SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h

   1 /** @file
   2   The internal header file includes the common header files, defines
   3   internal structure and functions used by AuthService module.
   4
   5   Caution: This module requires additional review when modified.
   6   This driver will have external input - variable data. It may be input in SMM mode.
   7   This external input must be validated carefully to avoid security issue like
   8   buffer overflow, integer overflow.
   9   Variable attribute should also be checked to avoid authentication bypass.
  10      The whole SMM authentication variable design relies on the integrity of flash part and SMM.
  11   which is assumed to be protected by platform.  All variable code and metadata in flash/SMM Memory
  12   may not be modified without authorization. If platform fails to protect these resources,
  13   the authentication service provided in this driver will be broken, and the behavior is undefined.
  14
  15 Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
  16 This program and the accompanying materials
  17 are licensed and made available under the terms and conditions of the BSD License
  18 which accompanies this distribution.  The full text of the license may be found at
  19 http://opensource.org/licenses/bsd-license.php
  20
  21 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  22 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  23
  24 **/
  25
  26 #ifndef _AUTHSERVICE_H_
  27 #define _AUTHSERVICE_H_
  28
  29 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
  30 #define EFI_CERT_TYPE_RSA2048_SIZE        256
  31
  32 ///
  33 /// Size of AuthInfo prior to the data payload.
  34 ///
  35 #define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \
  36                        (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \
  37                        sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
  38
  39 #define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
  40                                   (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)
  41
  42 #define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
  43                                        (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))
  44
  45 ///
  46 /// "AuthVarKeyDatabase" variable for the Public Key store.
  47 ///
  48 #define AUTHVAR_KEYDB_NAME      L"AuthVarKeyDatabase"
  49
  50 ///
  51 /// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX
  52 /// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
  53 ///
  54 ///
  55 #define EFI_CERT_DB_NAME        L"certdb"
  56
  57 ///
  58 /// Struct to record signature requirement defined by UEFI spec.
  59 /// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.
  60 ///
  61 typedef struct {
  62   EFI_GUID    SigType;
  63   // Expected SignatureHeader size in Bytes.
  64   UINT32      SigHeaderSize;
  65   // Expected SignatureData size in Bytes.
  66   UINT32      SigDataSize;
  67 } EFI_SIGNATURE_ITEM;
  68
  69 typedef enum {
  70   AuthVarTypePk,
  71   AuthVarTypeKek,
  72   AuthVarTypePriv,
  73   AuthVarTypePayload
  74 } AUTHVAR_TYPE;
  75
  76 #pragma pack(1)
  77 typedef struct {
  78   EFI_GUID    VendorGuid;
  79   UINT32      CertNodeSize;
  80   UINT32      NameSize;
  81   UINT32      CertDataSize;
  82   /// CHAR16  VariableName[NameSize];
  83   /// UINT8   CertData[CertDataSize];
  84 } AUTH_CERT_DB_DATA;
  85 #pragma pack()
  86
  87 /**
  88   Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
  89
  90   Caution: This function may receive untrusted input.
  91   This function may be invoked in SMM mode, and datasize and data are external input.
  92   This function will do basic validation, before parse the data.
  93   This function will parse the authentication carefully to avoid security issues, like
  94   buffer overflow, integer overflow.
  95   This function will check attribute carefully to avoid authentication bypass.
  96
  97   @param[in]  VariableName                Name of Variable to be found.
  98   @param[in]  VendorGuid                  Variable vendor GUID.
  99
 100   @param[in]  Data                        Data pointer.
 101   @param[in]  DataSize                    Size of Data found. If size is less than the
 102                                           data, this value contains the required size.
 103   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
 104   @param[in]  Attributes                  Attribute value of the variable.
 105
 106   @return EFI_INVALID_PARAMETER           Invalid parameter
 107   @return EFI_WRITE_PROTECTED             Variable is write-protected and needs authentication with
 108                                           EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
 109   @return EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
 110                                           set, but the AuthInfo does NOT pass the validation
 111                                           check carried out by the firmware.
 112   @return EFI_SUCCESS                     Variable is not write-protected, or passed validation successfully.
 113
 114 **/
 115 EFI_STATUS
 116 ProcessVariable (
 117   IN     CHAR16                             *VariableName,
 118   IN     EFI_GUID                           *VendorGuid,
 119   IN     VOID                               *Data,
 120   IN     UINTN                              DataSize,
 121   IN     VARIABLE_POINTER_TRACK             *Variable,
 122   IN     UINT32                             Attributes
 123   );
 124
 125 /**
 126   Update platform mode.
 127
 128   @param[in]      Mode                    SETUP_MODE or USER_MODE.
 129
 130   @return EFI_INVALID_PARAMETER           Invalid parameter.
