]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
projects / mirror_edk2.git / blob
? search:


6c22bfb2bb2922be2c4ac33b14a7cc15c6644c46
[mirror_edk2.git] / SecurityPkg / UserIdentification / UsbCredentialProviderDxe / UsbCredentialProvider.c
1 /** @file
2 Usb Credential Provider driver implemenetation.
3
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "UsbCredentialProvider.h"
16
17 CREDENTIAL_TABLE *mUsbTable = NULL;
18 USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL;
19 USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL;
20
21 //
22 // Used for save password credential and form browser
23 // And used as provider identifier
24 //
25 EFI_GUID mUsbCredentialGuid = USB_CREDENTIAL_PROVIDER_GUID;
26
27 HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {
28 {
29 {
30 HARDWARE_DEVICE_PATH,
31 HW_VENDOR_DP,
32 {
33 (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
34 (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
35 }
36 },
37 { 0x9463f883, 0x48f6, 0x4a7a, { 0x97, 0x2d, 0x9f, 0x8f, 0x38, 0xf2, 0xdd, 0x91 } }
38 },
39 {
40 END_DEVICE_PATH_TYPE,
41 END_ENTIRE_DEVICE_PATH_SUBTYPE,
42 {
43 (UINT8) (END_DEVICE_PATH_LENGTH),
44 (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
45 }
46 }
47 };
48
49 EFI_USER_CREDENTIAL_PROTOCOL gUsbCredentialProviderDriver = {
50 USB_CREDENTIAL_PROVIDER_GUID,
51 EFI_USER_CREDENTIAL_CLASS_SECURE_CARD,
52 CredentialEnroll,
53 CredentialForm,
54 CredentialTile,
55 CredentialTitle,
56 CredentialUser,
57 CredentialSelect,
58 CredentialDeselect,
59 CredentialDefault,
60 CredentialGetInfo,
61 CredentialGetNextInfo
62 };
63
64
65 /**
66 Get string by string id from HII Interface.
67
68
69 @param[in] Id String ID to get the string from.
70
71 @retval CHAR16 * String from ID.
72 @retval NULL If error occurs.
73
74 **/
75 CHAR16 *
76 GetStringById (
77 IN EFI_STRING_ID Id
78 )
79 {
80 //
81 // Get the current string for the current Language
82 //
83 return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL);
84 }
85
86
87 /**
88 Expand password table size.
89
90 **/
91 VOID
92 ExpandTableSize (
93 VOID
94 )
95 {
96 CREDENTIAL_TABLE *NewTable;
97 UINTN Count;
98
99 Count = mUsbTable->MaxCount + USB_TABLE_INC;
100 //
101 // Create new credential table.
102 //
103 NewTable = AllocateZeroPool (
104 sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +
105 Count * sizeof (USB_INFO)
106 );
107 ASSERT (NewTable != NULL);
108
109 NewTable->MaxCount = Count;
110 NewTable->Count = mUsbTable->Count;
111
112 //
113 // Copy old entries.
114 //
115 CopyMem (
116 &NewTable->UserInfo,
117 &mUsbTable->UserInfo,
118 mUsbTable->Count * sizeof (USB_INFO)
119 );
120 FreePool (mUsbTable);
121 mUsbTable = NewTable;
122 }
123
124
125 /**
126 Add or delete info in table, and sync with NV variable.
127
128 @param[in] Index The index of the password in table. The index begin from 1.
129 If index is found in table, delete the info, else add the
130 into to table.
131 @param[in] Info The new password info to add into table.
132
133 @retval EFI_INVALID_PARAMETER Info is NULL when save the info.
134 @retval EFI_SUCCESS Modify the table successfully.
135 @retval Others Failed to modify the table.
136
137 **/
138 EFI_STATUS
139 ModifyTable (
140 IN UINTN Index,
141 IN USB_INFO * Info OPTIONAL
142 )
143 {
144 EFI_STATUS Status;
145
146 if (Index < mUsbTable->Count) {
147 //
148 // Delete the specified entry
149 //
150 mUsbTable->Count--;
151 if (Index != mUsbTable->Count) {
152 CopyMem (
153 &mUsbTable->UserInfo[Index],
154 &mUsbTable->UserInfo[mUsbTable->Count],
155 sizeof (USB_INFO)
156 );
157 }
158 } else {
159 //
160 // Add a new entry
161 //
162 if (Info == NULL) {
163 return EFI_INVALID_PARAMETER;
164 }
165
166 if (mUsbTable->Count >= mUsbTable->MaxCount) {
167 ExpandTableSize ();
168 }
169
170 CopyMem (
171 &mUsbTable->UserInfo[mUsbTable->Count],
172 Info,
173 sizeof (USB_INFO)
174 );
175 mUsbTable->Count++;
176 }
177
178 //
179 // Save the credential table.
180 //
181 Status = gRT->SetVariable (
182 L"UsbCredential",
183 &mUsbCredentialGuid,
184 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
185 mUsbTable->Count * sizeof (USB_INFO),
186 &mUsbTable->UserInfo
187 );
188 return Status;
189 }
190
191
192 /**
193 Create a credential table
194
195 @retval EFI_SUCCESS Create a credential table successfully.
