tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption. 

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
This commit is contained in:
Jiaxin Wu 2018-03-15 18:37:34 +08:00
parent 0469ed6941
commit cb3350ec62
2 changed files with 52 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
NetworkPkg/TlsDxe/TlsImpl.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
The Miscellaneous Routines for TlsDxe driver. The Miscellaneous Routines for TlsDxe driver.
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -50,6 +50,7 @@ TlsEncryptPacket (
UINT16 ThisMessageSize; UINT16 ThisMessageSize;
UINT32 BufferOutSize; UINT32 BufferOutSize;
UINT8 *BufferOut; UINT8 *BufferOut;
UINT32 RecordCount;
INTN Ret; INTN Ret;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
@ -61,6 +62,7 @@ TlsEncryptPacket (
TempRecordHeader = NULL; TempRecordHeader = NULL;
BufferOutSize = 0; BufferOutSize = 0;
BufferOut = NULL; BufferOut = NULL;
RecordCount = 0;
Ret = 0; Ret = 0;
// //
@ -91,30 +93,42 @@ TlsEncryptPacket (
BytesCopied += (*FragmentTable)[Index].FragmentLength; BytesCopied += (*FragmentTable)[Index].FragmentLength;
} }
BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE); //
// Count TLS record number.
//
BufferInPtr = BufferIn;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;
RecordCount ++;
}
//
// Allocate enough buffer to hold TLS Ciphertext.
//
BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
if (BufferOut == NULL) { if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto ERROR; goto ERROR;
} }
// //
// Parsing buffer. // Parsing buffer. Received packet may have multiple TLS record messages.
// //
BufferInPtr = BufferIn; BufferInPtr = BufferIn;
TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut; TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
ThisPlainMessageSize = RecordHeaderIn->Length; ThisPlainMessageSize = RecordHeaderIn->Length;
TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize); TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize); Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);
if (Ret > 0) { if (Ret > 0) {
ThisMessageSize = (UINT16) Ret; ThisMessageSize = (UINT16) Ret;
@ -129,7 +143,7 @@ TlsEncryptPacket (
BufferOutSize += ThisMessageSize; BufferOutSize += ThisMessageSize;
BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize; BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
TempRecordHeader += ThisMessageSize; TempRecordHeader += ThisMessageSize;
} }
@ -201,6 +215,7 @@ TlsDecryptPacket (
UINT16 ThisPlainMessageSize; UINT16 ThisPlainMessageSize;
UINT8 *BufferOut; UINT8 *BufferOut;
UINT32 BufferOutSize; UINT32 BufferOutSize;
UINT32 RecordCount;
INTN Ret; INTN Ret;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
@ -212,6 +227,7 @@ TlsDecryptPacket (
TempRecordHeader = NULL; TempRecordHeader = NULL;
BufferOut = NULL; BufferOut = NULL;
BufferOutSize = 0; BufferOutSize = 0;
RecordCount = 0;
Ret = 0; Ret = 0;
// //
@ -242,7 +258,24 @@ TlsDecryptPacket (
BytesCopied += (*FragmentTable)[Index].FragmentLength; BytesCopied += (*FragmentTable)[Index].FragmentLength;
} }
BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE); //
// Count TLS record number.
//
BufferInPtr = BufferIn;
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
BufferInPtr += TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Length);
RecordCount ++;
}
//
// Allocate enough buffer to hold TLS Plaintext.
//
BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH));
if (BufferOut == NULL) { if (BufferOut == NULL) {
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto ERROR; goto ERROR;
@ -256,22 +289,17 @@ TlsDecryptPacket (
while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
Status = EFI_INVALID_PARAMETER;
goto ERROR;
}
ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length); ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize); Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize);
if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) { if (Ret != TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) {
TlsInstance->TlsSessionState = EfiTlsSessionError; TlsInstance->TlsSessionState = EfiTlsSessionError;
Status = EFI_ABORTED; Status = EFI_ABORTED;
goto ERROR; goto ERROR;
} }
Ret = 0; Ret = 0;
Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize); Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
if (Ret > 0) { if (Ret > 0) {
ThisPlainMessageSize = (UINT16) Ret; ThisPlainMessageSize = (UINT16) Ret;
@ -284,12 +312,12 @@ TlsDecryptPacket (
ThisPlainMessageSize = 0; ThisPlainMessageSize = 0;
} }
CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN); CopyMem (TempRecordHeader, RecordHeaderIn, TLS_RECORD_HEADER_LENGTH);
TempRecordHeader->Length = ThisPlainMessageSize; TempRecordHeader->Length = ThisPlainMessageSize;
BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize; BufferOutSize += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize; BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize;
TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize; TempRecordHeader += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
} }
FreePool (BufferIn); FreePool (BufferIn);

6
NetworkPkg/TlsDxe/TlsImpl.h
View File

@ -1,7 +1,7 @@
/** @file /** @file
Header file of Miscellaneous Routines for TlsDxe driver. Header file of Miscellaneous Routines for TlsDxe driver.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -46,10 +46,6 @@ extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;
extern EFI_TLS_PROTOCOL mTlsProtocol; extern EFI_TLS_PROTOCOL mTlsProtocol;
extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol; extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
#define MAX_BUFFER_SIZE 32768
/** /**
Encrypt the message listed in fragment. Encrypt the message listed in fragment.