Update UID drivers to align with latest UEFI spec 2.3.1.
[mirror_edk2.git] / SecurityPkg / UserIdentification / UsbCredentialProviderDxe / UsbCredentialProvider.c
1 /** @file
2 Usb Credential Provider driver implemenetation.
3
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "UsbCredentialProvider.h"
16
17 CREDENTIAL_TABLE *mUsbTable = NULL;
18 USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL;
19 USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL;
20
21 EFI_USER_CREDENTIAL2_PROTOCOL gUsbCredentialProviderDriver = {
22 USB_CREDENTIAL_PROVIDER_GUID,
23 EFI_USER_CREDENTIAL_CLASS_SECURE_CARD,
24 CredentialEnroll,
25 CredentialForm,
26 CredentialTile,
27 CredentialTitle,
28 CredentialUser,
29 CredentialSelect,
30 CredentialDeselect,
31 CredentialDefault,
32 CredentialGetInfo,
33 CredentialGetNextInfo,
34 EFI_CREDENTIAL_CAPABILITIES_ENROLL,
35 CredentialDelete
36 };
37
38
39 /**
40 Get string by string id from HII Interface.
41
42
43 @param[in] Id String ID to get the string from.
44
45 @retval CHAR16 * String from ID.
46 @retval NULL If error occurs.
47
48 **/
49 CHAR16 *
50 GetStringById (
51 IN EFI_STRING_ID Id
52 )
53 {
54 //
55 // Get the current string for the current Language
56 //
57 return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL);
58 }
59
60
61 /**
62 Expand password table size.
63
64 **/
65 VOID
66 ExpandTableSize (
67 VOID
68 )
69 {
70 CREDENTIAL_TABLE *NewTable;
71 UINTN Count;
72
73 Count = mUsbTable->MaxCount + USB_TABLE_INC;
74 //
75 // Create new credential table.
76 //
77 NewTable = AllocateZeroPool (
78 sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +
79 Count * sizeof (USB_INFO)
80 );
81 ASSERT (NewTable != NULL);
82
83 NewTable->MaxCount = Count;
84 NewTable->Count = mUsbTable->Count;
85
86 //
87 // Copy old entries.
88 //
89 CopyMem (
90 &NewTable->UserInfo,
91 &mUsbTable->UserInfo,
92 mUsbTable->Count * sizeof (USB_INFO)
93 );
94 FreePool (mUsbTable);
95 mUsbTable = NewTable;
96 }
97
98
99 /**
100 Add, update or delete info in table, and sync with NV variable.
101
102 @param[in] Index The index of the password in table. If index is found in
103 table, update the info, else add the into to table.
104 @param[in] Info The new credential info to add into table. If Info is NULL,
105 delete the info by Index.
106
107 @retval EFI_INVALID_PARAMETER Info is NULL when save the info.
108 @retval EFI_SUCCESS Modify the table successfully.
109 @retval Others Failed to modify the table.
110
111 **/
112 EFI_STATUS
113 ModifyTable (
114 IN UINTN Index,
115 IN USB_INFO * Info OPTIONAL
116 )
117 {
118 EFI_STATUS Status;
119 USB_INFO *NewUsbInfo;
120
121 NewUsbInfo = NULL;
122 if (Index < mUsbTable->Count) {
123 if (Info == NULL) {
124 //
125 // Delete the specified entry.
126 //
127 mUsbTable->Count--;
128 if (Index != mUsbTable->Count) {
129 NewUsbInfo = &mUsbTable->UserInfo[mUsbTable->Count];
130 }
131 } else {
132 //
133 // Update the specified entry.
134 //
135 NewUsbInfo = Info;
136 }
137 } else {
138 //
139 // Add a new entry
140 //
141 if (Info == NULL) {
142 return EFI_INVALID_PARAMETER;
143 }
144
145 if (mUsbTable->Count >= mUsbTable->MaxCount) {
146 ExpandTableSize ();
147 }
148
149 NewUsbInfo = Info;
150 mUsbTable->Count++;
151 }
152
153 if (NewUsbInfo != NULL) {
154 CopyMem (&mUsbTable->UserInfo[Index], NewUsbInfo, sizeof (USB_INFO));
155 }
156
157 //
158 // Save the credential table.
159 //
160 Status = gRT->SetVariable (
161 L"UsbCredential",
162 &gUsbCredentialProviderGuid,
163 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
164 mUsbTable->Count * sizeof (USB_INFO),
165 &mUsbTable->UserInfo
166 );
167 return Status;
168 }
169
170
171 /**
172 Create a credential table
173
174 @retval EFI_SUCCESS Create a credential table successfully.
175 @retval Others Failed to create a password.
176
177 **/
178 EFI_STATUS
179 InitCredentialTable (
180 VOID
181 )
182 {
183 EFI_STATUS Status;
184 UINT8 *Var;
185 UINTN VarSize;
186
187 //
188 // Get Usb credential data from NV variable.
