]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
projects / mirror_edk2.git / blob
? search:


979cdfd2cb22af85af938824e5c03118f79991a5
[mirror_edk2.git] / SecurityPkg / UserIdentification / UsbCredentialProviderDxe / UsbCredentialProvider.c
1 /** @file
2 Usb Credential Provider driver implemenetation.
3
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "UsbCredentialProvider.h"
16
17 CREDENTIAL_TABLE *mUsbTable = NULL;
18 USB_PROVIDER_CALLBACK_INFO *mCallbackInfo = NULL;
19 USB_CREDENTIAL_INFO *mUsbInfoHandle = NULL;
20
21 EFI_USER_CREDENTIAL2_PROTOCOL gUsbCredentialProviderDriver = {
22 USB_CREDENTIAL_PROVIDER_GUID,
23 EFI_USER_CREDENTIAL_CLASS_SECURE_CARD,
24 CredentialEnroll,
25 CredentialForm,
26 CredentialTile,
27 CredentialTitle,
28 CredentialUser,
29 CredentialSelect,
30 CredentialDeselect,
31 CredentialDefault,
32 CredentialGetInfo,
33 CredentialGetNextInfo,
34 EFI_CREDENTIAL_CAPABILITIES_ENROLL,
35 CredentialDelete
36 };
37
38
39 /**
40 Get string by string id from HII Interface.
41
42
43 @param[in] Id String ID to get the string from.
44
45 @retval CHAR16 * String from ID.
46 @retval NULL If error occurs.
47
48 **/
49 CHAR16 *
50 GetStringById (
51 IN EFI_STRING_ID Id
52 )
53 {
54 //
55 // Get the current string for the current Language
56 //
57 return HiiGetString (mCallbackInfo->HiiHandle, Id, NULL);
58 }
59
60
61 /**
62 Expand password table size.
63
64 **/
65 VOID
66 ExpandTableSize (
67 VOID
68 )
69 {
70 CREDENTIAL_TABLE *NewTable;
71 UINTN Count;
72
73 Count = mUsbTable->MaxCount + USB_TABLE_INC;
74 //
75 // Create new credential table.
76 //
77 NewTable = AllocateZeroPool (
78 sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +
79 Count * sizeof (USB_INFO)
80 );
81 ASSERT (NewTable != NULL);
82
83 NewTable->MaxCount = Count;
84 NewTable->Count = mUsbTable->Count;
85
86 //
87 // Copy old entries.
88 //
89 CopyMem (
90 &NewTable->UserInfo,
91 &mUsbTable->UserInfo,
92 mUsbTable->Count * sizeof (USB_INFO)
93 );
94 FreePool (mUsbTable);
95 mUsbTable = NewTable;
96 }
97
98
99 /**
100 Add, update or delete info in table, and sync with NV variable.
101
102 @param[in] Index The index of the password in table. If index is found in
103 table, update the info, else add the into to table.
104 @param[in] Info The new credential info to add into table. If Info is NULL,
105 delete the info by Index.
106
107 @retval EFI_INVALID_PARAMETER Info is NULL when save the info.
108 @retval EFI_SUCCESS Modify the table successfully.
109 @retval Others Failed to modify the table.
110
111 **/
112 EFI_STATUS
113 ModifyTable (
114 IN UINTN Index,
115 IN USB_INFO * Info OPTIONAL
116 )
117 {
118 EFI_STATUS Status;
119 USB_INFO *NewUsbInfo;
120
121 NewUsbInfo = NULL;
122 if (Index < mUsbTable->Count) {
123 if (Info == NULL) {
124 //
125 // Delete the specified entry.
126 //
127 mUsbTable->Count--;
128 if (Index != mUsbTable->Count) {
129 NewUsbInfo = &mUsbTable->UserInfo[mUsbTable->Count];
130 }
131 } else {
132 //
133 // Update the specified entry.
134 //
135 NewUsbInfo = Info;
136 }
137 } else {
138 //
139 // Add a new entry
140 //
141 if (Info == NULL) {
142 return EFI_INVALID_PARAMETER;
143 }
144
145 if (mUsbTable->Count >= mUsbTable->MaxCount) {
146 ExpandTableSize ();
147 }
148
149 NewUsbInfo = Info;
150 mUsbTable->Count++;
151 }
152
153 if (NewUsbInfo != NULL) {
154 CopyMem (&mUsbTable->UserInfo[Index], NewUsbInfo, sizeof (USB_INFO));
155 }
156
157 //
158 // Save the credential table.
159 //
160 Status = gRT->SetVariable (
161 L"UsbCredential",
162 &gUsbCredentialProviderGuid,
163 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
164 mUsbTable->Count * sizeof (USB_INFO),
165 &mUsbTable->UserInfo
166 );
167 return Status;
168 }
169
170
171 /**
172 Create a credential table
173
174 @retval EFI_SUCCESS Create a credential table successfully.
175 @retval Others Failed to create a password.
176
177 **/
178 EFI_STATUS
179 InitCredentialTable (
180 VOID
181 )
182 {
183 EFI_STATUS Status;
184 UINT8 *Var;
185 UINTN VarSize;
186
187 //
188 // Get Usb credential data from NV variable.
