public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [Patch 0/3] Support HTTP large data request via TLS channel.
@ 2018-03-20  0:36 Jiaxin Wu
  2018-03-20  0:36 ` [Patch 1/3] MdePkg/Tls1.h: Add TLS record header length and max payload length Jiaxin Wu
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: Jiaxin Wu @ 2018-03-20  0:36 UTC (permalink / raw)
  To: edk2-devel; +Cc: Karunakar P, Fu Siyuan, Ye Ting

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>

Jiaxin Wu (3):
  MdePkg/Tls1.h: Add TLS record header length and max payload length.
  NetworkPkg/TlsDxe: Handle the multiple TLS record messages
    encryption/decryption.
  NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel.

 MdePkg/Include/IndustryStandard/Tls1.h |  16 ++++-
 NetworkPkg/HttpDxe/HttpProto.c         | 121 ++++++++++++++++++++++++---------
 NetworkPkg/HttpDxe/HttpsSupport.c      |  17 ++++-
 NetworkPkg/HttpDxe/HttpsSupport.h      |  12 +++-
 NetworkPkg/TlsDxe/TlsImpl.c            |  74 +++++++++++++-------
 NetworkPkg/TlsDxe/TlsImpl.h            |   6 +-
 6 files changed, 178 insertions(+), 68 deletions(-)

-- 
2.16.2.windows.1



^ permalink raw reply	[flat|nested] 8+ messages in thread

* [Patch 1/3] MdePkg/Tls1.h: Add TLS record header length and max payload length.
  2018-03-20  0:36 [Patch 0/3] Support HTTP large data request via TLS channel Jiaxin Wu
@ 2018-03-20  0:36 ` Jiaxin Wu
  2018-03-20  7:07   ` Karunakar P
  2018-03-20  0:36 ` [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption Jiaxin Wu
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 8+ messages in thread
From: Jiaxin Wu @ 2018-03-20  0:36 UTC (permalink / raw)
  To: edk2-devel; +Cc: Karunakar P, Fu Siyuan, Ye Ting

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 MdePkg/Include/IndustryStandard/Tls1.h | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Include/IndustryStandard/Tls1.h b/MdePkg/Include/IndustryStandard/Tls1.h
index 9009291ee3..cccb6db7fb 100644
--- a/MdePkg/Include/IndustryStandard/Tls1.h
+++ b/MdePkg/Include/IndustryStandard/Tls1.h
@@ -1,11 +1,11 @@
 /** @file
   Transport Layer Security  -- TLS 1.0/1.1/1.2 Standard definitions, from RFC 2246/4346/5246
 
   This file contains common TLS 1.0/1.1/1.2 definitions from RFC 2246/4346/5246
 
-  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
   which accompanies this distribution.  The full text of the license may be found at
   http://opensource.org/licenses/bsd-license.php
 
@@ -85,9 +85,23 @@ typedef struct {
   UINT8                   ContentType;
   EFI_TLS_VERSION         Version;
   UINT16                  Length;
 } TLS_RECORD_HEADER;
 
+#define TLS_RECORD_HEADER_LENGTH   5
+
+//
+// The length (in bytes) of the TLSPlaintext records payload MUST NOT exceed 2^14.
+// Refers to section 6.2 of RFC5246. 
+//
+#define TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH   16384
+
+//
+// The length (in bytes) of the TLSCiphertext records payload MUST NOT exceed 2^14 + 2048.
+// Refers to section 6.2 of RFC5246. 
+//
+#define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH   18432
+
 #pragma pack()
 
 #endif
 
-- 
2.16.2.windows.1



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.
  2018-03-20  0:36 [Patch 0/3] Support HTTP large data request via TLS channel Jiaxin Wu
  2018-03-20  0:36 ` [Patch 1/3] MdePkg/Tls1.h: Add TLS record header length and max payload length Jiaxin Wu
@ 2018-03-20  0:36 ` Jiaxin Wu
  2018-03-20  7:08   ` Karunakar P
  2018-03-20  0:36 ` [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel Jiaxin Wu
  2018-03-21  1:23 ` [Patch 0/3] Support HTTP large data request via TLS channel Fu, Siyuan
  3 siblings, 1 reply; 8+ messages in thread
From: Jiaxin Wu @ 2018-03-20  0:36 UTC (permalink / raw)
  To: edk2-devel; +Cc: Karunakar P, Fu Siyuan, Ye Ting

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 NetworkPkg/TlsDxe/TlsImpl.c | 74 +++++++++++++++++++++++++++++++--------------
 NetworkPkg/TlsDxe/TlsImpl.h |  6 +---
 2 files changed, 52 insertions(+), 28 deletions(-)

diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c
index 8e1238216b..a026075f36 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.c
+++ b/NetworkPkg/TlsDxe/TlsImpl.c
@@ -1,9 +1,9 @@
 /** @file
   The Miscellaneous Routines for TlsDxe driver.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
@@ -48,10 +48,11 @@ TlsEncryptPacket (
   UINT16              ThisPlainMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16              ThisMessageSize;
   UINT32              BufferOutSize;
   UINT8               *BufferOut;
+  UINT32              RecordCount;
   INTN                Ret;
 
   Status           = EFI_SUCCESS;
   BytesCopied      = 0;
   BufferInSize     = 0;
@@ -59,10 +60,11 @@ TlsEncryptPacket (
   BufferInPtr      = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOutSize    = 0;
   BufferOut        = NULL;
+  RecordCount      = 0;
   Ret              = 0;
 
   //
   // Calculate the size according to the fragment table.
   //
@@ -89,34 +91,46 @@ TlsEncryptPacket (
       (*FragmentTable)[Index].FragmentLength
       );
     BytesCopied += (*FragmentTable)[Index].FragmentLength;
   }
 
-  BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+  //
+  // Count TLS record number.
+  //
+  BufferInPtr = BufferIn;
+  while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+    RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+      Status = EFI_INVALID_PARAMETER;
+      goto ERROR;
+    }
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;
+    RecordCount ++;
+  }
+  
+  //
+  // Allocate enough buffer to hold TLS Ciphertext.
+  //
+  BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
   if (BufferOut == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
     goto ERROR;
   }
 