189 //
190 VarSize = 0;
191 Var = NULL;
192 Status = gRT->GetVariable (
193 L"UsbCredential",
194 &gUsbCredentialProviderGuid,
195 NULL,
196 &VarSize,
197 Var
198 );
199 if (Status == EFI_BUFFER_TOO_SMALL) {
200 Var = AllocateZeroPool (VarSize);
201 if (Var == NULL) {
202 return EFI_OUT_OF_RESOURCES;
203 }
204 Status = gRT->GetVariable (
205 L"UsbCredential",
206 &gUsbCredentialProviderGuid,
207 NULL,
208 &VarSize,
209 Var
210 );
211 }
212 if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
213 return Status;
214 }
215
216 //
217 // Init Usb credential table.
218 //
219 mUsbTable = AllocateZeroPool (
220 sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +
221 USB_TABLE_INC * sizeof (USB_INFO) +
222 VarSize
223 );
224 if (mUsbTable == NULL) {
225 FreePool (Var);
226 return EFI_OUT_OF_RESOURCES;
227 }
228
229 mUsbTable->Count = VarSize / sizeof (USB_INFO);
230 mUsbTable->MaxCount = mUsbTable->Count + USB_TABLE_INC;
231 if (Var != NULL) {
232 CopyMem (mUsbTable->UserInfo, Var, VarSize);
233 FreePool (Var);
234 }
235 return EFI_SUCCESS;
236 }
237
238
239 /**
240 Read the specified file by FileName in the Usb key and return the file size in BufferSize
241 and file content in Buffer.
242 Note: the caller is responsible to free the buffer memory.
243
244 @param FileName File to read.
245 @param Buffer Returned with data read from the file.
246 @param BufferSize Size of the data buffer.
247
248 @retval EFI_SUCCESS The command completed successfully.
249 @retval EFI_OUT_OF_RESOURCES Resource allocation failed.
250 @retval EFI_NOT_FOUND File not found.
251 @retval EFI_DEVICE_ERROR Device I/O error.
252
253 **/
254 EFI_STATUS
255 GetFileData (
256 IN CHAR16 *FileName,
257 OUT VOID **Buffer,
258 OUT UINTN *BufferSize
259 )
260 {
261 EFI_STATUS Status;
262 UINTN Index;
263 UINTN HandleCount;
264 UINTN ScratchBufferSize;
265 EFI_HANDLE *HandleBuffer;
266 EFI_FILE *RootFs;
267 EFI_FILE *FileHandle;
268 EFI_FILE_INFO *FileInfo;
269 EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *SimpleFileSystem;
270 EFI_BLOCK_IO_PROTOCOL *BlkIo;
271
272 FileInfo = NULL;
273 FileHandle = NULL;
274
275 Status = gBS->LocateHandleBuffer (
276 ByProtocol,
277 &gEfiSimpleFileSystemProtocolGuid,
278 NULL,
279 &HandleCount,
280 &HandleBuffer
281 );
282 if (EFI_ERROR (Status)) {
283 DEBUG ((DEBUG_ERROR, "Can not Locate SimpleFileSystemProtocol\n"));
284 goto Done;
285 }
286
287 //
288 // Find and open the file in removable media disk.
289 //
290 for (Index = 0; Index < HandleCount; Index++) {
291 Status = gBS->HandleProtocol (
292 HandleBuffer[Index],
293 &gEfiBlockIoProtocolGuid,
294 (VOID **) &BlkIo
295 );
296 if (EFI_ERROR (Status)) {
297 continue;
298 }
299
300 if (BlkIo->Media->RemovableMedia) {
301 Status = gBS->HandleProtocol (
302 HandleBuffer[Index],
303 &gEfiSimpleFileSystemProtocolGuid,
304 (VOID **) &SimpleFileSystem
305 );
306 if (EFI_ERROR (Status)) {
307 continue;
308 }
309
310 Status = SimpleFileSystem->OpenVolume (
311 SimpleFileSystem,
312 &RootFs
313 );
314 if (EFI_ERROR (Status)) {
315 continue;
316 }
317
318 Status = RootFs->Open (
319 RootFs,
320 &FileHandle,
321 FileName,
322 EFI_FILE_MODE_READ,
323 0
324 );
325 if (!EFI_ERROR (Status)) {
326 break;
327 }
328 }
329 }
330
331 FreePool (HandleBuffer);
332
333 if (Index >= HandleCount) {
334 DEBUG ((DEBUG_ERROR, "Can not found the token file!\n"));
335 Status = EFI_NOT_FOUND;
336 goto Done;
337 }
338
339 //
340 // Figure out how big the file is.
341 //
342 ScratchBufferSize = 0;
343 Status = FileHandle->GetInfo (
344 FileHandle,
345 &gEfiFileInfoGuid,
346 &ScratchBufferSize,
347 NULL
348 );
349 if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
350 DEBUG ((DEBUG_ERROR, "Can not obtain file size info!\n"));
351 Status = EFI_DEVICE_ERROR;
352 goto Done;
353 }
354
355 FileInfo = AllocateZeroPool (ScratchBufferSize);
356 if (FileInfo == NULL) {
357 DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token file!\n"));
358 Status = EFI_OUT_OF_RESOURCES;
359 goto Done;
360 }
361
362 Status = FileHandle->GetInfo (
363 FileHandle,
364 &gEfiFileInfoGuid,
365 &ScratchBufferSize,
366 FileInfo
367 );
368 if (EFI_ERROR (Status)) {
369 DEBUG ((DEBUG_ERROR, "Can not obtain file info from the token file!\n"));
370 Status = EFI_DEVICE_ERROR;
371 goto Done;
372 }
373
374 //
375 // Allocate a buffer for the file.
