X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=MdePkg%2FInclude%2FProtocol%2FSmartCardEdge.h;h=d3dbb540addbfc845501919b49e0a3cfeeddd673;hp=ac5095c375fc27bbe11e42f4f054c3f6cfc5db6a;hb=21bd495843a022beb50dc93210c51cf9586553c9;hpb=87bfeb11f84dd1d369bb2e195ef83d20b0d80d61
diff --git a/MdePkg/Include/Protocol/SmartCardEdge.h b/MdePkg/Include/Protocol/SmartCardEdge.h
index ac5095c375..d3dbb540ad 100644
--- a/MdePkg/Include/Protocol/SmartCardEdge.h
+++ b/MdePkg/Include/Protocol/SmartCardEdge.h
@@ -1,739 +1,739 @@
-/** @file
- The Smart Card Edge Protocol provides an abstraction for device to provide Smart
- Card support.
-
- This protocol allows UEFI applications to interface with a Smart Card during
- boot process for authentication or data signing/decryption, especially if the
- application has to make use of PKI.
-
- Copyright (c) 2015, Intel Corporation. All rights reserved.
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __SMART_CARD_EDGE_H__
-#define __SMART_CARD_EDGE_H__
-
-#define EFI_SMART_CARD_EDGE_PROTOCOL_GUID \
- { \
- 0xd317f29b, 0xa325, 0x4712, {0x9b, 0xf1, 0xc6, 0x19, 0x54, 0xdc, 0x19, 0x8c} \
- }
-
-typedef struct _EFI_SMART_CARD_EDGE_PROTOCOL EFI_SMART_CARD_EDGE_PROTOCOL;
-
-//
-// Maximum size for a Smart Card AID (Application IDentifier)
-//
-#define SCARD_AID_MAXSIZE 0x0010
-//
-// Size of CSN (Card Serial Number)
-//
-#define SCARD_CSN_SIZE 0x0010
-//
-// Current specification version 1.00
-//
-#define SMART_CARD_EDGE_PROTOCOL_VERSION_1 0x00000100
-//
-// Parameters type definition
-//
-typedef UINT8 SMART_CARD_AID[SCARD_AID_MAXSIZE];
-typedef UINT8 SMART_CARD_CSN[SCARD_CSN_SIZE];
-
-//
-// Type of data elements in credentials list
-//
-// value of tag field for header, the number of containers
-//
-#define SC_EDGE_TAG_HEADER 0x0000
-//
-// value of tag field for certificate
-//
-#define SC_EDGE_TAG_CERT 0x0001
-//
-// value of tag field for key index associated with certificate
-//
-#define SC_EDGE_TAG_KEY_ID 0x0002
-//
-// value of tag field for key type
-//
-#define SC_EDGE_TAG_KEY_TYPE 0x0003
-//
-// value of tag field for key size
-//
-#define SC_EDGE_TAG_KEY_SIZE 0x0004
-
-//
-// Length of L fields of TLV items
-//
-//
-// size of L field for header
-//
-#define SC_EDGE_L_SIZE_HEADER 1
-//
-// size of L field for certificate (big endian)
-//
-#define SC_EDGE_L_SIZE_CERT 2
-//
-// size of L field for key index
-//
-#define SC_EDGE_L_SIZE_KEY_ID 1
-//
-// size of L field for key type
-//
-#define SC_EDGE_L_SIZE_KEY_TYPE 1
-//
-// size of L field for key size (big endian)
-//
-#define SC_EDGE_L_SIZE_KEY_SIZE 2
-
-//
-// Some TLV items have a fixed value for L field
-//
-// value of L field for header
-//
-#define SC_EDGE_L_VALUE_HEADER 1
-//
-// value of L field for key index
-//
-#define SC_EDGE_L_VALUE_KEY_ID 1
-//
-// value of L field for key type
-//
-#define SC_EDGE_L_VALUE_KEY_TYPE 1
-//
-// value of L field for key size
-//
-#define SC_EDGE_L_VALUE_KEY_SIZE 2
-
-//
-// Possible values for key type
-//
-//
-// RSA decryption
-//
-#define SC_EDGE_RSA_EXCHANGE 0x01
-//
-// RSA signature
-//
-#define SC_EDGE_RSA_SIGNATURE 0x02
-//
-// ECDSA signature
-//
-#define SC_EDGE_ECDSA_256 0x03
-//
-// ECDSA signature
-//
-#define SC_EDGE_ECDSA_384 0x04
-//
-// ECDSA signature
-//
-#define SC_EDGE_ECDSA_521 0x05
-//
-// ECDH agreement
-//
-#define SC_EDGE_ECDH_256 0x06
-//
-// ECDH agreement
-//
-#define SC_EDGE_ECDH_384 0x07
-//
-// ECDH agreement
-//
-#define SC_EDGE_ECDH_521 0x08
-
-//
-// Padding methods GUIDs for signature
-//
-//
-// RSASSA- PKCS#1-V1.5 padding method, for signature
-//
-#define EFI_PADDING_RSASSA_PKCS1V1P5_GUID \
- { \
- 0x9317ec24, 0x7cb0, 0x4d0e, {0x8b, 0x32, 0x2e, 0xd9, 0x20, 0x9c, 0xd8, 0xaf} \
- }
-
-extern EFI_GUID gEfiPaddingRsassaPkcs1V1P5Guid;
-
-//
-// RSASSA-PSS padding method, for signature
-//
-#define EFI_PADDING_RSASSA_PSS_GUID \
- { \
- 0x7b2349e0, 0x522d, 0x4f8e, {0xb9, 0x27, 0x69, 0xd9, 0x7c, 0x9e, 0x79, 0x5f} \
- }
-
-extern EFI_GUID gEfiPaddingRsassaPssGuid;
-
-//
-// Padding methods GUIDs for decryption
-//
-//
-// No padding, for decryption
-//
-#define EFI_PADDING_NONE_GUID \
- { \
- 0x3629ddb1, 0x228c, 0x452e, {0xb6, 0x16, 0x09, 0xed, 0x31, 0x6a, 0x97, 0x00} \
- }
-
-extern EFI_GUID gEfiPaddingNoneGuid;
-
-//
-// RSAES-PKCS#1-V1.5 padding, for decryption
-//
-#define EFI_PADDING_RSAES_PKCS1V1P5_GUID \
- { \
- 0xe1c1d0a9, 0x40b1, 0x4632, {0xbd, 0xcc, 0xd9, 0xd6, 0xe5, 0x29, 0x56, 0x31} \
- }
-
-extern EFI_GUID gEfiPaddingRsaesPkcs1V1P5Guid;
-
-//
-// RSAES-OAEP padding, for decryption
-//
-#define EFI_PADDING_RSAES_OAEP_GUID \
- { \
- 0xc1e63ac4, 0xd0cf, 0x4ce6, {0x83, 0x5b, 0xee, 0xd0, 0xe6, 0xa8, 0xa4, 0x5b} \
- }
-
-extern EFI_GUID gEfiPaddingRsaesOaepGuid;
-
-/**
- This function retrieves the context driver.
