From: Jiaxin Wu Date: Thu, 15 Mar 2018 10:37:34 +0000 (+0800) Subject: NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption. X-Git-Tag: edk2-stable201903~2059 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=cb3350ec62b9649cd699328710928b2c25e9a1bf NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption. Cc: Karunakar P Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu Reviewed-by: Karunakar p Reviewed-by: Fu Siyuan --- diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c index 8e1238216b..a026075f36 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.c +++ b/NetworkPkg/TlsDxe/TlsImpl.c @@ -1,7 +1,7 @@ /** @file The Miscellaneous Routines for TlsDxe driver. -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -50,6 +50,7 @@ TlsEncryptPacket ( UINT16 ThisMessageSize; UINT32 BufferOutSize; UINT8 *BufferOut; + UINT32 RecordCount; INTN Ret; Status = EFI_SUCCESS; @@ -61,6 +62,7 @@ TlsEncryptPacket ( TempRecordHeader = NULL; BufferOutSize = 0; BufferOut = NULL; + RecordCount = 0; Ret = 0; // @@ -91,30 +93,42 @@ TlsEncryptPacket ( BytesCopied += (*FragmentTable)[Index].FragmentLength; } - BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr = BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { + RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; + if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) { + Status = EFI_INVALID_PARAMETER; + goto ERROR; + } + BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length; + RecordCount ++; + } + + // + // Allocate enough buffer to hold TLS Ciphertext. + // + BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ERROR; } // - // Parsing buffer. + // Parsing buffer. Received packet may have multiple TLS record messages. // BufferInPtr = BufferIn; TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut; while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; - if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) { - Status = EFI_INVALID_PARAMETER; - goto ERROR; - } - ThisPlainMessageSize = RecordHeaderIn->Length; TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize); - Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize); + Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH); if (Ret > 0) { ThisMessageSize = (UINT16) Ret; @@ -129,7 +143,7 @@ TlsEncryptPacket ( BufferOutSize += ThisMessageSize; - BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; TempRecordHeader += ThisMessageSize; } @@ -201,6 +215,7 @@ TlsDecryptPacket ( UINT16 ThisPlainMessageSize; UINT8 *BufferOut; UINT32 BufferOutSize; + UINT32 RecordCount; INTN Ret; Status = EFI_SUCCESS; @@ -212,6 +227,7 @@ TlsDecryptPacket ( TempRecordHeader = NULL; BufferOut = NULL; BufferOutSize = 0; + RecordCount = 0; Ret = 0; // @@ -242,7 +258,24 @@ TlsDecryptPacket ( BytesCopied += (*FragmentTable)[Index].FragmentLength; } - BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr = BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { + RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; + if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) { + Status = EFI_INVALID_PARAMETER; + goto ERROR; + } + BufferInPtr += TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Length); + RecordCount ++; + } + + // + // Allocate enough buffer to hold TLS Plaintext. + // + BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut == NULL) { Status = EFI_OUT_OF_RESOURCES; goto ERROR; @@ -256,22 +289,17 @@ TlsDecryptPacket ( while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr; - if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) { - Status = EFI_INVALID_PARAMETER; - goto ERROR; - } - ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length); - Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize); - if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) { + Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize); + if (Ret != TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) { TlsInstance->TlsSessionState = EfiTlsSessionError; Status = EFI_ABORTED; goto ERROR; } Ret = 0; - Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize); + Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH); if (Ret > 0) { ThisPlainMessageSize = (UINT16) Ret; @@ -284,12 +312,12 @@ TlsDecryptPacket ( ThisPlainMessageSize = 0; } - CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN); + CopyMem (TempRecordHeader, RecordHeaderIn, TLS_RECORD_HEADER_LENGTH); TempRecordHeader->Length = ThisPlainMessageSize; - BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferOutSize += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; - BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize; - TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize; + TempRecordHeader += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; } FreePool (BufferIn); diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h index 3ae9d0d546..e04b312c19 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.h +++ b/NetworkPkg/TlsDxe/TlsImpl.h @@ -1,7 +1,7 @@ /** @file Header file of Miscellaneous Routines for TlsDxe driver. -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -46,10 +46,6 @@ extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding; extern EFI_TLS_PROTOCOL mTlsProtocol; extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol; -#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2) - -#define MAX_BUFFER_SIZE 32768 - /** Encrypt the message listed in fragment.