376 //
377 *BufferSize = (UINT32) FileInfo->FileSize;
378 *Buffer = AllocateZeroPool (*BufferSize);
379 if (*Buffer == NULL) {
380 DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n"));
381 Status = EFI_OUT_OF_RESOURCES;
382 goto Done;
383 }
384
385 //
386 // Load file into the allocated memory.
387 //
388 Status = FileHandle->Read (FileHandle, BufferSize, *Buffer);
389 if (EFI_ERROR (Status)) {
390 FreePool (*Buffer);
391 DEBUG ((DEBUG_ERROR, "Can not read the token file!\n"));
392 Status = EFI_DEVICE_ERROR;
393 goto Done;
394 }
395
396 //
397 // Close file.
398 //
399 Status = FileHandle->Close (FileHandle);
400 if (EFI_ERROR (Status)) {
401 FreePool (*Buffer);
402 DEBUG ((DEBUG_ERROR, "Can not close the token file !\n"));
403 Status = EFI_DEVICE_ERROR;
404 }
405
406 Done:
407
408 if (FileInfo != NULL) {
409 FreePool (FileInfo);
410 }
411
412 return Status;
413 }
414
415
416 /**
417 Hash the data to get credential.
418
419 @param[in] Buffer Points to the data buffer
420 @param[in] BufferSize The size of data in buffer, in bytes.
421 @param[out] Credential Points to the hashed result
422
423 @retval TRUE Hash the data successfully.
424 @retval FALSE Failed to hash the data.
425
426 **/
427 BOOLEAN
428 GenerateCredential (
429 IN UINT8 *Buffer,
430 IN UINTN BufferSize,
431 OUT UINT8 *Credential
432 )
433 {
434 BOOLEAN Status;
435 UINTN HashSize;
436 VOID *Hash;
437
438 HashSize = Sha1GetContextSize ();
439 Hash = AllocatePool (HashSize);
440 ASSERT (Hash != NULL);
441
442 Status = Sha1Init (Hash);
443 if (!Status) {
444 goto Done;
445 }
446
447 Status = Sha1Update (Hash, Buffer, BufferSize);
448 if (!Status) {
449 goto Done;
450 }
451
452 Status = Sha1Final (Hash, Credential);
453
454 Done:
455 FreePool (Hash);
456 return Status;
457 }
458
459
460 /**
461 Read the token file, and default the Token is saved at the begining of the file.
462
463 @param[out] Token Token read from a Token file.
464
465 @retval EFI_SUCCESS Read a Token successfully.
466 @retval Others Fails to read a Token.
467
468 **/
469 EFI_STATUS
470 GetToken (
471 OUT UINT8 *Token
472 )
473 {
474 EFI_STATUS Status;
475 UINT8 *Buffer;
476 UINTN BufSize;
477 CHAR16 *TokenFile;
478
479 BufSize = 0;
480 Buffer = NULL;
481 TokenFile = FixedPcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);
482 Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize);
483 if (EFI_ERROR (Status)) {
484 DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", TokenFile, Status));
485 return Status;
486 }
487
488 if (!GenerateCredential (Buffer, BufSize, Token)) {
489 DEBUG ((DEBUG_ERROR, "Generate credential from read data failed!\n"));
490 FreePool (Buffer);
491 return EFI_SECURITY_VIOLATION;
492 }
493
494 FreePool (Buffer);
495 return EFI_SUCCESS;
496 }
497
498
499 /**
500 Find a user infomation record by the information record type.
501
502 This function searches all user information records of User from beginning
503 until either the information is found or there are no more user infomation
504 record. A match occurs when a Info.InfoType field matches the user information
505 record type.
506
507 @param[in] User Points to the user profile record to search.
508 @param[in] InfoType The infomation type to be searched.
509 @param[out] Info Points to the user info found, the caller is responsible
510 to free.
511
512 @retval EFI_SUCCESS Find the user information successfully.
513 @retval Others Fail to find the user information.
514
515 **/
516 EFI_STATUS
517 FindUserInfoByType (
518 IN EFI_USER_PROFILE_HANDLE User,
519 IN UINT8 InfoType,
520 OUT EFI_USER_INFO **Info
521 )
522 {
523 EFI_STATUS Status;
524 EFI_USER_INFO *UserInfo;
525 UINTN UserInfoSize;
526 EFI_USER_INFO_HANDLE UserInfoHandle;
527 EFI_USER_MANAGER_PROTOCOL *UserManager;
528
529 //
530 // Find user information by information type.