189 //
190 VarSize = 0;
191 Var = NULL;
192 Status = gRT->GetVariable (
193 L"UsbCredential",
194 &gUsbCredentialProviderGuid,
195 NULL,
196 &VarSize,
197 Var
198 );
199 if (Status == EFI_BUFFER_TOO_SMALL) {
200 Var = AllocateZeroPool (VarSize);
201 if (Var == NULL) {
202 return EFI_OUT_OF_RESOURCES;
203 }
204 Status = gRT->GetVariable (
205 L"UsbCredential",
206 &gUsbCredentialProviderGuid,
207 NULL,
208 &VarSize,
209 Var
210 );
211 }
212 if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
213 return Status;
214 }
215
216 //
217 // Init Usb credential table.
218 //
219 mUsbTable = AllocateZeroPool (
220 sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) +
221 USB_TABLE_INC * sizeof (USB_INFO) +
222 VarSize
223 );
224 if (mUsbTable == NULL) {
225 FreePool (Var);
226 return EFI_OUT_OF_RESOURCES;
227 }
228
229 mUsbTable->Count = VarSize / sizeof (USB_INFO);
230 mUsbTable->MaxCount = mUsbTable->Count + USB_TABLE_INC;
231 if (Var != NULL) {
232 CopyMem (mUsbTable->UserInfo, Var, VarSize);
233 FreePool (Var);
234 }
235 return EFI_SUCCESS;
236 }
237
238
239 /**
240 Read the specified file by FileName in the Usb key and return the file size in BufferSize
241 and file content in Buffer.
242 Note: the caller is responsible to free the buffer memory.
243
244 @param FileName File to read.
245 @param Buffer Returned with data read from the file.
246 @param BufferSize Size of the data buffer.
247
248 @retval EFI_SUCCESS The command completed successfully.
249 @retval EFI_OUT_OF_RESOURCES Resource allocation failed.
250 @retval EFI_NOT_FOUND File not found.
251 @retval EFI_DEVICE_ERROR Device I/O error.
252
253 **/
254 EFI_STATUS
255 GetFileData (
256 IN CHAR16 *FileName,
257 OUT VOID **Buffer,
258 OUT UINTN *BufferSize
259 )
260 {
261 EFI_STATUS Status;
262 UINTN Index;
263 UINTN HandleCount;
264 UINTN ScratchBufferSize;
265 EFI_HANDLE *HandleBuffer;
266 EFI_FILE *RootFs;
267 EFI_FILE *FileHandle;
268 EFI_FILE_INFO *FileInfo;
269 EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *SimpleFileSystem;
270 EFI_BLOCK_IO_PROTOCOL *BlkIo;
271
272 FileInfo = NULL;
273 FileHandle = NULL;
274
275 Status = gBS->LocateHandleBuffer (
276 ByProtocol,
277 &gEfiSimpleFileSystemProtocolGuid,
278 NULL,
279 &HandleCount,
280 &HandleBuffer
281 );
282 if (EFI_ERROR (Status)) {
283 DEBUG ((DEBUG_ERROR, "Can not Locate SimpleFileSystemProtocol\n"));
284 goto Done;
285 }
286
287 //
288 // Find and open the file in removable media disk.
289 //
290 for (Index = 0; Index < HandleCount; Index++) {
291 Status = gBS->HandleProtocol (
292 HandleBuffer[Index],
293 &gEfiBlockIoProtocolGuid,
294 (VOID **) &BlkIo
295 );
296 if (EFI_ERROR (Status)) {
297 continue;
298 }
299
300 if (BlkIo->Media->RemovableMedia) {
301 Status = gBS->HandleProtocol (
302 HandleBuffer[Index],
303 &gEfiSimpleFileSystemProtocolGuid,
304 (VOID **) &SimpleFileSystem
305 );
306 if (EFI_ERROR (Status)) {
307 continue;
308 }
309
310 Status = SimpleFileSystem->OpenVolume (
311 SimpleFileSystem,
312 &RootFs
313 );
314 if (EFI_ERROR (Status)) {
315 continue;
316 }
317
318 Status = RootFs->Open (
319 RootFs,
320 &FileHandle,
321 FileName,
322 EFI_FILE_MODE_READ,
323 0
324 );
325 if (!EFI_ERROR (Status)) {
326 break;
327 }
328 }
329 }
330
331 FreePool (HandleBuffer);
332
333 if (Index >= HandleCount) {
334 DEBUG ((DEBUG_ERROR, "Can not found the token file!\n"));
335 Status = EFI_NOT_FOUND;
336 goto Done;
337 }
338
339 //
340 // Figure out how big the file is.
341 //
342 ScratchBufferSize = 0;
343 Status = FileHandle->GetInfo (
344 FileHandle,
345 &gEfiFileInfoGuid,
346 &ScratchBufferSize,
347 NULL
348 );
349 if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
350 DEBUG ((DEBUG_ERROR, "Can not obtain file size info!\n"));
351 Status = EFI_DEVICE_ERROR;
352 goto Done;
353 }
354
355 FileInfo = AllocateZeroPool (ScratchBufferSize);
356 if (FileInfo == NULL) {
357 DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token file!\n"));
358 Status = EFI_OUT_OF_RESOURCES;
359 goto Done;
360 }
361
362 Status = FileHandle->GetInfo (
363 FileHandle,
364 &gEfiFileInfoGuid,
365 &ScratchBufferSize,
366 FileInfo
367 );
368 if (EFI_ERROR (Status)) {
369 DEBUG ((DEBUG_ERROR, "Can not obtain file info from the token file!\n"));
370 Status = EFI_DEVICE_ERROR;
371 goto Done;
372 }
373
374 //
375 // Allocate a buffer for the file.