 131   @return EFI_SUCCESS                     Update platform mode successfully.
 132
 133 **/
 134 EFI_STATUS
 135 UpdatePlatformMode (
 136   IN  UINT32                    Mode
 137   );
 138
 139 /**
 140   Initializes for authenticated varibale service.
 141
 142   @retval EFI_SUCCESS           Function successfully executed.
 143   @retval EFI_OUT_OF_RESOURCES  Fail to allocate enough memory resource.
 144
 145 **/
 146 EFI_STATUS
 147 AutenticatedVariableServiceInitialize (
 148   VOID
 149   );
 150
 151 /**
 152   Initializes for cryptlib service before use, include register algrithm and allocate scratch.
 153
 154 **/
 155 VOID
 156 CryptLibraryInitialize (
 157   VOID
 158   );
 159
 160 /**
 161   Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK variable.
 162
 163   @param[in]  VariableName                Name of Variable to be check.
 164   @param[in]  VendorGuid                  Variable vendor GUID.
 165   @param[in]  Data                        Point to the variable data to be checked.
 166   @param[in]  DataSize                    Size of Data.
 167
 168   @return EFI_INVALID_PARAMETER           Invalid signature list format.
 169   @return EFI_SUCCESS                     Passed signature list format check successfully.
 170
 171 **/
 172 EFI_STATUS
 173 CheckSignatureListFormat(
 174   IN  CHAR16                    *VariableName,
 175   IN  EFI_GUID                  *VendorGuid,
 176   IN  VOID                      *Data,
 177   IN  UINTN                     DataSize
 178   );
 179
 180 /**
 181   Process variable with platform key for verification.
 182
 183   Caution: This function may receive untrusted input.
 184   This function may be invoked in SMM mode, and datasize and data are external input.
 185   This function will do basic validation, before parse the data.
 186   This function will parse the authentication carefully to avoid security issues, like
 187   buffer overflow, integer overflow.
 188   This function will check attribute carefully to avoid authentication bypass.
 189
 190   @param[in]  VariableName                Name of Variable to be found.
 191   @param[in]  VendorGuid                  Variable vendor GUID.
 192   @param[in]  Data                        Data pointer.
 193   @param[in]  DataSize                    Size of Data found. If size is less than the
 194                                           data, this value contains the required size.
 195   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
 196   @param[in]  Attributes                  Attribute value of the variable.
 197   @param[in]  IsPk                        Indicate whether it is to process pk.
 198
 199   @return EFI_INVALID_PARAMETER           Invalid parameter
 200   @return EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
 201                                           check carried out by the firmware.
 202   @return EFI_SUCCESS                     Variable passed validation successfully.
 203
 204 **/
 205 EFI_STATUS
 206 ProcessVarWithPk (
 207   IN  CHAR16                    *VariableName,
 208   IN  EFI_GUID                  *VendorGuid,
 209   IN  VOID                      *Data,
 210   IN  UINTN                     DataSize,
 211   IN  VARIABLE_POINTER_TRACK    *Variable,
 212   IN  UINT32                    Attributes OPTIONAL,
 213   IN  BOOLEAN                   IsPk
 214   );
 215
 216 /**
 217   Process variable with key exchange key for verification.
 218
 219   Caution: This function may receive untrusted input.
 220   This function may be invoked in SMM mode, and datasize and data are external input.
 221   This function will do basic validation, before parse the data.
 222   This function will parse the authentication carefully to avoid security issues, like
 223   buffer overflow, integer overflow.
 224   This function will check attribute carefully to avoid authentication bypass.
 225
 226   @param[in]  VariableName                Name of Variable to be found.
 227   @param[in]  VendorGuid                  Variable vendor GUID.
 228   @param[in]  Data                        Data pointer.
 229   @param[in]  DataSize                    Size of Data found. If size is less than the
 230                                           data, this value contains the required size.
 231   @param[in]  Variable                    The variable information that is used to keep track of variable usage.
 232   @param[in]  Attributes                  Attribute value of the variable.
 233
 234   @return EFI_INVALID_PARAMETER           Invalid parameter.
 235   @return EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
 236                                           check carried out by the firmware.
 237   @return EFI_SUCCESS                     Variable passed validation successfully.
 238
 239 **/
 240 EFI_STATUS
 241 ProcessVarWithKek (
 242   IN  CHAR16                    *VariableName,
 243   IN  EFI_GUID                  *VendorGuid,
 244   IN  VOID                      *Data,
 245   IN  UINTN                     DataSize,
 246   IN  VARIABLE_POINTER_TRACK    *Variable,
 247   IN  UINT32                    Attributes OPTIONAL
 248   );
 249
 250 /**
 251   Merge two buffers which formatted as EFI_SIGNATURE_LIST. Only the new EFI_SIGNATURE_DATA
 252   will be appended to the original EFI_SIGNATURE_LIST, duplicate EFI_SIGNATURE_DATA
 253   will be ignored.