   //
-  // Parsing buffer.
+  // Parsing buffer. Received packet may have multiple TLS record messages.
   //
   BufferInPtr = BufferIn;
   TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
   while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
     RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
 
-    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
-      Status = EFI_INVALID_PARAMETER;
-      goto ERROR;
-    }
-
     ThisPlainMessageSize = RecordHeaderIn->Length;
 
     TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
 
-    Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
+    Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);
 
     if (Ret > 0) {
       ThisMessageSize = (UINT16) Ret;
     } else {
       //
@@ -127,11 +141,11 @@ TlsEncryptPacket (
       ThisMessageSize = 0;
     }
 
     BufferOutSize += ThisMessageSize;
 
-    BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
     TempRecordHeader += ThisMessageSize;
   }
 
   FreePool (BufferIn);
   BufferIn = NULL;
@@ -199,10 +213,11 @@ TlsDecryptPacket (
   UINT16              ThisCipherMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16              ThisPlainMessageSize;
   UINT8               *BufferOut;
   UINT32              BufferOutSize;
+  UINT32              RecordCount;
   INTN                Ret;
 
   Status           = EFI_SUCCESS;
   BytesCopied      = 0;
   BufferIn         = NULL;
@@ -210,10 +225,11 @@ TlsDecryptPacket (
   BufferInPtr      = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOut        = NULL;
   BufferOutSize    = 0;
+  RecordCount      = 0;
   Ret              = 0;
 
   //
   // Calculate the size according to the fragment table.
   //
@@ -240,11 +256,28 @@ TlsDecryptPacket (
       (*FragmentTable)[Index].FragmentLength
       );
     BytesCopied += (*FragmentTable)[Index].FragmentLength;
   }
 
-  BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+  //
+  // Count TLS record number.
+  //
+  BufferInPtr = BufferIn;
+  while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+    RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+      Status = EFI_INVALID_PARAMETER;
+      goto ERROR;
+    }
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Length);
+    RecordCount ++;
+  }
+
+  //
+  // Allocate enough buffer to hold TLS Plaintext.
+  //
+  BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH));
   if (BufferOut == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
     goto ERROR;
   }
 
@@ -254,26 +287,21 @@ TlsDecryptPacket (
   BufferInPtr = BufferIn;
   TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
   while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
     RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
 
-    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
-      Status = EFI_INVALID_PARAMETER;
-      goto ERROR;
-    }
-
     ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
 
-    Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);
-    if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
+    Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize);
+    if (Ret != TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) {
       TlsInstance->TlsSessionState = EfiTlsSessionError;
       Status = EFI_ABORTED;
       goto ERROR;
     }
 
     Ret = 0;
-    Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);
+    Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
 
     if (Ret > 0) {
       ThisPlainMessageSize = (UINT16) Ret;
     } else {
       //
@@ -282,16 +310,16 @@ TlsDecryptPacket (
       DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));
 
       ThisPlainMessageSize = 0;
     }
 
-    CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
+    CopyMem (TempRecordHeader, RecordHeaderIn, TLS_RECORD_HEADER_LENGTH);
     TempRecordHeader->Length = ThisPlainMessageSize;
-    BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
+    BufferOutSize += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
 
-    BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
-    TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize;
+    TempRecordHeader += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
   }
 
   FreePool (BufferIn);
   BufferIn = NULL;
 
diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h
index 3ae9d0d546..e04b312c19 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.h
+++ b/NetworkPkg/TlsDxe/TlsImpl.h
@@ -1,9 +1,9 @@
 /** @file
   Header file of Miscellaneous Routines for TlsDxe driver.
 
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
@@ -44,14 +44,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 //
 extern EFI_SERVICE_BINDING_PROTOCOL    mTlsServiceBinding;
 extern EFI_TLS_PROTOCOL                mTlsProtocol;
 extern EFI_TLS_CONFIGURATION_PROTOCOL  mTlsConfigurationProtocol;
 
-#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
-
-#define MAX_BUFFER_SIZE   32768
-
 /**
   Encrypt the message listed in fragment.
 
   @param[in]       TlsInstance    The pointer to the TLS instance.
   @param[in, out]  FragmentTable  Pointer to a list of fragment.
-- 
2.16.2.windows.1



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel.
  2018-03-20  0:36 [Patch 0/3] Support HTTP large data request via TLS channel Jiaxin Wu
  2018-03-20  0:36 ` [Patch 1/3] MdePkg/Tls1.h: Add TLS record header length and max payload length Jiaxin Wu
  2018-03-20  0:36 ` [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption Jiaxin Wu
@ 2018-03-20  0:36 ` Jiaxin Wu
  2018-03-20  7:08   ` Karunakar P
  2018-03-21  1:23 ` [Patch 0/3] Support HTTP large data request via TLS channel Fu, Siyuan
  3 siblings, 1 reply; 8+ messages in thread
From: Jiaxin Wu @ 2018-03-20  0:36 UTC (permalink / raw)
  To: edk2-devel; +Cc: Karunakar P, Fu Siyuan, Ye Ting

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 NetworkPkg/HttpDxe/HttpProto.c    | 121 +++++++++++++++++++++++++++-----------
 NetworkPkg/HttpDxe/HttpsSupport.c |  17 +++++-
 NetworkPkg/HttpDxe/HttpsSupport.h |  12 +++-
 3 files changed, 111 insertions(+), 39 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c
index d7fe271168..35c4a166c4 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -1,9 +1,9 @@
 /** @file
   Miscellaneous routines for HttpDxe driver.
 
-Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
@@ -1474,64 +1474,101 @@ HttpTransmitTcp (
   EFI_STATUS                    Status;
   EFI_TCP4_IO_TOKEN             *Tx4Token;
   EFI_TCP4_PROTOCOL             *Tcp4;
   EFI_TCP6_IO_TOKEN             *Tx6Token;
   EFI_TCP6_PROTOCOL             *Tcp6;
-  UINT8                         *Buffer;  
-  UINTN                         BufferSize;
+  UINT8                         *TlsRecord;  
+  UINT16                        PayloadSize;
   NET_FRAGMENT                  TempFragment;
+  NET_FRAGMENT                  Fragment;
+  UINTN                         RecordCount;
+  UINTN                         RemainingLen;
 
   Status                = EFI_SUCCESS;
-  Buffer                = NULL;
+  TlsRecord             = NULL;
+  PayloadSize           = 0;
   TempFragment.Len      = 0;
   TempFragment.Bulk     = NULL;
+  Fragment.Len          = 0;
+  Fragment.Bulk         = NULL;
+  RecordCount           = 0;
+  RemainingLen          = 0;
 
   //
   // Need to encrypt data.
   //
   if (HttpInstance->UseHttps) {
     //
-    // Build BufferOut data
+    // Allocate enough buffer for each TLS plaintext records.
     //
-    BufferSize = sizeof (TLS_RECORD_HEADER) + TxStringLen;
-    Buffer     = AllocateZeroPool (BufferSize);
-    if (Buffer == NULL) {
+    TlsRecord = AllocateZeroPool (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
+    if (TlsRecord == NULL) {
       Status = EFI_OUT_OF_RESOURCES;
       return Status;
     }
-    ((TLS_RECORD_HEADER *) Buffer)->ContentType = TlsContentTypeApplicationData;
-    ((TLS_RECORD_HEADER *) Buffer)->Version.Major = HttpInstance->TlsConfigData.Version.Major;
-    ((TLS_RECORD_HEADER *) Buffer)->Version.Minor = HttpInstance->TlsConfigData.Version.Minor;
-    ((TLS_RECORD_HEADER *) Buffer)->Length = (UINT16) (TxStringLen);
-    CopyMem (Buffer + sizeof (TLS_RECORD_HEADER), TxString, TxStringLen);
-    
+
     //
-    // Encrypt Packet.
+    // Allocate enough buffer for all TLS ciphertext records.
     //
-    Status = TlsProcessMessage (
-               HttpInstance, 
-               Buffer, 
-               BufferSize, 
-               EfiTlsEncrypt, 
-               &TempFragment
-               );
-    
-    FreePool (Buffer);
+    RecordCount = TxStringLen / TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH + 1;
+    Fragment.Bulk = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
+    if (Fragment.Bulk == NULL) {
+      Status = EFI_OUT_OF_RESOURCES;
+      goto ON_ERROR;
+    }
 
-    if (EFI_ERROR (Status)) {
-      return Status;
+    //
+    // Encrypt each TLS plaintext records.
+    //
+    RemainingLen = TxStringLen;
+    while (RemainingLen != 0) {
+      PayloadSize = (UINT16) MIN (TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH, RemainingLen);
+      
+      ((TLS_RECORD_HEADER *) TlsRecord)->ContentType = TlsContentTypeApplicationData;
+      ((TLS_RECORD_HEADER *) TlsRecord)->Version.Major = HttpInstance->TlsConfigData.Version.Major;
+      ((TLS_RECORD_HEADER *) TlsRecord)->Version.Minor = HttpInstance->TlsConfigData.Version.Minor;
+      ((TLS_RECORD_HEADER *) TlsRecord)->Length = PayloadSize;
+
+      CopyMem (TlsRecord + TLS_RECORD_HEADER_LENGTH, TxString + (TxStringLen - RemainingLen), PayloadSize);
+      
+      Status = TlsProcessMessage (
+                 HttpInstance, 
+                 TlsRecord, 
+                 TLS_RECORD_HEADER_LENGTH + PayloadSize, 
+                 EfiTlsEncrypt, 
+                 &TempFragment
+                 );
+      if (EFI_ERROR (Status)) {
+        goto ON_ERROR;
+      }
+
+      //
+      // Record the processed/encrypted Packet. 
+      //
+      CopyMem (Fragment.Bulk + Fragment.Len, TempFragment.Bulk, TempFragment.Len);
+      Fragment.Len += TempFragment.Len;
+
+      FreePool (TempFragment.Bulk);
+      TempFragment.Len  = 0;
+      TempFragment.Bulk = NULL;
+      
+      RemainingLen -= (UINTN) PayloadSize;
+      ZeroMem (TlsRecord, TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
     }
+
+    FreePool (TlsRecord);
+    TlsRecord = NULL;
   }
   
   if (!HttpInstance->LocalAddressIsIPv6) {
     Tcp4 = HttpInstance->Tcp4;
     Tx4Token = &Wrap->TcpWrap.Tx4Token;
 
     if (HttpInstance->UseHttps) {
-      Tx4Token->Packet.TxData->DataLength = TempFragment.Len;
-      Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength = TempFragment.Len;
-      Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) TempFragment.Bulk;
+      Tx4Token->Packet.TxData->DataLength = Fragment.Len;
+      Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength = Fragment.Len;
+      Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) Fragment.Bulk;
     } else {
       Tx4Token->Packet.TxData->DataLength = (UINT32) TxStringLen;
       Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength = (UINT32) TxStringLen;
       Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) TxString;
     }
@@ -1540,21 +1577,21 @@ HttpTransmitTcp (
     
     Wrap->TcpWrap.IsTxDone = FALSE;
     Status  = Tcp4->Transmit (Tcp4, Tx4Token);
     if (EFI_ERROR (Status)) {
       DEBUG ((EFI_D_ERROR, "Transmit failed: %r\n", Status));
-      return Status;
+      goto ON_ERROR;
     }
 
   } else {
     Tcp6 = HttpInstance->Tcp6;
     Tx6Token = &Wrap->TcpWrap.Tx6Token;
     
     if (HttpInstance->UseHttps) {
-      Tx6Token->Packet.TxData->DataLength = TempFragment.Len;
-      Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength = TempFragment.Len;
-      Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) TempFragment.Bulk;
+      Tx6Token->Packet.TxData->DataLength = Fragment.Len;
+      Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength = Fragment.Len;
+      Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) Fragment.Bulk;
     } else {
       Tx6Token->Packet.TxData->DataLength = (UINT32) TxStringLen;
       Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength = (UINT32) TxStringLen;
       Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) TxString;
     }
@@ -1563,14 +1600,30 @@ HttpTransmitTcp (
 
     Wrap->TcpWrap.IsTxDone = FALSE;
     Status = Tcp6->Transmit (Tcp6, Tx6Token);
     if (EFI_ERROR (Status)) {
       DEBUG ((EFI_D_ERROR, "Transmit failed: %r\n", Status));
-      return Status;
+      goto ON_ERROR;
     }
   }
   
