SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h

   1 /** @file
   2   The internal header file includes the common header files, defines
   3   internal structure and functions used by AuthService module.
   4
   5 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
   6 This program and the accompanying materials
   7 are licensed and made available under the terms and conditions of the BSD License
   8 which accompanies this distribution.  The full text of the license may be found at
   9 http://opensource.org/licenses/bsd-license.php
  10
  11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  13
  14 **/
  15
  16 #ifndef _AUTHSERVICE_H_
  17 #define _AUTHSERVICE_H_
  18
  19 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
  20 #define EFI_CERT_TYPE_RSA2048_SIZE        256
  21
  22 ///
  23 /// Size of AuthInfo prior to the data payload
  24 ///
  25 #define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
  26
  27 ///
  28 /// "AuthVarKeyDatabase" variable for the Public Key store.
  29 ///
  30 #define AUTHVAR_KEYDB_NAME      L"AuthVarKeyDatabase"
  31 #define AUTHVAR_KEYDB_NAME_SIZE 38
  32
  33 ///
  34 /// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.
  35 ///
  36 #define MAX_KEYDB_SIZE  (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)
  37 #define MAX_KEY_NUM     (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
  38
  39 ///
  40 /// Item number of support signature types.
  41 ///
  42 #define SIGSUPPORT_NUM 2
  43
  44
  45 /**
  46   Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
  47
  48   @param[in]  VariableName                Name of Variable to be found.
  49   @param[in]  VendorGuid                  Variable vendor GUID.
  50
  51   @param[in]  Data                        Data pointer.
  52   @param[in]  DataSize                    Size of Data found. If size is less than the
  53                                           data, this value contains the required size.
  54   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
  55   @param[in]  Attributes                  Attribute value of the variable.
  56
  57   @return EFI_INVALID_PARAMETER           Invalid parameter
  58   @return EFI_WRITE_PROTECTED             Variable is write-protected and needs authentication with
  59                                           EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
  60   @return EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
  61                                           set, but the AuthInfo does NOT pass the validation
  62                                           check carried out by the firmware.
  63   @return EFI_SUCCESS                     Variable is not write-protected, or passed validation successfully.
  64
  65 **/
  66 EFI_STATUS
  67 ProcessVariable (
  68   IN     CHAR16                             *VariableName,
  69   IN     EFI_GUID                           *VendorGuid,
  70   IN     VOID                               *Data,
  71   IN     UINTN                              DataSize,
  72   IN     VARIABLE_POINTER_TRACK             *Variable,
  73   IN     UINT32                             Attributes
  74   );
  75
  76 /**
  77   Initializes for authenticated varibale service.
  78
  79   @retval EFI_SUCCESS           Function successfully executed.
  80   @retval EFI_OUT_OF_RESOURCES  Fail to allocate enough memory resource.
  81
  82 **/
  83 EFI_STATUS
  84 AutenticatedVariableServiceInitialize (
  85   VOID
  86   );
  87
  88 /**
  89   Initializes for cryptlib service before use, include register algrithm and allocate scratch.
  90
  91 **/
  92 VOID
  93 CryptLibraryInitialize (
  94   VOID
  95   );
  96
  97 /**
  98   Process variable with platform key for verification.
  99
 100   @param[in]  VariableName                Name of Variable to be found.
 101   @param[in]  VendorGuid                  Variable vendor GUID.
 102   @param[in]  Data                        Data pointer.
 103   @param[in]  DataSize                    Size of Data found. If size is less than the
 104                                           data, this value contains the required size.
 105   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
 106   @param[in]  Attributes                  Attribute value of the variable.
 107   @param[in]  IsPk                        Indicate whether it is to process pk.
 108
 109   @return EFI_INVALID_PARAMETER           Invalid parameter
 110   @return EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
 111                                           check carried out by the firmware.
 112   @return EFI_SUCCESS                     Variable passed validation successfully.
