1 /** @file 2 The internal header file includes the common header files, defines 3 internal structure and functions used by AuthService module. 4 5 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 http://opensource.org/licenses/bsd-license.php 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 14 **/ 15 16 #ifndef _AUTHSERVICE_H_ 17 #define _AUTHSERVICE_H_ 18 19 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 20 #define EFI_CERT_TYPE_RSA2048_SIZE 256 21 22 /// 23 /// Size of AuthInfo prior to the data payload 24 /// 25 #define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) 26 27 /// 28 /// Item number of support signature types. 29 /// 30 #define SIGSUPPORT_NUM 2 31 32 /** 33 Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key. 34 35 @param[in] Data The data pointer. 36 @param[in] DataSize The size of Data found. If size is less than the 37 data, this value contains the required size. 38 @param[in] VirtualMode The current calling mode for this function. 39 @param[in] Global The context of this Extended SAL Variable Services Class call. 40 @param[in] Variable The variable information which is used to keep track of variable usage. 41 @param[in] Attributes The attribute value of the variable. 42 @param[out] KeyIndex The output index of corresponding public key in database. 43 @param[out] MonotonicCount The output value of corresponding Monotonic Count. 44 45 @retval EFI_INVALID_PARAMETER Invalid parameter. 46 @retval EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with 47 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. 48 @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 49 set, but the AuthInfo does NOT pass the validation 50 check carried out by the firmware. 51 @retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully. 52 53 **/ 54 EFI_STATUS 55 VerifyVariable ( 56 IN VOID *Data, 57 IN UINTN DataSize, 58 IN BOOLEAN VirtualMode, 59 IN ESAL_VARIABLE_GLOBAL *Global, 60 IN VARIABLE_POINTER_TRACK *Variable, 61 IN UINT32 Attributes OPTIONAL, 62 OUT UINT32 *KeyIndex OPTIONAL, 63 OUT UINT64 *MonotonicCount OPTIONAL 64 ); 65 66 /** 67 Initializes for authenticated varibale service. 68 69 @retval EFI_SUCCESS The function successfully executed. 70 @retval EFI_OUT_OF_RESOURCES Failed to allocate enough memory resources. 71 72 **/ 73 EFI_STATUS 74 AutenticatedVariableServiceInitialize ( 75 VOID 76 ); 77 78 /** 79 Initializes for cryptlib service before use, include register algrithm and allocate scratch. 80 81 **/ 82 VOID 83 CryptLibraryInitialize ( 84 VOID 85 ); 86 87 /** 88 Process variable with platform key for verification. 89 90 @param[in] VariableName The name of Variable to be found. 91 @param[in] VendorGuid Variable vendor GUID. 92 @param[in] Data The data pointer. 93 @param[in] DataSize The size of Data found. If size is less than the 94 data, this value contains the required size. 95 @param[in] VirtualMode The current calling mode for this function. 96 @param[in] Global The context of this Extended SAL Variable Services Class call. 97 @param[in] Variable The variable information which is used to keep track of variable usage. 98 @param[in] Attributes The attribute value of the variable. 99 @param[in] IsPk Indicates whether to process pk. 100 101 @retval EFI_INVALID_PARAMETER Invalid parameter. 102 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation 103 check carried out by the firmware. 104 @retval EFI_SUCCESS The variable passed validation successfully. 105 106 **/ 107 EFI_STATUS 108 ProcessVarWithPk ( 109 IN CHAR16 *VariableName, 110 IN EFI_GUID *VendorGuid, 111 IN VOID *Data, 112 IN UINTN DataSize, 113 IN BOOLEAN VirtualMode, 114 IN ESAL_VARIABLE_GLOBAL *Global, 115 IN VARIABLE_POINTER_TRACK *Variable, 116 IN UINT32 Attributes OPTIONAL, 117 IN BOOLEAN IsPk 118 ); 119 120 /** 121 Process variable with key exchange key for verification. 122 123 @param[in] VariableName The name of Variable to be found. 124 @param[in] VendorGuid The variable vendor GUID. 125 @param[in] Data The data pointer. 126 @param[in] DataSize Size of Data found. If size is less than the 127 data, this value contains the required size. 128 @param[in] VirtualMode The current calling mode for this function. 129 @param[in] Global The context of this Extended SAL Variable Services Class call. 130 @param[in] Variable The variable information which is used to keep track of variable usage. 131 @param[in] Attributes The attribute value of the variable. 132 133 @retval EFI_INVALID_PARAMETER Invalid parameter. 134 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation 135 check carried out by the firmware. 136 @retval EFI_SUCCESS The variable passed validation successfully. 137 138 **/ 139 EFI_STATUS 140 ProcessVarWithKek ( 141 IN CHAR16 *VariableName, 142 IN EFI_GUID *VendorGuid, 143 IN VOID *Data, 144 IN UINTN DataSize, 145 IN BOOLEAN VirtualMode, 146 IN ESAL_VARIABLE_GLOBAL *Global, 147 IN VARIABLE_POINTER_TRACK *Variable, 148 IN UINT32 Attributes OPTIONAL 149 ); 150 151 #endif 152