SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.h

   1 /** @file
   2   The internal header file includes the common header files, defines
   3   internal structure and functions used by AuthService module.
   4
   5 Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
   6 This program and the accompanying materials
   7 are licensed and made available under the terms and conditions of the BSD License
   8 which accompanies this distribution.  The full text of the license may be found at
   9 http://opensource.org/licenses/bsd-license.php
  10
  11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  13
  14 **/
  15
  16 #ifndef _AUTHSERVICE_H_
  17 #define _AUTHSERVICE_H_
  18
  19 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
  20 #define EFI_CERT_TYPE_RSA2048_SIZE        256
  21
  22 ///
  23 /// Size of AuthInfo prior to the data payload
  24 ///
  25 #define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
  26
  27 ///
  28 /// Item number of support signature types.
  29 ///
  30 #define SIGSUPPORT_NUM 2
  31
  32 /**
  33   Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.
  34
  35   @param[in]  Data                        The data pointer.
  36   @param[in]  DataSize                    The size of Data found. If size is less than the
  37                                           data, this value contains the required size.
  38   @param[in]  VirtualMode                 The current calling mode for this function.
  39   @param[in]  Global                      The context of this Extended SAL Variable Services Class call.
  40   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
  41   @param[in]  Attributes                  The attribute value of the variable.
  42   @param[out] KeyIndex                    The output index of corresponding public key in database.
  43   @param[out] MonotonicCount              The output value of corresponding Monotonic Count.
  44
  45   @retval EFI_INVALID_PARAMETER           Invalid parameter.
  46   @retval EFI_WRITE_PROTECTED             The variable is write-protected and needs authentication with
  47                                           EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
  48   @retval EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
  49                                           set, but the AuthInfo does NOT pass the validation
  50                                           check carried out by the firmware.
  51   @retval EFI_SUCCESS                     The variable is not write-protected, or passed validation successfully.
  52
  53 **/
  54 EFI_STATUS
  55 VerifyVariable (
  56   IN  VOID                      *Data,
  57   IN  UINTN                     DataSize,
  58   IN  BOOLEAN                   VirtualMode,
  59   IN  ESAL_VARIABLE_GLOBAL      *Global,
  60   IN  VARIABLE_POINTER_TRACK    *Variable,
  61   IN  UINT32                    Attributes OPTIONAL,
  62   OUT UINT32                    *KeyIndex OPTIONAL,
  63   OUT UINT64                    *MonotonicCount OPTIONAL
  64   );
  65
  66 /**
  67   Initializes for authenticated varibale service.
  68
  69   @retval EFI_SUCCESS           The function successfully executed.
  70   @retval EFI_OUT_OF_RESOURCES  Failed to allocate enough memory resources.
  71
  72 **/
  73 EFI_STATUS
  74 AutenticatedVariableServiceInitialize (
  75   VOID
  76   );
  77
  78 /**
  79   Initializes for cryptlib service before use, include register algrithm and allocate scratch.
  80
  81 **/
  82 VOID
  83 CryptLibraryInitialize (
  84   VOID
  85   );
  86
  87 /**
  88   Process variable with platform key for verification.
  89
  90   @param[in]  VariableName                The name of Variable to be found.
  91   @param[in]  VendorGuid                  Variable vendor GUID.
  92   @param[in]  Data                        The data pointer.
  93   @param[in]  DataSize                    The size of Data found. If size is less than the
  94                                           data, this value contains the required size.
  95   @param[in]  VirtualMode                 The current calling mode for this function.
  96   @param[in]  Global                      The context of this Extended SAL Variable Services Class call.
  97   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
  98   @param[in]  Attributes                  The attribute value of the variable.
  99   @param[in]  IsPk                        Indicates whether to process pk.
 100
 101   @retval EFI_INVALID_PARAMETER           Invalid parameter.
 102   @retval EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
 103                                           check carried out by the firmware.
 104   @retval EFI_SUCCESS                     The variable passed validation successfully.
 105
 106 **/
 107 EFI_STATUS
 108 ProcessVarWithPk (
 109   IN  CHAR16                    *VariableName,
 110   IN  EFI_GUID                  *VendorGuid,
 111   IN  VOID                      *Data,
 112   IN  UINTN                     DataSize,
 113   IN  BOOLEAN                   VirtualMode,
 114   IN  ESAL_VARIABLE_GLOBAL      *Global,
 115   IN  VARIABLE_POINTER_TRACK    *Variable,
 116   IN  UINT32                    Attributes OPTIONAL,
 117   IN  BOOLEAN                   IsPk
 118   );
 119
 120 /**
 121   Process variable with key exchange key for verification.
 122
 123   @param[in]  VariableName                The name of Variable to be found.
 124   @param[in]  VendorGuid                  The variable vendor GUID.
 125   @param[in]  Data                        The data pointer.
 126   @param[in]  DataSize                    Size of Data found. If size is less than the
 127                                           data, this value contains the required size.
 128   @param[in]  VirtualMode                 The current calling mode for this function.
 129   @param[in]  Global                      The context of this Extended SAL Variable Services Class call.
 130   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
 131   @param[in]  Attributes                  The attribute value of the variable.
 132
 133   @retval EFI_INVALID_PARAMETER           Invalid parameter.
 134   @retval EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
 135                                           check carried out by the firmware.
 136   @retval EFI_SUCCESS                     The variable passed validation successfully.
 137
 138 **/
 139 EFI_STATUS
 140 ProcessVarWithKek (
 141   IN  CHAR16                               *VariableName,
 142   IN  EFI_GUID                             *VendorGuid,
 143   IN  VOID                                 *Data,
 144   IN  UINTN                                DataSize,
 145   IN  BOOLEAN                              VirtualMode,
 146   IN  ESAL_VARIABLE_GLOBAL                 *Global,
 147   IN  VARIABLE_POINTER_TRACK               *Variable,
 148   IN  UINT32                               Attributes OPTIONAL
 149   );
 150
 151 #endif