376 //
377 *BufferSize = (UINT32) FileInfo->FileSize;
378 *Buffer = AllocateZeroPool (*BufferSize);
379 if (*Buffer == NULL) {
380 DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n"));
381 Status = EFI_OUT_OF_RESOURCES;
382 goto Done;
383 }
384
385 //
386 // Load file into the allocated memory.
387 //
388 Status = FileHandle->Read (FileHandle, BufferSize, *Buffer);
389 if (EFI_ERROR (Status)) {
390 FreePool (*Buffer);
391 DEBUG ((DEBUG_ERROR, "Can not read the token file!\n"));
392 Status = EFI_DEVICE_ERROR;
393 goto Done;
394 }
395
396 //
397 // Close file.
398 //
399 Status = FileHandle->Close (FileHandle);
400 if (EFI_ERROR (Status)) {
401 FreePool (*Buffer);
402 DEBUG ((DEBUG_ERROR, "Can not close the token file !\n"));
403 Status = EFI_DEVICE_ERROR;
404 }
405
406 Done:
407
408 if (FileInfo != NULL) {
409 FreePool (FileInfo);
410 }
411
412 return Status;
413 }
414
415
416 /**
417 Hash the data to get credential.
418
419 @param[in] Buffer Points to the data buffer
420 @param[in] BufferSize The size of data in buffer, in bytes.
421 @param[out] Credential Points to the hashed result
422
423 @retval TRUE Hash the data successfully.
424 @retval FALSE Failed to hash the data.
425
426 **/
427 BOOLEAN
428 GenerateCredential (
429 IN UINT8 *Buffer,
430 IN UINTN BufferSize,
431 OUT UINT8 *Credential
432 )
433 {
434 BOOLEAN Status;
435 UINTN HashSize;
436 VOID *Hash;
437
438 HashSize = Sha1GetContextSize ();
439 Hash = AllocatePool (HashSize);
440 ASSERT (Hash != NULL);
441
442 Status = Sha1Init (Hash);
443 if (!Status) {
444 goto Done;
445 }
446
447 Status = Sha1Update (Hash, Buffer, BufferSize);
448 if (!Status) {
449 goto Done;
450 }
451
452 Status = Sha1Final (Hash, Credential);
453
454 Done:
455 FreePool (Hash);
456 return Status;
457 }
458
459
460 /**
461 Read the token file, and default the Token is saved at the begining of the file.
462
463 @param[out] Token Token read from a Token file.
464
465 @retval EFI_SUCCESS Read a Token successfully.
466 @retval Others Fails to read a Token.
467
468 **/
469 EFI_STATUS
470 GetToken (
471 OUT UINT8 *Token
472 )
473 {
474 EFI_STATUS Status;
475 UINT8 *Buffer;
476 UINTN BufSize;
477 CHAR16 *TokenFile;
478
479 BufSize = 0;
480 Buffer = NULL;
481 TokenFile = FixedPcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);
482 Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize);
483 if (EFI_ERROR (Status)) {
484 DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", TokenFile, Status));
485 return Status;
486 }
487
488 if (!GenerateCredential (Buffer, BufSize, Token)) {
489 DEBUG ((DEBUG_ERROR, "Generate credential from read data failed!\n"));
490 FreePool (Buffer);
491 return EFI_SECURITY_VIOLATION;
492 }
493
494 FreePool (Buffer);
495 return EFI_SUCCESS;
496 }
497
498
499 /**
500 Find a user infomation record by the information record type.
501
502 This function searches all user information records of User from beginning
503 until either the information is found or there are no more user infomation
504 record. A match occurs when a Info.InfoType field matches the user information
505 record type.
506
507 @param[in] User Points to the user profile record to search.
508 @param[in] InfoType The infomation type to be searched.
509 @param[out] Info Points to the user info found, the caller is responsible
510 to free.
511
512 @retval EFI_SUCCESS Find the user information successfully.
513 @retval Others Fail to find the user information.
514
515 **/
516 EFI_STATUS
517 FindUserInfoByType (
518 IN EFI_USER_PROFILE_HANDLE User,
519 IN UINT8 InfoType,
520 OUT EFI_USER_INFO **Info
521 )
522 {
523 EFI_STATUS Status;
524 EFI_USER_INFO *UserInfo;
525 UINTN UserInfoSize;
526 EFI_USER_INFO_HANDLE UserInfoHandle;
527 EFI_USER_MANAGER_PROTOCOL *UserManager;
528
529 //
530 // Find user information by information type.
531 //
532 if (Info == NULL) {
533 return EFI_INVALID_PARAMETER;
534 }
535
536 Status = gBS->LocateProtocol (
537 &gEfiUserManagerProtocolGuid,
538 NULL,
539 (VOID **) &UserManager
540 );
541 if (EFI_ERROR (Status)) {
542 return EFI_NOT_FOUND;
543 }
544
545 //
546 // Get each user information.