531 //
532 if (Info == NULL) {
533 return EFI_INVALID_PARAMETER;
534 }
535
536 Status = gBS->LocateProtocol (
537 &gEfiUserManagerProtocolGuid,
538 NULL,
539 (VOID **) &UserManager
540 );
541 if (EFI_ERROR (Status)) {
542 return EFI_NOT_FOUND;
543 }
544
545 //
546 // Get each user information.
547 //
548
549 UserInfoHandle = NULL;
550 UserInfo = NULL;
551 UserInfoSize = 0;
552 while (TRUE) {
553 Status = UserManager->GetNextInfo (UserManager, User, &UserInfoHandle);
554 if (EFI_ERROR (Status)) {
555 break;
556 }
557 //
558 // Get information.
559 //
560 Status = UserManager->GetInfo (
561 UserManager,
562 User,
563 UserInfoHandle,
564 UserInfo,
565 &UserInfoSize
566 );
567 if (Status == EFI_BUFFER_TOO_SMALL) {
568 if (UserInfo != NULL) {
569 FreePool (UserInfo);
570 }
571 UserInfo = AllocateZeroPool (UserInfoSize);
572 if (UserInfo == NULL) {
573 return EFI_OUT_OF_RESOURCES;
574 }
575 Status = UserManager->GetInfo (
576 UserManager,
577 User,
578 UserInfoHandle,
579 UserInfo,
580 &UserInfoSize
581 );
582 }
583 if (EFI_ERROR (Status)) {
584 break;
585 }
586
587 ASSERT (UserInfo != NULL);
588 if (UserInfo->InfoType == InfoType) {
589 *Info = UserInfo;
590 return EFI_SUCCESS;
591 }
592 }
593
594 if (UserInfo != NULL) {
595 FreePool (UserInfo);
596 }
597 return Status;
598 }
599
600
601 /**
602 This function initialize the data mainly used in form browser.
603
604 @retval EFI_SUCCESS Initialize form data successfully.
605 @retval Others Fail to Initialize form data.
606
607 **/
608 EFI_STATUS
609 InitFormBrowser (
610 VOID
611 )
612 {
613 USB_PROVIDER_CALLBACK_INFO *CallbackInfo;
614
615 //
616 // Initialize driver private data.
617 //
618 CallbackInfo = AllocateZeroPool (sizeof (USB_PROVIDER_CALLBACK_INFO));
619 if (CallbackInfo == NULL) {
620 return EFI_OUT_OF_RESOURCES;
621 }
622
623 CallbackInfo->DriverHandle = NULL;
624
625 //
626 // Publish HII data.
627 //
628 CallbackInfo->HiiHandle = HiiAddPackages (
629 &gUsbCredentialProviderGuid,
630 CallbackInfo->DriverHandle,
631 UsbCredentialProviderStrings,
632 NULL
633 );
634 if (CallbackInfo->HiiHandle == NULL) {
635 return EFI_OUT_OF_RESOURCES;
636 }
637 mCallbackInfo = CallbackInfo;
638
639 return EFI_SUCCESS;
640 }
641
642
643 /**
644 Enroll a user on a credential provider.
645
646 This function enrolls a user on this credential provider. If the user exists on
647 this credential provider, update the user information on this credential provider;
648 otherwise add the user information on credential provider.
649
650 @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL.
651 @param[in] User The user profile to enroll.
652
653 @retval EFI_SUCCESS User profile was successfully enrolled.
654 @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the
655 user profile handle. Either the user profile cannot enroll
656 on any user profile or cannot enroll on a user profile
657 other than the current user profile.
658 @retval EFI_UNSUPPORTED This credential provider does not support enrollment in
659 the pre-OS.
660 @retval EFI_DEVICE_ERROR The new credential could not be created because of a device
661 error.
662 @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
663
664 **/
665 EFI_STATUS
666 EFIAPI
667 CredentialEnroll (
668 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
669 IN EFI_USER_PROFILE_HANDLE User
670 )
671 {
672 EFI_STATUS Status;
673 UINTN Index;
674 USB_INFO UsbInfo;
675 EFI_USER_INFO *UserInfo;
676 EFI_INPUT_KEY Key;
677 UINT8 *UserId;
678 CHAR16 *QuestionStr;
679 CHAR16 *PromptStr;
680
681 if ((This == NULL) || (User == NULL)) {
682 return EFI_INVALID_PARAMETER;
683 }
684
685 //
686 // Get User Identifier
687 //
688 UserInfo = NULL;
689 Status = FindUserInfoByType (
690 User,
691 EFI_USER_INFO_IDENTIFIER_RECORD,
692 &UserInfo
693 );
694 if (EFI_ERROR (Status)) {
695 return EFI_INVALID_PARAMETER;
696 }
697
698 CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER));
699 FreePool (UserInfo);
700
701 //
702 // Get Token and User ID to UsbInfo.