-
- The GetContextfunction returns the context of the protocol, the application
- identifiers supported by the protocol and the number and the CSN unique identifier
- of Smart Cards that are present and supported by protocol.
-
- If AidTableSize, AidTable, CsnTableSize, CsnTable or VersionProtocol is NULL,
- the function does not fail but does not fill in such variables.
-
- In case AidTableSize indicates a buffer too small to hold all the protocol AID table,
- only the first AidTableSize items of the table are returned in AidTable.
-
- In case CsnTableSize indicates a buffer too small to hold the entire table of
- Smart Card CSN present, only the first CsnTableSize items of the table are returned
- in CsnTable.
-
- VersionScEdgeProtocol returns the version of the EFI_SMART_CARD_EDGE_PROTOCOL this
- driver uses. For this protocol specification value is SMART_CARD_EDGE_PROTOCOL_VERSION_1.
-
- In case of Smart Card removal the internal CSN list is immediately updated, even if
- a connection is opened with that Smart Card.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[out] NumberAidSupported Number of AIDs this protocol supports.
- @param[in, out] AidTableSize On input, number of items allocated for the
- AID table. On output, number of items returned
- by protocol.
- @param[out] AidTable Table of the AIDs supported by the protocol.
- @param[out] NumberSCPresent Number of currently present Smart Cards that
- are supported by protocol.
- @param[in, out] CsnTableSize On input, the number of items the buffer CSN
- table can contain. On output, the number of
- items returned by the protocol.
- @param[out] CsnTable Table of the CSN of the Smart Card present and
- supported by protocol.
- @param[out] VersionScEdgeProtocol EFI_SMART_CARD_EDGE_PROTOCOL version.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER NumberSCPresent is NULL.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_CONTEXT) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- OUT UINTN *NumberAidSupported,
- IN OUT UINTN *AidTableSize OPTIONAL,
- OUT SMART_CARD_AID *AidTable OPTIONAL,
- OUT UINTN *NumberSCPresent,
- IN OUT UINTN *CsnTableSize OPTIONAL,
- OUT SMART_CARD_CSN *CsnTable OPTIONAL,
- OUT UINT32 *VersionScEdgeProtocol OPTIONAL
- );
-
-/**
- This function establish a connection with a Smart Card the protocol support.
-
- In case of success the SCardHandle can be used.
-
- If the ScardCsn is NULL the connection is established with the first Smart Card
- the protocol finds in its table of Smart Card present and supported. Else it
- establish context with the Smart Card whose CSN given by ScardCsn.
-
- If ScardAid is not NULL the function returns the Smart Card AID the protocol supports.
- After a successful connect the SCardHandle will remain existing even in case Smart Card
- removed from Smart Card reader, but all function invoking this SCardHandle will fail.
- SCardHandle is released only on Disconnect.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[out] SCardHandle Handle on Smart Card connection.
- @param[in] ScardCsn CSN of the Smart Card the connection has to be
- established.
- @param[out] ScardAid AID of the Smart Card the connection has been
- established.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER SCardHandle is NULL.
- @retval EFI_NO_MEDIA No Smart Card supported by protocol is present,
- Smart Card with CSN ScardCsn or Reader has been
- removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_CONNECT) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- OUT EFI_HANDLE *SCardHandle,
- IN UINT8 *ScardCsn OPTIONAL,
- OUT UINT8 *ScardAid OPTIONAL
- );
-
-/**
- This function releases a connection previously established by Connect.
-
- The Disconnect function releases the connection previously established by
- a Connect. In case the Smart Card or the Smart Card reader has been removed
- before this call, this function returns EFI_SUCCESS.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection to release.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_DISCONNECT) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle
- );
-
-/**
- This function returns the Smart Card serial number.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[out] Csn The Card Serial number, 16 bytes array.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_CSN) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- OUT UINT8 Csn[SCARD_CSN_SIZE]
- );
-
-/**
- This function returns the name of the Smart Card reader used for this connection.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in, out] ReaderNameLength On input, a pointer to the variable that holds
- the maximal size, in bytes, of ReaderName.
- On output, the required size, in bytes, for ReaderName.