 113
 114 **/
 115 EFI_STATUS
 116 ProcessVarWithPk (
 117   IN  CHAR16                    *VariableName,
 118   IN  EFI_GUID                  *VendorGuid,
 119   IN  VOID                      *Data,
 120   IN  UINTN                     DataSize,
 121   IN  VARIABLE_POINTER_TRACK    *Variable,
 122   IN  UINT32                    Attributes OPTIONAL,
 123   IN  BOOLEAN                   IsPk
 124   );
 125
 126 /**
 127   Process variable with key exchange key for verification.
 128
 129   @param[in]  VariableName                Name of Variable to be found.
 130   @param[in]  VendorGuid                  Variable vendor GUID.
 131   @param[in]  Data                        Data pointer.
 132   @param[in]  DataSize                    Size of Data found. If size is less than the
 133                                           data, this value contains the required size.
 134   @param[in]  Variable                    The variable information that is used to keep track of variable usage.
 135   @param[in]  Attributes                  Attribute value of the variable.
 136
 137   @return EFI_INVALID_PARAMETER           Invalid parameter.
 138   @return EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
 139                                           check carried out by the firmware.
 140   @return EFI_SUCCESS                     Variable passed validation successfully.
 141
 142 **/
 143 EFI_STATUS
 144 ProcessVarWithKek (
 145   IN  CHAR16                    *VariableName,
 146   IN  EFI_GUID                  *VendorGuid,
 147   IN  VOID                      *Data,
 148   IN  UINTN                     DataSize,
 149   IN  VARIABLE_POINTER_TRACK    *Variable,
 150   IN  UINT32                    Attributes OPTIONAL
 151   );
 152
 153 /**
 154   Compare two EFI_TIME data.
 155
 156
 157   @param FirstTime           A pointer to the first EFI_TIME data.
 158   @param SecondTime          A pointer to the second EFI_TIME data.
 159
 160   @retval  TRUE              The FirstTime is not later than the SecondTime.
 161   @retval  FALSE             The FirstTime is later than the SecondTime.
 162
 163 **/
 164 BOOLEAN
 165 CompareTimeStamp (
 166   IN EFI_TIME               *FirstTime,
 167   IN EFI_TIME               *SecondTime
 168   );
 169
 170
 171 /**
 172   Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
 173
 174   @param[in]  VariableName                Name of Variable to be found.
 175   @param[in]  VendorGuid                  Variable vendor GUID.
 176   @param[in]  Data                        Data pointer.
 177   @param[in]  DataSize                    Size of Data found. If size is less than the
 178                                           data, this value contains the required size.
 179   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
 180   @param[in]  Attributes                  Attribute value of the variable.
 181   @param[in]  Pk                          Verify against PK or KEK database.
 182   @param[out] VarDel                      Delete the variable or not.
 183
 184   @retval EFI_INVALID_PARAMETER           Invalid parameter.
 185   @retval EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
 186                                           check carried out by the firmware.
 187   @retval EFI_OUT_OF_RESOURCES            Failed to process variable due to lack
 188                                           of resources.
 189   @retval EFI_SUCCESS                     Variable pass validation successfully.
 190
 191 **/
 192 EFI_STATUS
 193 VerifyTimeBasedPayload (
 194   IN     CHAR16                             *VariableName,
 195   IN     EFI_GUID                           *VendorGuid,
 196   IN     VOID                               *Data,
 197   IN     UINTN                              DataSize,
 198   IN     VARIABLE_POINTER_TRACK             *Variable,
 199   IN     UINT32                             Attributes,
 200   IN     BOOLEAN                            Pk,
 201   OUT    BOOLEAN                            *VarDel
 202   );
 203
 204 extern UINT8  mPubKeyStore[MAX_KEYDB_SIZE];
 205 extern UINT32 mPubKeyNumber;
 206 extern VOID   *mHashCtx;
 207 extern VOID   *mStorageArea;
 208
 209 #endif