547 //
548
549 UserInfoHandle = NULL;
550 UserInfo = NULL;
551 UserInfoSize = 0;
552 while (TRUE) {
553 Status = UserManager->GetNextInfo (UserManager, User, &UserInfoHandle);
554 if (EFI_ERROR (Status)) {
555 break;
556 }
557 //
558 // Get information.
559 //
560 Status = UserManager->GetInfo (
561 UserManager,
562 User,
563 UserInfoHandle,
564 UserInfo,
565 &UserInfoSize
566 );
567 if (Status == EFI_BUFFER_TOO_SMALL) {
568 if (UserInfo != NULL) {
569 FreePool (UserInfo);
570 }
571 UserInfo = AllocateZeroPool (UserInfoSize);
572 if (UserInfo == NULL) {
573 return EFI_OUT_OF_RESOURCES;
574 }
575 Status = UserManager->GetInfo (
576 UserManager,
577 User,
578 UserInfoHandle,
579 UserInfo,
580 &UserInfoSize
581 );
582 }
583 if (EFI_ERROR (Status)) {
584 break;
585 }
586
587 ASSERT (UserInfo != NULL);
588 if (UserInfo->InfoType == InfoType) {
589 *Info = UserInfo;
590 return EFI_SUCCESS;
591 }
592 }
593
594 if (UserInfo != NULL) {
595 FreePool (UserInfo);
596 }
597 return Status;
598 }
599
600
601 /**
602 This function initialize the data mainly used in form browser.
603
604 @retval EFI_SUCCESS Initialize form data successfully.
605 @retval Others Fail to Initialize form data.
606
607 **/
608 EFI_STATUS
609 InitFormBrowser (
610 VOID
611 )
612 {
613 USB_PROVIDER_CALLBACK_INFO *CallbackInfo;
614
615 //
616 // Initialize driver private data.
617 //
618 CallbackInfo = AllocateZeroPool (sizeof (USB_PROVIDER_CALLBACK_INFO));
619 if (CallbackInfo == NULL) {
620 return EFI_OUT_OF_RESOURCES;
621 }
622
623 CallbackInfo->DriverHandle = NULL;
624
625 //
626 // Publish HII data.
627 //
628 CallbackInfo->HiiHandle = HiiAddPackages (
629 &gUsbCredentialProviderGuid,
630 CallbackInfo->DriverHandle,
631 UsbCredentialProviderStrings,
632 NULL
633 );
634 if (CallbackInfo->HiiHandle == NULL) {
635 return EFI_OUT_OF_RESOURCES;
636 }
637 mCallbackInfo = CallbackInfo;
638
639 return EFI_SUCCESS;
640 }
641
642
643 /**
644 Enroll a user on a credential provider.
645
646 This function enrolls a user on this credential provider. If the user exists on
647 this credential provider, update the user information on this credential provider;
648 otherwise add the user information on credential provider.
649
650 @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL.
651 @param[in] User The user profile to enroll.
652
653 @retval EFI_SUCCESS User profile was successfully enrolled.
654 @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the
655 user profile handle. Either the user profile cannot enroll
656 on any user profile or cannot enroll on a user profile
657 other than the current user profile.
658 @retval EFI_UNSUPPORTED This credential provider does not support enrollment in
659 the pre-OS.
660 @retval EFI_DEVICE_ERROR The new credential could not be created because of a device
661 error.
662 @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
663
664 **/
665 EFI_STATUS
666 EFIAPI
667 CredentialEnroll (
668 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
669 IN EFI_USER_PROFILE_HANDLE User
670 )
671 {
672 EFI_STATUS Status;
673 UINTN Index;
674 USB_INFO UsbInfo;
675 EFI_USER_INFO *UserInfo;
676 EFI_INPUT_KEY Key;
677 EFI_USER_MANAGER_PROTOCOL *UserManager;
678 UINT8 *UserId;
679 CHAR16 *QuestionStr;
680 CHAR16 *PromptStr;
681
682 if ((This == NULL) || (User == NULL)) {
683 return EFI_INVALID_PARAMETER;
684 }
685
686 Status = gBS->LocateProtocol (
687 &gEfiUserManagerProtocolGuid,
688 NULL,
689 (VOID **) &UserManager
690 );
691 if (EFI_ERROR (Status)) {
692 return EFI_UNSUPPORTED;
693 }
694
695 //
696 // Get User Identifier
697 //
698 UserInfo = NULL;
699 Status = FindUserInfoByType (
700 User,
701 EFI_USER_INFO_IDENTIFIER_RECORD,
702 &UserInfo
703 );
704 if (EFI_ERROR (Status)) {
705 return EFI_INVALID_PARAMETER;
706 }
707
708 CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER));
709 FreePool (UserInfo);
710
711 //
712 // Get Token and User ID to UsbInfo.
713 //
714 Status = GetToken (UsbInfo.Token);
715 if (EFI_ERROR (Status)) {
716 QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));
717 PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));
718 CreatePopUp (
719 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
720 &Key,
721 QuestionStr,
722 L"",
723 PromptStr,
724 NULL
725 );
726 FreePool (QuestionStr);
727 FreePool (PromptStr);
728 return Status;
729 }
730
731 //
732 // Check whether User is ever enrolled in the provider.