+  return Status;
+
+ON_ERROR:
+  
+  if (HttpInstance->UseHttps) {
+    if (TlsRecord != NULL) {
+      FreePool (TlsRecord);
+      TlsRecord = NULL;
+    }
+    
+    if (Fragment.Bulk != NULL) {
+      FreePool (Fragment.Bulk);
+      Fragment.Bulk = NULL;
+    }
+  }
+
   return Status;
 }
 
 /**
   Check whether the user's token or event has already
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index f5e5911b86..5105a2014c 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -949,11 +949,11 @@ TlsReceiveOnePdu (
   InitializeListHead (NbufList);
 
   //
   // Allocate buffer to receive one TLS header.
   //
-  Len     = sizeof (TLS_RECORD_HEADER);
+  Len     = TLS_RECORD_HEADER_LENGTH;
   PduHdr  = NetbufAlloc (Len);
   if (PduHdr == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
     goto ON_EXIT;
   }
@@ -1389,15 +1389,23 @@ TlsCloseSession (
 
 /**
   Process one message according to the CryptMode.
 
   @param[in]           HttpInstance    Pointer to HTTP_PROTOCOL structure.
-  @param[in]           Message         Pointer to the message buffer needed to processed.
+  @param[in]           Message         Pointer to the message buffer needed to processed. 
+                                       If ProcessMode is EfiTlsEncrypt, the message contain the TLS
+                                       header and plain text TLS APP payload.
+                                       If ProcessMode is EfiTlsDecrypt, the message contain the TLS 
+                                       header and cipher text TLS APP payload.
   @param[in]           MessageSize     Pointer to the message buffer size.
   @param[in]           ProcessMode     Process mode.
   @param[in, out]      Fragment        Only one Fragment returned after the Message is
                                        processed successfully.
+                                       If ProcessMode is EfiTlsEncrypt, the fragment contain the TLS 
+                                       header and cipher text TLS APP payload.
+                                       If ProcessMode is EfiTlsDecrypt, the fragment contain the TLS 
+                                       header and plain text TLS APP payload.
 
   @retval EFI_SUCCESS          Message is processed successfully.
   @retval EFI_OUT_OF_RESOURCES   Can't allocate memory resources.
   @retval Others               Other errors as indicated.
 
@@ -1496,10 +1504,13 @@ TlsProcessMessage (
   Fragment->Bulk = Buffer;
 
 ON_EXIT:
 
   if (OriginalFragmentTable != NULL) {
+    if( FragmentTable == OriginalFragmentTable) {
+      FragmentTable = NULL;
+    }
     FreePool (OriginalFragmentTable);
     OriginalFragmentTable = NULL;
   }
 
   //
@@ -1680,11 +1691,11 @@ HttpsReceive (
     if (BufferIn == NULL) {
       Status = EFI_OUT_OF_RESOURCES;
       return Status;
     }
 
-    CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);
+    CopyMem (BufferIn, TempFragment.Bulk + TLS_RECORD_HEADER_LENGTH, BufferInSize);
 
     //
     // Free the buffer in TempFragment.
     //
     FreePool (TempFragment.Bulk);
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSupport.h
index f7a2d303e6..5d4ca01108 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.h
+++ b/NetworkPkg/HttpDxe/HttpsSupport.h
@@ -1,9 +1,9 @@
 /** @file
   The header files of miscellaneous routines specific to Https for HttpDxe driver.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
 http://opensource.org/licenses/bsd-license.php
 
@@ -215,15 +215,23 @@ TlsCloseSession (
 
 /**
   Process one message according to the CryptMode.
 
   @param[in]           HttpInstance    Pointer to HTTP_PROTOCOL structure.
-  @param[in]           Message         Pointer to the message buffer needed to processed.
+  @param[in]           Message         Pointer to the message buffer needed to processed. 
+                                       If ProcessMode is EfiTlsEncrypt, the message contain the TLS
+                                       header and plain text TLS APP payload.
+                                       If ProcessMode is EfiTlsDecrypt, the message contain the TLS 
+                                       header and cipher text TLS APP payload.
   @param[in]           MessageSize     Pointer to the message buffer size.
   @param[in]           ProcessMode     Process mode.
   @param[in, out]      Fragment        Only one Fragment returned after the Message is
                                        processed successfully.
+                                       If ProcessMode is EfiTlsEncrypt, the fragment contain the TLS 
+                                       header and cipher text TLS APP payload.
+                                       If ProcessMode is EfiTlsDecrypt, the fragment contain the TLS 
+                                       header and plain text TLS APP payload.
 
   @retval EFI_SUCCESS          Message is processed successfully.
   @retval EFI_OUT_OF_RESOURCES   Can't allocate memory resources.
   @retval Others               Other errors as indicated.
 
-- 
2.16.2.windows.1



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [Patch 1/3] MdePkg/Tls1.h: Add TLS record header length and max payload length.
  2018-03-20  0:36 ` [Patch 1/3] MdePkg/Tls1.h: Add TLS record header length and max payload length Jiaxin Wu
@ 2018-03-20  7:07   ` Karunakar P
  0 siblings, 0 replies; 8+ messages in thread
From: Karunakar P @ 2018-03-20  7:07 UTC (permalink / raw)
  To: 'Jiaxin Wu', edk2-devel@lists.01.org; +Cc: Fu Siyuan, Ye Ting

Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>


-----Original Message-----
From: Jiaxin Wu [mailto:jiaxin.wu@intel.com] 
Sent: Tuesday, March 20, 2018 6:07 AM
To: edk2-devel@lists.01.org
Cc: Karunakar P; Fu Siyuan; Ye Ting
Subject: [Patch 1/3] MdePkg/Tls1.h: Add TLS record header length and max payload length.

