIAPI
1091 CredentialDeselect (
1092 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This
1093 )
1094 {
1095 if (This == NULL) {
1096 return EFI_INVALID_PARAMETER;
1097 }
1098 return EFI_SUCCESS;
1099 }
1100
1101
1102 /**
1103 Return the default logon behavior for this user credential.
1104
1105 This function reports the default login behavior regarding this credential provider.
1106
1107 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1108 @param[out] AutoLogon On return, holds whether the credential provider should be used
1109 by default to automatically log on the user.
1110
1111 @retval EFI_SUCCESS Default information successfully returned.
1112 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1113
1114 **/
1115 EFI_STATUS
1116 EFIAPI
1117 CredentialDefault (
1118 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1119 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1120 )
1121 {
1122 if ((This == NULL) || (AutoLogon == NULL)) {
1123 return EFI_INVALID_PARAMETER;
1124 }
1125
1126 *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO;
1127 return EFI_SUCCESS;
1128 }
1129
1130
1131 /**
1132 Return information attached to the credential provider.
1133
1134 This function returns user information.
1135
1136 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1137 @param[in] UserInfo Handle of the user information data record.
1138 @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
1139 exit, holds the user information. If the buffer is too small
1140 to hold the information, then EFI_BUFFER_TOO_SMALL is returned
1141 and InfoSize is updated to contain the number of bytes actually
1142 required.
1143 @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the
1144 size of the user information.
1145
1146 @retval EFI_SUCCESS Information returned successfully.
1147 @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the
1148 user information. The size required is returned in *InfoSize.
1149 @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
1150 @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.
1151
1152 **/
1153 EFI_STATUS
1154 EFIAPI
1155 CredentialGetInfo (
1156 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1157 IN EFI_USER_INFO_HANDLE UserInfo,
1158 OUT EFI_USER_INFO *Info,
1159 IN OUT UINTN *InfoSize
1160 )
1161 {
1162 EFI_USER_INFO *CredentialInfo;
1163 UINTN Index;
1164
1165 if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) {
1166 return EFI_INVALID_PARAMETER;
1167 }
1168
1169 if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) {
1170 return EFI_NOT_FOUND;
1171 }
1172
1173 //
1174 // Find information handle in credential info table.
1175 //
1176 for (Index = 0; Index < mUsbInfoHandle->Count; Index++) {
1177 CredentialInfo = mUsbInfoHandle->Info[Index];
1178 if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) {
1179 //
1180 // The handle is found, copy the user info.
1181 //
1182 if (CredentialInfo->InfoSize > *InfoSize) {
1183 *InfoSize = CredentialInfo->InfoSize;
1184 return EFI_BUFFER_TOO_SMALL;
1185 }
1186
1187 CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize);
1188 return EFI_SUCCESS;
1189 }
1190 }
1191
1192 return EFI_NOT_FOUND;
1193 }
1194
1195
1196 /**
1197 Enumerate all of the user informations on the credential provider.
1198
1199 This function returns the next user information record. To retrieve the first user
1200 information record handle, point UserInfo at a NULL. Each subsequent call will retrieve
1201 another user information record handle until there are no more, at which point UserInfo
1202 will point to NULL.
1203
1204 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1205 @param[in, out] UserInfo On entry, points to the previous user information handle or NULL
1206 to start enumeration. On exit, points to the next user information
1207 handle or NULL if there is no more user information.
1208
1209 @retval EFI_SUCCESS User information returned.
1210 @retval EFI_NOT_FOUND No more user information found.
1211 @retval EFI_INVALID_PARAMETER UserInfo is NULL.
1212
1213 **/
1214 EFI_STATUS
1215 EFIAPI
1216 CredentialGetNextInfo (
1217 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1218 IN OUT EFI_USER_INFO_HANDLE *UserInfo
1219 )
1220 {
1221 EFI_USER_INFO *Info;
1222 CHAR16 *ProvNameStr;
1223 UINTN InfoLen;
1224 UINTN Index;
1225 UINTN ProvStrLen;
1226
1227 if ((This == NULL) || (UserInfo == NULL)) {
1228 return EFI_INVALID_PARAMETER;
1229 }
1230
1231 if (mUsbInfoHandle == NULL) {
1232 //
1233 // Initilized user info table. There are 4 user info records in the table.
1234 //
1235 InfoLen = sizeof (USB_CREDENTIAL_INFO) + (4 - 1) * sizeof (EFI_USER_INFO *);
1236 mUsbInfoHandle = AllocateZeroPool (InfoLen);
1237 if (mUsbInfoHandle == NULL) {
1238 *UserInfo = NULL;
1239 return EFI_NOT_FOUND;
1240 }
1241
1242 //
1243 // The first information, Credential Provider info.