703 //
704 Status = GetToken (UsbInfo.Token);
705 if (EFI_ERROR (Status)) {
706 QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));
707 PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));
708 CreatePopUp (
709 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
710 &Key,
711 QuestionStr,
712 L"",
713 PromptStr,
714 NULL
715 );
716 FreePool (QuestionStr);
717 FreePool (PromptStr);
718 return Status;
719 }
720
721 //
722 // Check whether User is ever enrolled in the provider.
723 //
724 for (Index = 0; Index < mUsbTable->Count; Index++) {
725 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
726 if (CompareMem (UserId, (UINT8 *) &UsbInfo.UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
727 //
728 // User already exists, update the password.
729 //
730 break;
731 }
732 }
733
734 //
735 // Enroll the User to the provider.
736 //
737 Status = ModifyTable (Index, &UsbInfo);
738 if (EFI_ERROR (Status)) {
739 return Status;
740 }
741
742 return EFI_SUCCESS;
743 }
744
745
746 /**
747 Returns the user interface information used during user identification.
748
749 This function returns information about the form used when interacting with the
750 user during user identification. The form is the first enabled form in the form-set
751 class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If
752 the user credential provider does not require a form to identify the user, then this
753 function should return EFI_NOT_FOUND.
754
755 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
756 @param[out] Hii On return, holds the HII database handle.
757 @param[out] FormSetId On return, holds the identifier of the form set which contains
758 the form used during user identification.
759 @param[out] FormId On return, holds the identifier of the form used during user
760 identification.
761
762 @retval EFI_SUCCESS Form returned successfully.
763 @retval EFI_NOT_FOUND Form not returned.
764 @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.
765
766 **/
767 EFI_STATUS
768 EFIAPI
769 CredentialForm (
770 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
771 OUT EFI_HII_HANDLE *Hii,
772 OUT EFI_GUID *FormSetId,
773 OUT EFI_FORM_ID *FormId
774 )
775 {
776 if ((This == NULL) || (Hii == NULL) ||
777 (FormSetId == NULL) || (FormId == NULL)) {
778 return EFI_INVALID_PARAMETER;
779 }
780 return EFI_NOT_FOUND;
781 }
782
783
784 /**
785 Returns bitmap used to describe the credential provider type.
786
787 This optional function returns a bitmap which is less than or equal to the number
788 of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
789 is returned.
790
791 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
792 @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
793 bitmap information will be returned. On exit, points to the
794 width of the bitmap returned.
795 @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no
796 bitmap information will be returned. On exit, points to the
797 height of the bitmap returned.
798 @param[out] Hii On return, holds the HII database handle.
799 @param[out] Image On return, holds the HII image identifier.
800
801 @retval EFI_SUCCESS Image identifier returned successfully.
802 @retval EFI_NOT_FOUND Image identifier not returned.
803 @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.
804
805 **/
806 EFI_STATUS
807 EFIAPI
808 CredentialTile (
809 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
810 IN OUT UINTN *Width,
811 IN OUT UINTN *Height,
812 OUT EFI_HII_HANDLE *Hii,
813 OUT EFI_IMAGE_ID *Image
814 )
815 {
816 if ((This == NULL) || (Hii == NULL) || (Image == NULL)) {
817 return EFI_INVALID_PARAMETER;
818 }
819 return EFI_NOT_FOUND;
820 }
821
822
823 /**
824 Returns string used to describe the credential provider type.
825
826 This function returns a string which describes the credential provider. If no
827 such string exists, then EFI_NOT_FOUND is returned.
828
829 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
830 @param[out] Hii On return, holds the HII database handle.
831 @param[out] String On return, holds the HII string identifier.
832
833 @retval EFI_SUCCESS String identifier returned successfully.
834 @retval EFI_NOT_FOUND String identifier not returned.
835 @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.
836
837 **/
838 EFI_STATUS
839 EFIAPI
840 CredentialTitle (
841 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
842 OUT EFI_HII_HANDLE *Hii,
843 OUT EFI_STRING_ID *String
844 )
845 {
846 if ((This == NULL) || (Hii == NULL) || (String == NULL)) {
847 return EFI_INVALID_PARAMETER;
848 }
849 //
850 // Set Hii handle and String ID.
851 //
852 *Hii = mCallbackInfo->HiiHandle;
853 *String = STRING_TOKEN (STR_CREDENTIAL_TITLE);
854
855 return EFI_SUCCESS;
856 }
857
858
859 /**
860 Return the user identifier associated with the currently authenticated user.
861
862 This function returns the user identifier of the user authenticated by this credential
863 provider. This function is called after the credential-related information has been
864 submitted on a form OR after a call to Default() has returned that this credential is
865 ready to log on.
866
867 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
868 @param[in] User The user profile handle of the user profile currently being
869 considered by the user identity manager. If NULL, then no user
870 profile is currently under consideration.
871 @param[out] Identifier On return, points to the user identifier.
872
873 @retval EFI_SUCCESS User identifier returned successfully.
874 @retval EFI_NOT_READY No user identifier can be returned.
875 @retval EFI_ACCESS_DENIED The user has been locked out of this user credential.
876 @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.
877 @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be
878 found in user profile database.