196 @retval Others Failed to create a password.
197
198 **/
199 EFI_STATUS
200 InitCredentialTable (
201 VOID
202 )
203 {
204 EFI_STATUS Status;
205 UINT8 *Var;
206 UINTN VarSize;
207
208 //
209 // Get Usb credential data from NV variable.
210 //
211 VarSize = 0;
212 Var = NULL;
213 Status = gRT->GetVariable (
214 L"UsbCredential",
215 &mUsbCredentialGuid,
216 NULL,
217 &VarSize,
218 Var
219 );
220 if (Status == EFI_BUFFER_TOO_SMALL) {
221 Var = AllocateZeroPool (VarSize);
222 if (Var == NULL) {
223 return EFI_OUT_OF_RESOURCES;
224 }
225 Status = gRT->GetVariable (
226 L"UsbCredential",
227 &mUsbCredentialGuid,
228 NULL,
229 &VarSize,
230 Var
231 );
232 }
233 if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
234 return Status;
235 }
236
237 //
238 // Init Usb credential table.
239 //
240 mUsbTable = AllocateZeroPool (
241 sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +
242 USB_TABLE_INC * sizeof (USB_INFO) +
243 VarSize
244 );
245 if (mUsbTable == NULL) {
246 FreePool (Var);
247 return EFI_OUT_OF_RESOURCES;
248 }
249
250 mUsbTable->Count = VarSize / sizeof (USB_INFO);
251 mUsbTable->MaxCount = mUsbTable->Count + USB_TABLE_INC;
252 if (Var != NULL) {
253 CopyMem (mUsbTable->UserInfo, Var, VarSize);
254 FreePool (Var);
255 }
256 return EFI_SUCCESS;
257 }
258
259
260 /**
261 Read the specified file by FileName in the Usb key and return the file size in BufferSize
262 and file content in Buffer.
263 Note: the caller is responsible to free the buffer memory.
264
265 @param FileName File to read.
266 @param Buffer Returned with data read from the file.
267 @param BufferSize Size of the data buffer.
268
269 @retval EFI_SUCCESS The command completed successfully.
270 @retval EFI_OUT_OF_RESOURCES Resource allocation failed.
271 @retval EFI_NOT_FOUND File not found.
272 @retval EFI_DEVICE_ERROR Device I/O error.
273
274 **/
275 EFI_STATUS
276 GetFileData (
277 IN CHAR16 *FileName,
278 OUT VOID **Buffer,
279 OUT UINTN *BufferSize
280 )
281 {
282 EFI_STATUS Status;
283 UINTN Index;
284 UINTN HandleCount;
285 UINTN ScratchBufferSize;
286 EFI_HANDLE *HandleBuffer;
287 EFI_FILE *RootFs;
288 EFI_FILE *FileHandle;
289 EFI_FILE_INFO *FileInfo;
290 EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *SimpleFileSystem;
291 EFI_BLOCK_IO_PROTOCOL *BlkIo;
292
293 FileInfo = NULL;
294 FileHandle = NULL;
295
296 Status = gBS->LocateHandleBuffer (
297 ByProtocol,
298 &gEfiSimpleFileSystemProtocolGuid,
299 NULL,
300 &HandleCount,
301 &HandleBuffer
302 );
303 if (EFI_ERROR (Status)) {
304 DEBUG ((DEBUG_ERROR, "Can not Locate SimpleFileSystemProtocol\n"));
305 goto Done;
306 }
307
308 //
309 // Find and open the file in removable media disk.
310 //
311 for (Index = 0; Index < HandleCount; Index++) {
312 Status = gBS->HandleProtocol (
313 HandleBuffer[Index],
314 &gEfiBlockIoProtocolGuid,
315 (VOID **) &BlkIo
316 );
317 if (EFI_ERROR (Status)) {
318 continue;
319 }
320
321 if (BlkIo->Media->RemovableMedia) {
322 Status = gBS->HandleProtocol (
323 HandleBuffer[Index],
324 &gEfiSimpleFileSystemProtocolGuid,
325 (VOID **) &SimpleFileSystem
326 );
327 if (EFI_ERROR (Status)) {
328 continue;
329 }
330
331 Status = SimpleFileSystem->OpenVolume (
332 SimpleFileSystem,
333 &RootFs
334 );
335 if (EFI_ERROR (Status)) {
336 continue;
337 }
338
339 Status = RootFs->Open (
340 RootFs,
341 &FileHandle,
342 FileName,
343 EFI_FILE_MODE_READ,
344 0
345 );
346 if (!EFI_ERROR (Status)) {
347 break;
348 }
349 }
350 }
351
352 FreePool (HandleBuffer);
353
354 if (Index >= HandleCount) {
355 DEBUG ((DEBUG_ERROR, "Can not found the token file!\n"));
356 Status = EFI_NOT_FOUND;
357 goto Done;
358 }
359
360 //
361 // Figure out how big the file is.
