subject:"\[edk2\] \[Patch 2\/3\] NetworkPkg\/TlsDxe\: Handle the multiple TLS record messages encryption\/decryption."

Re: [edk2] [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.

2018-03-20 Thread Karunakar P

Reviewed-by: Karunakar p 


-Original Message-
From: Jiaxin Wu [mailto:jiaxin...@intel.com] 
Sent: Tuesday, March 20, 2018 6:07 AM
To: edk2-devel@lists.01.org
Cc: Karunakar P; Fu Siyuan; Ye Ting
Subject: [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages 
encryption/decryption.

Cc: Karunakar P 
Cc: Fu Siyuan 
Cc: Ye Ting 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu 
---
 NetworkPkg/TlsDxe/TlsImpl.c | 74 +++--
 NetworkPkg/TlsDxe/TlsImpl.h |  6 +---
 2 files changed, 52 insertions(+), 28 deletions(-)

diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c index 
8e1238216b..a026075f36 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.c
+++ b/NetworkPkg/TlsDxe/TlsImpl.c
@@ -1,9 +1,9 @@
 /** @file
   The Miscellaneous Routines for TlsDxe driver.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
 
 This program and the accompanying materials  are licensed and made available 
under the terms and conditions of the BSD License  which accompanies this 
distribution.  The full text of the license may be found at  
http://opensource.org/licenses/bsd-license.php
@@ -48,10 +48,11 @@ TlsEncryptPacket (
   UINT16  ThisPlainMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16  ThisMessageSize;
   UINT32  BufferOutSize;
   UINT8   *BufferOut;
+  UINT32  RecordCount;
   INTNRet;
 
   Status   = EFI_SUCCESS;
   BytesCopied  = 0;
   BufferInSize = 0;
@@ -59,10 +60,11 @@ TlsEncryptPacket (
   BufferInPtr  = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOutSize= 0;
   BufferOut= NULL;
+  RecordCount  = 0;
   Ret  = 0;
 
   //
   // Calculate the size according to the fragment table.
   //
@@ -89,34 +91,46 @@ TlsEncryptPacket (
   (*FragmentTable)[Index].FragmentLength
   );
 BytesCopied += (*FragmentTable)[Index].FragmentLength;
   }
 
-  BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+  //
+  // Count TLS record number.
+  //
+  BufferInPtr = BufferIn;
+  while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || 
RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+  Status = EFI_INVALID_PARAMETER;
+  goto ERROR;
+}
+BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;
+RecordCount ++;
+  }
+  
+  //
+  // Allocate enough buffer to hold TLS Ciphertext.
+  //
+  BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH 
+ + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
   if (BufferOut == NULL) {
 Status = EFI_OUT_OF_RESOURCES;
 goto ERROR;
   }
 
   //
-  // Parsing buffer.
+  // Parsing buffer. Received packet may have multiple TLS record messages.
   //
   BufferInPtr = BufferIn;
   TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
   while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
 RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
 
-if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
-  Status = EFI_INVALID_PARAMETER;
-  goto ERROR;
-}
-
 ThisPlainMessageSize = RecordHeaderIn->Length;
 
 TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), 
ThisPlainMessageSize);
 
-Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 
*)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
+Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 
+ *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + 
+ TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);
 
 if (Ret > 0) {
   ThisMessageSize = (UINT16) Ret;
 } else {
   //
@@ -127,11 +141,11 @@ TlsEncryptPacket (
   ThisMessageSize = 0;
 }
 
 BufferOutSize += ThisMessageSize;
 
-BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
+BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
 TempRecordHeader += ThisMessageSize;
   }
 
   FreePool (BufferIn);
   BufferIn = NULL;
@@ -199,10 +213,11 @@ TlsDecryptPacket (
   UINT16  ThisCipherMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16  ThisPlainMessageSize;
   UINT8   *BufferOut;
   UINT32  BufferOutSize;
+  UINT32  RecordCount;
   INTNRet;
 
   Status   = EFI_SUCCESS;
   BytesCopied  = 0;
   BufferIn = NULL;
@@ -210,10 +225,11 @@ TlsDecryptPacket (
   BufferInPtr  = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOut= NULL;
   BufferOutSize= 0;
+  RecordCount  = 0;
   Ret  = 0;

[edk2] [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.