879
880 **/
881 EFI_STATUS
882 EFIAPI
883 CredentialUser (
884 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
885 IN EFI_USER_PROFILE_HANDLE User,
886 OUT EFI_USER_INFO_IDENTIFIER *Identifier
887 )
888 {
889 EFI_STATUS Status;
890 UINTN Index;
891 EFI_USER_INFO *UserInfo;
892 UINT8 *UserId;
893 UINT8 *NewUserId;
894 UINT8 *UserToken;
895 UINT8 ReadToken[HASHED_CREDENTIAL_LEN];
896 EFI_INPUT_KEY Key;
897 EFI_TPL OldTpl;
898 CHAR16 *QuestionStr;
899 CHAR16 *PromptStr;
900
901 if ((This == NULL) || (Identifier == NULL)) {
902 return EFI_INVALID_PARAMETER;
903 }
904
905 if (User == NULL) {
906 //
907 // Verify the auto logon user, get user id by matched token.
908 //
909 if (mUsbTable->Count == 0) {
910 return EFI_NOT_READY;
911 }
912
913 //
914 // No user selected, get token first and verify the user existed in user database.
915 //
916 Status = GetToken (ReadToken);
917 if (EFI_ERROR (Status)) {
918 return EFI_NOT_READY;
919 }
920
921 for (Index = 0; Index < mUsbTable->Count; Index++) {
922 //
923 // find the specified credential in the Usb credential database.
924 //
925 UserToken = mUsbTable->UserInfo[Index].Token;
926 if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {
927 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
928 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
929 return EFI_SUCCESS;
930 }
931 }
932
933 return EFI_NOT_READY;
934 }
935
936 //
937 // User is not NULL here. Read a token, and check whether the token matches with
938 // the selected user's Token. If not, try to find a token in token DB to matches
939 // with read token.
940 //
941
942 Status = GetToken (ReadToken);
943 if (EFI_ERROR (Status)) {
944 QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));
945 PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));
946 OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
947 gBS->RestoreTPL (TPL_APPLICATION);
948 CreatePopUp (
949 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
950 &Key,
951 QuestionStr,
952 L"",
953 PromptStr,
954 NULL
955 );
956 gBS->RaiseTPL (OldTpl);
957 FreePool (QuestionStr);
958 FreePool (PromptStr);
959 return EFI_NOT_FOUND;
960 }
961
962 //
963 // Get the selected user's identifier.
964 //
965 Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, &UserInfo);
966 if (EFI_ERROR (Status)) {
967 return EFI_NOT_FOUND;
968 }
969
970 //
971 // Check the selected user's Token with the read token.
972 //
973 for (Index = 0; Index < mUsbTable->Count; Index++) {
974 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
975 NewUserId = (UINT8 *) (UserInfo + 1);
976 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
977 //
978 // The user's ID is found in the UsbTable.
979 //
980 UserToken = mUsbTable->UserInfo[Index].Token;
981 if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {
982 //
983 // The read token matches with the one in UsbTable.
984 //
985 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
986 FreePool (UserInfo);
987 return EFI_SUCCESS;
988 }
989 }
990 }
991
992 FreePool (UserInfo);
993
994 return EFI_NOT_READY;
995 }
996
997
998 /**
999 Indicate that user interface interaction has begun for the specified credential.
1000
1001 This function is called when a credential provider is selected by the user. If
1002 AutoLogon returns FALSE, then the user interface will be constructed by the User
1003 Identity Manager.
1004
1005 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1006 @param[out] AutoLogon On return, points to the credential provider's capabilities
1007 after the credential provider has been selected by the user.
1008
1009 @retval EFI_SUCCESS Credential provider successfully selected.
1010 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1011
1012 **/
1013 EFI_STATUS
1014 EFIAPI
1015 CredentialSelect (
1016 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1017 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1018 )
1019 {
1020 if ((This == NULL) || (AutoLogon == NULL)) {
1021 return EFI_INVALID_PARAMETER;
1022 }
1023
1024 *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO;
1025
1026 return EFI_SUCCESS;
1027 }
1028
1029
1030 /**
1031 Indicate that user interface interaction has ended for the specified credential.
1032
1033 This function is called when a credential provider is deselected by the user.
1034
1035 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1036
1037 @retval EFI_SUCCESS Credential provider successfully deselected.
1038
1039 **/
1040 EFI_STATUS
1041 EFIAPI
1042 CredentialDeselect (
1043 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This
1044 )
1045 {
1046 if (This == NULL) {
1047 return EFI_INVALID_PARAMETER;
1048 }
1049 return EFI_SUCCESS;
1050 }
1051
1052
1053 /**
1054 Return the default logon behavior for this user credential.
1055
1056 This function reports the default login behavior regarding this credential provider.
1057
1058 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1059 @param[out] AutoLogon On return, holds whether the credential provider should be used
1060 by default to automatically log on the user.
1061
1062 @retval EFI_SUCCESS Default information successfully returned.