362 //
363 ScratchBufferSize = 0;
364 Status = FileHandle->GetInfo (
365 FileHandle,
366 &gEfiFileInfoGuid,
367 &ScratchBufferSize,
368 NULL
369 );
370 if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
371 DEBUG ((DEBUG_ERROR, "Can not obtain file size info!\n"));
372 Status = EFI_DEVICE_ERROR;
373 goto Done;
374 }
375
376 FileInfo = AllocateZeroPool (ScratchBufferSize);
377 if (FileInfo == NULL) {
378 DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token file!\n"));
379 Status = EFI_OUT_OF_RESOURCES;
380 goto Done;
381 }
382
383 Status = FileHandle->GetInfo (
384 FileHandle,
385 &gEfiFileInfoGuid,
386 &ScratchBufferSize,
387 FileInfo
388 );
389 if (EFI_ERROR (Status)) {
390 DEBUG ((DEBUG_ERROR, "Can not obtain file info from the token file!\n"));
391 Status = EFI_DEVICE_ERROR;
392 goto Done;
393 }
394
395 //
396 // Allocate a buffer for the file.
397 //
398 *BufferSize = (UINT32) FileInfo->FileSize;
399 *Buffer = AllocateZeroPool (*BufferSize);
400 if (*Buffer == NULL) {
401 DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n"));
402 Status = EFI_OUT_OF_RESOURCES;
403 goto Done;
404 }
405
406 //
407 // Load file into the allocated memory.
408 //
409 Status = FileHandle->Read (FileHandle, BufferSize, *Buffer);
410 if (EFI_ERROR (Status)) {
411 FreePool (*Buffer);
412 DEBUG ((DEBUG_ERROR, "Can not read the token file!\n"));
413 Status = EFI_DEVICE_ERROR;
414 goto Done;
415 }
416
417 //
418 // Close file.
419 //
420 Status = FileHandle->Close (FileHandle);
421 if (EFI_ERROR (Status)) {
422 FreePool (*Buffer);
423 DEBUG ((DEBUG_ERROR, "Can not close the token file !\n"));
424 Status = EFI_DEVICE_ERROR;
425 }
426
427 Done:
428
429 if (FileInfo != NULL) {
430 FreePool (FileInfo);
431 }
432
433 return Status;
434 }
435
436
437 /**
438 Hash the data to get credential.
439
440 @param[in] Buffer Points to the data buffer
441 @param[in] BufferSize The size of data in buffer, in bytes.
442 @param[out] Credential Points to the hashed result
443
444 @retval TRUE Hash the data successfully.
445 @retval FALSE Failed to hash the data.
446
447 **/
448 BOOLEAN
449 GenerateCredential (
450 IN UINT8 *Buffer,
451 IN UINTN BufferSize,
452 OUT UINT8 *Credential
453 )
454 {
455 BOOLEAN Status;
456 UINTN HashSize;
457 VOID *Hash;
458
459 HashSize = Sha1GetContextSize ();
460 Hash = AllocatePool (HashSize);
461 ASSERT (Hash != NULL);
462
463 Status = Sha1Init (Hash);
464 if (!Status) {
465 goto Done;
466 }
467
468 Status = Sha1Update (Hash, Buffer, BufferSize);
469 if (!Status) {
470 goto Done;
471 }
472
473 Status = Sha1Final (Hash, Credential);
474
475 Done:
476 FreePool (Hash);
477 return Status;
478 }
479
480
481 /**
482 Read the token file, and default the Token is saved at the begining of the file.
483
484 @param[out] Token Token read from a Token file.
485
486 @retval EFI_SUCCESS Read a Token successfully.
487 @retval Others Fails to read a Token.
488
489 **/
490 EFI_STATUS
491 GetToken (
492 OUT UINT8 *Token
493 )
494 {
495 EFI_STATUS Status;
496 UINT8 *Buffer;
497 UINTN BufSize;
498 CHAR16 *TokenFile;
499
500 BufSize = 0;
501 Buffer = NULL;
502 TokenFile = FixedPcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);
503 Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize);
504 if (EFI_ERROR (Status)) {
505 DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", TokenFile, Status));
506 return Status;
507 }
508
509 if (!GenerateCredential (Buffer, BufSize, Token)) {
510 DEBUG ((DEBUG_ERROR, "Generate credential from read data failed!\n"));
511 FreePool (Buffer);
512 return EFI_SECURITY_VIOLATION;
513 }
514
515 FreePool (Buffer);
516 return EFI_SUCCESS;
517 }
518
519
520 /**
521 Find a user infomation record by the information record type.
522
523 This function searches all user information records of User from beginning
524 until either the information is found or there are no more user infomation
525 record. A match occurs when a Info.InfoType field matches the user information
526 record type.
527
528 @param[in] User Points to the user profile record to search.
529 @param[in] InfoType The infomation type to be searched.
530 @param[out] Info Points to the user info found, the caller is responsible
531 to free.
532
533 @retval EFI_SUCCESS Find the user information successfully.
534 @retval Others Fail to find the user information.
535
536 **/
537 EFI_STATUS
538 FindUserInfoByType (
539 IN EFI_USER_PROFILE_HANDLE User,
540 IN UINT8 InfoType,
541 OUT EFI_USER_INFO **Info
542 )
543 {
544 EFI_STATUS Status;
545 EFI_USER_INFO *UserInfo;
546 UINTN UserInfoSize;
547 EFI_USER_INFO_HANDLE UserInfoHandle;
548 EFI_USER_MANAGER_PROTOCOL *UserManager;
549
550 //
551 // Find user information by information type.
