summaryrefslogtreecommitdiff
path: root/MdePkg/Include
diff options
context:
space:
mode:
authorFeng Tian <feng.tian@intel.com>2015-05-05 07:28:48 +0000
committererictian <erictian@Edk2>2015-05-05 07:28:48 +0000
commit78a788553f1fbb92e264f14bcbfe6806b50ea068 (patch)
treeffc35980a324c65a2f0c0c94940510777d6e21ae /MdePkg/Include
parent98995a5aeabbc6c2d40172a254aa26dfc3831b28 (diff)
downloadedk2-platforms-78a788553f1fbb92e264f14bcbfe6806b50ea068.tar.xz
MdePkg: Add UEFI2.5 Smart Card Edge protocol definitions
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17294 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdePkg/Include')
-rw-r--r--MdePkg/Include/Protocol/SmartCardEdge.h726
1 files changed, 726 insertions, 0 deletions
diff --git a/MdePkg/Include/Protocol/SmartCardEdge.h b/MdePkg/Include/Protocol/SmartCardEdge.h
new file mode 100644
index 0000000000..2f95c9815e
--- /dev/null
+++ b/MdePkg/Include/Protocol/SmartCardEdge.h
@@ -0,0 +1,726 @@
+/** @file
+ The Smart Card Edge Protocol provides an abstraction for device to provide Smart
+ Card support.
+
+ This protocol allows UEFI applications to interface with a Smart Card during
+ boot process for authentication or data signing/decryption, especially if the
+ application has to make use of PKI.
+
+ Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __SMART_CARD_EDGE_H__
+#define __SMART_CARD_EDGE_H__
+
+#define EFI_SMART_CARD_EDGE_PROTOCOL_GUID \
+ { \
+ 0xd317f29b, 0xa325, 0x4712, {0x9b, 0xf1, 0xc6, 0x19, 0x54, 0xdc, 0x19, 0x8c} \
+ }
+
+typedef struct _EFI_SMART_CARD_EDGE_PROTOCOL EFI_SMART_CARD_EDGE_PROTOCOL;
+
+//
+// Maximum size for a Smart Card AID (Application IDentifier)
+//
+#define SCARD_AID_MAXSIZE 0x0010
+//
+// Size of CSN (Card Serial Number)
+//
+#define SCARD_CSN_SIZE 0x0010
+//
+// Current specification version 1.00
+//
+#define SMART_CARD_EDGE_PROTOCOL_VERSION_1 0x00000100
+//
+// Parameters type definition
+//
+typedef UINT8 SMART_CARD_AID[SCARD_AID_MAXSIZE];
+typedef UINT8 SMART_CARD_CSN[SCARD_CSN_SIZE];
+
+//
+// Type of data elements in credentials list
+//
+// value of tag field for header, the number of containers
+//
+#define SC_EDGE_TAG_HEADER 0x0000
+//
+// value of tag field for certificate
+//
+#define SC_EDGE_TAG_CERT 0x0001
+//
+// value of tag field for key index associated with certificate
+//
+#define SC_EDGE_TAG_KEY_ID 0x0002
+//
+// value of tag field for key type
+//
+#define SC_EDGE_TAG_KEY_TYPE 0x0003
+//
+// value of tag field for key size
+//
+#define SC_EDGE_TAG_KEY_SIZE 0x0004
+
+//
+// Length of L fields of TLV items
+//
+//
+// size of L field for header
+//
+#define SC_EDGE_L_SIZE_HEADER 1
+//
+// size of L field for certificate (big endian)
+//
+#define SC_EDGE_L_SIZE_CERT 2
+//
+// size of L field for key index
+//
+#define SC_EDGE_L_SIZE_KEY_ID 1
+//
+// size of L field for key type
+//
+#define SC_EDGE_L_SIZE_KEY_TYPE 1
+//
+// size of L field for key size (big endian)