733 //
734 for (Index = 0; Index < mUsbTable->Count; Index++) {
735 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
736 if (CompareMem (UserId, (UINT8 *) &UsbInfo.UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
737 //
738 // User already exists, update the password.
739 //
740 break;
741 }
742 }
743
744 //
745 // Enroll the User to the provider.
746 //
747 Status = ModifyTable (Index, &UsbInfo);
748 if (EFI_ERROR (Status)) {
749 return Status;
750 }
751
752 //
753 // Notify the user manager driver that credential information has changed.
754 //
755 UserManager->Notify (UserManager, mCallbackInfo->DriverHandle);
756
757 return EFI_SUCCESS;
758 }
759
760
761 /**
762 Returns the user interface information used during user identification.
763
764 This function returns information about the form used when interacting with the
765 user during user identification. The form is the first enabled form in the form-set
766 class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If
767 the user credential provider does not require a form to identify the user, then this
768 function should return EFI_NOT_FOUND.
769
770 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
771 @param[out] Hii On return, holds the HII database handle.
772 @param[out] FormSetId On return, holds the identifier of the form set which contains
773 the form used during user identification.
774 @param[out] FormId On return, holds the identifier of the form used during user
775 identification.
776
777 @retval EFI_SUCCESS Form returned successfully.
778 @retval EFI_NOT_FOUND Form not returned.
779 @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL.
780
781 **/
782 EFI_STATUS
783 EFIAPI
784 CredentialForm (
785 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
786 OUT EFI_HII_HANDLE *Hii,
787 OUT EFI_GUID *FormSetId,
788 OUT EFI_FORM_ID *FormId
789 )
790 {
791 if ((This == NULL) || (Hii == NULL) ||
792 (FormSetId == NULL) || (FormId == NULL)) {
793 return EFI_INVALID_PARAMETER;
794 }
795 return EFI_NOT_FOUND;
796 }
797
798
799 /**
800 Returns bitmap used to describe the credential provider type.
801
802 This optional function returns a bitmap which is less than or equal to the number
803 of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND
804 is returned.
805
806 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
807 @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no
808 bitmap information will be returned. On exit, points to the
809 width of the bitmap returned.
810 @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no
811 bitmap information will be returned. On exit, points to the
812 height of the bitmap returned.
813 @param[out] Hii On return, holds the HII database handle.
814 @param[out] Image On return, holds the HII image identifier.
815
816 @retval EFI_SUCCESS Image identifier returned successfully.
817 @retval EFI_NOT_FOUND Image identifier not returned.
818 @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL.
819
820 **/
821 EFI_STATUS
822 EFIAPI
823 CredentialTile (
824 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
825 IN OUT UINTN *Width,
826 IN OUT UINTN *Height,
827 OUT EFI_HII_HANDLE *Hii,
828 OUT EFI_IMAGE_ID *Image
829 )
830 {
831 if ((This == NULL) || (Hii == NULL) || (Image == NULL)) {
832 return EFI_INVALID_PARAMETER;
833 }
834 return EFI_NOT_FOUND;
835 }
836
837
838 /**
839 Returns string used to describe the credential provider type.
840
841 This function returns a string which describes the credential provider. If no
842 such string exists, then EFI_NOT_FOUND is returned.
843
844 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
845 @param[out] Hii On return, holds the HII database handle.
846 @param[out] String On return, holds the HII string identifier.
847
848 @retval EFI_SUCCESS String identifier returned successfully.
849 @retval EFI_NOT_FOUND String identifier not returned.
850 @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL.
851
852 **/
853 EFI_STATUS
854 EFIAPI
855 CredentialTitle (
856 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
857 OUT EFI_HII_HANDLE *Hii,
858 OUT EFI_STRING_ID *String
859 )
860 {
861 if ((This == NULL) || (Hii == NULL) || (String == NULL)) {
862 return EFI_INVALID_PARAMETER;
863 }
864 //
865 // Set Hii handle and String ID.
866 //
867 *Hii = mCallbackInfo->HiiHandle;
868 *String = STRING_TOKEN (STR_CREDENTIAL_TITLE);
869
870 return EFI_SUCCESS;
871 }
872
873
874 /**
875 Return the user identifier associated with the currently authenticated user.
876
877 This function returns the user identifier of the user authenticated by this credential
878 provider. This function is called after the credential-related information has been
879 submitted on a form OR after a call to Default() has returned that this credential is
880 ready to log on.
881
882 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
883 @param[in] User The user profile handle of the user profile currently being
884 considered by the user identity manager. If NULL, then no user
885 profile is currently under consideration.
886 @param[out] Identifier On return, points to the user identifier.
887
888 @retval EFI_SUCCESS User identifier returned successfully.
889 @retval EFI_NOT_READY No user identifier can be returned.
890 @retval EFI_ACCESS_DENIED The user has been locked out of this user credential.
891 @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL.
892 @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be
893 found in user profile database.
