From 78a788553f1fbb92e264f14bcbfe6806b50ea068 Mon Sep 17 00:00:00 2001 From: Feng Tian Date: Tue, 5 May 2015 07:28:48 +0000 Subject: [PATCH] MdePkg: Add UEFI2.5 Smart Card Edge protocol definitions Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Feng Tian Reviewed-by: Star Zeng git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17294 6f19259b-4bc3-4df7-8a09-765794883524 --- MdePkg/Include/Protocol/SmartCardEdge.h | 726 ++++++++++++++++++++++++ MdePkg/MdePkg.dec | 3 + 2 files changed, 729 insertions(+) create mode 100644 MdePkg/Include/Protocol/SmartCardEdge.h diff --git a/MdePkg/Include/Protocol/SmartCardEdge.h b/MdePkg/Include/Protocol/SmartCardEdge.h new file mode 100644 index 0000000000..2f95c9815e --- /dev/null +++ b/MdePkg/Include/Protocol/SmartCardEdge.h @@ -0,0 +1,726 @@ +/** @file + The Smart Card Edge Protocol provides an abstraction for device to provide Smart + Card support. + + This protocol allows UEFI applications to interface with a Smart Card during + boot process for authentication or data signing/decryption, especially if the + application has to make use of PKI. + + Copyright (c) 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __SMART_CARD_EDGE_H__ +#define __SMART_CARD_EDGE_H__ + +#define EFI_SMART_CARD_EDGE_PROTOCOL_GUID \ + { \ + 0xd317f29b, 0xa325, 0x4712, {0x9b, 0xf1, 0xc6, 0x19, 0x54, 0xdc, 0x19, 0x8c} \ + } + +typedef struct _EFI_SMART_CARD_EDGE_PROTOCOL EFI_SMART_CARD_EDGE_PROTOCOL; + +// +// Maximum size for a Smart Card AID (Application IDentifier) +// +#define SCARD_AID_MAXSIZE 0x0010 +// +// Size of CSN (Card Serial Number) +// +#define SCARD_CSN_SIZE 0x0010 +// +// Current specification version 1.00 +// +#define SMART_CARD_EDGE_PROTOCOL_VERSION_1 0x00000100 +// +// Parameters type definition +// +typedef UINT8 SMART_CARD_AID[SCARD_AID_MAXSIZE]; +typedef UINT8 SMART_CARD_CSN[SCARD_CSN_SIZE]; + +// +// Type of data elements in credentials list +// +// value of tag field for header, the number of containers +// +#define SC_EDGE_TAG_HEADER 0x0000 +// +// value of tag field for certificate +// +#define SC_EDGE_TAG_CERT 0x0001 +// +// value of tag field for key index associated with certificate +// +#define SC_EDGE_TAG_KEY_ID 0x0002 +// +// value of tag field for key type +// +#define SC_EDGE_TAG_KEY_TYPE 0x0003 +// +// value of tag field for key size +// +#define SC_EDGE_TAG_KEY_SIZE 0x0004 + +// +// Length of L fields of TLV items +// +// +// size of L field for header +// +#define SC_EDGE_L_SIZE_HEADER 1 +// +// size of L field for certificate (big endian) +// +#define SC_EDGE_L_SIZE_CERT 2 +// +// size of L field for key index +// +#define SC_EDGE_L_SIZE_KEY_ID 1 +// +// size of L field for key type +// +#define SC_EDGE_L_SIZE_KEY_TYPE 1 +// +// size of L field for key size (big endian) +// +#define SC_EDGE_L_SIZE_KEY_SIZE 2 + +// +// Some TLV items have a fixed value for L field +// +// value of L field for header +// +#define SC_EDGE_L_VALUE_HEADER 1 +// +// value of L field for key index +// +#define SC_EDGE_L_VALUE_KEY_ID 1 +// +// value of L field for key type +// +#define SC_EDGE_L_VALUE_KEY_TYPE 1 +// +// value of L field for key size +// +#define SC_EDGE_L_VALUE_KEY_SIZE 2 + +// +// Possible values for key type +// +// +// RSA decryption +// +#define SC_EDGE_RSA_EXCHANGE 0x01 +// +// RSA signature +// +#define SC_EDGE_RSA_SIGNATURE 0x02 +// +// ECDSA signature +// +#define SC_EDGE_ECDSA_256 0x03 +// +// ECDSA signature +// +#define SC_EDGE_ECDSA_384 0x04 +// +// ECDSA signature +// +#define SC_EDGE_ECDSA_521 0x05 +// +// ECDH agreement +// +#define SC_EDGE_ECDH_256 0x06 +// +// ECDH agreement +// +#define SC_EDGE_ECDH_384 0x07 +// +// ECDH agreement +// +#define SC_EDGE_ECDH_521 0x08 + +// +// Padding methods GUIDs for signature +// +// +// RSASSA- PKCS#1-V1.5 padding method, for signature +// +#define EFI_PADDING_RSASSA_PKCS1V1P5_GUID \ + { \ + 0x9317ec24, 0x7cb0, 0x4d0e, {0x8b, 0x32, 0x2e, 0xd9, 0x20, 0x9c, 0xd8, 0xaf} \ + } +// +// RSASSA-PSS padding method, for signature +// +#define EFI_PADDING_RSASSA_PSS_GUID \ + { \ + 0x7b2349e0, 0x522d, 0x4f8e, {0xb9, 0x27, 0x69, 0xd9, 0x7c, 0x9e, 0x79, 0x5f} \ + } + +// +// Padding methods GUIDs for decryption +// +// +// No padding, for decryption +// +#define EFI_PADDING_NONE_GUID \ + { \ + 0x3629ddb1, 0x228c, 0x452e, {0xb6, 0x16, 0x09, 0xed, 0x31, 0x6a, 0x97, 0x00} \ + } +// +// RSAES-PKCS#1-V1.5 padding, for decryption +// +#define EFI_PADDING_RSAES_PKCS1V1P5_GUID \ + { \ + 0xe1c1d0a9, 0x40b1, 0x4632, {0xbd, 0xcc, 0xd9, 0xd6, 0xe5, 0x29, 0x56, 0x31} \ + } +// +// RSAES-OAEP padding, for decryption +// +#define EFI_PADDING_RSAES_OAEP_GUID \ + { \ + 0xc1e63ac4, 0xd0cf, 0x4ce6, {0x83, 0x5b, 0xee, 0xd0, 0xe6, 0xa8, 0xa4, 0x5b} \ + } + +/** + This function retrieves the context driver. + + The GetContextfunction returns the context of the protocol, the application + identifiers supported by the protocol and the number and the CSN unique identifier + of Smart Cards that are present and supported by protocol. + + If AidTableSize, AidTable, CsnTableSize, CsnTable or VersionProtocol is NULL, + the function does not fail but does not fill in such variables. + + In case AidTableSize indicates a buffer too small to hold all the protocol AID table, + only the first AidTableSize items of the table are returned in AidTable. + + In case CsnTableSize indicates a buffer too small to hold the entire table of + Smart Card CSN present, only the first CsnTableSize items of the table are returned + in CsnTable. + + VersionScEdgeProtocol returns the version of the EFI_SMART_CARD_EDGE_PROTOCOL this + driver uses. For this protocol specification value is SMART_CARD_EDGE_PROTOCOL_VERSION_1. + + In case of Smart Card removal the internal CSN list is immediately updated, even if + a connection is opened with that Smart Card. + + @param[in] This Indicates a pointer to the calling context. + @param[out] NumberAidSupported Number of AIDs this protocol supports. + @param[in, out] AidTableSize On input, number of items allocated for the + AID table. On output, number of items returned + by protocol. + @param[out] AidTable Table of the AIDs supported by the protocol. + @param[out] NumberSCPresent Number of currently present Smart Cards that + are supported by protocol. + @param[in, out] CsnTableSize On input, the number of items the buffer CSN + table can contain. On output, the number of + items returned by the protocol. + @param[out] CsnTable Table of the CSN of the Smart Card present and + supported by protocol. + @param[out] VersionScEdgeProtocol EFI_SMART_CARD_EDGE_PROTOCOL version. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER NumberSCPresent is NULL. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_GET_CONTEXT) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + OUT UINTN *NumberAidSupported, + IN OUT UINTN *AidTableSize OPTIONAL, + OUT SMART_CARD_AID *AidTable OPTIONAL, + OUT UINTN *NumberSCPresent, + IN OUT UINTN *CsnTableSize OPTIONAL, + OUT SMART_CARD_CSN *CsnTable OPTIONAL, + OUT UINT32 *VersionScEdgeProtocol OPTIONAL + ); + +/** + This function establish a connection with a Smart Card the protocol support. + + In case of success the SCardHandle can be used. + + If the ScardCsn is NULL the connection is established with the first Smart Card + the protocol finds in its table of Smart Card present and supported. Else it + establish context with the Smart Card whose CSN given by ScardCsn. + + If ScardAid is not NULL the function returns the Smart Card AID the protocol supports. + After a successful connect the SCardHandle will remain existing even in case Smart Card + removed from Smart Card reader, but all function invoking this SCardHandle will fail. + SCardHandle is released only on Disconnect. + + @param[in] This Indicates a pointer to the calling context. + @param[out] SCardHandle Handle on Smart Card connection. + @param[in] ScardCsn CSN of the Smart Card the connection has to be + established. + @param[out] ScardAid AID of the Smart Card the connection has been + established. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER SCardHandle is NULL. + @retval EFI_NO_MEDIA No Smart Card supported by protocol is present, + Smart Card with CSN ScardCsn or Reader has been + removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_CONNECT) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + OUT EFI_HANDLE *SCardHandle, + IN UINT8 *ScardCsn OPTIONAL, + OUT UINT8 *ScardAid OPTIONAL + ); + +/** + This function releases a connection previously established by Connect. + + The Disconnect function releases the connection previously established by + a Connect. In case the Smart Card or the Smart Card reader has been removed + before this call, this function returns EFI_SUCCESS. + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection to release. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_DISCONNECT) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle + ); + +/** + This function returns the Smart Card serial number. + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection. + @param[out] Csn The Card Serial number, 16 bytes array. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection + has been removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_GET_CSN) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle, + OUT UINT8 Csn[SCARD_CSN_SIZE] + ); + +/** + This function returns the name of the Smart Card reader used for this connection. + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection. + @param[in, out] ReaderNameLength On input, a pointer to the variable that holds + the maximal size, in bytes, of ReaderName. + On output, the required size, in bytes, for ReaderName. + @param[out] ReaderName A pointer to a NULL terminated string that will + contain the reader name. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + @retval EFI_INVALID_PARAMETER ReaderNameLength is NULL. + @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection + has been removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_GET_READER_NAME) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle, + IN OUT UINTN *ReaderNameLength, + OUT CHAR16 *ReaderName OPTIONAL + ); + +/** + This function authenticates a Smart Card user by presenting a PIN code. + + The VerifyPinfunction presents a PIN code to the Smart Card. + + If Smart Card found the PIN code correct the user is considered authenticated + to current application, and the function returns TRUE. + + Negative or null PinSize value rejected if PinCodeis not NULL. + + A NULL PinCodebuffer means the application didn't know the PIN, in that case: + - If PinSize value is negative the caller only wants to know if the current + chain of the elements Smart Card Edge protocol, Smart Card Reader protocol + and Smart Card Reader supports the Secure Pin Entry PCSC V2 functionality. + - If PinSize value is positive or null the caller ask to perform the verify + PIN using the Secure PIN Entry functionality. + + In PinCode buffer, the PIN value is always given in plaintext, in case of secure + messaging the SMART_CARD_EDGE_PROTOCOL will be in charge of all intermediate + treatments to build the correct Smart Card APDU. + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection. + @param[in] PinSize PIN code buffer size. + @param[in] PinCode PIN code to present to the Smart Card. + @param[out] PinResult Result of PIN code presentation to the Smart Card. + TRUE when Smard Card founds the PIN code correct. + @param[out] RemainingAttempts Number of attempts still possible. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_UNSUPPORTED Pinsize < 0 and Secure PIN Entry functionality not + supported. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + @retval EFI_INVALID_PARAMETER Bad value for PinSize: value not supported by Smart + Card or, negative with PinCode not null. + @retval EFI_INVALID_PARAMETER PinResult is NULL. + @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection + has been removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_VERIFY_PIN) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle, + IN INT32 PinSize, + IN UINT8 *PinCode, + OUT BOOLEAN *PinResult, + OUT UINT32 *RemainingAttempts OPTIONAL + ); + +/** + This function gives the remaining number of attempts for PIN code presentation. + + The number of attempts to present a correct PIN is limited and depends on Smart + Card and on PIN. + + This function will retrieve the number of remaining possible attempts. + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection. + @param[out] RemainingAttempts Number of attempts still possible. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + @retval EFI_INVALID_PARAMETER RemainingAttempts is NULL. + @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection + has been removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_GET_PIN_REMAINING) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle, + OUT UINT32 *RemainingAttempts + ); + +/** + This function returns a specific data from Smart Card. + + The function is generic for any kind of data, but driver and application must + share an EFI_GUID that identify the data. + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection. + @param[in] DataId The type identifier of the data to get. + @param[in, out] DataSize On input, in bytes, the size of Data. On output, + in bytes, the size of buffer required to store + the specified data. + @param[out] Data The data buffer in which the data is returned. + The type of the data buffer is associated with + the DataId. Ignored if *DataSize is 0. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + @retval EFI_INVALID_PARAMETER DataId is NULL. + @retval EFI_INVALID_PARAMETER DataSize is NULL. + @retval EFI_INVALID_PARAMETER Data is NULL, and *DataSize is not zero. + @retval EFI_NOT_FOUND DataId unknown for this driver. + @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the specified + data and the required size is returned in DataSize. + @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled. + PIN not verified. + @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection + has been removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_GET_DATA) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle, + IN EFI_GUID *DataId, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ); + +/** + This function retrieve credentials store into the Smart Card. + + The function returns a series of items in TLV (Tag Length Value) format. + + First TLV item is the header item that gives the number of following + containers (0x00, 0x01, Nb containers). + + All these containers are a series of 4 TLV items: + - The certificate item (0x01, certificate size, certificate) + - The Key identifier item (0x02, 0x01, key index) + - The key type item (0x03, 0x01, key type) + - The key size item (0x04, 0x02, key size), key size in number of bits. + Numeric multi-bytes values are on big endian format, most significant byte first: + - The L field value for certificate (2 bytes) + - The L field value for key size (2 bytes) + - The value field for key size (2 bytes) + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection. + @param[in, out] CredentialSize On input, in bytes, the size of buffer to store + the list of credential. + On output, in bytes, the size of buffer required + to store the entire list of credentials. + + @param[out] CredentialList List of credentials stored into the Smart Card. + A list of TLV (Tag Length Value) elements organized + in containers array. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + @retval EFI_INVALID_PARAMETER CredentialSize is NULL. + @retval EFI_INVALID_PARAMETER CredentialList is NULL, if CredentialSize is not zero. + @retval EFI_BUFFER_TOO_SMALL The size of CredentialList is too small for the + specified data and the required size is returned in + CredentialSize. + @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection + has been removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_GET_CREDENTIAL) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle, + IN OUT UINTN *CredentialSize, + OUT UINT8 *CredentialList OPTIONAL + ); + +/** + This function signs an already hashed data with a Smart Card private key. + + This function signs data, actually it is the hash of these data that is given + to the function. + + SignatureData buffer shall be big enough for signature. Signature size is + function key size and key type. + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection. + @param[in] KeyId Identifier of the key container, retrieved + in a key index item of credentials. + @param[in] KeyType The key type, retrieved in a key type item of + credentials. + + @param[in] HashAlgorithm Hash algorithm used to hash the, one of: + - EFI_HASH_ALGORITHM_SHA1_GUID + - EFI_HASH_ALGORITHM_SHA256_GUID + - EFI_HASH_ALGORITHM_SHA384_GUID + - EFI_HASH_ALGORITHM_SHA512_GUID + @param[in] PaddingMethod Padding method used jointly with hash algorithm, + one of: + - EFI_PADDING_RSASSA_PKCS1V1P5_GUID + - EFI_PADDING_RSASSA_PSS_GUID + @param[in] HashedData Hash of the data to sign. Size is function of the + HashAlgorithm. + + @param[out] SignatureData Resulting signature with private key KeyId. Size + is function of the KeyType and key size retrieved + in the associated key size item of credentials. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + @retval EFI_INVALID_PARAMETER KeyId is not valid. + @retval EFI_INVALID_PARAMETER KeyType is not valid or not corresponding to KeyId. + @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL. + @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid. + @retval EFI_INVALID_PARAMETER PaddingMethod is NULL. + @retval EFI_INVALID_PARAMETER PaddingMethod is not valid. + @retval EFI_INVALID_PARAMETER HashedData is NULL. + @retval EFI_INVALID_PARAMETER SignatureData is NULL. + @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled. + PIN not verified. + @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection + has been removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_SIGN_DATA) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle, + IN UINTN KeyId, + IN UINTN KeyType, + IN EFI_GUID *HashAlgorithm, + IN EFI_GUID *PaddingMethod, + IN UINT8 *HashedData, + OUT UINT8 *SignatureData + ); + +/** + This function decrypts data with a PKI/RSA Smart Card private key. + + The function decrypts some PKI/RSA encrypted data with private key securely + stored into the Smart Card. + + The KeyId must reference a key of type SC_EDGE_RSA_EXCHANGE. + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection. + @param[in] KeyId Identifier of the key container, retrieved + in a key index item of credentials. + @param[in] HashAlgorithm Hash algorithm used to hash the, one of: + - EFI_HASH_ALGORITHM_SHA1_GUID + - EFI_HASH_ALGORITHM_SHA256_GUID + - EFI_HASH_ALGORITHM_SHA384_GUID + - EFI_HASH_ALGORITHM_SHA512_GUID + @param[in] PaddingMethod Padding method used jointly with hash algorithm, + one of: + - EFI_PADDING_NONE_GUID + - EFI_PADDING_RSAES_PKCS1V1P5_GUID + - EFI_PADDING_RSAES_OAEP_GUID + @param[in] EncryptedSize Size of data to decrypt. + @param[in] EncryptedData Data to decrypt + @param[in, out] PlaintextSize On input, in bytes, the size of buffer to store + the decrypted data. + On output, in bytes, the size of buffer required + to store the decrypted data. + @param[out] PlaintextData Buffer for decrypted data, padding removed. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + @retval EFI_INVALID_PARAMETER KeyId is not valid or associated key not of type + SC_EDGE_RSA_EXCHANGE. + @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL. + @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid. + @retval EFI_INVALID_PARAMETER PaddingMethod is NULL. + @retval EFI_INVALID_PARAMETER PaddingMethod is not valid. + @retval EFI_INVALID_PARAMETER EncryptedSize is 0. + @retval EFI_INVALID_PARAMETER EncryptedData is NULL. + @retval EFI_INVALID_PARAMETER PlaintextSize is NULL. + @retval EFI_INVALID_PARAMETER PlaintextData is NULL. + @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled. + PIN not verified. + @retval EFI_BUFFER_TOO_SMALL PlaintextSize is too small for the plaintext data + and the required size is returned in PlaintextSize. + @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection + has been removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_DECRYPT_DATA) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle, + IN UINTN KeyId, + IN EFI_GUID *HashAlgorithm, + IN EFI_GUID *PaddingMethod, + IN UINTN EncryptedSize, + IN UINT8 *EncryptedData, + IN OUT UINTN *PlaintextSize, + OUT UINT8 *PlaintextData + ); + +/** + This function performs a secret Diffie Hellman agreement calculation that would + be used to derive a symmetric encryption / decryption key. + + The function compute a DH agreement that should be diversified togenerate a symmetric + key to proceed encryption or decryption. + + The application and the Smart Card shall agree on the diversification process. + + The KeyId must reference a key of one of the types: SC_EDGE_ECDH_256, SC_EDGE_ECDH_384 + or SC_EDGE_ECDH_521. + + @param[in] This Indicates a pointer to the calling context. + @param[in] SCardHandle Handle on Smart Card connection. + @param[in] KeyId Identifier of the key container, retrieved + in a key index item of credentials. + @param[in] dataQx Public key x coordinate. Size is the same as + key size for KeyId. Stored in big endian format. + @param[in] dataQy Public key y coordinate. Size is the same as + key size for KeyId. Stored in big endian format. + @param[out] DHAgreement Buffer for DH agreement computed. Size must be + bigger or equal to key size for KeyId. + + @retval EFI_SUCCESS The requested command completed successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER No connection for SCardHandle value. + @retval EFI_INVALID_PARAMETER KeyId is not valid. + @retval EFI_INVALID_PARAMETER dataQx is NULL. + @retval EFI_INVALID_PARAMETER dataQy is NULL. + @retval EFI_INVALID_PARAMETER DHAgreement is NULL. + @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled. + PIN not verified. + @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection + has been removed. A Disconnect should be performed. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT) ( + IN EFI_SMART_CARD_EDGE_PROTOCOL *This, + IN EFI_HANDLE SCardHandle, + IN UINTN KeyId, + IN UINT8 *dataQx, + IN UINT8 *dataQy, + OUT UINT8 *DHAgreement + ); + +/// +/// Smart card aware application invokes this protocol to get access to an inserted +/// smart card in the reader or to the reader itself. +/// +struct _EFI_SMART_CARD_EDGE_PROTOCOL { + EFI_SMART_CARD_EDGE_GET_CONTEXT GetContext; + EFI_SMART_CARD_EDGE_CONNECT Connect; + EFI_SMART_CARD_EDGE_DISCONNECT Disconnect; + EFI_SMART_CARD_EDGE_GET_CSN GetCsn; + EFI_SMART_CARD_EDGE_GET_READER_NAME GetReaderName; + EFI_SMART_CARD_EDGE_VERIFY_PIN VerifyPin; + EFI_SMART_CARD_EDGE_GET_PIN_REMAINING GetPinRemaining; + EFI_SMART_CARD_EDGE_GET_DATA GetData; + EFI_SMART_CARD_EDGE_GET_CREDENTIAL GetCredential; + EFI_SMART_CARD_EDGE_SIGN_DATA SignData; + EFI_SMART_CARD_EDGE_DECRYPT_DATA DecryptData; + EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT BuildDHAgreement; +}; + +extern EFI_GUID gEfiSmartCardEdgeProtocolGuid; + +#endif + diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index f52e5855df..12d5b96679 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -1441,6 +1441,9 @@ ## Include/Protocol/SmartCardReader.h gEfiSmartCardReaderProtocolGuid = { 0x2a4d1adf, 0x21dc, 0x4b81, {0xa4, 0x2f, 0x8b, 0x8e, 0xe2, 0x38, 0x00, 0x60 }} + ## Include/Protocol/SmartCardEdge.h + gEfiSmartCardEdgeProtocolGuid = { 0xd317f29b, 0xa325, 0x4712, {0x9b, 0xf1, 0xc6, 0x19, 0x54, 0xdc, 0x19, 0x8c }} + # # [Error.gEfiMdePkgTokenSpaceGuid] # 0x80000001 | Invalid value provided. -- 2.39.2