- @param[out] ReaderName A pointer to a NULL terminated string that will
- contain the reader name.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER ReaderNameLength is NULL.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_READER_NAME) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN OUT UINTN *ReaderNameLength,
- OUT CHAR16 *ReaderName OPTIONAL
- );
-
-/**
- This function authenticates a Smart Card user by presenting a PIN code.
-
- The VerifyPinfunction presents a PIN code to the Smart Card.
-
- If Smart Card found the PIN code correct the user is considered authenticated
- to current application, and the function returns TRUE.
-
- Negative or null PinSize value rejected if PinCodeis not NULL.
-
- A NULL PinCodebuffer means the application didn't know the PIN, in that case:
- - If PinSize value is negative the caller only wants to know if the current
- chain of the elements Smart Card Edge protocol, Smart Card Reader protocol
- and Smart Card Reader supports the Secure Pin Entry PCSC V2 functionality.
- - If PinSize value is positive or null the caller ask to perform the verify
- PIN using the Secure PIN Entry functionality.
-
- In PinCode buffer, the PIN value is always given in plaintext, in case of secure
- messaging the SMART_CARD_EDGE_PROTOCOL will be in charge of all intermediate
- treatments to build the correct Smart Card APDU.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] PinSize PIN code buffer size.
- @param[in] PinCode PIN code to present to the Smart Card.
- @param[out] PinResult Result of PIN code presentation to the Smart Card.
- TRUE when Smard Card founds the PIN code correct.
- @param[out] RemainingAttempts Number of attempts still possible.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_UNSUPPORTED Pinsize < 0 and Secure PIN Entry functionality not
- supported.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER Bad value for PinSize: value not supported by Smart
- Card or, negative with PinCode not null.
- @retval EFI_INVALID_PARAMETER PinResult is NULL.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_VERIFY_PIN) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN INT32 PinSize,
- IN UINT8 *PinCode,
- OUT BOOLEAN *PinResult,
- OUT UINT32 *RemainingAttempts OPTIONAL
- );
-
-/**
- This function gives the remaining number of attempts for PIN code presentation.
-
- The number of attempts to present a correct PIN is limited and depends on Smart
- Card and on PIN.
-
- This function will retrieve the number of remaining possible attempts.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[out] RemainingAttempts Number of attempts still possible.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER RemainingAttempts is NULL.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_PIN_REMAINING) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- OUT UINT32 *RemainingAttempts
- );
-
-/**
- This function returns a specific data from Smart Card.
-
- The function is generic for any kind of data, but driver and application must
- share an EFI_GUID that identify the data.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] DataId The type identifier of the data to get.
- @param[in, out] DataSize On input, in bytes, the size of Data. On output,
- in bytes, the size of buffer required to store
- the specified data.
- @param[out] Data The data buffer in which the data is returned.
- The type of the data buffer is associated with
- the DataId. Ignored if *DataSize is 0.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER DataId is NULL.
- @retval EFI_INVALID_PARAMETER DataSize is NULL.
- @retval EFI_INVALID_PARAMETER Data is NULL, and *DataSize is not zero.
- @retval EFI_NOT_FOUND DataId unknown for this driver.
- @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the specified
- data and the required size is returned in DataSize.
- @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
- PIN not verified.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_DATA) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN EFI_GUID *DataId,
- IN OUT UINTN *DataSize,
- OUT VOID *Data OPTIONAL
- );
-
-/**
- This function retrieve credentials store into the Smart Card.
-
- The function returns a series of items in TLV (Tag Length Value) format.
-
- First TLV item is the header item that gives the number of following
- containers (0x00, 0x01, Nb containers).
-
- All these containers are a series of 4 TLV items:
- - The certificate item (0x01, certificate size, certificate)
- - The Key identifier item (0x02, 0x01, key index)
- - The key type item (0x03, 0x01, key type)
- - The key size item (0x04, 0x02, key size), key size in number of bits.
- Numeric multi-bytes values are on big endian format, most significant byte first:
- - The L field value for certificate (2 bytes)
- - The L field value for key size (2 bytes)
- - The value field for key size (2 bytes)
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in, out] CredentialSize On input, in bytes, the size of buffer to store
- the list of credential.
- On output, in bytes, the size of buffer required
- to store the entire list of credentials.
-
- @param[out] CredentialList List of credentials stored into the Smart Card.
- A list of TLV (Tag Length Value) elements organized
- in containers array.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER CredentialSize is NULL.
- @retval EFI_INVALID_PARAMETER CredentialList is NULL, if CredentialSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL The size of CredentialList is too small for the
- specified data and the required size is returned in
- CredentialSize.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_GET_CREDENTIAL) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN OUT UINTN *CredentialSize,
- OUT UINT8 *CredentialList OPTIONAL
- );
-
-/**
- This function signs an already hashed data with a Smart Card private key.
-
- This function signs data, actually it is the hash of these data that is given
- to the function.
-
- SignatureData buffer shall be big enough for signature. Signature size is
- function key size and key type.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] KeyId Identifier of the key container, retrieved
- in a key index item of credentials.
- @param[in] KeyType The key type, retrieved in a key type item of
- credentials.
-
- @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
- - EFI_HASH_ALGORITHM_SHA1_GUID
- - EFI_HASH_ALGORITHM_SHA256_GUID
- - EFI_HASH_ALGORITHM_SHA384_GUID
- - EFI_HASH_ALGORITHM_SHA512_GUID
- @param[in] PaddingMethod Padding method used jointly with hash algorithm,
- one of:
- - EFI_PADDING_RSASSA_PKCS1V1P5_GUID
- - EFI_PADDING_RSASSA_PSS_GUID
- @param[in] HashedData Hash of the data to sign. Size is function of the
- HashAlgorithm.