894
895 **/
896 EFI_STATUS
897 EFIAPI
898 CredentialUser (
899 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
900 IN EFI_USER_PROFILE_HANDLE User,
901 OUT EFI_USER_INFO_IDENTIFIER *Identifier
902 )
903 {
904 EFI_STATUS Status;
905 UINTN Index;
906 EFI_USER_INFO *UserInfo;
907 UINT8 *UserId;
908 UINT8 *NewUserId;
909 UINT8 *UserToken;
910 UINT8 ReadToken[HASHED_CREDENTIAL_LEN];
911 EFI_INPUT_KEY Key;
912 EFI_TPL OldTpl;
913 CHAR16 *QuestionStr;
914 CHAR16 *PromptStr;
915
916 if ((This == NULL) || (Identifier == NULL)) {
917 return EFI_INVALID_PARAMETER;
918 }
919
920 if (User == NULL) {
921 //
922 // Verify the auto logon user, get user id by matched token.
923 //
924 if (mUsbTable->Count == 0) {
925 return EFI_NOT_READY;
926 }
927
928 //
929 // No user selected, get token first and verify the user existed in user database.
930 //
931 Status = GetToken (ReadToken);
932 if (EFI_ERROR (Status)) {
933 return EFI_NOT_READY;
934 }
935
936 for (Index = 0; Index < mUsbTable->Count; Index++) {
937 //
938 // find the specified credential in the Usb credential database.
939 //
940 UserToken = mUsbTable->UserInfo[Index].Token;
941 if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {
942 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
943 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
944 return EFI_SUCCESS;
945 }
946 }
947
948 return EFI_NOT_READY;
949 }
950
951 //
952 // User is not NULL here. Read a token, and check whether the token matches with
953 // the selected user's Token. If not, try to find a token in token DB to matches
954 // with read token.
955 //
956
957 Status = GetToken (ReadToken);
958 if (EFI_ERROR (Status)) {
959 QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR));
960 PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN));
961 OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
962 gBS->RestoreTPL (TPL_APPLICATION);
963 CreatePopUp (
964 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
965 &Key,
966 QuestionStr,
967 L"",
968 PromptStr,
969 NULL
970 );
971 gBS->RaiseTPL (OldTpl);
972 FreePool (QuestionStr);
973 FreePool (PromptStr);
974 return EFI_NOT_FOUND;
975 }
976
977 //
978 // Get the selected user's identifier.
979 //
980 Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, &UserInfo);
981 if (EFI_ERROR (Status)) {
982 return EFI_NOT_FOUND;
983 }
984
985 //
986 // Check the selected user's Token with the read token.
987 //
988 for (Index = 0; Index < mUsbTable->Count; Index++) {
989 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
990 NewUserId = (UINT8 *) (UserInfo + 1);
991 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
992 //
993 // The user's ID is found in the UsbTable.
994 //
995 UserToken = mUsbTable->UserInfo[Index].Token;
996 if (CompareMem (UserToken, ReadToken, HASHED_CREDENTIAL_LEN) == 0) {
997 //
998 // The read token matches with the one in UsbTable.
999 //
1000 CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER));
1001 FreePool (UserInfo);
1002 return EFI_SUCCESS;
1003 }
1004 }
1005 }
1006
1007 FreePool (UserInfo);
1008
1009 return EFI_NOT_READY;
1010 }
1011
1012
1013 /**
1014 Indicate that user interface interaction has begun for the specified credential.
1015
1016 This function is called when a credential provider is selected by the user. If
1017 AutoLogon returns FALSE, then the user interface will be constructed by the User
1018 Identity Manager.
1019
1020 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1021 @param[out] AutoLogon On return, points to the credential provider's capabilities
1022 after the credential provider has been selected by the user.
1023
1024 @retval EFI_SUCCESS Credential provider successfully selected.
1025 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1026
1027 **/
1028 EFI_STATUS
1029 EFIAPI
1030 CredentialSelect (
1031 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1032 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1033 )
1034 {
1035 if ((This == NULL) || (AutoLogon == NULL)) {
1036 return EFI_INVALID_PARAMETER;
1037 }
1038
1039 *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO;
1040
1041 return EFI_SUCCESS;
1042 }
1043
1044
1045 /**
1046 Indicate that user interface interaction has ended for the specified credential.
1047
1048 This function is called when a credential provider is deselected by the user.
1049
1050 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1051
1052 @retval EFI_SUCCESS Credential provider successfully deselected.
1053
1054 **/
1055 EFI_STATUS
1056 EFIAPI
1057 CredentialDeselect (
1058 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This
1059 )
1060 {
1061 if (This == NULL) {
1062 return EFI_INVALID_PARAMETER;
1063 }
1064 return EFI_SUCCESS;
1065 }
1066
1067
1068 /**
1069 Return the default logon behavior for this user credential.
1070
1071 This function reports the default login behavior regarding this credential provider.
1072
1073 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1074 @param[out] AutoLogon On return, holds whether the credential provider should be used
1075 by default to automatically log on the user.
1076
1077 @retval EFI_SUCCESS Default information successfully returned.
1078 @retval EFI_INVALID_PARAMETER AutoLogon is NULL.
1079
1080 **/
1081 EFI_STATUS
1082 EFIAPI
1083 CredentialDefault (
1084 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1085 OUT EFI_CREDENTIAL_LOGON_FLAGS *AutoLogon
1086 )
1087 {
1088 if ((This == NULL) || (AutoLogon == NULL)) {
1089 return EFI_INVALID_PARAMETER;
1090 }
1091
1092 *AutoLogon = EFI_CREDENTIAL_LOGON_FLAG_DEFAULT | EFI_CREDENTIAL_LOGON_FLAG_AUTO;
1093 return EFI_SUCCESS;
1094 }
1095
1096
1097 /**
1098 Return information attached to the credential provider.
1099
1100 This function returns user information.
1101
1102 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1103 @param[in] UserInfo Handle of the user information data record.