1244 //
1245 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1246 Info = AllocateZeroPool (InfoLen);
1247 ASSERT (Info != NULL);
1248
1249 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD;
1250 Info->InfoSize = (UINT32) InfoLen;
1251 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1252 CopyGuid (&Info->Credential, &mUsbCredentialGuid);
1253 CopyGuid ((EFI_GUID *)(Info + 1), &mUsbCredentialGuid);
1254
1255 mUsbInfoHandle->Info[0] = Info;
1256 mUsbInfoHandle->Count++;
1257
1258 //
1259 // The second information, Credential Provider name info.
1260 //
1261 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME));
1262 ProvStrLen = StrSize (ProvNameStr);
1263 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1264 Info = AllocateZeroPool (InfoLen);
1265 ASSERT (Info != NULL);
1266
1267 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1268 Info->InfoSize = (UINT32) InfoLen;
1269 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1270 CopyGuid (&Info->Credential, &mUsbCredentialGuid);
1271 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1272 FreePool (ProvNameStr);
1273
1274 mUsbInfoHandle->Info[1] = Info;
1275 mUsbInfoHandle->Count++;
1276
1277 //
1278 // The third information, Credential Provider type info.
1279 //
1280 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1281 Info = AllocateZeroPool (InfoLen);
1282 ASSERT (Info != NULL);
1283
1284 Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD;
1285 Info->InfoSize = (UINT32) InfoLen;
1286 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1287 CopyGuid (&Info->Credential, &mUsbCredentialGuid);
1288 CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassSecureCardGuid);
1289
1290 mUsbInfoHandle->Info[2] = Info;
1291 mUsbInfoHandle->Count++;
1292
1293 //
1294 // The fourth information, Credential Provider type name info.
1295 //
1296 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_TYPE_NAME));
1297 ProvStrLen = StrSize (ProvNameStr);
1298 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1299 Info = AllocateZeroPool (InfoLen);
1300 ASSERT (Info != NULL);
1301
1302 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1303 Info->InfoSize = (UINT32) InfoLen;
1304 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1305 CopyGuid (&Info->Credential, &mUsbCredentialGuid);
1306 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1307 FreePool (ProvNameStr);
1308
1309 mUsbInfoHandle->Info[3] = Info;
1310 mUsbInfoHandle->Count++;
1311 }
1312
1313 if (*UserInfo == NULL) {
1314 //
1315 // Return the first info handle.
1316 //
1317 *UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0];
1318 return EFI_SUCCESS;
1319 }
1320
1321 //
1322 // Find information handle in credential info table.
1323 //
1324 for (Index = 0; Index < mUsbInfoHandle->Count; Index++) {
1325 Info = mUsbInfoHandle->Info[Index];
1326 if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) {
1327 //
1328 // The handle is found, get the next one.
1329 //
1330 if (Index == mUsbInfoHandle->Count - 1) {
1331 //
1332 // Already last one.
1333 //
1334 *UserInfo = NULL;
1335 return EFI_NOT_FOUND;
1336 }
1337 Index++;
1338 *UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index];
1339 return EFI_SUCCESS;
1340 }
1341 }
1342
1343 *UserInfo = NULL;
1344 return EFI_NOT_FOUND;
1345 }
1346
1347
1348 /**
1349 Main entry for this driver.
1350
1351 @param ImageHandle Image handle this driver.
1352 @param SystemTable Pointer to SystemTable.
1353
1354 @retval EFI_SUCESS This function always complete successfully.
1355
1356 **/
1357 EFI_STATUS
1358 EFIAPI
1359 UsbProviderInit (
1360 IN EFI_HANDLE ImageHandle,
1361 IN EFI_SYSTEM_TABLE *SystemTable
1362 )
1363 {
1364 EFI_STATUS Status;
1365
1366 //
1367 // Init credential table.
1368 //
1369 Status = InitCredentialTable ();
1370 if (EFI_ERROR (Status)) {
1371 return Status;
1372 }
1373
1374 //
1375 // Init Form Browser
1376 //
1377 Status = InitFormBrowser ();
1378 if (EFI_ERROR (Status)) {
1379 return Status;
1380 }
1381
1382 //
1383 // Install protocol interfaces for the Usb Credential Provider.
1384 //
1385 Status = gBS->InstallProtocolInterface (
1386 &mCallbackInfo->DriverHandle,
1387 &gEfiUserCredentialProtocolGuid,
1388 EFI_NATIVE_INTERFACE,
1389 &gUsbCredentialProviderDriver
1390 );
1391 return Status;
1392 }
EFI Development Kit II mirror for PVE