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 MdePkg/Include/IndustryStandard/Tls1.h | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Include/IndustryStandard/Tls1.h b/MdePkg/Include/IndustryStandard/Tls1.h
index 9009291ee3..cccb6db7fb 100644
--- a/MdePkg/Include/IndustryStandard/Tls1.h
+++ b/MdePkg/Include/IndustryStandard/Tls1.h
@@ -1,11 +1,11 @@
 /** @file
   Transport Layer Security  -- TLS 1.0/1.1/1.2 Standard definitions, from RFC 2246/4346/5246
 
   This file contains common TLS 1.0/1.1/1.2 definitions from RFC 2246/4346/5246
 
-  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
   which accompanies this distribution.  The full text of the license may be found at
   http://opensource.org/licenses/bsd-license.php
 
@@ -85,9 +85,23 @@ typedef struct {
   UINT8                   ContentType;
   EFI_TLS_VERSION         Version;
   UINT16                  Length;
 } TLS_RECORD_HEADER;
 
+#define TLS_RECORD_HEADER_LENGTH   5
+
+//
+// The length (in bytes) of the TLSPlaintext records payload MUST NOT exceed 2^14.
+// Refers to section 6.2 of RFC5246. 
+//
+#define TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH   16384
+
+//
+// The length (in bytes) of the TLSCiphertext records payload MUST NOT exceed 2^14 + 2048.
+// Refers to section 6.2 of RFC5246. 
+//
+#define TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH   18432
+
 #pragma pack()
 
 #endif
 
-- 
2.16.2.windows.1



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.
  2018-03-20  0:36 ` [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption Jiaxin Wu
@ 2018-03-20  7:08   ` Karunakar P
  0 siblings, 0 replies; 8+ messages in thread
From: Karunakar P @ 2018-03-20  7:08 UTC (permalink / raw)
  To: 'Jiaxin Wu', edk2-devel@lists.01.org; +Cc: Fu Siyuan, Ye Ting

Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>


-----Original Message-----
From: Jiaxin Wu [mailto:jiaxin.wu@intel.com] 
Sent: Tuesday, March 20, 2018 6:07 AM
To: edk2-devel@lists.01.org
Cc: Karunakar P; Fu Siyuan; Ye Ting
Subject: [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption.

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 NetworkPkg/TlsDxe/TlsImpl.c | 74 +++++++++++++++++++++++++++++++--------------
 NetworkPkg/TlsDxe/TlsImpl.h |  6 +---
 2 files changed, 52 insertions(+), 28 deletions(-)

diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c index 8e1238216b..a026075f36 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.c
+++ b/NetworkPkg/TlsDxe/TlsImpl.c
@@ -1,9 +1,9 @@
 /** @file
   The Miscellaneous Routines for TlsDxe driver.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 
 This program and the accompanying materials  are licensed and made available under the terms and conditions of the BSD License  which accompanies this distribution.  The full text of the license may be found at  http://opensource.org/licenses/bsd-license.php
@@ -48,10 +48,11 @@ TlsEncryptPacket (
   UINT16              ThisPlainMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16              ThisMessageSize;
   UINT32              BufferOutSize;
   UINT8               *BufferOut;
+  UINT32              RecordCount;
   INTN                Ret;
 
   Status           = EFI_SUCCESS;
   BytesCopied      = 0;
   BufferInSize     = 0;
@@ -59,10 +60,11 @@ TlsEncryptPacket (
   BufferInPtr      = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOutSize    = 0;
   BufferOut        = NULL;
+  RecordCount      = 0;
   Ret              = 0;
 
   //
   // Calculate the size according to the fragment table.
   //
@@ -89,34 +91,46 @@ TlsEncryptPacket (
       (*FragmentTable)[Index].FragmentLength
       );
     BytesCopied += (*FragmentTable)[Index].FragmentLength;
   }
 
-  BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+  //
+  // Count TLS record number.
+  //
+  BufferInPtr = BufferIn;
+  while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+    RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+      Status = EFI_INVALID_PARAMETER;
+      goto ERROR;
+    }
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length;
+    RecordCount ++;
+  }
+  
+  //
+  // Allocate enough buffer to hold TLS Ciphertext.
+  //
+  BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH 
+ + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
   if (BufferOut == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
     goto ERROR;
   }
 
   //
-  // Parsing buffer.
+  // Parsing buffer. Received packet may have multiple TLS record messages.
   //
   BufferInPtr = BufferIn;
   TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
   while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
     RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
 
-    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
-      Status = EFI_INVALID_PARAMETER;
-      goto ERROR;
-    }
-
     ThisPlainMessageSize = RecordHeaderIn->Length;
 
     TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
 
-    Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
+    Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 
+ *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH + 
+ TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH);
 
     if (Ret > 0) {
       ThisMessageSize = (UINT16) Ret;
     } else {
       //
@@ -127,11 +141,11 @@ TlsEncryptPacket (
       ThisMessageSize = 0;
     }
 
     BufferOutSize += ThisMessageSize;
 
-    BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
     TempRecordHeader += ThisMessageSize;
   }
 
   FreePool (BufferIn);
   BufferIn = NULL;
@@ -199,10 +213,11 @@ TlsDecryptPacket (
   UINT16              ThisCipherMessageSize;
   TLS_RECORD_HEADER   *TempRecordHeader;
   UINT16              ThisPlainMessageSize;
   UINT8               *BufferOut;
   UINT32              BufferOutSize;
+  UINT32              RecordCount;
   INTN                Ret;
 
   Status           = EFI_SUCCESS;
   BytesCopied      = 0;
   BufferIn         = NULL;
@@ -210,10 +225,11 @@ TlsDecryptPacket (
   BufferInPtr      = NULL;
   RecordHeaderIn   = NULL;
   TempRecordHeader = NULL;
   BufferOut        = NULL;
   BufferOutSize    = 0;
+  RecordCount      = 0;
   Ret              = 0;
 
   //
   // Calculate the size according to the fragment table.
   //
@@ -240,11 +256,28 @@ TlsDecryptPacket (
       (*FragmentTable)[Index].FragmentLength
       );
     BytesCopied += (*FragmentTable)[Index].FragmentLength;
   }
 
-  BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+  //
+  // Count TLS record number.
+  //
+  BufferInPtr = BufferIn;
+  while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+    RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData || NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) {
+      Status = EFI_INVALID_PARAMETER;
+      goto ERROR;
+    }
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Length);
+    RecordCount ++;
+  }
+
+  //
+  // Allocate enough buffer to hold TLS Plaintext.
+  //
+  BufferOut = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH 
+ + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH));
   if (BufferOut == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
     goto ERROR;
   }
 