1104 @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On
1105 exit, holds the user information. If the buffer is too small
1106 to hold the information, then EFI_BUFFER_TOO_SMALL is returned
1107 and InfoSize is updated to contain the number of bytes actually
1108 required.
1109 @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the
1110 size of the user information.
1111
1112 @retval EFI_SUCCESS Information returned successfully.
1113 @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the
1114 user information. The size required is returned in *InfoSize.
1115 @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL.
1116 @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle.
1117
1118 **/
1119 EFI_STATUS
1120 EFIAPI
1121 CredentialGetInfo (
1122 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1123 IN EFI_USER_INFO_HANDLE UserInfo,
1124 OUT EFI_USER_INFO *Info,
1125 IN OUT UINTN *InfoSize
1126 )
1127 {
1128 EFI_USER_INFO *CredentialInfo;
1129 UINTN Index;
1130
1131 if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) {
1132 return EFI_INVALID_PARAMETER;
1133 }
1134
1135 if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) {
1136 return EFI_NOT_FOUND;
1137 }
1138
1139 //
1140 // Find information handle in credential info table.
1141 //
1142 for (Index = 0; Index < mUsbInfoHandle->Count; Index++) {
1143 CredentialInfo = mUsbInfoHandle->Info[Index];
1144 if (UserInfo == (EFI_USER_INFO_HANDLE)CredentialInfo) {
1145 //
1146 // The handle is found, copy the user info.
1147 //
1148 if (CredentialInfo->InfoSize > *InfoSize) {
1149 *InfoSize = CredentialInfo->InfoSize;
1150 return EFI_BUFFER_TOO_SMALL;
1151 }
1152
1153 CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize);
1154 return EFI_SUCCESS;
1155 }
1156 }
1157
1158 return EFI_NOT_FOUND;
1159 }
1160
1161
1162 /**
1163 Enumerate all of the user informations on the credential provider.
1164
1165 This function returns the next user information record. To retrieve the first user
1166 information record handle, point UserInfo at a NULL. Each subsequent call will retrieve
1167 another user information record handle until there are no more, at which point UserInfo
1168 will point to NULL.
1169
1170 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1171 @param[in, out] UserInfo On entry, points to the previous user information handle or NULL
1172 to start enumeration. On exit, points to the next user information
1173 handle or NULL if there is no more user information.
1174
1175 @retval EFI_SUCCESS User information returned.
1176 @retval EFI_NOT_FOUND No more user information found.
1177 @retval EFI_INVALID_PARAMETER UserInfo is NULL.
1178
1179 **/
1180 EFI_STATUS
1181 EFIAPI
1182 CredentialGetNextInfo (
1183 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1184 IN OUT EFI_USER_INFO_HANDLE *UserInfo
1185 )
1186 {
1187 EFI_USER_INFO *Info;
1188 CHAR16 *ProvNameStr;
1189 UINTN InfoLen;
1190 UINTN Index;
1191 UINTN ProvStrLen;
1192
1193 if ((This == NULL) || (UserInfo == NULL)) {
1194 return EFI_INVALID_PARAMETER;
1195 }
1196
1197 if (mUsbInfoHandle == NULL) {
1198 //
1199 // Initilized user info table. There are 4 user info records in the table.
1200 //
1201 InfoLen = sizeof (USB_CREDENTIAL_INFO) + (4 - 1) * sizeof (EFI_USER_INFO *);
1202 mUsbInfoHandle = AllocateZeroPool (InfoLen);
1203 if (mUsbInfoHandle == NULL) {
1204 *UserInfo = NULL;
1205 return EFI_NOT_FOUND;
1206 }
1207
1208 //
1209 // The first information, Credential Provider info.
1210 //
1211 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1212 Info = AllocateZeroPool (InfoLen);
1213 ASSERT (Info != NULL);
1214
1215 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD;
1216 Info->InfoSize = (UINT32) InfoLen;
1217 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1218 CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);
1219 CopyGuid ((EFI_GUID *)(Info + 1), &gUsbCredentialProviderGuid);
1220
1221 mUsbInfoHandle->Info[0] = Info;
1222 mUsbInfoHandle->Count++;
1223
1224 //
1225 // The second information, Credential Provider name info.
1226 //
1227 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_NAME));
1228 ProvStrLen = StrSize (ProvNameStr);
1229 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1230 Info = AllocateZeroPool (InfoLen);
1231 ASSERT (Info != NULL);
1232
1233 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1234 Info->InfoSize = (UINT32) InfoLen;
1235 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1236 CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);
1237 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1238 FreePool (ProvNameStr);
1239
1240 mUsbInfoHandle->Info[1] = Info;
1241 mUsbInfoHandle->Count++;
1242
1243 //
1244 // The third information, Credential Provider type info.
1245 //
1246 InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID);
1247 Info = AllocateZeroPool (InfoLen);
1248 ASSERT (Info != NULL);
1249
1250 Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD;
1251 Info->InfoSize = (UINT32) InfoLen;
1252 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1253 CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);
1254 CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassSecureCardGuid);
1255
1256 mUsbInfoHandle->Info[2] = Info;
1257 mUsbInfoHandle->Count++;
1258
1259 //
1260 // The fourth information, Credential Provider type name info.