 254
 255   @param[in, out]  Data             Pointer to original EFI_SIGNATURE_LIST.
 256   @param[in]       DataSize         Size of Data buffer.
 257   @param[in]       FreeBufSize      Size of free data buffer
 258   @param[in]       NewData          Pointer to new EFI_SIGNATURE_LIST to be appended.
 259   @param[in]       NewDataSize      Size of NewData buffer.
 260   @param[out]      MergedBufSize    Size of the merged buffer
 261
 262   @return EFI_BUFFER_TOO_SMALL if input Data buffer overflowed
 263
 264 **/
 265 EFI_STATUS
 266 AppendSignatureList (
 267   IN  OUT VOID            *Data,
 268   IN  UINTN               DataSize,
 269   IN  UINTN               FreeBufSize,
 270   IN  VOID                *NewData,
 271   IN  UINTN               NewDataSize,
 272   OUT UINTN               *MergedBufSize
 273   );
 274
 275 /**
 276   Compare two EFI_TIME data.
 277
 278
 279   @param FirstTime           A pointer to the first EFI_TIME data.
 280   @param SecondTime          A pointer to the second EFI_TIME data.
 281
 282   @retval  TRUE              The FirstTime is not later than the SecondTime.
 283   @retval  FALSE             The FirstTime is later than the SecondTime.
 284
 285 **/
 286 BOOLEAN
 287 CompareTimeStamp (
 288   IN EFI_TIME               *FirstTime,
 289   IN EFI_TIME               *SecondTime
 290   );
 291
 292 /**
 293   Delete matching signer's certificates when deleting common authenticated
 294   variable by corresponding VariableName and VendorGuid from "certdb".
 295
 296   @param[in]  VariableName   Name of authenticated Variable.
 297   @param[in]  VendorGuid     Vendor GUID of authenticated Variable.
 298
 299   @retval  EFI_INVALID_PARAMETER Any input parameter is invalid.
 300   @retval  EFI_NOT_FOUND         Fail to find "certdb" or matching certs.
 301   @retval  EFI_OUT_OF_RESOURCES  The operation is failed due to lack of resources.
 302   @retval  EFI_SUCCESS           The operation is completed successfully.
 303
 304 **/
 305 EFI_STATUS
 306 DeleteCertsFromDb (
 307   IN     CHAR16           *VariableName,
 308   IN     EFI_GUID         *VendorGuid
 309   );
 310
 311 /**
 312   Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
 313
 314   Caution: This function may receive untrusted input.
 315   This function may be invoked in SMM mode, and datasize and data are external input.
 316   This function will do basic validation, before parse the data.
 317   This function will parse the authentication carefully to avoid security issues, like
 318   buffer overflow, integer overflow.
 319
 320   @param[in]  VariableName                Name of Variable to be found.
 321   @param[in]  VendorGuid                  Variable vendor GUID.
 322   @param[in]  Data                        Data pointer.
 323   @param[in]  DataSize                    Size of Data found. If size is less than the
 324                                           data, this value contains the required size.
 325   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
 326   @param[in]  Attributes                  Attribute value of the variable.
 327   @param[in]  AuthVarType                 Verify against PK or KEK database or private database.
 328   @param[out] VarDel                      Delete the variable or not.
 329
 330   @retval EFI_INVALID_PARAMETER           Invalid parameter.
 331   @retval EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
 332                                           check carried out by the firmware.
 333   @retval EFI_OUT_OF_RESOURCES            Failed to process variable due to lack
 334                                           of resources.
 335   @retval EFI_SUCCESS                     Variable pass validation successfully.
 336
 337 **/
 338 EFI_STATUS
 339 VerifyTimeBasedPayload (
 340   IN     CHAR16                             *VariableName,
 341   IN     EFI_GUID                           *VendorGuid,
 342   IN     VOID                               *Data,
 343   IN     UINTN                              DataSize,
 344   IN     VARIABLE_POINTER_TRACK             *Variable,
 345   IN     UINT32                             Attributes,
 346   IN     AUTHVAR_TYPE                       AuthVarType,
 347   OUT    BOOLEAN                            *VarDel
 348   );
 349
 350 extern UINT8  *mPubKeyStore;
 351 extern UINT8  *mCertDbStore;
 352 extern UINT32 mPubKeyNumber;
 353 extern VOID   *mHashCtx;
 354 extern UINT8  *mSerializationRuntimeBuffer;
 355
 356 #endif