@@ -254,26 +287,21 @@ TlsDecryptPacket (
   BufferInPtr = BufferIn;
   TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
   while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
     RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
 
-    if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
-      Status = EFI_INVALID_PARAMETER;
-      goto ERROR;
-    }
-
     ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
 
-    Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);
-    if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
+    Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize);
+    if (Ret != TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) {
       TlsInstance->TlsSessionState = EfiTlsSessionError;
       Status = EFI_ABORTED;
       goto ERROR;
     }
 
     Ret = 0;
-    Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);
+    Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 
+ 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
 
     if (Ret > 0) {
       ThisPlainMessageSize = (UINT16) Ret;
     } else {
       //
@@ -282,16 +310,16 @@ TlsDecryptPacket (
       DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));
 
       ThisPlainMessageSize = 0;
     }
 
-    CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
+    CopyMem (TempRecordHeader, RecordHeaderIn, 
+ TLS_RECORD_HEADER_LENGTH);
     TempRecordHeader->Length = ThisPlainMessageSize;
-    BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
+    BufferOutSize += TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize;
 
-    BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
-    TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
+    BufferInPtr += TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize;
+    TempRecordHeader += TLS_RECORD_HEADER_LENGTH + 
+ ThisPlainMessageSize;
   }
 
   FreePool (BufferIn);
   BufferIn = NULL;
 
diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h index 3ae9d0d546..e04b312c19 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.h
+++ b/NetworkPkg/TlsDxe/TlsImpl.h
@@ -1,9 +1,9 @@
 /** @file
   Header file of Miscellaneous Routines for TlsDxe driver.
 
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 
 This program and the accompanying materials  are licensed and made available under the terms and conditions of the BSD License  which accompanies this distribution.  The full text of the license may be found at  http://opensource.org/licenses/bsd-license.php
@@ -44,14 +44,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 //
 extern EFI_SERVICE_BINDING_PROTOCOL    mTlsServiceBinding;
 extern EFI_TLS_PROTOCOL                mTlsProtocol;
 extern EFI_TLS_CONFIGURATION_PROTOCOL  mTlsConfigurationProtocol;
 
-#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
-
-#define MAX_BUFFER_SIZE   32768
-
 /**
   Encrypt the message listed in fragment.
 
   @param[in]       TlsInstance    The pointer to the TLS instance.
   @param[in, out]  FragmentTable  Pointer to a list of fragment.
--
2.16.2.windows.1



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel.
  2018-03-20  0:36 ` [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel Jiaxin Wu
@ 2018-03-20  7:08   ` Karunakar P
  0 siblings, 0 replies; 8+ messages in thread
From: Karunakar P @ 2018-03-20  7:08 UTC (permalink / raw)
  To: 'Jiaxin Wu', edk2-devel@lists.01.org; +Cc: Fu Siyuan, Ye Ting

Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>


-----Original Message-----
From: Jiaxin Wu [mailto:jiaxin.wu@intel.com] 
Sent: Tuesday, March 20, 2018 6:07 AM
To: edk2-devel@lists.01.org
Cc: Karunakar P; Fu Siyuan; Ye Ting
Subject: [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel.

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 NetworkPkg/HttpDxe/HttpProto.c    | 121 +++++++++++++++++++++++++++-----------
 NetworkPkg/HttpDxe/HttpsSupport.c |  17 +++++-  NetworkPkg/HttpDxe/HttpsSupport.h |  12 +++-
 3 files changed, 111 insertions(+), 39 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index d7fe271168..35c4a166c4 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -1,9 +1,9 @@
 /** @file
   Miscellaneous routines for HttpDxe driver.
 
-Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>  This program and the accompanying materials  are licensed and made available under the terms and conditions of the BSD License  which accompanies this distribution.  The full text of the license may be found at  http://opensource.org/licenses/bsd-license.php
@@ -1474,64 +1474,101 @@ HttpTransmitTcp (
   EFI_STATUS                    Status;
   EFI_TCP4_IO_TOKEN             *Tx4Token;
   EFI_TCP4_PROTOCOL             *Tcp4;
   EFI_TCP6_IO_TOKEN             *Tx6Token;
   EFI_TCP6_PROTOCOL             *Tcp6;
-  UINT8                         *Buffer;  
-  UINTN                         BufferSize;
+  UINT8                         *TlsRecord;  
+  UINT16                        PayloadSize;
   NET_FRAGMENT                  TempFragment;
+  NET_FRAGMENT                  Fragment;
+  UINTN                         RecordCount;
+  UINTN                         RemainingLen;
 
   Status                = EFI_SUCCESS;
-  Buffer                = NULL;
+  TlsRecord             = NULL;
+  PayloadSize           = 0;
   TempFragment.Len      = 0;
   TempFragment.Bulk     = NULL;
+  Fragment.Len          = 0;
+  Fragment.Bulk         = NULL;
+  RecordCount           = 0;
+  RemainingLen          = 0;
 
   //
   // Need to encrypt data.
   //
   if (HttpInstance->UseHttps) {
     //
-    // Build BufferOut data
+    // Allocate enough buffer for each TLS plaintext records.
     //
-    BufferSize = sizeof (TLS_RECORD_HEADER) + TxStringLen;
-    Buffer     = AllocateZeroPool (BufferSize);
-    if (Buffer == NULL) {
+    TlsRecord = AllocateZeroPool (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
+    if (TlsRecord == NULL) {
       Status = EFI_OUT_OF_RESOURCES;
       return Status;
     }
-    ((TLS_RECORD_HEADER *) Buffer)->ContentType = TlsContentTypeApplicationData;
-    ((TLS_RECORD_HEADER *) Buffer)->Version.Major = HttpInstance->TlsConfigData.Version.Major;
-    ((TLS_RECORD_HEADER *) Buffer)->Version.Minor = HttpInstance->TlsConfigData.Version.Minor;
-    ((TLS_RECORD_HEADER *) Buffer)->Length = (UINT16) (TxStringLen);
-    CopyMem (Buffer + sizeof (TLS_RECORD_HEADER), TxString, TxStringLen);
-    
+
     //
-    // Encrypt Packet.
+    // Allocate enough buffer for all TLS ciphertext records.
     //
-    Status = TlsProcessMessage (
-               HttpInstance, 
-               Buffer, 
-               BufferSize, 
-               EfiTlsEncrypt, 
-               &TempFragment
-               );
-    
-    FreePool (Buffer);
+    RecordCount = TxStringLen / TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH + 1;
+    Fragment.Bulk = AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
+    if (Fragment.Bulk == NULL) {
+      Status = EFI_OUT_OF_RESOURCES;
+      goto ON_ERROR;
+    }
 