1063 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1064
1065 **/
1066 EFI_STATUS
1067 EFIAPI
1068 CredentialDefault (
1069 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1070 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1071 )
1072 {
1073 if ((This == NULL) || (AutoLogon == NULL)) {
1074 return EFI_INVALID_PARAMETER;
1075 }
1076
1077 *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO;
1078 return EFI_SUCCESS;
1079 }
1080
1081
1082 /**
1083 Return information attached to the credential provider.
1084
1085 This function returns user information.
1086
1087 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1088 @param[in] UserInfo Handle of the user information data record.
1089 @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
1090 exit, holds the user information. If the buffer is too small
1091 to hold the information, then EFI_BUFFER_TOO_SMALL is returned
1092 and InfoSize is updated to contain the number of bytes actually
1093 required.
1094 @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the
1095 size of the user information.
1096
1097 @retval EFI_SUCCESS Information returned successfully.
1098 @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the
1099 user information. The size required is returned in *InfoSize.
1100 @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
1101 @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.
1102
1103 **/
1104 EFI_STATUS
1105 EFIAPI
1106 CredentialGetInfo (
1107 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1108 IN EFI_USER_INFO_HANDLE UserInfo,
1109 OUT EFI_USER_INFO *Info,
1110 IN OUT UINTN *InfoSize
1111 )
1112 {
1113 EFI_USER_INFO *CredentialInfo;
1114 UINTN Index;
1115
1116 if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) {
1117 return EFI_INVALID_PARAMETER;
1118 }
1119
1120 if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) {
1121 return EFI_NOT_FOUND;
1122 }
1123
1124 //
1125 // Find information handle in credential info table.
1126 //
1127 for (Index = 0; Index < mUsbInfoHandle->Count; Index++) {
1128 CredentialInfo = mUsbInfoHandle->Info[Index];
1129 if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) {
1130 //
1131 // The handle is found, copy the user info.
1132 //
1133 if (CredentialInfo->InfoSize > *InfoSize) {
1134 *InfoSize = CredentialInfo->InfoSize;
1135 return EFI_BUFFER_TOO_SMALL;
1136 }
1137
1138 CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize);
1139 return EFI_SUCCESS;
1140 }
1141 }
1142
1143 return EFI_NOT_FOUND;
1144 }
1145
1146
1147 /**
1148 Enumerate all of the user informations on the credential provider.
1149
1150 This function returns the next user information record. To retrieve the first user
1151 information record handle, point UserInfo at a NULL. Each subsequent call will retrieve
1152 another user information record handle until there are no more, at which point UserInfo
1153 will point to NULL.
1154
1155 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1156 @param[in, out] UserInfo On entry, points to the previous user information handle or NULL
1157 to start enumeration. On exit, points to the next user information
1158 handle or NULL if there is no more user information.
1159
1160 @retval EFI_SUCCESS User information returned.
1161 @retval EFI_NOT_FOUND No more user information found.
1162 @retval EFI_INVALID_PARAMETER UserInfo is NULL.
1163
1164 **/
1165 EFI_STATUS
1166 EFIAPI
1167 CredentialGetNextInfo (
1168 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1169 IN OUT EFI_USER_INFO_HANDLE *UserInfo
1170 )
1171 {
1172 EFI_USER_INFO *Info;
1173 CHAR16 *ProvNameStr;
1174 UINTN InfoLen;
1175 UINTN Index;
1176 UINTN ProvStrLen;
1177
1178 if ((This == NULL) || (UserInfo == NULL)) {
1179 return EFI_INVALID_PARAMETER;
1180 }
1181
1182 if (mUsbInfoHandle == NULL) {
1183 //
1184 // Initilized user info table. There are 4 user info records in the table.
1185 //
1186 InfoLen = sizeof (USB_CREDENTIAL_INFO) + (4 - 1) * sizeof (EFI_USER_INFO *);
1187 mUsbInfoHandle = AllocateZeroPool (InfoLen);
1188 if (mUsbInfoHandle == NULL) {
1189 *UserInfo = NULL;
1190 return EFI_NOT_FOUND;
1191 }
1192
1193 //
1194 // The first information, Credential Provider info.
1195 //
1196 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1197 Info = AllocateZeroPool (InfoLen);
1198 ASSERT (Info != NULL);
1199
1200 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD;
1201 Info->InfoSize = (UINT32) InfoLen;
1202 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1203 CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);
1204 CopyGuid ((EFI_GUID *)(Info + 1), &gUsbCredentialProviderGuid);
1205
1206 mUsbInfoHandle->Info[0] = Info;
1207 mUsbInfoHandle->Count++;
1208
1209 //
1210 // The second information, Credential Provider name info.
1211 //
1212 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME));
1213 ProvStrLen = StrSize (ProvNameStr);
1214 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1215 Info = AllocateZeroPool (InfoLen);
1216 ASSERT (Info != NULL);
1217
1218 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1219 Info->InfoSize = (UINT32) InfoLen;
1220 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1221 CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);
1222 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1223 FreePool (ProvNameStr);
1224
1225 mUsbInfoHandle->Info[1] = Info;
1226 mUsbInfoHandle->Count++;
1227
1228 //
1229 // The third information, Credential Provider type info.