552 //
553 if (Info == NULL) {
554 return EFI_INVALID_PARAMETER;
555 }
556
557 Status = gBS->LocateProtocol (
558 &gEfiUserManagerProtocolGuid,
559 NULL,
560 (VOID **) &UserManager
561 );
562 if (EFI_ERROR (Status)) {
563 return EFI_NOT_FOUND;
564 }
565
566 //
567 // Get each user information.
568 //
569
570 UserInfoHandle = NULL;
571 UserInfo = NULL;
572 UserInfoSize = 0;
573 while (TRUE) {
574 Status = UserManager->GetNextInfo (UserManager, User, &UserInfoHandle);
575 if (EFI_ERROR (Status)) {
576 break;
577 }
578 //
579 // Get information.
580 //
581 Status = UserManager->GetInfo (
582 UserManager,
583 User,
584 UserInfoHandle,
585 UserInfo,
586 &UserInfoSize
587 );
588 if (Status == EFI_BUFFER_TOO_SMALL) {
589 if (UserInfo != NULL) {
590 FreePool (UserInfo);
591 }
592 UserInfo = AllocateZeroPool (UserInfoSize);
593 if (UserInfo == NULL) {
594 return EFI_OUT_OF_RESOURCES;
595 }
596 Status = UserManager->GetInfo (
597 UserManager,
598 User,
599 UserInfoHandle,
600 UserInfo,
601 &UserInfoSize
602 );
603 }
604 if (EFI_ERROR (Status)) {
605 break;
606 }
607
608 ASSERT (UserInfo != NULL);
609 if (UserInfo->InfoType == InfoType) {
610 *Info = UserInfo;
611 return EFI_SUCCESS;
612 }
613 }
614
615 if (UserInfo != NULL) {
616 FreePool (UserInfo);
617 }
618 return Status;
619 }
620
621
622 /**
623 This function initialize the data mainly used in form browser.
624
625 @retval EFI_SUCCESS Initialize form data successfully.
626 @retval Others Fail to Initialize form data.
627
628 **/
629 EFI_STATUS
630 InitFormBrowser (
631 VOID
632 )
633 {
634 USB_PROVIDER_CALLBACK_INFO *CallbackInfo;
635
636 //
637 // Initialize driver private data.
638 //
639 CallbackInfo = AllocateZeroPool (sizeof (USB_PROVIDER_CALLBACK_INFO));
640 if (CallbackInfo == NULL) {
641 return EFI_OUT_OF_RESOURCES;
642 }
643
644 CallbackInfo->DriverHandle = NULL;
645
646 //
647 // Publish HII data.
648 //
649 CallbackInfo->HiiHandle = HiiAddPackages (
650 &mUsbCredentialGuid,
651 CallbackInfo->DriverHandle,
652 UsbCredentialProviderStrings,
653 NULL
654 );
655 if (CallbackInfo->HiiHandle == NULL) {
656 return EFI_OUT_OF_RESOURCES;
657 }
658 mCallbackInfo = CallbackInfo;
659
660 return EFI_SUCCESS;
661 }
662
663
664 /**
665 Enroll a user on a credential provider.
666
667 This function enrolls and deletes a user profile using this credential provider.
668 If a user profile is successfully enrolled, it calls the User Manager Protocol
669 function Notify() to notify the user manager driver that credential information
670 has changed. If an enrolled user does exist, delete the user on the credential
671 provider.
672
673 @param[in] This Points to this instance of EFI_USER_CREDENTIAL_PROTOCOL.
674 @param[in] User The user profile to enroll.
675
676 @retval EFI_SUCCESS User profile was successfully enrolled.
677 @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the
678 user profile handle. Either the user profile cannot enroll
679 on any user profile or cannot enroll on a user profile
680 other than the current user profile.
681 @retval EFI_UNSUPPORTED This credential provider does not support enrollment in
682 the pre-OS.
683 @retval EFI_DEVICE_ERROR The new credential could not be created because of a device
684 error.
685 @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
686
687 **/
688 EFI_STATUS
689 EFIAPI
690 CredentialEnroll (
691 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
692 IN EFI_USER_PROFILE_HANDLE User
693 )
694 {
695 EFI_STATUS Status;
696 UINTN Index;
697 USB_INFO UsbInfo;
698 EFI_USER_INFO *UserInfo;
699 EFI_INPUT_KEY Key;
700 EFI_USER_MANAGER_PROTOCOL *UserManager;
701 UINT8 *UserId;
702 UINT8 *NewUserId;
703 EFI_TPL OldTpl;
704 CHAR16 *QuestionStr;
705 CHAR16 *PromptStr;
706
707 if ((This == NULL) || (User == NULL)) {
708 return EFI_INVALID_PARAMETER;
709 }
710
711 Status = gBS->LocateProtocol (
712 &gEfiUserManagerProtocolGuid,
713 NULL,
714 (VOID **) &UserManager
715 );
716 if (EFI_ERROR (Status)) {
717 return EFI_UNSUPPORTED;
718 }
719
720 //
721 // Get User Identifier
722 //
723 UserInfo = NULL;
724 Status = FindUserInfoByType (
725 User,
726 EFI_USER_INFO_IDENTIFIER_RECORD,
727 &UserInfo
728 );
729 if (EFI_ERROR (Status)) {
730 return EFI_INVALID_PARAMETER;
731 }
732
733 //
734 // If User exists in mUsbTable, delete User.
