Re: [edk2] [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.

Tue, 20 Mar 2018 00:09:07 -0700 

Reviewed-by: Karunakar p <[email protected]>


-----Original Message-----
From: Jiaxin Wu [mailto:[email protected]] 
Sent: Tuesday, March 20, 2018 6:07 AM
To: [email protected]
Cc: Karunakar P; Fu Siyuan; Ye Ting
Subject: [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages 
encryption/decryption.

Cc: Karunakar P <[email protected]>
Cc: Fu Siyuan <[email protected]>
Cc: Ye Ting <[email protected]>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <[email protected]>
---
 NetworkPkg/TlsDxe/TlsImpl.c | 74 +++++++++++++++++++++++++++++++--------------
 NetworkPkg/TlsDxe/TlsImpl.h |  6 +---
 2 files changed, 52 insertions(+), 28 deletions(-)

diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c index 
8e1238216b..a026075f36 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.c
+++ b/NetworkPkg/TlsDxe/TlsImpl.c
@@ -1,9 +1,9 @@
 /** @file
   The Miscellaneous Routines for TlsDxe driver.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 
 This program and the accompanying materials  are licensed and made available 
under the terms and conditions of the BSD License  which accompanies this 
distribution.  The full text of the license may be found at  
http://opensource.org/licenses/bsd-license.php
@@ -48,10 +48,11 @@ TlsEncryptPacket (
   UINT16              ThisPlainMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16              ThisMessageSize;
   UINT32              BufferOutSize;
   UINT8               *BufferOut;
+  UINT32              RecordCount;
   INTN                Ret;
 
   Status           = EFI_SUCCESS;
   BytesCopied      = 0;
   BufferInSize     = 0;
@@ -59,10 +60,11 @@ TlsEncryptPacket (
   BufferInPtr      = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOutSize    = 0;
   BufferOut        = NULL;
+  RecordCount      = 0;
   Ret              = 0;
 
   //
   // Calculate the size according to the fragment table.
   //
@@ -89,34 +91,46 @@ TlsEncryptPacket (
       (*FragmentTable)[Index].FragmentLength
       );
     BytesCopied += (*FragmentTable)[Index].FragmentLength;
   }
 
-  BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+  //
+  // Count TLS record number.
+  //
+  BufferInPtr = BufferIn;
+  while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+    RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || 
RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+      Status = EFI_INVALID_PARAMETER;
+      goto ERROR;
+    }
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;
+    RecordCount ++;
+  }
+  
+  //
+  // Allocate enough buffer to hold TLS Ciphertext.
+  //
+  BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH 
+ + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
   if (BufferOut == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
     goto ERROR;
   }
 
   //
-  // Parsing buffer.
+  // Parsing buffer. Received packet may have multiple TLS record messages.
   //
   BufferInPtr = BufferIn;
   TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
   while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
     RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
 
-    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
-      Status = EFI_INVALID_PARAMETER;
-      goto ERROR;
-    }
-
     ThisPlainMessageSize = RecordHeaderIn->Length;
 
     TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), 
ThisPlainMessageSize);
 
-    Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 
*)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
+    Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 
+ *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + 
+ TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);
 
     if (Ret > 0) {
       ThisMessageSize = (UINT16) Ret;
     } else {
       //
@@ -127,11 +141,11 @@ TlsEncryptPacket (
       ThisMessageSize = 0;
     }
 
     BufferOutSize += ThisMessageSize;
 
-    BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
     TempRecordHeader += ThisMessageSize;
   }
 
   FreePool (BufferIn);
   BufferIn = NULL;
@@ -199,10 +213,11 @@ TlsDecryptPacket (
   UINT16              ThisCipherMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16              ThisPlainMessageSize;
   UINT8               *BufferOut;
   UINT32              BufferOutSize;
+  UINT32              RecordCount;
   INTN                Ret;
 
   Status           = EFI_SUCCESS;
   BytesCopied      = 0;
   BufferIn         = NULL;
@@ -210,10 +225,11 @@ TlsDecryptPacket (
   BufferInPtr      = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOut        = NULL;
   BufferOutSize    = 0;
+  RecordCount      = 0;
   Ret              = 0;
 
   //
   // Calculate the size according to the fragment table.
   //
@@ -240,11 +256,28 @@ TlsDecryptPacket (
       (*FragmentTable)[Index].FragmentLength
       );
     BytesCopied += (*FragmentTable)[Index].FragmentLength;
   }
 
-  BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+  //
+  // Count TLS record number.
+  //
+  BufferInPtr = BufferIn;
+  while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+    RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || NTOHS 
(RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+      Status = EFI_INVALID_PARAMETER;
+      goto ERROR;
+    }
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Length);
+    RecordCount ++;
+  }
+
+  //
+  // Allocate enough buffer to hold TLS Plaintext.
+  //
+  BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH 
+ + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH));
   if (BufferOut == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
     goto ERROR;
   }
 
@@ -254,26 +287,21 @@ TlsDecryptPacket (
   BufferInPtr = BufferIn;
   TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
   while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
     RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
 
-    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
-      Status = EFI_INVALID_PARAMETER;
-      goto ERROR;
-    }
-
     ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
 
-    Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), 
RECORD_HEADER_LEN + ThisCipherMessageSize);
-    if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
+    Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), 
TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize);
+    if (Ret != TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) {
       TlsInstance->TlsSessionState = EfiTlsSessionError;
       Status = EFI_ABORTED;
       goto ERROR;
     }
 
     Ret = 0;
-    Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), 
MAX_BUFFER_SIZE - BufferOutSize);
+    Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 
+ 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
 
     if (Ret > 0) {
       ThisPlainMessageSize = (UINT16) Ret;
     } else {
       //
@@ -282,16 +310,16 @@ TlsDecryptPacket (
       DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS 
object.\n"));
 
       ThisPlainMessageSize = 0;
     }
 
-    CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
+    CopyMem (TempRecordHeader, RecordHeaderIn, 
+ TLS_RECORD_HEADER_LENGTH);
     TempRecordHeader->Length = ThisPlainMessageSize;
-    BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
+    BufferOutSize += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
 
-    BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
-    TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize;
+    TempRecordHeader += TLS_RECORD_HEADER_LENGTH + 
+ ThisPlainMessageSize;
   }
 
   FreePool (BufferIn);
   BufferIn = NULL;
 
diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h index 
3ae9d0d546..e04b312c19 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.h
+++ b/NetworkPkg/TlsDxe/TlsImpl.h
@@ -1,9 +1,9 @@
 /** @file
   Header file of Miscellaneous Routines for TlsDxe driver.
 
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 
 This program and the accompanying materials  are licensed and made available 
under the terms and conditions of the BSD License  which accompanies this 
distribution.  The full text of the license may be found at  
http://opensource.org/licenses/bsd-license.php
@@ -44,14 +44,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 //
 extern EFI_SERVICE_BINDING_PROTOCOL    mTlsServiceBinding;
 extern EFI_TLS_PROTOCOL                mTlsProtocol;
 extern EFI_TLS_CONFIGURATION_PROTOCOL  mTlsConfigurationProtocol;
 
-#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
-
-#define MAX_BUFFER_SIZE   32768
-
 /**
   Encrypt the message listed in fragment.
 
   @param[in]       TlsInstance    The pointer to the TLS instance.
   @param[in, out]  FragmentTable  Pointer to a list of fragment.
--
2.16.2.windows.1

_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to