2017-04-06 04:10:39 +02:00
|
|
|
/** @file
|
|
|
|
The Miscellaneous Routines for TlsDxe driver.
|
|
|
|
|
2018-03-15 11:37:34 +01:00
|
|
|
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
2017-04-06 04:10:39 +02:00
|
|
|
|
2019-04-04 01:06:13 +02:00
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
2017-04-06 04:10:39 +02:00
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include "TlsImpl.h"
|
|
|
|
|
|
|
|
/**
|
|
|
|
Encrypt the message listed in fragment.
|
|
|
|
|
|
|
|
@param[in] TlsInstance The pointer to the TLS instance.
|
|
|
|
@param[in, out] FragmentTable Pointer to a list of fragment.
|
|
|
|
On input these fragments contain the TLS header and
|
|
|
|
plain text TLS payload;
|
|
|
|
On output these fragments contain the TLS header and
|
|
|
|
cipher text TLS payload.
|
|
|
|
@param[in] FragmentCount Number of fragment.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation completed successfully.
|
|
|
|
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
|
|
|
|
@retval EFI_ABORTED TLS session state is incorrect.
|
|
|
|
@retval Others Other errors as indicated.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
TlsEncryptPacket (
|
|
|
|
IN TLS_INSTANCE *TlsInstance,
|
|
|
|
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
|
|
|
|
IN UINT32 *FragmentCount
|
|
|
|
)
|
|
|
|
{
|
|
|
|
EFI_STATUS Status;
|
|
|
|
UINTN Index;
|
|
|
|
UINT32 BytesCopied;
|
|
|
|
UINT32 BufferInSize;
|
|
|
|
UINT8 *BufferIn;
|
|
|
|
UINT8 *BufferInPtr;
|
|
|
|
TLS_RECORD_HEADER *RecordHeaderIn;
|
|
|
|
UINT16 ThisPlainMessageSize;
|
|
|
|
TLS_RECORD_HEADER *TempRecordHeader;
|
|
|
|
UINT16 ThisMessageSize;
|
|
|
|
UINT32 BufferOutSize;
|
|
|
|
UINT8 *BufferOut;
|
2018-03-15 11:37:34 +01:00
|
|
|
UINT32 RecordCount;
|
2017-04-06 04:10:39 +02:00
|
|
|
INTN Ret;
|
|
|
|
|
|
|
|
Status = EFI_SUCCESS;
|
|
|
|
BytesCopied = 0;
|
|
|
|
BufferInSize = 0;
|
|
|
|
BufferIn = NULL;
|
|
|
|
BufferInPtr = NULL;
|
|
|
|
RecordHeaderIn = NULL;
|
|
|
|
TempRecordHeader = NULL;
|
|
|
|
BufferOutSize = 0;
|
|
|
|
BufferOut = NULL;
|
2018-03-15 11:37:34 +01:00
|
|
|
RecordCount = 0;
|
2017-04-06 04:10:39 +02:00
|
|
|
Ret = 0;
|
|
|
|
|
|
|
|
//
|
|
|
|
// Calculate the size according to the fragment table.
|
|
|
|
//
|
|
|
|
for (Index = 0; Index < *FragmentCount; Index++) {
|
|
|
|
BufferInSize += (*FragmentTable)[Index].FragmentLength;
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
|
|
|
// Allocate buffer for processing data.
|
|
|
|
//
|
|
|
|
BufferIn = AllocateZeroPool (BufferInSize);
|
|
|
|
if (BufferIn == NULL) {
|
|
|
|
Status = EFI_OUT_OF_RESOURCES;
|
|
|
|
goto ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
|
|
|
// Copy all TLS plain record header and payload into BufferIn.
|
|
|
|
//
|
|
|
|
for (Index = 0; Index < *FragmentCount; Index++) {
|
|
|
|
CopyMem (
|
|
|
|
(BufferIn + BytesCopied),
|
|
|
|
(*FragmentTable)[Index].FragmentBuffer,
|
|
|
|
(*FragmentTable)[Index].FragmentLength
|
|
|
|
);
|
|
|
|
BytesCopied += (*FragmentTable)[Index].FragmentLength;
|
|
|
|
}
|
|
|
|
|
2018-03-15 11:37:34 +01:00
|
|
|
//
|
|
|
|
// Count TLS record number.
|
|
|
|
//
|
|
|
|
BufferInPtr = BufferIn;
|
|
|
|
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
|
|
|
|
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
|
|
|
|
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
|
|
|
|
Status = EFI_INVALID_PARAMETER;
|
|
|
|
goto ERROR;
|
|
|
|
}
|
|
|
|
BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;
|
|
|
|
RecordCount ++;
|
|
|
|
}
|
2018-06-27 15:12:32 +02:00
|
|
|
|
2018-03-15 11:37:34 +01:00
|
|
|
//
|
|
|
|
// Allocate enough buffer to hold TLS Ciphertext.
|
|
|
|
//
|
|
|
|
BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
|
2017-04-06 04:10:39 +02:00
|
|
|
if (BufferOut == NULL) {
|
|
|
|
Status = EFI_OUT_OF_RESOURCES;
|
|
|
|
goto ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
2018-03-15 11:37:34 +01:00
|
|
|
// Parsing buffer. Received packet may have multiple TLS record messages.
|
2017-04-06 04:10:39 +02:00
|
|
|
//
|
|
|
|
BufferInPtr = BufferIn;
|
|
|
|
TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
|
|
|
|
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
|
|
|
|
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
|
|
|
|
|
|
|
|
ThisPlainMessageSize = RecordHeaderIn->Length;
|
|
|
|
|
|
|
|
TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
|
|
|
|
|
2018-03-15 11:37:34 +01:00
|
|
|
Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);
|
2017-04-06 04:10:39 +02:00
|
|
|
|
|
|
|
if (Ret > 0) {
|
|
|
|
ThisMessageSize = (UINT16) Ret;
|
|
|
|
} else {
|
|
|
|
//
|
|
|
|
// No data was successfully encrypted, continue to encrypt other messages.
|
|
|
|
//
|
|
|
|
DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS object.\n"));
|
|
|
|
|
|
|
|
ThisMessageSize = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
BufferOutSize += ThisMessageSize;
|
|
|
|
|
2018-03-15 11:37:34 +01:00
|
|
|
BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
|
2018-10-30 04:30:08 +01:00
|
|
|
TempRecordHeader = (TLS_RECORD_HEADER *)((UINT8 *)TempRecordHeader + ThisMessageSize);
|
2017-04-06 04:10:39 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
FreePool (BufferIn);
|
|
|
|
BufferIn = NULL;
|
|
|
|
|
|
|
|
//
|
|
|
|
// The caller will be responsible to handle the original fragment table.
|
|
|
|
//
|
|
|
|
*FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
|
|
|
|
if (*FragmentTable == NULL) {
|
|
|
|
Status = EFI_OUT_OF_RESOURCES;
|
|
|
|
goto ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
(*FragmentTable)[0].FragmentBuffer = BufferOut;
|
|
|
|
(*FragmentTable)[0].FragmentLength = BufferOutSize;
|
|
|
|
*FragmentCount = 1;
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
|
|
|
|
ERROR:
|
|
|
|
|
|
|
|
if (BufferIn != NULL) {
|
|
|
|
FreePool (BufferIn);
|
|
|
|
BufferIn = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (BufferOut != NULL) {
|
|
|
|
FreePool (BufferOut);
|
|
|
|
BufferOut = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Decrypt the message listed in fragment.
|
|
|
|
|
|
|
|
@param[in] TlsInstance The pointer to the TLS instance.
|
|
|
|
@param[in, out] FragmentTable Pointer to a list of fragment.
|
|
|
|
On input these fragments contain the TLS header and
|
|
|
|
cipher text TLS payload;
|
|
|
|
On output these fragments contain the TLS header and
|
|
|
|
plain text TLS payload.
|
|
|
|
@param[in] FragmentCount Number of fragment.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The operation completed successfully.
|
|
|
|
@retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
|
|
|
|
@retval EFI_ABORTED TLS session state is incorrect.
|
|
|
|
@retval Others Other errors as indicated.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
TlsDecryptPacket (
|
|
|
|
IN TLS_INSTANCE *TlsInstance,
|
|
|
|
IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
|
|
|
|
IN UINT32 *FragmentCount
|
|
|
|
)
|
|
|
|
{
|
|
|
|
EFI_STATUS Status;
|
|
|
|
UINTN Index;
|
|
|
|
UINT32 BytesCopied;
|
|
|
|
UINT8 *BufferIn;
|
|
|
|
UINT32 BufferInSize;
|
|
|
|
UINT8 *BufferInPtr;
|
|
|
|
TLS_RECORD_HEADER *RecordHeaderIn;
|
|
|
|
UINT16 ThisCipherMessageSize;
|
|
|
|
TLS_RECORD_HEADER *TempRecordHeader;
|
|
|
|
UINT16 ThisPlainMessageSize;
|
|
|
|
UINT8 *BufferOut;
|
|
|
|
UINT32 BufferOutSize;
|
2018-03-15 11:37:34 +01:00
|
|
|
UINT32 RecordCount;
|
2017-04-06 04:10:39 +02:00
|
|
|
INTN Ret;
|
|
|
|
|
|
|
|
Status = EFI_SUCCESS;
|
|
|
|
BytesCopied = 0;
|
|
|
|
BufferIn = NULL;
|
|
|
|
BufferInSize = 0;
|
|
|
|
BufferInPtr = NULL;
|
|
|
|
RecordHeaderIn = NULL;
|
|
|
|
TempRecordHeader = NULL;
|
|
|
|
BufferOut = NULL;
|
|
|
|
BufferOutSize = 0;
|
2018-03-15 11:37:34 +01:00
|
|
|
RecordCount = 0;
|
2017-04-06 04:10:39 +02:00
|
|
|
Ret = 0;
|
|
|
|
|
|
|
|
//
|
|
|
|
// Calculate the size according to the fragment table.
|
|
|
|
//
|
|
|
|
for (Index = 0; Index < *FragmentCount; Index++) {
|
|
|
|
BufferInSize += (*FragmentTable)[Index].FragmentLength;
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
|
|
|
// Allocate buffer for processing data
|
|
|
|
//
|
|
|
|
BufferIn = AllocateZeroPool (BufferInSize);
|
|
|
|
if (BufferIn == NULL) {
|
|
|
|
Status = EFI_OUT_OF_RESOURCES;
|
|
|
|
goto ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
|
|
|
// Copy all TLS plain record header and payload to BufferIn
|
|
|
|
//
|
|
|
|
for (Index = 0; Index < *FragmentCount; Index++) {
|
|
|
|
CopyMem (
|
|
|
|
(BufferIn + BytesCopied),
|
|
|
|
(*FragmentTable)[Index].FragmentBuffer,
|
|
|
|
(*FragmentTable)[Index].FragmentLength
|
|
|
|
);
|
|
|
|
BytesCopied += (*FragmentTable)[Index].FragmentLength;
|
|
|
|
}
|
|
|
|
|
2018-03-15 11:37:34 +01:00
|
|
|
//
|
|
|
|
// Count TLS record number.
|
|
|
|
//
|
|
|
|
BufferInPtr = BufferIn;
|
|
|
|
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
|
|
|
|
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
|
|
|
|
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
|
|
|
|
Status = EFI_INVALID_PARAMETER;
|
|
|
|
goto ERROR;
|
|
|
|
}
|
|
|
|
BufferInPtr += TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Length);
|
|
|
|
RecordCount ++;
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
|
|
|
// Allocate enough buffer to hold TLS Plaintext.
|
|
|
|
//
|
|
|
|
BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH));
|
2017-04-06 04:10:39 +02:00
|
|
|
if (BufferOut == NULL) {
|
|
|
|
Status = EFI_OUT_OF_RESOURCES;
|
|
|
|
goto ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
|
|
|
// Parsing buffer. Received packet may have multiple TLS record messages.
|
|
|
|
//
|
|
|
|
BufferInPtr = BufferIn;
|
|
|
|
TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
|
|
|
|
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
|
|
|
|
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
|
|
|
|
|
|
|
|
ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
|
|
|
|
|
2018-03-15 11:37:34 +01:00
|
|
|
Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize);
|
|
|
|
if (Ret != TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) {
|
2017-04-06 04:10:39 +02:00
|
|
|
TlsInstance->TlsSessionState = EfiTlsSessionError;
|
|
|
|
Status = EFI_ABORTED;
|
|
|
|
goto ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
Ret = 0;
|
2018-03-15 11:37:34 +01:00
|
|
|
Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
|
2017-04-06 04:10:39 +02:00
|
|
|
|
|
|
|
if (Ret > 0) {
|
|
|
|
ThisPlainMessageSize = (UINT16) Ret;
|
|
|
|
} else {
|
|
|
|
//
|
|
|
|
// No data was successfully decrypted, continue to decrypt other messages.
|
|
|
|
//
|
|
|
|
DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));
|
|
|
|
|
|
|
|
ThisPlainMessageSize = 0;
|
|
|
|
}
|
|
|
|
|
2018-03-15 11:37:34 +01:00
|
|
|
CopyMem (TempRecordHeader, RecordHeaderIn, TLS_RECORD_HEADER_LENGTH);
|
2017-04-06 04:10:39 +02:00
|
|
|
TempRecordHeader->Length = ThisPlainMessageSize;
|
2018-03-15 11:37:34 +01:00
|
|
|
BufferOutSize += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
|
2017-04-06 04:10:39 +02:00
|
|
|
|
2018-03-15 11:37:34 +01:00
|
|
|
BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize;
|
2018-10-30 04:30:08 +01:00
|
|
|
TempRecordHeader = (TLS_RECORD_HEADER *)((UINT8 *)TempRecordHeader + TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize);
|
2017-04-06 04:10:39 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
FreePool (BufferIn);
|
|
|
|
BufferIn = NULL;
|
|
|
|
|
|
|
|
//
|
|
|
|
// The caller will be responsible to handle the original fragment table
|
|
|
|
//
|
|
|
|
*FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
|
|
|
|
if (*FragmentTable == NULL) {
|
|
|
|
Status = EFI_OUT_OF_RESOURCES;
|
|
|
|
goto ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
(*FragmentTable)[0].FragmentBuffer = BufferOut;
|
|
|
|
(*FragmentTable)[0].FragmentLength = BufferOutSize;
|
|
|
|
*FragmentCount = 1;
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
|
|
|
|
ERROR:
|
|
|
|
|
|
|
|
if (BufferIn != NULL) {
|
|
|
|
FreePool (BufferIn);
|
|
|
|
BufferIn = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (BufferOut != NULL) {
|
|
|
|
FreePool (BufferOut);
|
|
|
|
BufferOut = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
|