diff options
| author | Jiaxin Wu <jiaxin.wu@intel.com> | 2018-03-15 18:37:34 +0800 |
|---|---|---|
| committer | Jiaxin Wu <jiaxin.wu@intel.com> | 2018-03-22 08:24:53 +0800 |
| commit | cb3350ec62b9649cd699328710928b2c25e9a1bf (patch) | |
| tree | 5fba697c1ad677d6a7e6b309345e8210dc7e82b5 /NetworkPkg/TlsDxe | |
| parent | 0469ed69416a121025935df66c2217d21dde543e (diff) | |
| download | edk2-cb3350ec62b9649cd699328710928b2c25e9a1bf.tar.gz edk2-cb3350ec62b9649cd699328710928b2c25e9a1bf.tar.bz2 edk2-cb3350ec62b9649cd699328710928b2c25e9a1bf.zip | |
NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.
Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Diffstat (limited to 'NetworkPkg/TlsDxe')
| -rw-r--r-- | NetworkPkg/TlsDxe/TlsImpl.c | 74 | ||||
| -rw-r--r-- | NetworkPkg/TlsDxe/TlsImpl.h | 6 |
2 files changed, 52 insertions, 28 deletions
diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c index 8e1238216b..a026075f36 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.c +++ b/NetworkPkg/TlsDxe/TlsImpl.c @@ -1,7 +1,7 @@ /** @file
The Miscellaneous Routines for TlsDxe driver.
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -50,6 +50,7 @@ TlsEncryptPacket ( UINT16 ThisMessageSize;
UINT32 BufferOutSize;
UINT8 *BufferOut;
+ UINT32 RecordCount;
INTN Ret;
Status = EFI_SUCCESS;
@@ -61,6 +62,7 @@ TlsEncryptPacket ( TempRecordHeader = NULL;
BufferOutSize = 0;
BufferOut = NULL;
+ RecordCount = 0;
Ret = 0;
//
@@ -91,30 +93,42 @@ TlsEncryptPacket ( BytesCopied += (*FragmentTable)[Index].FragmentLength;
}
- BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+ //
+ // Count TLS record number.
+ //
+ BufferInPtr = BufferIn;
+ while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+ RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+ if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ERROR;
+ }
+ BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;
+ RecordCount ++;
+ }
+
+ //
+ // Allocate enough buffer to hold TLS Ciphertext.
+ //
+ BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
- // Parsing buffer.
+ // Parsing buffer. Received packet may have multiple TLS record messages.
//
BufferInPtr = BufferIn;
TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
- if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
- Status = EFI_INVALID_PARAMETER;
- goto ERROR;
- }
-
ThisPlainMessageSize = RecordHeaderIn->Length;
TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
- Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
+ Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);
if (Ret > 0) {
ThisMessageSize = (UINT16) Ret;
@@ -129,7 +143,7 @@ TlsEncryptPacket ( BufferOutSize += ThisMessageSize;
- BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
+ BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
TempRecordHeader += ThisMessageSize;
}
@@ -201,6 +215,7 @@ TlsDecryptPacket ( UINT16 ThisPlainMessageSize;
UINT8 *BufferOut;
UINT32 BufferOutSize;
+ UINT32 RecordCount;
INTN Ret;
Status = EFI_SUCCESS;
@@ -212,6 +227,7 @@ TlsDecryptPacket ( TempRecordHeader = NULL;
BufferOut = NULL;
BufferOutSize = 0;
+ RecordCount = 0;
Ret = 0;
//
@@ -242,7 +258,24 @@ TlsDecryptPacket ( BytesCopied += (*FragmentTable)[Index].FragmentLength;
}
- BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+ //
+ // Count TLS record number.
+ //
+ BufferInPtr = BufferIn;
+ while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+ RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+ if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ERROR;
+ }
+ BufferInPtr += TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Length);
+ RecordCount ++;
+ }
+
+ //
+ // Allocate enough buffer to hold TLS Plaintext.
+ //
+ BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH));
if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
@@ -256,22 +289,17 @@ TlsDecryptPacket ( while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
- if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
- Status = EFI_INVALID_PARAMETER;
- goto ERROR;
- }
-
ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
- Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);
- if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
+ Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize);
+ if (Ret != TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) {
TlsInstance->TlsSessionState = EfiTlsSessionError;
Status = EFI_ABORTED;
goto ERROR;
}
Ret = 0;
- Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);
+ Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
if (Ret > 0) {
ThisPlainMessageSize = (UINT16) Ret;
@@ -284,12 +312,12 @@ TlsDecryptPacket ( ThisPlainMessageSize = 0;
}
- CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
+ CopyMem (TempRecordHeader, RecordHeaderIn, TLS_RECORD_HEADER_LENGTH);
TempRecordHeader->Length = ThisPlainMessageSize;
- BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
+ BufferOutSize += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
- BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
- TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
+ BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize;
+ TempRecordHeader += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
}
FreePool (BufferIn);
diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h index 3ae9d0d546..e04b312c19 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.h +++ b/NetworkPkg/TlsDxe/TlsImpl.h @@ -1,7 +1,7 @@ /** @file
Header file of Miscellaneous Routines for TlsDxe driver.
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -46,10 +46,6 @@ extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding; extern EFI_TLS_PROTOCOL mTlsProtocol;
extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
-#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
-
-#define MAX_BUFFER_SIZE 32768
-
/**
Encrypt the message listed in fragment.
|