735 //
736 for (Index = 0; Index < mUsbTable->Count; Index++) {
737 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
738 NewUserId = (UINT8 *) (UserInfo + 1);
739 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
740 //
741 // Delete the exist Token.
742 //
743 FreePool (UserInfo);
744 return ModifyTable (Index, NULL);
745 }
746 }
747
748 //
749 // Get Token and User ID to UsbInfo.
750 //
751 Status = GetToken (UsbInfo.Token);
752 if (EFI_ERROR (Status)) {
753 QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));
754 PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));
755 OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
756 gBS->RestoreTPL (TPL_APPLICATION);
757 CreatePopUp (
758 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
759 &Key,
760 QuestionStr,
761 L"",
762 PromptStr,
763 NULL
764 );
765 gBS->RaiseTPL (OldTpl);
766 FreePool (QuestionStr);
767 FreePool (PromptStr);
768 FreePool (UserInfo);
769 return Status;
770 }
771 CopyMem (
772 UsbInfo.UserId,
773 (UINT8 *) (UserInfo + 1),
774 sizeof (EFI_USER_INFO_IDENTIFIER)
775 );
776 FreePool (UserInfo);
777
778 //
779 // Save the new added entry.
780 //
781 Status = ModifyTable (mUsbTable->Count, &UsbInfo);
782 if (EFI_ERROR (Status)) {
783 return Status;
784 }
785
786 //
787 // Notify the user manager driver that credential information has changed.
788 //
789 UserManager->Notify (UserManager, mCallbackInfo->DriverHandle);
790
791 return EFI_SUCCESS;
792 }
793
794
795 /**
796 Returns the user interface information used during user identification.
797
798 This function returns information about the form used when interacting with the
799 user during user identification. The form is the first enabled form in the form-set
800 class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If
801 the user credential provider does not require a form to identify the user, then this
802 function should return EFI_NOT_FOUND.
803
804 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
805 @param[out] Hii On return, holds the HII database handle.
806 @param[out] FormSetId On return, holds the identifier of the form set which contains
807 the form used during user identification.
808 @param[out] FormId On return, holds the identifier of the form used during user
809 identification.
810
811 @retval EFI_SUCCESS Form returned successfully.
812 @retval EFI_NOT_FOUND Form not returned.
813 @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.
814
815 **/
816 EFI_STATUS
817 EFIAPI
818 CredentialForm (
819 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
820 OUT EFI_HII_HANDLE *Hii,
821 OUT EFI_GUID *FormSetId,
822 OUT EFI_FORM_ID *FormId
823 )
824 {
825 if ((This == NULL) || (Hii == NULL) ||
826 (FormSetId == NULL) || (FormId == NULL)) {
827 return EFI_INVALID_PARAMETER;
828 }
829 return EFI_NOT_FOUND;
830 }
831
832
833 /**
834 Returns bitmap used to describe the credential provider type.
835
836 This optional function returns a bitmap which is less than or equal to the number
837 of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
838 is returned.
839
840 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
841 @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
842 bitmap information will be returned. On exit, points to the
843 width of the bitmap returned.
844 @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no
845 bitmap information will be returned. On exit, points to the
846 height of the bitmap returned.
847 @param[out] Hii On return, holds the HII database handle.
848 @param[out] Image On return, holds the HII image identifier.
849
850 @retval EFI_SUCCESS Image identifier returned successfully.
851 @retval EFI_NOT_FOUND Image identifier not returned.
852 @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.
853
854 **/
855 EFI_STATUS
856 EFIAPI
857 CredentialTile (
858 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
859 IN OUT UINTN *Width,
860 IN OUT UINTN *Height,
861 OUT EFI_HII_HANDLE *Hii,
862 OUT EFI_IMAGE_ID *Image
863 )
864 {
865 if ((This == NULL) || (Hii == NULL) || (Image == NULL)) {
866 return EFI_INVALID_PARAMETER;
867 }
868 return EFI_NOT_FOUND;
869 }
870
871
872 /**
873 Returns string used to describe the credential provider type.
874
875 This function returns a string which describes the credential provider. If no
876 such string exists, then EFI_NOT_FOUND is returned.
877
878 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
879 @param[out] Hii On return, holds the HII database handle.
880 @param[out] String On return, holds the HII string identifier.
881
882 @retval EFI_SUCCESS String identifier returned successfully.
883 @retval EFI_NOT_FOUND String identifier not returned.
884 @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.
885
886 **/
887 EFI_STATUS
888 EFIAPI
889 CredentialTitle (
890 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
891 OUT EFI_HII_HANDLE *Hii,
892 OUT EFI_STRING_ID *String
893 )
894 {
895 if ((This == NULL) || (Hii == NULL) || (String == NULL)) {
896 return EFI_INVALID_PARAMETER;
897 }
898 //
899 // Set Hii handle and String ID.