-    if (EFI_ERROR (Status)) {
-      return Status;
+    //
+    // Encrypt each TLS plaintext records.
+    //
+    RemainingLen = TxStringLen;
+    while (RemainingLen != 0) {
+      PayloadSize = (UINT16) MIN 
+ (TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH, RemainingLen);
+      
+      ((TLS_RECORD_HEADER *) TlsRecord)->ContentType = TlsContentTypeApplicationData;
+      ((TLS_RECORD_HEADER *) TlsRecord)->Version.Major = HttpInstance->TlsConfigData.Version.Major;
+      ((TLS_RECORD_HEADER *) TlsRecord)->Version.Minor = HttpInstance->TlsConfigData.Version.Minor;
+      ((TLS_RECORD_HEADER *) TlsRecord)->Length = PayloadSize;
+
+      CopyMem (TlsRecord + TLS_RECORD_HEADER_LENGTH, TxString + 
+ (TxStringLen - RemainingLen), PayloadSize);
+      
+      Status = TlsProcessMessage (
+                 HttpInstance, 
+                 TlsRecord, 
+                 TLS_RECORD_HEADER_LENGTH + PayloadSize, 
+                 EfiTlsEncrypt, 
+                 &TempFragment
+                 );
+      if (EFI_ERROR (Status)) {
+        goto ON_ERROR;
+      }
+
+      //
+      // Record the processed/encrypted Packet. 
+      //
+      CopyMem (Fragment.Bulk + Fragment.Len, TempFragment.Bulk, TempFragment.Len);
+      Fragment.Len += TempFragment.Len;
+
+      FreePool (TempFragment.Bulk);
+      TempFragment.Len  = 0;
+      TempFragment.Bulk = NULL;
+      
+      RemainingLen -= (UINTN) PayloadSize;
+      ZeroMem (TlsRecord, TLS_RECORD_HEADER_LENGTH + 
+ TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
     }
+
+    FreePool (TlsRecord);
+    TlsRecord = NULL;
   }
   
   if (!HttpInstance->LocalAddressIsIPv6) {
     Tcp4 = HttpInstance->Tcp4;
     Tx4Token = &Wrap->TcpWrap.Tx4Token;
 
     if (HttpInstance->UseHttps) {
-      Tx4Token->Packet.TxData->DataLength = TempFragment.Len;
-      Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength = TempFragment.Len;
-      Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) TempFragment.Bulk;
+      Tx4Token->Packet.TxData->DataLength = Fragment.Len;
+      Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength = Fragment.Len;
+      Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID 
+ *) Fragment.Bulk;
     } else {
       Tx4Token->Packet.TxData->DataLength = (UINT32) TxStringLen;
       Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength = (UINT32) TxStringLen;
       Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) TxString;
     }
@@ -1540,21 +1577,21 @@ HttpTransmitTcp (
     
     Wrap->TcpWrap.IsTxDone = FALSE;
     Status  = Tcp4->Transmit (Tcp4, Tx4Token);
     if (EFI_ERROR (Status)) {
       DEBUG ((EFI_D_ERROR, "Transmit failed: %r\n", Status));
-      return Status;
+      goto ON_ERROR;
     }
 
   } else {
     Tcp6 = HttpInstance->Tcp6;
     Tx6Token = &Wrap->TcpWrap.Tx6Token;
     
     if (HttpInstance->UseHttps) {
-      Tx6Token->Packet.TxData->DataLength = TempFragment.Len;
-      Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength = TempFragment.Len;
-      Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) TempFragment.Bulk;
+      Tx6Token->Packet.TxData->DataLength = Fragment.Len;
+      Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength = Fragment.Len;
+      Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID 
+ *) Fragment.Bulk;
     } else {
       Tx6Token->Packet.TxData->DataLength = (UINT32) TxStringLen;
       Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength = (UINT32) TxStringLen;
       Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer = (VOID *) TxString;
     }
@@ -1563,14 +1600,30 @@ HttpTransmitTcp (
 
     Wrap->TcpWrap.IsTxDone = FALSE;
     Status = Tcp6->Transmit (Tcp6, Tx6Token);
     if (EFI_ERROR (Status)) {
       DEBUG ((EFI_D_ERROR, "Transmit failed: %r\n", Status));
-      return Status;
+      goto ON_ERROR;
     }
   }
   
+  return Status;
+
+ON_ERROR:
+  
+  if (HttpInstance->UseHttps) {
+    if (TlsRecord != NULL) {
+      FreePool (TlsRecord);
+      TlsRecord = NULL;
+    }
+    
+    if (Fragment.Bulk != NULL) {
+      FreePool (Fragment.Bulk);
+      Fragment.Bulk = NULL;
+    }
+  }
+
   return Status;
 }
 
 /**
   Check whether the user's token or event has already diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index f5e5911b86..5105a2014c 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -949,11 +949,11 @@ TlsReceiveOnePdu (
   InitializeListHead (NbufList);
 
   //
   // Allocate buffer to receive one TLS header.
   //
-  Len     = sizeof (TLS_RECORD_HEADER);
+  Len     = TLS_RECORD_HEADER_LENGTH;
   PduHdr  = NetbufAlloc (Len);
   if (PduHdr == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
     goto ON_EXIT;
   }
@@ -1389,15 +1389,23 @@ TlsCloseSession (
 
 /**
   Process one message according to the CryptMode.
 
