tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption. 

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
This commit is contained in:
Jiaxin Wu 2018-03-15 18:37:34 +08:00
parent 0469ed6941
commit cb3350ec62
2 changed files with 52 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
NetworkPkg/TlsDxe/TlsImpl.c
View File

@ -1,7 +1,7 @@
/** @file
The Miscellaneous Routines for TlsDxe driver.
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@ -50,6 +50,7 @@ TlsEncryptPacket (
UINT16 ThisMessageSize;
UINT32 BufferOutSize;
UINT8 *BufferOut;
UINT32 RecordCount;
INTN Ret;
Status = EFI_SUCCESS;
@ -61,6 +62,7 @@ TlsEncryptPacket (
TempRecordHeader = NULL;
BufferOutSize = 0;
BufferOut = NULL;
RecordCount = 0;
Ret = 0;
//
@ -91,30 +93,42 @@ TlsEncryptPacket (
BytesCopied += (*FragmentTable)[Index].FragmentLength;
}
BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
//
// Count TLS record number.
//
BufferInPtr = BufferIn;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;
RecordCount ++;
}
//
// Allocate enough buffer to hold TLS Ciphertext.
//
BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
}
//
// Parsing buffer.
// Parsing buffer. Received packet may have multiple TLS record messages.
//
BufferInPtr = BufferIn;
TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
ThisPlainMessageSize = RecordHeaderIn->Length;
TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);
if (Ret > 0) {
ThisMessageSize = (UINT16) Ret;
@ -129,7 +143,7 @@ TlsEncryptPacket (
BufferOutSize += ThisMessageSize;
BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
TempRecordHeader += ThisMessageSize;
}
@ -201,6 +215,7 @@ TlsDecryptPacket (
UINT16 ThisPlainMessageSize;
UINT8 *BufferOut;
UINT32 BufferOutSize;
UINT32 RecordCount;
INTN Ret;
Status = EFI_SUCCESS;
@ -212,6 +227,7 @@ TlsDecryptPacket (
TempRecordHeader = NULL;
BufferOut = NULL;
BufferOutSize = 0;
RecordCount = 0;
Ret = 0;
//
@ -242,7 +258,24 @@ TlsDecryptPacket (
BytesCopied += (*FragmentTable)[Index].FragmentLength;
}
BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
//
// Count TLS record number.
//
BufferInPtr = BufferIn;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
BufferInPtr += TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Length);
RecordCount ++;
}
//
// Allocate enough buffer to hold TLS Plaintext.
//
BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH));
if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR;
@ -256,22 +289,17 @@ TlsDecryptPacket (
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);
if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize);
if (Ret != TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) {
TlsInstance->TlsSessionState = EfiTlsSessionError;
Status = EFI_ABORTED;
goto ERROR;
}
Ret = 0;
Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);
Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
if (Ret > 0) {
ThisPlainMessageSize = (UINT16) Ret;
@ -284,12 +312,12 @@ TlsDecryptPacket (
ThisPlainMessageSize = 0;
}
CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
CopyMem (TempRecordHeader, RecordHeaderIn, TLS_RECORD_HEADER_LENGTH);
TempRecordHeader->Length = ThisPlainMessageSize;
BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
BufferOutSize += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize;
TempRecordHeader += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
}
FreePool (BufferIn);

6
NetworkPkg/TlsDxe/TlsImpl.h
View File

@ -1,7 +1,7 @@
/** @file
Header file of Miscellaneous Routines for TlsDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@ -46,10 +46,6 @@ extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;
extern EFI_TLS_PROTOCOL mTlsProtocol;
extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
#define MAX_BUFFER_SIZE 32768
/**
Encrypt the message listed in fragment.