900 //
901 *Hii = mCallbackInfo->HiiHandle;
902 *String = STRING_TOKEN (STR_CREDENTIAL_TITLE);
903
904 return EFI_SUCCESS;
905 }
906
907
908 /**
909 Return the user identifier associated with the currently authenticated user.
910
911 This function returns the user identifier of the user authenticated by this credential
912 provider. This function is called after the credential-related information has been
913 submitted on a form OR after a call to Default() has returned that this credential is
914 ready to log on.
915
916 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
917 @param[in] User The user profile handle of the user profile currently being
918 considered by the user identity manager. If NULL, then no user
919 profile is currently under consideration.
920 @param[out] Identifier On return, points to the user identifier.
921
922 @retval EFI_SUCCESS User identifier returned successfully.
923 @retval EFI_NOT_READY No user identifier can be returned.
924 @retval EFI_ACCESS_DENIED The user has been locked out of this user credential.
925 @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.
926 @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be
927 found in user profile database.
928
929 **/
930 EFI_STATUS
931 EFIAPI
932 CredentialUser (
933 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
934 IN EFI_USER_PROFILE_HANDLE User,
935 OUT EFI_USER_INFO_IDENTIFIER *Identifier
936 )
937 {
938 EFI_STATUS Status;
939 UINTN Index;
940 EFI_USER_INFO *UserInfo;
941 UINT8 *UserId;
942 UINT8 *NewUserId;
943 UINT8 *UserToken;
944 UINT8 ReadToken[HASHED_CREDENTIAL_LEN];
945 EFI_INPUT_KEY Key;
946 EFI_TPL OldTpl;
947 CHAR16 *QuestionStr;
948 CHAR16 *PromptStr;
949
950 if ((This == NULL) || (Identifier == NULL)) {
951 return EFI_INVALID_PARAMETER;
952 }
953
954 if (User == NULL) {
955 //
956 // Verify the auto logon user, get user id by matched token.
957 //
958 if (mUsbTable->Count == 0) {
959 return EFI_NOT_READY;
960 }
961
962 //
963 // No user selected, get token first and verify the user existed in user database.
964 //
965 Status = GetToken (ReadToken);
966 if (EFI_ERROR (Status)) {
967 return EFI_NOT_READY;
968 }
969
970 for (Index = 0; Index < mUsbTable->Count; Index++) {
971 //
972 // find the specified credential in the Usb credential database.
973 //
974 UserToken = mUsbTable->UserInfo[Index].Token;
975 if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {
976 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
977 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
978 return EFI_SUCCESS;
979 }
980 }
981
982 return EFI_NOT_READY;
983 }
984
985 //
986 // User is not NULL here. Read a token, and check whether the token matches with
987 // the selected user's Token. If not, try to find a token in token DB to matches
988 // with read token.
989 //
990
991 Status = GetToken (ReadToken);
992 if (EFI_ERROR (Status)) {
993 QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));
994 PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));
995 OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
996 gBS->RestoreTPL (TPL_APPLICATION);
997 CreatePopUp (
998 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
999 &Key,
1000 QuestionStr,
1001 L"",
1002 PromptStr,
1003 NULL
1004 );
1005 gBS->RaiseTPL (OldTpl);
1006 FreePool (QuestionStr);
1007 FreePool (PromptStr);
1008 return EFI_NOT_FOUND;
1009 }
1010
1011 //
1012 // Get the selected user's identifier.
1013 //
1014 Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, &UserInfo);
1015 if (EFI_ERROR (Status)) {
1016 return EFI_NOT_FOUND;
1017 }
1018
1019 //
1020 // Check the selected user's Token with the read token.
1021 //
1022 for (Index = 0; Index < mUsbTable->Count; Index++) {
1023 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
1024 NewUserId = (UINT8 *) (UserInfo + 1);
1025 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
1026 //
1027 // The user's ID is found in the UsbTable.
1028 //
1029 UserToken = mUsbTable->UserInfo[Index].Token;
1030 if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {
1031 //
1032 // The read token matches with the one in UsbTable.
1033 //
1034 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
1035 FreePool (UserInfo);
1036 return EFI_SUCCESS;
1037 }
1038 }
1039 }
1040 FreePool (UserInfo);
1041
1042 //
1043 // The read token mismatch with the User's Token.
1044 // Only check token.
1045 //
1046 for (Index = 0; Index < mUsbTable->Count; Index++) {
1047 UserToken = mUsbTable->UserInfo[Index].Token;
1048 if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {
1049 //
1050 // The read token matches with the one in UsbTable.
1051 //
1052 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
1053 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
1054 return EFI_SUCCESS;
1055 }
1056 }
1057
1058 return EFI_NOT_FOUND;
1059 }
1060
1061
1062 /**
1063 Indicate that user interface interaction has begun for the specified credential.
1064
1065 This function is called when a credential provider is selected by the user. If
1066 AutoLogon returns FALSE, then the user interface will be constructed by the User
1067 Identity Manager.
1068
1069 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1070 @param[out] AutoLogon On return, points to the credential provider's capabilities
1071 after the credential provider has been selected by the user.
1072
1073 @retval EFI_SUCCESS Credential provider successfully selected.
1074 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1075
1076 **/
1077 EFI_STATUS
1078 EFIAPI
1079 CredentialSelect (
1080 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1081 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1082 )
1083 {
1084 if ((This == NULL) || (AutoLogon == NULL)) {
1085 return EFI_INVALID_PARAMETER;
1086 }
1087
1088 *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO;
1089
1090 return EFI_SUCCESS;
1091 }
1092
1093
1094 /**
1095 Indicate that user interface interaction has ended for the specified credential.
1096
1097 This function is called when a credential provider is deselected by the user.
1098
1099 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1100
1101 @retval EFI_SUCCESS Credential provider successfully deselected.
1102
1103 **/
1104 EFI_STATUS
1105 EFIAPI
1106 CredentialDeselect (
1107 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This
1108 )
1109 {
1110 if (This == NULL) {
1111 return EFI_INVALID_PARAMETER;
1112 }
1113 return EFI_SUCCESS;
1114 }
1115
1116
1117 /**
1118 Return the default logon behavior for this user credential.
1119
1120 This function reports the default login behavior regarding this credential provider.
1121
1122 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1123 @param[out] AutoLogon On return, holds whether the credential provider should be used
1124 by default to automatically log on the user.
1125
1126 @retval EFI_SUCCESS Default information successfully returned.
1127 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1128
1129 **/
1130 EFI_STATUS
1131 EFIAPI
1132 CredentialDefault (
1133 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1134 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1135 )
1136 {
1137 if ((This == NULL) || (AutoLogon == NULL)) {
1138 return EFI_INVALID_PARAMETER;
1139 }
1140
1141 *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO;
1142 return EFI_SUCCESS;
1143 }
1144
1145
1146 /**
1147 Return information attached to the credential provider.
1148
1149 This function returns user information.
1150
1151 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1152 @param[in] UserInfo Handle of the user information data record.
1153 @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
1154 exit, holds the user information. If the buffer is too small
1155 to hold the information, then EFI_BUFFER_TOO_SMALL is returned
1156 and InfoSize is updated to contain the number of bytes actually
1157 required.
1158 @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the
1159 size of the user information.
1160
1161 @retval EFI_SUCCESS Information returned successfully.
1162 @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the
1163 user information. The size required is returned in *InfoSize.
1164 @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
1165 @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.
1166
1167 **/
1168 EFI_STATUS
1169 EFIAPI
1170 CredentialGetInfo (
1171 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1172 IN EFI_USER_INFO_HANDLE UserInfo,
1173 OUT EFI_USER_INFO *Info,
1174 IN OUT UINTN *InfoSize
1175 )
1176 {
1177 EFI_USER_INFO *CredentialInfo;
1178 UINTN Index;
1179
1180 if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) {
1181 return EFI_INVALID_PARAMETER;
1182 }
1183
1184 if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) {
1185 return EFI_NOT_FOUND;
1186 }
1187
1188 //
1189 // Find information handle in credential info table.
1190 //
1191 for (Index = 0; Index < mUsbInfoHandle->Count; Index++) {
1192 CredentialInfo = mUsbInfoHandle->Info[Index];
1193 if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) {
1194 //
1195 // The handle is found, copy the user info.
1196 //
1197 if (CredentialInfo->InfoSize > *InfoSize) {
1198 *InfoSize = CredentialInfo->InfoSize;
1199 return EFI_BUFFER_TOO_SMALL;
1200 }
1201
1202 CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize);
1203 return EFI_SUCCESS;
1204 }
1205 }
1206
1207 return EFI_NOT_FOUND;
1208 }
1209
1210
1211 /**
1212 Enumerate all of the user informations on the credential provider.
1213
1214 This function returns the next user information record. To retrieve the first user
1215 information record handle, point UserInfo at a NULL. Each subsequent call will retrieve
1216 another user information record handle until there are no more, at which point UserInfo
1217 will point to NULL.
1218
1219 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL_PROTOCOL.
1220 @param[in, out] UserInfo On entry, points to the previous user information handle or NULL
1221 to start enumeration. On exit, points to the next user information
1222 handle or NULL if there is no more user information.
1223
1224 @retval EFI_SUCCESS User information returned.
1225 @retval EFI_NOT_FOUND No more user information found.
1226 @retval EFI_INVALID_PARAMETER UserInfo is NULL.
1227
1228 **/
1229 EFI_STATUS
1230 EFIAPI
1231 CredentialGetNextInfo (
1232 IN CONST EFI_USER_CREDENTIAL_PROTOCOL *This,
1233 IN OUT EFI_USER_INFO_HANDLE *UserInfo
1234 )
1235 {
1236 EFI_USER_INFO *Info;
1237 CHAR16 *ProvNameStr;
1238 UINTN InfoLen;
1239 UINTN Index;
1240 UINTN ProvStrLen;
1241
1242 if ((This == NULL) || (UserInfo == NULL)) {
1243 return EFI_INVALID_PARAMETER;
1244 }
1245
1246 if (mUsbInfoHandle == NULL) {
1247 //
1248 // Initilized user info table. There are 4 user info records in the table.
1249 //
1250 InfoLen = sizeof (USB_CREDENTIAL_INFO) + (4 - 1) * sizeof (EFI_USER_INFO *);
1251 mUsbInfoHandle = AllocateZeroPool (InfoLen);
1252 if (mUsbInfoHandle == NULL) {
1253 *UserInfo = NULL;
1254 return EFI_NOT_FOUND;
1255 }
1256
1257 //
1258 // The first information, Credential Provider info.
1259 //
1260 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1261 Info = AllocateZeroPool (InfoLen);
1262 ASSERT (Info != NULL);
1263
1264 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD;
1265 Info->InfoSize = (UINT32) InfoLen;
1266 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1267 CopyGuid (&Info->Credential, &mUsbCredentialGuid);
1268 CopyGuid ((EFI_GUID *)(Info + 1), &mUsbCredentialGuid);
1269
1270 mUsbInfoHandle->Info[0] = Info;
1271 mUsbInfoHandle->Count++;
1272
1273 //
1274 // The second information, Credential Provider name info.
1275 //
1276 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME));
1277 ProvStrLen = StrSize (ProvNameStr);
1278 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1279 Info = AllocateZeroPool (InfoLen);
1280 ASSERT (Info != NULL);
1281
1282 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1283 Info->InfoSize = (UINT32) InfoLen;
1284 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1285 CopyGuid (&Info->Credential, &mUsbCredentialGuid);
1286 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1287 FreePool (ProvNameStr);
1288
1289 mUsbInfoHandle->Info[1] = Info;
1290 mUsbInfoHandle->Count++;
1291
1292 //
1293 // The third information, Credential Provider type info.
1294 //
1295 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1296 Info = AllocateZeroPool (InfoLen);
1297 ASSERT (Info != NULL);
1298
1299 Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD;
1300 Info->InfoSize = (UINT32) InfoLen;
1301 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1302 CopyGuid (&Info->Credential, &mUsbCredentialGuid);
1303 CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassSecureCardGuid);
1304
1305 mUsbInfoHandle->Info[2] = Info;
1306 mUsbInfoHandle->Count++;
1307
1308 //
1309 // The fourth information, Credential Provider type name info.
1310 //
1311 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_TYPE_NAME));
1312 ProvStrLen = StrSize (ProvNameStr);
1313 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1314 Info = AllocateZeroPool (InfoLen);
1315 ASSERT (Info != NULL);
1316
1317 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1318 Info->InfoSize = (UINT32) InfoLen;
1319 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1320 CopyGuid (&Info->Credential, &mUsbCredentialGuid);
1321 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1322 FreePool (ProvNameStr);
1323
1324 mUsbInfoHandle->Info[3] = Info;
1325 mUsbInfoHandle->Count++;
1326 }
1327
1328 if (*UserInfo == NULL) {
1329 //
1330 // Return the first info handle.
1331 //
1332 *UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0];
1333 return EFI_SUCCESS;
1334 }
1335
1336 //
1337 // Find information handle in credential info table.
1338 //
1339 for (Index = 0; Index < mUsbInfoHandle->Count; Index++) {
1340 Info = mUsbInfoHandle->Info[Index];
1341 if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) {
1342 //
1343 // The handle is found, get the next one.
1344 //
1345 if (Index == mUsbInfoHandle->Count - 1) {
1346 //
1347 // Already last one.
1348 //
1349 *UserInfo = NULL;
1350 return EFI_NOT_FOUND;
1351 }
1352 Index++;
1353 *UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index];
1354 return EFI_SUCCESS;
1355 }
1356 }
1357
1358 *UserInfo = NULL;
1359 return EFI_NOT_FOUND;
1360 }
1361
1362
1363 /**
1364 Main entry for this driver.
1365
1366 @param ImageHandle Image handle this driver.
1367 @param SystemTable Pointer to SystemTable.
1368
1369 @retval EFI_SUCESS This function always complete successfully.
1370
1371 **/
1372 EFI_STATUS
1373 EFIAPI
1374 UsbProviderInit (
1375 IN EFI_HANDLE ImageHandle,
1376 IN EFI_SYSTEM_TABLE *SystemTable
1377 )
1378 {
1379 EFI_STATUS Status;
1380
1381 //
1382 // Init credential table.
1383 //
1384 Status = InitCredentialTable ();
1385 if (EFI_ERROR (Status)) {
1386 return Status;
1387 }
1388
1389 //
1390 // Init Form Browser
1391 //
1392 Status = InitFormBrowser ();
1393 if (EFI_ERROR (Status)) {
1394 return Status;
1395 }
1396
1397 //
1398 // Install protocol interfaces for the Usb Credential Provider.
1399 //
1400 Status = gBS->InstallProtocolInterface (
1401 &mCallbackInfo->DriverHandle,
1402 &gEfiUserCredentialProtocolGuid,
1403 EFI_NATIVE_INTERFACE,
1404 &gUsbCredentialProviderDriver
1405 );
1406 return Status;
1407 }
EFI Development Kit II mirror for PVE