+//
+#define SC_EDGE_L_SIZE_KEY_SIZE 2
+
+//
+// Some TLV items have a fixed value for L field
+//
+// value of L field for header
+//
+#define SC_EDGE_L_VALUE_HEADER 1
+//
+// value of L field for key index
+//
+#define SC_EDGE_L_VALUE_KEY_ID 1
+//
+// value of L field for key type
+//
+#define SC_EDGE_L_VALUE_KEY_TYPE 1
+//
+// value of L field for key size
+//
+#define SC_EDGE_L_VALUE_KEY_SIZE 2
+
+//
+// Possible values for key type
+//
+//
+// RSA decryption
+//
+#define SC_EDGE_RSA_EXCHANGE 0x01
+//
+// RSA signature
+//
+#define SC_EDGE_RSA_SIGNATURE 0x02
+//
+// ECDSA signature
+//
+#define SC_EDGE_ECDSA_256 0x03
+//
+// ECDSA signature
+//
+#define SC_EDGE_ECDSA_384 0x04
+//
+// ECDSA signature
+//
+#define SC_EDGE_ECDSA_521 0x05
+//
+// ECDH agreement
+//
+#define SC_EDGE_ECDH_256 0x06
+//
+// ECDH agreement
+//
+#define SC_EDGE_ECDH_384 0x07
+//
+// ECDH agreement
+//
+#define SC_EDGE_ECDH_521 0x08
+
+//
+// Padding methods GUIDs for signature
+//
+//
+// RSASSA- PKCS#1-V1.5 padding method, for signature
+//
+#define EFI_PADDING_RSASSA_PKCS1V1P5_GUID \
+ { \
+ 0x9317ec24, 0x7cb0, 0x4d0e, {0x8b, 0x32, 0x2e, 0xd9, 0x20, 0x9c, 0xd8, 0xaf} \
+ }
+//
+// RSASSA-PSS padding method, for signature
+//
+#define EFI_PADDING_RSASSA_PSS_GUID \
+ { \
+ 0x7b2349e0, 0x522d, 0x4f8e, {0xb9, 0x27, 0x69, 0xd9, 0x7c, 0x9e, 0x79, 0x5f} \
+ }
+
+//
+// Padding methods GUIDs for decryption
+//
+//
+// No padding, for decryption
+//
+#define EFI_PADDING_NONE_GUID \
+ { \
+ 0x3629ddb1, 0x228c, 0x452e, {0xb6, 0x16, 0x09, 0xed, 0x31, 0x6a, 0x97, 0x00} \
+ }
+//
+// RSAES-PKCS#1-V1.5 padding, for decryption
+//
+#define EFI_PADDING_RSAES_PKCS1V1P5_GUID \
+ { \
+ 0xe1c1d0a9, 0x40b1, 0x4632, {0xbd, 0xcc, 0xd9, 0xd6, 0xe5, 0x29, 0x56, 0x31} \
+ }
+//
+// RSAES-OAEP padding, for decryption
+//
+#define EFI_PADDING_RSAES_OAEP_GUID \
+ { \
+ 0xc1e63ac4, 0xd0cf, 0x4ce6, {0x83, 0x5b, 0xee, 0xd0, 0xe6, 0xa8, 0xa4, 0x5b} \
+ }
+
+/**
+ This function retrieves the context driver.
+
+ The GetContextfunction returns the context of the protocol, the application
+ identifiers supported by the protocol and the number and the CSN unique identifier
+ of Smart Cards that are present and supported by protocol.
+
+ If AidTableSize, AidTable, CsnTableSize, CsnTable or VersionProtocol is NULL,
+ the function does not fail but does not fill in such variables.
+
+ In case AidTableSize indicates a buffer too small to hold all the protocol AID table,
+ only the first AidTableSize items of the table are returned in AidTable.
+
+ In case CsnTableSize indicates a buffer too small to hold the entire table of
+ Smart Card CSN present, only the first CsnTableSize items of the table are returned
+ in CsnTable.
+
+ VersionScEdgeProtocol returns the version of the EFI_SMART_CARD_EDGE_PROTOCOL this
+ driver uses. For this protocol specification value is SMART_CARD_EDGE_PROTOCOL_VERSION_1.
+
+ In case of Smart Card removal the internal CSN list is immediately updated, even if
+ a connection is opened with that Smart Card.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[out] NumberAidSupported Number of AIDs this protocol supports.
+ @param[in, out] AidTableSize On input, number of items allocated for the
+ AID table. On output, number of items returned
+ by protocol.
+ @param[out] AidTable Table of the AIDs supported by the protocol.
+ @param[out] NumberSCPresent Number of currently present Smart Cards that
+ are supported by protocol.
+ @param[in, out] CsnTableSize On input, the number of items the buffer CSN
+ table can contain. On output, the number of
+ items returned by the protocol.
+ @param[out] CsnTable Table of the CSN of the Smart Card present and
+ supported by protocol.
+ @param[out] VersionScEdgeProtocol EFI_SMART_CARD_EDGE_PROTOCOL version.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER NumberSCPresent is NULL.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_CONTEXT) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ OUT UINTN *NumberAidSupported,
+ IN OUT UINTN *AidTableSize OPTIONAL,
+ OUT SMART_CARD_AID *AidTable OPTIONAL,
+ OUT UINTN *NumberSCPresent,
+ IN OUT UINTN *CsnTableSize OPTIONAL,
+ OUT SMART_CARD_CSN *CsnTable OPTIONAL,
+ OUT UINT32 *VersionScEdgeProtocol OPTIONAL
+ );
+
+/**
+ This function establish a connection with a Smart Card the protocol support.
+
+ In case of success the SCardHandle can be used.
+
+ If the ScardCsn is NULL the connection is established with the first Smart Card
+ the protocol finds in its table of Smart Card present and supported. Else it
+ establish context with the Smart Card whose CSN given by ScardCsn.
+
+ If ScardAid is not NULL the function returns the Smart Card AID the protocol supports.
+ After a successful connect the SCardHandle will remain existing even in case Smart Card
+ removed from Smart Card reader, but all function invoking this SCardHandle will fail.
+ SCardHandle is released only on Disconnect.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[out] SCardHandle Handle on Smart Card connection.
+ @param[in] ScardCsn CSN of the Smart Card the connection has to be
+ established.
+ @param[out] ScardAid AID of the Smart Card the connection has been
+ established.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER SCardHandle is NULL.
+ @retval EFI_NO_MEDIA No Smart Card supported by protocol is present,
+ Smart Card with CSN ScardCsn or Reader has been
+ removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_CONNECT) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ OUT EFI_HANDLE *SCardHandle,
+ IN UINT8 *ScardCsn OPTIONAL,
+ OUT UINT8 *ScardAid OPTIONAL
+ );
+
+/**
+ This function releases a connection previously established by Connect.
+
+ The Disconnect function releases the connection previously established by
+ a Connect. In case the Smart Card or the Smart Card reader has been removed
+ before this call, this function returns EFI_SUCCESS.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection to release.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_DISCONNECT) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle
+ );
+
+/**
+ This function returns the Smart Card serial number.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[out] Csn The Card Serial number, 16 bytes array.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_CSN) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ OUT UINT8 Csn[SCARD_CSN_SIZE]
+ );
+
+/**
+ This function returns the name of the Smart Card reader used for this connection.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in, out] ReaderNameLength On input, a pointer to the variable that holds
+ the maximal size, in bytes, of ReaderName.
+ On output, the required size, in bytes, for ReaderName.
+ @param[out] ReaderName A pointer to a NULL terminated string that will
+ contain the reader name.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER ReaderNameLength is NULL.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_READER_NAME) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN OUT UINTN *ReaderNameLength,
+ OUT CHAR16 *ReaderName OPTIONAL
+ );
+
+/**
+ This function authenticates a Smart Card user by presenting a PIN code.
+
+ The VerifyPinfunction presents a PIN code to the Smart Card.
+
+ If Smart Card found the PIN code correct the user is considered authenticated
+ to current application, and the function returns TRUE.
+
+ Negative or null PinSize value rejected if PinCodeis not NULL.
+
+ A NULL PinCodebuffer means the application didn't know the PIN, in that case:
+ - If PinSize value is negative the caller only wants to know if the current
+ chain of the elements Smart Card Edge protocol, Smart Card Reader protocol
+ and Smart Card Reader supports the Secure Pin Entry PCSC V2 functionality.
+ - If PinSize value is positive or null the caller ask to perform the verify
+ PIN using the Secure PIN Entry functionality.
+
+ In PinCode buffer, the PIN value is always given in plaintext, in case of secure
+ messaging the SMART_CARD_EDGE_PROTOCOL will be in charge of all intermediate
+ treatments to build the correct Smart Card APDU.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] PinSize PIN code buffer size.
+ @param[in] PinCode PIN code to present to the Smart Card.
+ @param[out] PinResult Result of PIN code presentation to the Smart Card.
+ TRUE when Smard Card founds the PIN code correct.
+ @param[out] RemainingAttempts Number of attempts still possible.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_UNSUPPORTED Pinsize < 0 and Secure PIN Entry functionality not
+ supported.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER Bad value for PinSize: value not supported by Smart
+ Card or, negative with PinCode not null.
+ @retval EFI_INVALID_PARAMETER PinResult is NULL.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_VERIFY_PIN) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN INT32 PinSize,
+ IN UINT8 *PinCode,
+ OUT BOOLEAN *PinResult,
+ OUT UINT32 *RemainingAttempts OPTIONAL
+ );
+
+/**
+ This function gives the remaining number of attempts for PIN code presentation.
+
+ The number of attempts to present a correct PIN is limited and depends on Smart
+ Card and on PIN.
+
+ This function will retrieve the number of remaining possible attempts.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[out] RemainingAttempts Number of attempts still possible.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER RemainingAttempts is NULL.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_PIN_REMAINING) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ OUT UINT32 *RemainingAttempts
+ );
+
+/**
+ This function returns a specific data from Smart Card.
+
+ The function is generic for any kind of data, but driver and application must
+ share an EFI_GUID that identify the data.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] DataId The type identifier of the data to get.
+ @param[in, out] DataSize On input, in bytes, the size of Data. On output,
+ in bytes, the size of buffer required to store
+ the specified data.
+ @param[out] Data The data buffer in which the data is returned.
+ The type of the data buffer is associated with
+ the DataId. Ignored if *DataSize is 0.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER DataId is NULL.
+ @retval EFI_INVALID_PARAMETER DataSize is NULL.
+ @retval EFI_INVALID_PARAMETER Data is NULL, and *DataSize is not zero.
+ @retval EFI_NOT_FOUND DataId unknown for this driver.
+ @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the specified
+ data and the required size is returned in DataSize.
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
+ PIN not verified.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_DATA) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN EFI_GUID *DataId,
+ IN OUT UINTN *DataSize,
+ OUT VOID *Data OPTIONAL
+ );
+
+/**
+ This function retrieve credentials store into the Smart Card.
+
+ The function returns a series of items in TLV (Tag Length Value) format.
+
+ First TLV item is the header item that gives the number of following
+ containers (0x00, 0x01, Nb containers).
+
+ All these containers are a series of 4 TLV items:
+ - The certificate item (0x01, certificate size, certificate)
+ - The Key identifier item (0x02, 0x01, key index)
+ - The key type item (0x03, 0x01, key type)
+ - The key size item (0x04, 0x02, key size), key size in number of bits.
+ Numeric multi-bytes values are on big endian format, most significant byte first:
+ - The L field value for certificate (2 bytes)
+ - The L field value for key size (2 bytes)
+ - The value field for key size (2 bytes)
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in, out] CredentialSize On input, in bytes, the size of buffer to store
+ the list of credential.
+ On output, in bytes, the size of buffer required
+ to store the entire list of credentials.
+
+ @param[out] CredentialList List of credentials stored into the Smart Card.
+ A list of TLV (Tag Length Value) elements organized
+ in containers array.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER CredentialSize is NULL.
+ @retval EFI_INVALID_PARAMETER CredentialList is NULL, if CredentialSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL The size of CredentialList is too small for the
+ specified data and the required size is returned in
+ CredentialSize.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_GET_CREDENTIAL) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN OUT UINTN *CredentialSize,
+ OUT UINT8 *CredentialList OPTIONAL
+ );
+
+/**
+ This function signs an already hashed data with a Smart Card private key.
+
+ This function signs data, actually it is the hash of these data that is given
+ to the function.
+
+ SignatureData buffer shall be big enough for signature. Signature size is
+ function key size and key type.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] KeyId Identifier of the key container, retrieved
+ in a key index item of credentials.
+ @param[in] KeyType The key type, retrieved in a key type item of
+ credentials.
+
+ @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
+ - EFI_HASH_ALGORITHM_SHA1_GUID
+ - EFI_HASH_ALGORITHM_SHA256_GUID
+ - EFI_HASH_ALGORITHM_SHA384_GUID
+ - EFI_HASH_ALGORITHM_SHA512_GUID
+ @param[in] PaddingMethod Padding method used jointly with hash algorithm,
+ one of:
+ - EFI_PADDING_RSASSA_PKCS1V1P5_GUID
+ - EFI_PADDING_RSASSA_PSS_GUID
+ @param[in] HashedData Hash of the data to sign. Size is function of the
+ HashAlgorithm.
+
+ @param[out] SignatureData Resulting signature with private key KeyId. Size
+ is function of the KeyType and key size retrieved
+ in the associated key size item of credentials.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER KeyId is not valid.
+ @retval EFI_INVALID_PARAMETER KeyType is not valid or not corresponding to KeyId.
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
+ @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
+ @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
+ @retval EFI_INVALID_PARAMETER HashedData is NULL.
+ @retval EFI_INVALID_PARAMETER SignatureData is NULL.
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
+ PIN not verified.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_SIGN_DATA) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN UINTN KeyId,
+ IN UINTN KeyType,
+ IN EFI_GUID *HashAlgorithm,
+ IN EFI_GUID *PaddingMethod,
+ IN UINT8 *HashedData,
+ OUT UINT8 *SignatureData
+ );
+
+/**
+ This function decrypts data with a PKI/RSA Smart Card private key.
+
+ The function decrypts some PKI/RSA encrypted data with private key securely
+ stored into the Smart Card.
+
+ The KeyId must reference a key of type SC_EDGE_RSA_EXCHANGE.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] KeyId Identifier of the key container, retrieved
+ in a key index item of credentials.
+ @param[in] HashAlgorithm Hash algorithm used to hash the, one of:
+ - EFI_HASH_ALGORITHM_SHA1_GUID
+ - EFI_HASH_ALGORITHM_SHA256_GUID
+ - EFI_HASH_ALGORITHM_SHA384_GUID
+ - EFI_HASH_ALGORITHM_SHA512_GUID
+ @param[in] PaddingMethod Padding method used jointly with hash algorithm,
+ one of:
+ - EFI_PADDING_NONE_GUID
+ - EFI_PADDING_RSAES_PKCS1V1P5_GUID
+ - EFI_PADDING_RSAES_OAEP_GUID
+ @param[in] EncryptedSize Size of data to decrypt.
+ @param[in] EncryptedData Data to decrypt
+ @param[in, out] PlaintextSize On input, in bytes, the size of buffer to store
+ the decrypted data.
+ On output, in bytes, the size of buffer required
+ to store the decrypted data.
+ @param[out] PlaintextData Buffer for decrypted data, padding removed.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER KeyId is not valid or associated key not of type
+ SC_EDGE_RSA_EXCHANGE.
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is NULL.
+ @retval EFI_INVALID_PARAMETER HashAlgorithm is not valid.
+ @retval EFI_INVALID_PARAMETER PaddingMethod is NULL.
+ @retval EFI_INVALID_PARAMETER PaddingMethod is not valid.
+ @retval EFI_INVALID_PARAMETER EncryptedSize is 0.
+ @retval EFI_INVALID_PARAMETER EncryptedData is NULL.
+ @retval EFI_INVALID_PARAMETER PlaintextSize is NULL.
+ @retval EFI_INVALID_PARAMETER PlaintextData is NULL.
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
+ PIN not verified.
+ @retval EFI_BUFFER_TOO_SMALL PlaintextSize is too small for the plaintext data
+ and the required size is returned in PlaintextSize.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_DECRYPT_DATA) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN UINTN KeyId,
+ IN EFI_GUID *HashAlgorithm,
+ IN EFI_GUID *PaddingMethod,
+ IN UINTN EncryptedSize,
+ IN UINT8 *EncryptedData,
+ IN OUT UINTN *PlaintextSize,
+ OUT UINT8 *PlaintextData
+ );
+
+/**
+ This function performs a secret Diffie Hellman agreement calculation that would
+ be used to derive a symmetric encryption / decryption key.
+
+ The function compute a DH agreement that should be diversified togenerate a symmetric
+ key to proceed encryption or decryption.
+
+ The application and the Smart Card shall agree on the diversification process.
+
+ The KeyId must reference a key of one of the types: SC_EDGE_ECDH_256, SC_EDGE_ECDH_384
+ or SC_EDGE_ECDH_521.
+
+ @param[in] This Indicates a pointer to the calling context.
+ @param[in] SCardHandle Handle on Smart Card connection.
+ @param[in] KeyId Identifier of the key container, retrieved
+ in a key index item of credentials.
+ @param[in] dataQx Public key x coordinate. Size is the same as
+ key size for KeyId. Stored in big endian format.
+ @param[in] dataQy Public key y coordinate. Size is the same as
+ key size for KeyId. Stored in big endian format.
+ @param[out] DHAgreement Buffer for DH agreement computed. Size must be
+ bigger or equal to key size for KeyId.
+
+ @retval EFI_SUCCESS The requested command completed successfully.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER No connection for SCardHandle value.
+ @retval EFI_INVALID_PARAMETER KeyId is not valid.
+ @retval EFI_INVALID_PARAMETER dataQx is NULL.
+ @retval EFI_INVALID_PARAMETER dataQy is NULL.
+ @retval EFI_INVALID_PARAMETER DHAgreement is NULL.
+ @retval EFI_ACCESS_DENIED Operation not performed, conditions not fulfilled.
+ PIN not verified.
+ @retval EFI_NO_MEDIA Smart Card or Reader of SCardHandle connection
+ has been removed. A Disconnect should be performed.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT) (
+ IN EFI_SMART_CARD_EDGE_PROTOCOL *This,
+ IN EFI_HANDLE SCardHandle,
+ IN UINTN KeyId,
+ IN UINT8 *dataQx,
+ IN UINT8 *dataQy,
+ OUT UINT8 *DHAgreement
+ );
+
+///
+/// Smart card aware application invokes this protocol to get access to an inserted
+/// smart card in the reader or to the reader itself.
+///
+struct _EFI_SMART_CARD_EDGE_PROTOCOL {
+ EFI_SMART_CARD_EDGE_GET_CONTEXT GetContext;
+ EFI_SMART_CARD_EDGE_CONNECT Connect;
+ EFI_SMART_CARD_EDGE_DISCONNECT Disconnect;
+ EFI_SMART_CARD_EDGE_GET_CSN GetCsn;
+ EFI_SMART_CARD_EDGE_GET_READER_NAME GetReaderName;
+ EFI_SMART_CARD_EDGE_VERIFY_PIN VerifyPin;
+ EFI_SMART_CARD_EDGE_GET_PIN_REMAINING GetPinRemaining;
+ EFI_SMART_CARD_EDGE_GET_DATA GetData;
+ EFI_SMART_CARD_EDGE_GET_CREDENTIAL GetCredential;
+ EFI_SMART_CARD_EDGE_SIGN_DATA SignData;
+ EFI_SMART_CARD_EDGE_DECRYPT_DATA DecryptData;
+ EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT BuildDHAgreement;
+};
+
+extern EFI_GUID gEfiSmartCardEdgeProtocolGuid;
+
+#endif
+