-
- @param[out] SignatureData Resulting signature with private key KeyId. Size
- is function of the KeyType and key size retrieved
- in the associated key size item of credentials.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER KeyId is not valid.
- @retval EFI_INVALID_PARAMETER KeyType is not valid or not corresponding to KeyId.
- @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
- @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
- @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
- @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
- @retval EFI_INVALID_PARAMETER HashedData is NULL.
- @retval EFI_INVALID_PARAMETER SignatureData is NULL.
- @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
- PIN not verified.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_SIGN_DATA) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN UINTN KeyId,
- IN UINTN KeyType,
- IN EFI_GUID *HashAlgorithm,
- IN EFI_GUID *PaddingMethod,
- IN UINT8 *HashedData,
- OUT UINT8 *SignatureData
- );
-
-/**
- This function decrypts data with a PKI/RSA Smart Card private key.
-
- The function decrypts some PKI/RSA encrypted data with private key securely
- stored into the Smart Card.
-
- The KeyId must reference a key of type SC_EDGE_RSA_EXCHANGE.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] KeyId Identifier of the key container, retrieved
- in a key index item of credentials.
- @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
- - EFI_HASH_ALGORITHM_SHA1_GUID
- - EFI_HASH_ALGORITHM_SHA256_GUID
- - EFI_HASH_ALGORITHM_SHA384_GUID
- - EFI_HASH_ALGORITHM_SHA512_GUID
- @param[in] PaddingMethod Padding method used jointly with hash algorithm,
- one of:
- - EFI_PADDING_NONE_GUID
- - EFI_PADDING_RSAES_PKCS1V1P5_GUID
- - EFI_PADDING_RSAES_OAEP_GUID
- @param[in] EncryptedSize Size of data to decrypt.
- @param[in] EncryptedData Data to decrypt
- @param[in, out] PlaintextSize On input, in bytes, the size of buffer to store
- the decrypted data.
- On output, in bytes, the size of buffer required
- to store the decrypted data.
- @param[out] PlaintextData Buffer for decrypted data, padding removed.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER KeyId is not valid or associated key not of type
- SC_EDGE_RSA_EXCHANGE.
- @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
- @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
- @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
- @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
- @retval EFI_INVALID_PARAMETER EncryptedSize is 0.
- @retval EFI_INVALID_PARAMETER EncryptedData is NULL.
- @retval EFI_INVALID_PARAMETER PlaintextSize is NULL.
- @retval EFI_INVALID_PARAMETER PlaintextData is NULL.
- @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
- PIN not verified.
- @retval EFI_BUFFER_TOO_SMALL PlaintextSize is too small for the plaintext data
- and the required size is returned in PlaintextSize.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_DECRYPT_DATA) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN UINTN KeyId,
- IN EFI_GUID *HashAlgorithm,
- IN EFI_GUID *PaddingMethod,
- IN UINTN EncryptedSize,
- IN UINT8 *EncryptedData,
- IN OUT UINTN *PlaintextSize,
- OUT UINT8 *PlaintextData
- );
-
-/**
- This function performs a secret Diffie Hellman agreement calculation that would
- be used to derive a symmetric encryption / decryption key.
-
- The function compute a DH agreement that should be diversified togenerate a symmetric
- key to proceed encryption or decryption.
-
- The application and the Smart Card shall agree on the diversification process.
-
- The KeyId must reference a key of one of the types: SC_EDGE_ECDH_256, SC_EDGE_ECDH_384
- or SC_EDGE_ECDH_521.
-
- @param[in] This Indicates a pointer to the calling context.
- @param[in] SCardHandle Handle on Smart Card connection.
- @param[in] KeyId Identifier of the key container, retrieved
- in a key index item of credentials.
- @param[in] dataQx Public key x coordinate. Size is the same as
- key size for KeyId. Stored in big endian format.
- @param[in] dataQy Public key y coordinate. Size is the same as
- key size for KeyId. Stored in big endian format.
- @param[out] DHAgreement Buffer for DH agreement computed. Size must be
- bigger or equal to key size for KeyId.
-
- @retval EFI_SUCCESS The requested command completed successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
- @retval EFI_INVALID_PARAMETER KeyId is not valid.
- @retval EFI_INVALID_PARAMETER dataQx is NULL.
- @retval EFI_INVALID_PARAMETER dataQy is NULL.
- @retval EFI_INVALID_PARAMETER DHAgreement is NULL.
- @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
- PIN not verified.
- @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
- has been removed. A Disconnect should be performed.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT) (
- IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
- IN EFI_HANDLE SCardHandle,
- IN UINTN KeyId,
- IN UINT8 *dataQx,
- IN UINT8 *dataQy,
- OUT UINT8 *DHAgreement
- );
-
-///
-/// Smart card aware application invokes this protocol to get access to an inserted
-/// smart card in the reader or to the reader itself.
-///
-struct _EFI_SMART_CARD_EDGE_PROTOCOL {
- EFI_SMART_CARD_EDGE_GET_CONTEXT GetContext;
- EFI_SMART_CARD_EDGE_CONNECT Connect;
- EFI_SMART_CARD_EDGE_DISCONNECT Disconnect;
- EFI_SMART_CARD_EDGE_GET_CSN GetCsn;
- EFI_SMART_CARD_EDGE_GET_READER_NAME GetReaderName;
- EFI_SMART_CARD_EDGE_VERIFY_PIN VerifyPin;
- EFI_SMART_CARD_EDGE_GET_PIN_REMAINING GetPinRemaining;
- EFI_SMART_CARD_EDGE_GET_DATA GetData;
- EFI_SMART_CARD_EDGE_GET_CREDENTIAL GetCredential;
- EFI_SMART_CARD_EDGE_SIGN_DATA SignData;
- EFI_SMART_CARD_EDGE_DECRYPT_DATA DecryptData;
- EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT BuildDHAgreement;
-};
-
-extern EFI_GUID gEfiSmartCardEdgeProtocolGuid;
-
-#endif
-
+/** @file
+ The Smart Card Edge Protocol provides an abstraction for device to provide Smart
+ Card support.