   @param[in]           HttpInstance    Pointer to HTTP_PROTOCOL structure.
-  @param[in]           Message         Pointer to the message buffer needed to processed.
+  @param[in]           Message         Pointer to the message buffer needed to processed. 
+                                       If ProcessMode is EfiTlsEncrypt, the message contain the TLS
+                                       header and plain text TLS APP payload.
+                                       If ProcessMode is EfiTlsDecrypt, the message contain the TLS 
+                                       header and cipher text TLS APP payload.
   @param[in]           MessageSize     Pointer to the message buffer size.
   @param[in]           ProcessMode     Process mode.
   @param[in, out]      Fragment        Only one Fragment returned after the Message is
                                        processed successfully.
+                                       If ProcessMode is EfiTlsEncrypt, the fragment contain the TLS 
+                                       header and cipher text TLS APP payload.
+                                       If ProcessMode is EfiTlsDecrypt, the fragment contain the TLS 
+                                       header and plain text TLS APP payload.
 
   @retval EFI_SUCCESS          Message is processed successfully.
   @retval EFI_OUT_OF_RESOURCES   Can't allocate memory resources.
   @retval Others               Other errors as indicated.
 
@@ -1496,10 +1504,13 @@ TlsProcessMessage (
   Fragment->Bulk = Buffer;
 
 ON_EXIT:
 
   if (OriginalFragmentTable != NULL) {
+    if( FragmentTable == OriginalFragmentTable) {
+      FragmentTable = NULL;
+    }
     FreePool (OriginalFragmentTable);
     OriginalFragmentTable = NULL;
   }
 
   //
@@ -1680,11 +1691,11 @@ HttpsReceive (
     if (BufferIn == NULL) {
       Status = EFI_OUT_OF_RESOURCES;
       return Status;
     }
 
-    CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);
+    CopyMem (BufferIn, TempFragment.Bulk + TLS_RECORD_HEADER_LENGTH, 
+ BufferInSize);
 
     //
     // Free the buffer in TempFragment.
     //
     FreePool (TempFragment.Bulk);
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSupport.h
index f7a2d303e6..5d4ca01108 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.h
+++ b/NetworkPkg/HttpDxe/HttpsSupport.h
@@ -1,9 +1,9 @@
 /** @file
   The header files of miscellaneous routines specific to Https for HttpDxe driver.
 
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials  are licensed and made available under the terms and conditions of the BSD License  which accompanies this distribution.  The full text of the license may be found at  http://opensource.org/licenses/bsd-license.php
 
@@ -215,15 +215,23 @@ TlsCloseSession (
 
 /**
   Process one message according to the CryptMode.
 
   @param[in]           HttpInstance    Pointer to HTTP_PROTOCOL structure.
-  @param[in]           Message         Pointer to the message buffer needed to processed.
+  @param[in]           Message         Pointer to the message buffer needed to processed. 
+                                       If ProcessMode is EfiTlsEncrypt, the message contain the TLS
+                                       header and plain text TLS APP payload.
+                                       If ProcessMode is EfiTlsDecrypt, the message contain the TLS 
+                                       header and cipher text TLS APP payload.
   @param[in]           MessageSize     Pointer to the message buffer size.
   @param[in]           ProcessMode     Process mode.
   @param[in, out]      Fragment        Only one Fragment returned after the Message is
                                        processed successfully.
+                                       If ProcessMode is EfiTlsEncrypt, the fragment contain the TLS 
+                                       header and cipher text TLS APP payload.
+                                       If ProcessMode is EfiTlsDecrypt, the fragment contain the TLS 
+                                       header and plain text TLS APP payload.
 
   @retval EFI_SUCCESS          Message is processed successfully.
   @retval EFI_OUT_OF_RESOURCES   Can't allocate memory resources.
   @retval Others               Other errors as indicated.
 
--
2.16.2.windows.1



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [Patch 0/3] Support HTTP large data request via TLS channel.
  2018-03-20  0:36 [Patch 0/3] Support HTTP large data request via TLS channel Jiaxin Wu
                   ` (2 preceding siblings ...)
  2018-03-20  0:36 ` [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel Jiaxin Wu
@ 2018-03-21  1:23 ` Fu, Siyuan
  3 siblings, 0 replies; 8+ messages in thread
From: Fu, Siyuan @ 2018-03-21  1:23 UTC (permalink / raw)
  To: Wu, Jiaxin, edk2-devel@lists.01.org; +Cc: Karunakar P, Ye, Ting



Serials Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>



> -----Original Message-----
> From: Wu, Jiaxin
> Sent: Tuesday, March 20, 2018 8:37 AM
> To: edk2-devel@lists.01.org
> Cc: Karunakar P <karunakarp@amiindia.co.in>; Fu, Siyuan
> <siyuan.fu@intel.com>; Ye, Ting <ting.ye@intel.com>
> Subject: [Patch 0/3] Support HTTP large data request via TLS channel.
> 
> Cc: Karunakar P <karunakarp@amiindia.co.in>
> Cc: Fu Siyuan <siyuan.fu@intel.com>
> Cc: Ye Ting <ting.ye@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> 
> Jiaxin Wu (3):
>   MdePkg/Tls1.h: Add TLS record header length and max payload length.
>   NetworkPkg/TlsDxe: Handle the multiple TLS record messages
>     encryption/decryption.
>   NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel.
> 
>  MdePkg/Include/IndustryStandard/Tls1.h |  16 ++++-
>  NetworkPkg/HttpDxe/HttpProto.c         | 121 ++++++++++++++++++++++++----
> -----
>  NetworkPkg/HttpDxe/HttpsSupport.c      |  17 ++++-
>  NetworkPkg/HttpDxe/HttpsSupport.h      |  12 +++-
>  NetworkPkg/TlsDxe/TlsImpl.c            |  74 +++++++++++++-------
>  NetworkPkg/TlsDxe/TlsImpl.h            |   6 +-
>  6 files changed, 178 insertions(+), 68 deletions(-)
> 
> --
> 2.16.2.windows.1



^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2018-03-21  1:17 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-03-20  0:36 [Patch 0/3] Support HTTP large data request via TLS channel Jiaxin Wu
2018-03-20  0:36 ` [Patch 1/3] MdePkg/Tls1.h: Add TLS record header length and max payload length Jiaxin Wu
2018-03-20  7:07   ` Karunakar P
2018-03-20  0:36 ` [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption Jiaxin Wu
2018-03-20  7:08   ` Karunakar P
2018-03-20  0:36 ` [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel Jiaxin Wu
2018-03-20  7:08   ` Karunakar P
2018-03-21  1:23 ` [Patch 0/3] Support HTTP large data request via TLS channel Fu, Siyuan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox