/** @file
  Type definitions and object declarations for the EnrollDefaultKeys

  Copyright (C) 2014-2019, Red Hat, Inc.

  SPDX-License-Identifier: BSD-2-Clause-Patent


#include <Uefi/UefiBaseType.h>

// Convenience structure types for constructing "signature lists" for
// authenticated UEFI variables.
// The most important thing about the variable payload is that it is a list of
// lists, where the element size of any given *inner* list is constant.
// Since X509 certificates vary in size, each of our *inner* lists will contain
// one element only (one X.509 certificate). This is explicitly mentioned in
// the UEFI specification, in "28.4.1 Signature Database", in a Note.
// The list structure looks as follows:
// struct EFI_VARIABLE_AUTHENTICATION_2 {                           |
//   struct EFI_TIME {                                              |
//     UINT16 Year;                                                 |
//     UINT8  Month;                                                |
//     UINT8  Day;                                                  |
//     UINT8  Hour;                                                 |
//     UINT8  Minute;                                               |
//     UINT8  Second;                                               |
//     UINT8  Pad1;                                                 |
//     UINT32 Nanosecond;                                           |
//     INT16  TimeZone;                                             |
//     UINT8  Daylight;                                             |
//     UINT8  Pad2;                                                 |
//   } TimeStamp;                                                   |
//                                                                  |
//   struct WIN_CERTIFICATE_UEFI_GUID {                           | |
//     struct WIN_CERTIFICATE {                                   | |
//       UINT32 dwLength; ----------------------------------------+ |
//       UINT16 wRevision;                                        | |
//       UINT16 wCertificateType;                                 | |
//     } Hdr;                                                     | +- DataSize
//                                                                | |
//     EFI_GUID CertType;                                         | |
//     UINT8    CertData[1] = { <--- "struct hack"                | |
//       struct EFI_SIGNATURE_LIST {                            | | |
//         EFI_GUID SignatureType;                              | | |
//         UINT32   SignatureListSize; -------------------------+ | |
//         UINT32   SignatureHeaderSize;                        | | |
//         UINT32   SignatureSize; ---------------------------+ | | |
//         UINT8    SignatureHeader[SignatureHeaderSize];     | | | |
//                                                            v | | |
//         struct EFI_SIGNATURE_DATA {                        | | | |
//           EFI_GUID SignatureOwner;                         | | | |
//           UINT8    SignatureData[1] = { <--- "struct hack" | | | |
//             X.509 payload                                  | | | |
//           }                                                | | | |
//         } Signatures[];                                      | | |
//       } SigLists[];                                            | |
//     };                                                         | |
//   } AuthInfo;                                                  | |
// };                                                               |
// Given that the "struct hack" invokes undefined behavior (which is why C99
// introduced the flexible array member), and because subtracting those pesky
// sizes of 1 is annoying, and because the format is fully specified in the
// UEFI specification, we'll introduce two matching convenience structures that
// are customized for our X.509 purposes.
#pragma pack (1)
typedef struct {
  EFI_TIME TimeStamp;

  // dwLength covers data below
  UINT32   dwLength;
  UINT16   wRevision;
  UINT16   wCertificateType;
  EFI_GUID CertType;

typedef struct {
  // SignatureListSize covers data below
  EFI_GUID SignatureType;
  UINT32   SignatureListSize;
  UINT32   SignatureHeaderSize; // constant 0
  UINT32   SignatureSize;

  // SignatureSize covers data below
  EFI_GUID SignatureOwner;

  // X.509 certificate follows
#pragma pack ()

// A structure that collects the values of UEFI variables related to Secure
// Boot.
typedef struct {
  UINT8 SetupMode;
  UINT8 SecureBoot;
  UINT8 SecureBootEnable;
  UINT8 CustomMode;
  UINT8 VendorKeys;

// Refer to "AuthData.c" for details on the following objects.
extern CONST UINT8 mMicrosoftKek[];
extern CONST UINTN mSizeOfMicrosoftKek;

extern CONST UINT8 mMicrosoftPca[];
extern CONST UINTN mSizeOfMicrosoftPca;

extern CONST UINT8 mMicrosoftUefiCa[];
extern CONST UINTN mSizeOfMicrosoftUefiCa;

extern CONST UINT8 mSha256OfDevNull[];
extern CONST UINTN mSizeOfSha256OfDevNull;