1230 //
1231 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1232 Info = AllocateZeroPool (InfoLen);
1233 ASSERT (Info != NULL);
1234
1235 Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD;
1236 Info->InfoSize = (UINT32) InfoLen;
1237 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1238 CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);
1239 CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassSecureCardGuid);
1240
1241 mUsbInfoHandle->Info[2] = Info;
1242 mUsbInfoHandle->Count++;
1243
1244 //
1245 // The fourth information, Credential Provider type name info.
1246 //
1247 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_TYPE_NAME));
1248 ProvStrLen = StrSize (ProvNameStr);
1249 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1250 Info = AllocateZeroPool (InfoLen);
1251 ASSERT (Info != NULL);
1252
1253 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1254 Info->InfoSize = (UINT32) InfoLen;
1255 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1256 CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);
1257 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1258 FreePool (ProvNameStr);
1259
1260 mUsbInfoHandle->Info[3] = Info;
1261 mUsbInfoHandle->Count++;
1262 }
1263
1264 if (*UserInfo == NULL) {
1265 //
1266 // Return the first info handle.
1267 //
1268 *UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0];
1269 return EFI_SUCCESS;
1270 }
1271
1272 //
1273 // Find information handle in credential info table.
1274 //
1275 for (Index = 0; Index < mUsbInfoHandle->Count; Index++) {
1276 Info = mUsbInfoHandle->Info[Index];
1277 if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) {
1278 //
1279 // The handle is found, get the next one.
1280 //
1281 if (Index == mUsbInfoHandle->Count - 1) {
1282 //
1283 // Already last one.
1284 //
1285 *UserInfo = NULL;
1286 return EFI_NOT_FOUND;
1287 }
1288 Index++;
1289 *UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index];
1290 return EFI_SUCCESS;
1291 }
1292 }
1293
1294 *UserInfo = NULL;
1295 return EFI_NOT_FOUND;
1296 }
1297
1298
1299 /**
1300 Delete a user on this credential provider.
1301
1302 This function deletes a user on this credential provider.
1303
1304 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1305 @param[in] User The user profile handle to delete.
1306
1307 @retval EFI_SUCCESS User profile was successfully deleted.
1308 @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle.
1309 Either the user profile cannot delete on any user profile or cannot delete
1310 on a user profile other than the current user profile.
1311 @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS.
1312 @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error.
1313 @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
1314 **/
1315 EFI_STATUS
1316 EFIAPI
1317 CredentialDelete (
1318 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1319 IN EFI_USER_PROFILE_HANDLE User
1320 )
1321 {
1322 EFI_STATUS Status;
1323 EFI_USER_INFO *UserInfo;
1324 UINT8 *UserId;
1325 UINT8 *NewUserId;
1326 UINTN Index;
1327
1328 if ((This == NULL) || (User == NULL)) {
1329 return EFI_INVALID_PARAMETER;
1330 }
1331
1332 //
1333 // Get User Identifier.
1334 //
1335 UserInfo = NULL;
1336 Status = FindUserInfoByType (
1337 User,
1338 EFI_USER_INFO_IDENTIFIER_RECORD,
1339 &UserInfo
1340 );
1341 if (EFI_ERROR (Status)) {
1342 return EFI_INVALID_PARAMETER;
1343 }
1344
1345 //
1346 // Find the user by user identifier in mPwdTable.
1347 //
1348 for (Index = 0; Index < mUsbTable->Count; Index++) {
1349 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
1350 NewUserId = (UINT8 *) (UserInfo + 1);
1351 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
1352 //
1353 // Found the user, delete it.
1354 //
1355 ModifyTable (Index, NULL);
1356 break;
1357 }
1358 }
1359
1360 FreePool (UserInfo);
1361 return EFI_SUCCESS;
1362 }
1363
1364
1365 /**
1366 Main entry for this driver.
1367
1368 @param ImageHandle Image handle this driver.
1369 @param SystemTable Pointer to SystemTable.
1370
1371 @retval EFI_SUCESS This function always complete successfully.
1372
1373 **/
1374 EFI_STATUS
1375 EFIAPI
1376 UsbProviderInit (
1377 IN EFI_HANDLE ImageHandle,
1378 IN EFI_SYSTEM_TABLE *SystemTable
1379 )
1380 {
1381 EFI_STATUS Status;
1382
1383 //
1384 // Init credential table.
1385 //
1386 Status = InitCredentialTable ();
1387 if (EFI_ERROR (Status)) {
1388 return Status;
1389 }
1390
1391 //
1392 // Init Form Browser
1393 //
1394 Status = InitFormBrowser ();
1395 if (EFI_ERROR (Status)) {
1396 return Status;
1397 }
1398
1399 //
1400 // Install protocol interfaces for the Usb Credential Provider.
1401 //
1402 Status = gBS->InstallProtocolInterface (
1403 &mCallbackInfo->DriverHandle,
1404 &gEfiUserCredential2ProtocolGuid,
1405 EFI_NATIVE_INTERFACE,
1406 &gUsbCredentialProviderDriver
1407 );
1408 return Status;
1409 }