Re: [edk2] [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.
Reviewed-by: Karunakar p -Original Message- From: Jiaxin Wu [mailto:jiaxin...@intel.com] Sent: Tuesday, March 20, 2018 6:07 AM To: edk2-devel@lists.01.org Cc: Karunakar P; Fu Siyuan; Ye Ting Subject: [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption. Cc: Karunakar P Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- NetworkPkg/TlsDxe/TlsImpl.c | 74 +++-- NetworkPkg/TlsDxe/TlsImpl.h | 6 +--- 2 files changed, 52 insertions(+), 28 deletions(-) diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c index 8e1238216b..a026075f36 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.c +++ b/NetworkPkg/TlsDxe/TlsImpl.c @@ -1,9 +1,9 @@ /** @file The Miscellaneous Routines for TlsDxe driver. -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -48,10 +48,11 @@ TlsEncryptPacket ( UINT16 ThisPlainMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisMessageSize; UINT32 BufferOutSize; UINT8 *BufferOut; + UINT32 RecordCount; INTNRet; Status = EFI_SUCCESS; BytesCopied = 0; BufferInSize = 0; @@ -59,10 +60,11 @@ TlsEncryptPacket ( BufferInPtr = NULL; RecordHeaderIn = NULL; TempRecordHeader = NULL; BufferOutSize= 0; BufferOut= NULL; + RecordCount = 0; Ret = 0; // // Calculate the size according to the fragment table. // @@ -89,34 +91,46 @@ TlsEncryptPacket ( (*FragmentTable)[Index].FragmentLength ); BytesCopied += (*FragmentTable)[Index].FragmentLength; } - BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr = BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { +RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; +if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) { + Status = EFI_INVALID_PARAMETER; + goto ERROR; +} +BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length; +RecordCount ++; + } + + // + // Allocate enough buffer to hold TLS Ciphertext. + // + BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ERROR; } // - // Parsing buffer. + // Parsing buffer. Received packet may have multiple TLS record messages. // BufferInPtr = BufferIn; TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut; while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; -if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) { - Status = EFI_INVALID_PARAMETER; - goto ERROR; -} - ThisPlainMessageSize = RecordHeaderIn->Length; TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize); -Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize); +Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 + *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH); if (Ret > 0) { ThisMessageSize = (UINT16) Ret; } else { // @@ -127,11 +141,11 @@ TlsEncryptPacket ( ThisMessageSize = 0; } BufferOutSize += ThisMessageSize; -BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize; +BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; TempRecordHeader += ThisMessageSize; } FreePool (BufferIn); BufferIn = NULL; @@ -199,10 +213,11 @@ TlsDecryptPacket ( UINT16 ThisCipherMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisPlainMessageSize; UINT8 *BufferOut; UINT32 BufferOutSize; + UINT32 RecordCount; INTNRet; Status = EFI_SUCCESS; BytesCopied = 0; BufferIn = NULL; @@ -210,10 +225,11 @@ TlsDecryptPacket ( BufferInPtr = NULL; RecordHeaderIn = NULL; TempRecordHeader = NULL; BufferOut= NULL; BufferOutSize= 0; + RecordCount = 0; Ret = 0; // // Calculate the size according to the fragment table. // @@ -240,11 +256,28 @@ TlsDecryptPacket (
[edk2] [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.
Cc: Karunakar P Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- NetworkPkg/TlsDxe/TlsImpl.c | 74 +++-- NetworkPkg/TlsDxe/TlsImpl.h | 6 +--- 2 files changed, 52 insertions(+), 28 deletions(-) diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c index 8e1238216b..a026075f36 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.c +++ b/NetworkPkg/TlsDxe/TlsImpl.c @@ -1,9 +1,9 @@ /** @file The Miscellaneous Routines for TlsDxe driver. -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -48,10 +48,11 @@ TlsEncryptPacket ( UINT16 ThisPlainMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisMessageSize; UINT32 BufferOutSize; UINT8 *BufferOut; + UINT32 RecordCount; INTNRet; Status = EFI_SUCCESS; BytesCopied = 0; BufferInSize = 0; @@ -59,10 +60,11 @@ TlsEncryptPacket ( BufferInPtr = NULL; RecordHeaderIn = NULL; TempRecordHeader = NULL; BufferOutSize= 0; BufferOut= NULL; + RecordCount = 0; Ret = 0; // // Calculate the size according to the fragment table. // @@ -89,34 +91,46 @@ TlsEncryptPacket ( (*FragmentTable)[Index].FragmentLength ); BytesCopied += (*FragmentTable)[Index].FragmentLength; } - BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr = BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { +RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; +if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) { + Status = EFI_INVALID_PARAMETER; + goto ERROR; +} +BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length; +RecordCount ++; + } + + // + // Allocate enough buffer to hold TLS Ciphertext. + // + BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ERROR; } // - // Parsing buffer. + // Parsing buffer. Received packet may have multiple TLS record messages. // BufferInPtr = BufferIn; TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut; while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; -if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) { - Status = EFI_INVALID_PARAMETER; - goto ERROR; -} - ThisPlainMessageSize = RecordHeaderIn->Length; TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize); -Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize); +Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH); if (Ret > 0) { ThisMessageSize = (UINT16) Ret; } else { // @@ -127,11 +141,11 @@ TlsEncryptPacket ( ThisMessageSize = 0; } BufferOutSize += ThisMessageSize; -BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize; +BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; TempRecordHeader += ThisMessageSize; } FreePool (BufferIn); BufferIn = NULL; @@ -199,10 +213,11 @@ TlsDecryptPacket ( UINT16 ThisCipherMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisPlainMessageSize; UINT8 *BufferOut; UINT32 BufferOutSize; + UINT32 RecordCount; INTNRet; Status = EFI_SUCCESS; BytesCopied = 0; BufferIn = NULL; @@ -210,10 +225,11 @@ TlsDecryptPacket ( BufferInPtr = NULL; RecordHeaderIn = NULL; TempRecordHeader = NULL; BufferOut= NULL; BufferOutSize= 0; + RecordCount = 0; Ret = 0; // // Calculate the size according to the fragment table. // @@ -240,11 +256,28 @@ TlsDecryptPacket ( (*FragmentTable)[Index].FragmentLength ); BytesCopied += (*FragmentTable)[Index].FragmentLength; } - BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr = BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { +Reco