+
+ This protocol allows UEFI applications to interface with a Smart Card during
+ boot process for authentication or data signing/decryption, especially if the
+ application has to make use of PKI.
+
+ Copyright (c) 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __SMART_CARD_EDGE_H__
+#define __SMART_CARD_EDGE_H__
+
+#define EFI_SMART_CARD_EDGE_PROTOCOL_GUID \
+ { \
+ 0xd317f29b, 0xa325, 0x4712, {0x9b, 0xf1, 0xc6, 0x19, 0x54, 0xdc, 0x19, 0x8c} \
+ }
+
+typedef struct _EFI_SMART_CARD_EDGE_PROTOCOL EFI_SMART_CARD_EDGE_PROTOCOL;
+
+//
+// Maximum size for a Smart Card AID (Application IDentifier)
+//
+#define SCARD_AID_MAXSIZE 0x0010
+//
+// Size of CSN (Card Serial Number)
+//
+#define SCARD_CSN_SIZE 0x0010
+//
+// Current specification version 1.00
+//
+#define SMART_CARD_EDGE_PROTOCOL_VERSION_1 0x00000100
+//
+// Parameters type definition
+//
+typedef UINT8 SMART_CARD_AID[SCARD_AID_MAXSIZE];
+typedef UINT8 SMART_CARD_CSN[SCARD_CSN_SIZE];
+
+//
+// Type of data elements in credentials list
+//
+// value of tag field for header, the number of containers
+//
+#define SC_EDGE_TAG_HEADER 0x0000
+//
+// value of tag field for certificate
+//
+#define SC_EDGE_TAG_CERT 0x0001
+//
+// value of tag field for key index associated with certificate
+//
+#define SC_EDGE_TAG_KEY_ID 0x0002
+//
+// value of tag field for key type
+//
+#define SC_EDGE_TAG_KEY_TYPE 0x0003
+//
+// value of tag field for key size
+//
+#define SC_EDGE_TAG_KEY_SIZE 0x0004
+
+//
+// Length of L fields of TLV items
+//
+//
+// size of L field for header
+//
+#define SC_EDGE_L_SIZE_HEADER 1
+//
+// size of L field for certificate (big endian)
+//
+#define SC_EDGE_L_SIZE_CERT 2
+//
+// size of L field for key index
+//
+#define SC_EDGE_L_SIZE_KEY_ID 1
+//
+// size of L field for key type
+//
+#define SC_EDGE_L_SIZE_KEY_TYPE 1
+//
+// size of L field for key size (big endian)
+//
+#define SC_EDGE_L_SIZE_KEY_SIZE 2
+
+//
+// Some TLV items have a fixed value for L field
+//
+// value of L field for header
+//
+#define SC_EDGE_L_VALUE_HEADER 1
+//
+// value of L field for key index
+//
+#define SC_EDGE_L_VALUE_KEY_ID 1
+//
+// value of L field for key type
+//
+#define SC_EDGE_L_VALUE_KEY_TYPE 1
+//
+// value of L field for key size
+//
+#define SC_EDGE_L_VALUE_KEY_SIZE 2
+
+//
+// Possible values for key type
+//
+//
+// RSA decryption
+//
+#define SC_EDGE_RSA_EXCHANGE 0x01
+//
+// RSA signature
+//
+#define SC_EDGE_RSA_SIGNATURE 0x02
+//
+// ECDSA signature
+//
+#define SC_EDGE_ECDSA_256 0x03
+//
+// ECDSA signature
+//
+#define SC_EDGE_ECDSA_384 0x04
+//
+// ECDSA signature
+//
+#define SC_EDGE_ECDSA_521 0x05
+//
+// ECDH agreement
+//
+#define SC_EDGE_ECDH_256 0x06
+//
+// ECDH agreement
+//
+#define SC_EDGE_ECDH_384 0x07
+//
+// ECDH agreement
+//
+#define SC_EDGE_ECDH_521 0x08
+
+//
+// Padding methods GUIDs for signature
+//
+//
+// RSASSA- PKCS#1-V1.5 padding method, for signature
+//
+#define EFI_PADDING_RSASSA_PKCS1V1P5_GUID \
+ { \
+ 0x9317ec24, 0x7cb0, 0x4d0e, {0x8b, 0x32, 0x2e, 0xd9, 0x20, 0x9c, 0xd8, 0xaf} \
+ }
+
+extern EFI_GUID gEfiPaddingRsassaPkcs1V1P5Guid;
+
+//
+// RSASSA-PSS padding method, for signature
+//
+#define EFI_PADDING_RSASSA_PSS_GUID \
+ { \
+ 0x7b2349e0, 0x522d, 0x4f8e, {0xb9, 0x27, 0x69, 0xd9, 0x7c, 0x9e, 0x79, 0x5f} \
+ }
+
+extern EFI_GUID gEfiPaddingRsassaPssGuid;
+
+//
+// Padding methods GUIDs for decryption
+//
+//
+// No padding, for decryption
+//
+#define EFI_PADDING_NONE_GUID \
+ { \
+ 0x3629ddb1, 0x228c, 0x452e, {0xb6, 0x16, 0x09, 0xed, 0x31, 0x6a, 0x97, 0x00} \
+ }
+
+extern EFI_GUID gEfiPaddingNoneGuid;
+
+//
+// RSAES-PKCS#1-V1.5 padding, for decryption
+//
+#define EFI_PADDING_RSAES_PKCS1V1P5_GUID \
+ { \
+ 0xe1c1d0a9, 0x40b1, 0x4632, {0xbd, 0xcc, 0xd9, 0xd6, 0xe5, 0x29, 0x56, 0x31} \
+ }
+
+extern EFI_GUID gEfiPaddingRsaesPkcs1V1P5Guid;
+
+//
+// RSAES-OAEP padding, for decryption
+//
+#define EFI_PADDING_RSAES_OAEP_GUID \
+ { \
+ 0xc1e63ac4, 0xd0cf, 0x4ce6, {0x83, 0x5b, 0xee, 0xd0, 0xe6, 0xa8, 0xa4, 0x5b} \
+ }
+
+extern EFI_GUID gEfiPaddingRsaesOaepGuid;
+
+/**
+ This function retrieves the context driver.
+
+ The GetContextfunction returns the context of the protocol, the application
+ identifiers supported by the protocol and the number and the CSN unique identifier
+ of Smart Cards that are present and supported by protocol.
+
+ If AidTableSize, AidTable, CsnTableSize, CsnTable or VersionProtocol is NULL,
+ the function does not fail but does not fill in such variables.
+
+ In case AidTableSize indicates a buffer too small to hold all the protocol AID table,
+ only the first AidTableSize items of the table are returned in AidTable.
+
+ In case CsnTableSize indicates a buffer too small to hold the entire table of
+ Smart Card CSN present, only the first CsnTableSize items of the table are returned
+ in CsnTable.
+
+ VersionScEdgeProtocol returns the version of the EFI_SMART_CARD_EDGE_PROTOCOL this
+ driver uses. For this protocol specification value is SMART_CARD_EDGE_PROTOCOL_VERSION_1.
+
+ In case of Smart Card removal the internal CSN list is immediately updated, even if
+ a connection is opened with that Smart Card.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[out] NumberAidSupported Number of AIDs this protocol supports.
+ @param[in, out] AidTableSize On input, number of items allocated for the
+ AID table. On output, number of items returned
+ by protocol.
+ @param[out] AidTable Table of the AIDs supported by the protocol.
+ @param[out] NumberSCPresent Number of currently present Smart Cards that
+ are supported by protocol.
+ @param[in, out] CsnTableSize On input, the number of items the buffer CSN
+ table can contain. On output, the number of
+ items returned by the protocol.
+ @param[out] CsnTable Table of the CSN of the Smart Card present and
+ supported by protocol.
+ @param[out] VersionScEdgeProtocol EFI_SMART_CARD_EDGE_PROTOCOL version.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER NumberSCPresent is NULL.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_CONTEXT) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ OUT UINTN *NumberAidSupported,
+ IN OUT UINTN *AidTableSize OPTIONAL,
+ OUT SMART_CARD_AID *AidTable OPTIONAL,
+ OUT UINTN *NumberSCPresent,
+ IN OUT UINTN *CsnTableSize OPTIONAL,
+ OUT SMART_CARD_CSN *CsnTable OPTIONAL,
+ OUT UINT32 *VersionScEdgeProtocol OPTIONAL
+ );
+
+/**
+ This function establish a connection with a Smart Card the protocol support.
+
+ In case of success the SCardHandle can be used.
+
+ If the ScardCsn is NULL the connection is established with the first Smart Card
+ the protocol finds in its table of Smart Card present and supported. Else it
+ establish context with the Smart Card whose CSN given by ScardCsn.
+
+ If ScardAid is not NULL the function returns the Smart Card AID the protocol supports.
+ After a successful connect the SCardHandle will remain existing even in case Smart Card
+ removed from Smart Card reader, but all function invoking this SCardHandle will fail.
+ SCardHandle is released only on Disconnect.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[out] SCardHandle Handle on Smart Card connection.
+ @param[in] ScardCsn CSN of the Smart Card the connection has to be
+ established.
+ @param[out] ScardAid AID of the Smart Card the connection has been
+ established.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER SCardHandle is NULL.
+ @retval EFI_NO_MEDIA No Smart Card supported by protocol is present,
+ Smart Card with CSN ScardCsn or Reader has been
+ removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_CONNECT) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ OUT EFI_HANDLE *SCardHandle,
+ IN UINT8 *ScardCsn OPTIONAL,
+ OUT UINT8 *ScardAid OPTIONAL
+ );
+
+/**
+ This function releases a connection previously established by Connect.
+
+ The Disconnect function releases the connection previously established by
+ a Connect. In case the Smart Card or the Smart Card reader has been removed
+ before this call, this function returns EFI_SUCCESS.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection to release.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_DISCONNECT) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle
+ );
+
+/**
+ This function returns the Smart Card serial number.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[out] Csn The Card Serial number, 16 bytes array.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_CSN) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ OUT UINT8 Csn[SCARD_CSN_SIZE]
+ );
+
+/**
+ This function returns the name of the Smart Card reader used for this connection.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in, out] ReaderNameLength On input, a pointer to the variable that holds
+ the maximal size, in bytes, of ReaderName.
+ On output, the required size, in bytes, for ReaderName.
+ @param[out] ReaderName A pointer to a NULL terminated string that will
+ contain the reader name.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER ReaderNameLength is NULL.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_READER_NAME) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN OUT UINTN *ReaderNameLength,
+ OUT CHAR16 *ReaderName OPTIONAL
+ );
+
+/**
+ This function authenticates a Smart Card user by presenting a PIN code.
+
+ The VerifyPinfunction presents a PIN code to the Smart Card.
+
+ If Smart Card found the PIN code correct the user is considered authenticated
+ to current application, and the function returns TRUE.
+
+ Negative or null PinSize value rejected if PinCodeis not NULL.
+
+ A NULL PinCodebuffer means the application didn't know the PIN, in that case:
+ - If PinSize value is negative the caller only wants to know if the current
+ chain of the elements Smart Card Edge protocol, Smart Card Reader protocol
+ and Smart Card Reader supports the Secure Pin Entry PCSC V2 functionality.
+ - If PinSize value is positive or null the caller ask to perform the verify
+ PIN using the Secure PIN Entry functionality.
+
+ In PinCode buffer, the PIN value is always given in plaintext, in case of secure
+ messaging the SMART_CARD_EDGE_PROTOCOL will be in charge of all intermediate
+ treatments to build the correct Smart Card APDU.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] PinSize PIN code buffer size.
+ @param[in] PinCode PIN code to present to the Smart Card.
+ @param[out] PinResult Result of PIN code presentation to the Smart Card.
+ TRUE when Smard Card founds the PIN code correct.
+ @param[out] RemainingAttempts Number of attempts still possible.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_UNSUPPORTED Pinsize < 0 and Secure PIN Entry functionality not
+ supported.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER Bad value for PinSize: value not supported by Smart
+ Card or, negative with PinCode not null.
+ @retval EFI_INVALID_PARAMETER PinResult is NULL.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_VERIFY_PIN) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN INT32 PinSize,
+ IN UINT8 *PinCode,
+ OUT BOOLEAN *PinResult,
+ OUT UINT32 *RemainingAttempts OPTIONAL
+ );
+
+/**
+ This function gives the remaining number of attempts for PIN code presentation.
+
+ The number of attempts to present a correct PIN is limited and depends on Smart
+ Card and on PIN.
+
+ This function will retrieve the number of remaining possible attempts.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[out] RemainingAttempts Number of attempts still possible.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER RemainingAttempts is NULL.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_PIN_REMAINING) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ OUT UINT32 *RemainingAttempts
+ );
+
+/**
+ This function returns a specific data from Smart Card.
+
+ The function is generic for any kind of data, but driver and application must
+ share an EFI_GUID that identify the data.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] DataId The type identifier of the data to get.
+ @param[in, out] DataSize On input, in bytes, the size of Data. On output,
+ in bytes, the size of buffer required to store
+ the specified data.
+ @param[out] Data The data buffer in which the data is returned.
+ The type of the data buffer is associated with
+ the DataId. Ignored if *DataSize is 0.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER DataId is NULL.
+ @retval EFI_INVALID_PARAMETER DataSize is NULL.
+ @retval EFI_INVALID_PARAMETER Data is NULL, and *DataSize is not zero.
+ @retval EFI_NOT_FOUND DataId unknown for this driver.
+ @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the specified
+ data and the required size is returned in DataSize.
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
+ PIN not verified.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_DATA) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN EFI_GUID *DataId,
+ IN OUT UINTN *DataSize,
+ OUT VOID *Data OPTIONAL
+ );
+
+/**
+ This function retrieve credentials store into the Smart Card.
+
+ The function returns a series of items in TLV (Tag Length Value) format.
+
+ First TLV item is the header item that gives the number of following
+ containers (0x00, 0x01, Nb containers).
+
+ All these containers are a series of 4 TLV items:
+ - The certificate item (0x01, certificate size, certificate)
+ - The Key identifier item (0x02, 0x01, key index)
+ - The key type item (0x03, 0x01, key type)
+ - The key size item (0x04, 0x02, key size), key size in number of bits.
+ Numeric multi-bytes values are on big endian format, most significant byte first:
+ - The L field value for certificate (2 bytes)
+ - The L field value for key size (2 bytes)
+ - The value field for key size (2 bytes)
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in, out] CredentialSize On input, in bytes, the size of buffer to store
+ the list of credential.
+ On output, in bytes, the size of buffer required
+ to store the entire list of credentials.
+
+ @param[out] CredentialList List of credentials stored into the Smart Card.
+ A list of TLV (Tag Length Value) elements organized
+ in containers array.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER CredentialSize is NULL.
+ @retval EFI_INVALID_PARAMETER CredentialList is NULL, if CredentialSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL The size of CredentialList is too small for the
+ specified data and the required size is returned in
+ CredentialSize.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_CREDENTIAL) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN OUT UINTN *CredentialSize,
+ OUT UINT8 *CredentialList OPTIONAL
+ );
+
+/**
+ This function signs an already hashed data with a Smart Card private key.
+
+ This function signs data, actually it is the hash of these data that is given
+ to the function.
+
+ SignatureData buffer shall be big enough for signature. Signature size is
+ function key size and key type.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] KeyId Identifier of the key container, retrieved
+ in a key index item of credentials.
+ @param[in] KeyType The key type, retrieved in a key type item of
+ credentials.
+
+ @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
+ - EFI_HASH_ALGORITHM_SHA1_GUID
+ - EFI_HASH_ALGORITHM_SHA256_GUID
+ - EFI_HASH_ALGORITHM_SHA384_GUID
+ - EFI_HASH_ALGORITHM_SHA512_GUID
+ @param[in] PaddingMethod Padding method used jointly with hash algorithm,
+ one of:
+ - EFI_PADDING_RSASSA_PKCS1V1P5_GUID
+ - EFI_PADDING_RSASSA_PSS_GUID
+ @param[in] HashedData Hash of the data to sign. Size is function of the
+ HashAlgorithm.
+
+ @param[out] SignatureData Resulting signature with private key KeyId. Size
+ is function of the KeyType and key size retrieved
+ in the associated key size item of credentials.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER KeyId is not valid.
+ @retval EFI_INVALID_PARAMETER KeyType is not valid or not corresponding to KeyId.
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
+ @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
+ @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
+ @retval EFI_INVALID_PARAMETER HashedData is NULL.
+ @retval EFI_INVALID_PARAMETER SignatureData is NULL.
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
+ PIN not verified.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_SIGN_DATA) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN UINTN KeyId,
+ IN UINTN KeyType,
+ IN EFI_GUID *HashAlgorithm,
+ IN EFI_GUID *PaddingMethod,
+ IN UINT8 *HashedData,
+ OUT UINT8 *SignatureData
+ );
+
+/**
+ This function decrypts data with a PKI/RSA Smart Card private key.
+
+ The function decrypts some PKI/RSA encrypted data with private key securely
+ stored into the Smart Card.
+
+ The KeyId must reference a key of type SC_EDGE_RSA_EXCHANGE.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] KeyId Identifier of the key container, retrieved
+ in a key index item of credentials.
+ @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
+ - EFI_HASH_ALGORITHM_SHA1_GUID
+ - EFI_HASH_ALGORITHM_SHA256_GUID
+ - EFI_HASH_ALGORITHM_SHA384_GUID
+ - EFI_HASH_ALGORITHM_SHA512_GUID
+ @param[in] PaddingMethod Padding method used jointly with hash algorithm,
+ one of:
+ - EFI_PADDING_NONE_GUID
+ - EFI_PADDING_RSAES_PKCS1V1P5_GUID
+ - EFI_PADDING_RSAES_OAEP_GUID
+ @param[in] EncryptedSize Size of data to decrypt.
+ @param[in] EncryptedData Data to decrypt
+ @param[in, out] PlaintextSize On input, in bytes, the size of buffer to store
+ the decrypted data.
+ On output, in bytes, the size of buffer required
+ to store the decrypted data.
+ @param[out] PlaintextData Buffer for decrypted data, padding removed.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER KeyId is not valid or associated key not of type
+ SC_EDGE_RSA_EXCHANGE.
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
+ @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
+ @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
+ @retval EFI_INVALID_PARAMETER EncryptedSize is 0.
+ @retval EFI_INVALID_PARAMETER EncryptedData is NULL.
+ @retval EFI_INVALID_PARAMETER PlaintextSize is NULL.
+ @retval EFI_INVALID_PARAMETER PlaintextData is NULL.
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
+ PIN not verified.
+ @retval EFI_BUFFER_TOO_SMALL PlaintextSize is too small for the plaintext data
+ and the required size is returned in PlaintextSize.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_DECRYPT_DATA) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN UINTN KeyId,
+ IN EFI_GUID *HashAlgorithm,
+ IN EFI_GUID *PaddingMethod,
+ IN UINTN EncryptedSize,
+ IN UINT8 *EncryptedData,
+ IN OUT UINTN *PlaintextSize,
+ OUT UINT8 *PlaintextData
+ );
+
+/**
+ This function performs a secret Diffie Hellman agreement calculation that would
+ be used to derive a symmetric encryption / decryption key.
+
+ The function compute a DH agreement that should be diversified togenerate a symmetric
+ key to proceed encryption or decryption.
+
+ The application and the Smart Card shall agree on the diversification process.
+
+ The KeyId must reference a key of one of the types: SC_EDGE_ECDH_256, SC_EDGE_ECDH_384
+ or SC_EDGE_ECDH_521.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] KeyId Identifier of the key container, retrieved
+ in a key index item of credentials.
+ @param[in] dataQx Public key x coordinate. Size is the same as
+ key size for KeyId. Stored in big endian format.
+ @param[in] dataQy Public key y coordinate. Size is the same as
+ key size for KeyId. Stored in big endian format.
+ @param[out] DHAgreement Buffer for DH agreement computed. Size must be
+ bigger or equal to key size for KeyId.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER KeyId is not valid.
+ @retval EFI_INVALID_PARAMETER dataQx is NULL.
+ @retval EFI_INVALID_PARAMETER dataQy is NULL.
+ @retval EFI_INVALID_PARAMETER DHAgreement is NULL.
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
+ PIN not verified.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN UINTN KeyId,
+ IN UINT8 *dataQx,
+ IN UINT8 *dataQy,
+ OUT UINT8 *DHAgreement
+ );
+
+///
+/// Smart card aware application invokes this protocol to get access to an inserted
+/// smart card in the reader or to the reader itself.
+///
+struct _EFI_SMART_CARD_EDGE_PROTOCOL {
+ EFI_SMART_CARD_EDGE_GET_CONTEXT GetContext;
+ EFI_SMART_CARD_EDGE_CONNECT Connect;
+ EFI_SMART_CARD_EDGE_DISCONNECT Disconnect;
+ EFI_SMART_CARD_EDGE_GET_CSN GetCsn;
+ EFI_SMART_CARD_EDGE_GET_READER_NAME GetReaderName;
+ EFI_SMART_CARD_EDGE_VERIFY_PIN VerifyPin;
+ EFI_SMART_CARD_EDGE_GET_PIN_REMAINING GetPinRemaining;
+ EFI_SMART_CARD_EDGE_GET_DATA GetData;
+ EFI_SMART_CARD_EDGE_GET_CREDENTIAL GetCredential;
+ EFI_SMART_CARD_EDGE_SIGN_DATA SignData;
+ EFI_SMART_CARD_EDGE_DECRYPT_DATA DecryptData;
+ EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT BuildDHAgreement;
+};
+
+extern EFI_GUID gEfiSmartCardEdgeProtocolGuid;
+
+#endif
+