1261 //
1262 ProvNameStr = GetStringById (STRING_TOKEN (STR_PROVIDER_TYPE_NAME));
1263 ProvStrLen = StrSize (ProvNameStr);
1264 InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen;
1265 Info = AllocateZeroPool (InfoLen);
1266 ASSERT (Info != NULL);
1267
1268 Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD;
1269 Info->InfoSize = (UINT32) InfoLen;
1270 Info->InfoAttribs = EFI_USER_INFO_PROTECTED;
1271 CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid);
1272 CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen);
1273 FreePool (ProvNameStr);
1274
1275 mUsbInfoHandle->Info[3] = Info;
1276 mUsbInfoHandle->Count++;
1277 }
1278
1279 if (*UserInfo == NULL) {
1280 //
1281 // Return the first info handle.
1282 //
1283 *UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0];
1284 return EFI_SUCCESS;
1285 }
1286
1287 //
1288 // Find information handle in credential info table.
1289 //
1290 for (Index = 0; Index < mUsbInfoHandle->Count; Index++) {
1291 Info = mUsbInfoHandle->Info[Index];
1292 if (*UserInfo == (EFI_USER_INFO_HANDLE)Info) {
1293 //
1294 // The handle is found, get the next one.
1295 //
1296 if (Index == mUsbInfoHandle->Count - 1) {
1297 //
1298 // Already last one.
1299 //
1300 *UserInfo = NULL;
1301 return EFI_NOT_FOUND;
1302 }
1303 Index++;
1304 *UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index];
1305 return EFI_SUCCESS;
1306 }
1307 }
1308
1309 *UserInfo = NULL;
1310 return EFI_NOT_FOUND;
1311 }
1312
1313
1314 /**
1315 Delete a user on this credential provider.
1316
1317 This function deletes a user on this credential provider.
1318
1319 @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL.
1320 @param[in] User The user profile handle to delete.
1321
1322 @retval EFI_SUCCESS User profile was successfully deleted.
1323 @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle.
1324 Either the user profile cannot delete on any user profile or cannot delete
1325 on a user profile other than the current user profile.
1326 @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS.
1327 @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error.
1328 @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle.
1329 **/
1330 EFI_STATUS
1331 EFIAPI
1332 CredentialDelete (
1333 IN CONST EFI_USER_CREDENTIAL2_PROTOCOL *This,
1334 IN EFI_USER_PROFILE_HANDLE User
1335 )
1336 {
1337 EFI_STATUS Status;
1338 EFI_USER_INFO *UserInfo;
1339 UINT8 *UserId;
1340 UINT8 *NewUserId;
1341 UINTN Index;
1342
1343 if ((This == NULL) || (User == NULL)) {
1344 return EFI_INVALID_PARAMETER;
1345 }
1346
1347 //
1348 // Get User Identifier.
1349 //
1350 UserInfo = NULL;
1351 Status = FindUserInfoByType (
1352 User,
1353 EFI_USER_INFO_IDENTIFIER_RECORD,
1354 &UserInfo
1355 );
1356 if (EFI_ERROR (Status)) {
1357 return EFI_INVALID_PARAMETER;
1358 }
1359
1360 //
1361 // Find the user by user identifier in mPwdTable.
1362 //
1363 for (Index = 0; Index < mUsbTable->Count; Index++) {
1364 UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId;
1365 NewUserId = (UINT8 *) (UserInfo + 1);
1366 if (CompareMem (UserId, NewUserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) {
1367 //
1368 // Found the user, delete it.
1369 //
1370 ModifyTable (Index, NULL);
1371 break;
1372 }
1373 }
1374
1375 FreePool (UserInfo);
1376 return EFI_SUCCESS;
1377 }
1378
1379
1380 /**
1381 Main entry for this driver.
1382
1383 @param ImageHandle Image handle this driver.
1384 @param SystemTable Pointer to SystemTable.
1385
1386 @retval EFI_SUCESS This function always complete successfully.
1387
1388 **/
1389 EFI_STATUS
1390 EFIAPI
1391 UsbProviderInit (
1392 IN EFI_HANDLE ImageHandle,
1393 IN EFI_SYSTEM_TABLE *SystemTable
1394 )
1395 {
1396 EFI_STATUS Status;
1397
1398 //
1399 // Init credential table.
1400 //
1401 Status = InitCredentialTable ();
1402 if (EFI_ERROR (Status)) {
1403 return Status;
1404 }
1405
1406 //
1407 // Init Form Browser
1408 //
1409 Status = InitFormBrowser ();
1410 if (EFI_ERROR (Status)) {
1411 return Status;
1412 }
1413
1414 //
1415 // Install protocol interfaces for the Usb Credential Provider.
1416 //
1417 Status = gBS->InstallProtocolInterface (
1418 &mCallbackInfo->DriverHandle,
1419 &gEfiUserCredential2ProtocolGuid,
1420 EFI_NATIVE_INTERFACE,
1421 &gUsbCredentialProviderDriver
1422 );
1423 return Status;
1424 }
EFI Development Kit II mirror for PVE