2018-03-19 Thread Jiaxin Wu

Cc: Karunakar P 
Cc: Fu Siyuan 
Cc: Ye Ting 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu 
---
 NetworkPkg/TlsDxe/TlsImpl.c | 74 +++--
 NetworkPkg/TlsDxe/TlsImpl.h |  6 +---
 2 files changed, 52 insertions(+), 28 deletions(-)

diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c
index 8e1238216b..a026075f36 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.c
+++ b/NetworkPkg/TlsDxe/TlsImpl.c
@@ -1,9 +1,9 @@
 /** @file
   The Miscellaneous Routines for TlsDxe driver.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
 http://opensource.org/licenses/bsd-license.php
@@ -48,10 +48,11 @@ TlsEncryptPacket (
   UINT16  ThisPlainMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16  ThisMessageSize;
   UINT32  BufferOutSize;
   UINT8   *BufferOut;
+  UINT32  RecordCount;
   INTNRet;
 
   Status   = EFI_SUCCESS;
   BytesCopied  = 0;
   BufferInSize = 0;
@@ -59,10 +60,11 @@ TlsEncryptPacket (
   BufferInPtr  = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOutSize= 0;
   BufferOut= NULL;
+  RecordCount  = 0;
   Ret  = 0;
 
   //
   // Calculate the size according to the fragment table.
   //
@@ -89,34 +91,46 @@ TlsEncryptPacket (
   (*FragmentTable)[Index].FragmentLength
   );
 BytesCopied += (*FragmentTable)[Index].FragmentLength;
   }
 
-  BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+  //
+  // Count TLS record number.
+  //
+  BufferInPtr = BufferIn;
+  while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || 
RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+  Status = EFI_INVALID_PARAMETER;
+  goto ERROR;
+}
+BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;
+RecordCount ++;
+  }
+  
+  //
+  // Allocate enough buffer to hold TLS Ciphertext.
+  //
+  BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + 
TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
   if (BufferOut == NULL) {
 Status = EFI_OUT_OF_RESOURCES;
 goto ERROR;
   }
 
   //
-  // Parsing buffer.
+  // Parsing buffer. Received packet may have multiple TLS record messages.
   //
   BufferInPtr = BufferIn;
   TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
   while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
 RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
 
-if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
-  Status = EFI_INVALID_PARAMETER;
-  goto ERROR;
-}
-
 ThisPlainMessageSize = RecordHeaderIn->Length;
 
 TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), 
ThisPlainMessageSize);
 
-Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 
*)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
+Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 
*)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + 
TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);
 
 if (Ret > 0) {
   ThisMessageSize = (UINT16) Ret;
 } else {
   //
@@ -127,11 +141,11 @@ TlsEncryptPacket (
   ThisMessageSize = 0;
 }
 
 BufferOutSize += ThisMessageSize;
 
-BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
+BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
 TempRecordHeader += ThisMessageSize;
   }
 
   FreePool (BufferIn);
   BufferIn = NULL;
@@ -199,10 +213,11 @@ TlsDecryptPacket (
   UINT16  ThisCipherMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16  ThisPlainMessageSize;
   UINT8   *BufferOut;
   UINT32  BufferOutSize;
+  UINT32  RecordCount;
   INTNRet;
 
   Status   = EFI_SUCCESS;
   BytesCopied  = 0;
   BufferIn = NULL;
@@ -210,10 +225,11 @@ TlsDecryptPacket (
   BufferInPtr  = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOut= NULL;
   BufferOutSize= 0;
+  RecordCount  = 0;
   Ret  = 0;
 
   //
   // Calculate the size according to the fragment table.
   //
@@ -240,11 +256,28 @@ TlsDecryptPacket (
   (*FragmentTable)[Index].FragmentLength
   );
 BytesCopied += (*FragmentTable)[Index].FragmentLength;
   }
 
-  BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+  //
+  // Count TLS record number.
+  //
+  BufferInPtr

Re: [edk2] [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.

[edk2] [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.

2 matches

Site Navigation

Mail list logo

Footer information