From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: None (no SPF record) identity=mailfrom; client-ip=203.199.198.232; helo=imsva.in.megatrends.com; envelope-from=karunakarp@amiindia.co.in; receiver=edk2-devel@lists.01.org Received: from IMSVA.IN.MEGATRENDS.COM (Webmail.amiindia.co.in [203.199.198.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 88389208F7CB2 for ; Tue, 20 Mar 2018 00:01:44 -0700 (PDT) Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 75AB082055; Tue, 20 Mar 2018 12:41:59 +0530 (IST) Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5FF448204A; Tue, 20 Mar 2018 12:41:59 +0530 (IST) Received: from webmail.amiindia.co.in (venus1.in.megatrends.com [10.0.0.5]) by IMSVA.IN.MEGATRENDS.COM (Postfix) with ESMTP; Tue, 20 Mar 2018 12:41:59 +0530 (IST) Received: from VENUS2.in.megatrends.com ([fe80::2002:4a07:4f17:c09b]) by VENUS1.in.megatrends.com ([fe80::951:7975:6ecf:eae5%14]) with mapi id 14.01.0438.000; Tue, 20 Mar 2018 12:38:10 +0530 From: Karunakar P To: 'Jiaxin Wu' , "edk2-devel@lists.01.org" CC: Fu Siyuan , Ye Ting Thread-Topic: [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption. Thread-Index: AQHTv+O8sKu/Xmrby0ykNWuT00m0VaPYtJqg Date: Tue, 20 Mar 2018 07:08:10 +0000 Message-ID: References: <20180320003657.4524-1-jiaxin.wu@intel.com> <20180320003657.4524-3-jiaxin.wu@intel.com> In-Reply-To: <20180320003657.4524-3-jiaxin.wu@intel.com> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.0.84.140] MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-TM-AS-Product-Ver: IMSVA-9.1.0.1600-8.2.0.1013-23730.005 X-TM-AS-Result: No--7.539-5.0-31-10 X-imss-scan-details: No--7.539-5.0-31-10 X-TMASE-Version: IMSVA-9.1.0.1600-8.2.1013-23730.005 X-TMASE-Result: 10--7.538800-10.000000 X-TMASE-MatchedRID: QW5G6BKkLTrSw3nP8ewgPMzWN98iBBeGF2pUb6YRYK61eX0jEQ9c6sXR JNgWv23S09NQNrxIpFbMAQKXc+l9UrB7WpdGM4xOws9cphnKwlEIQFYdJrnSuRBfnWOLBKCp9oX 3rkA/GufmN0kr+p6lBNREd1RnDg47OVzKEd+ERcoMH4SsGvRsA13sro2+2l4Ee/eKgB30qtItGn JjeoZPYOYKeSh0IWb8wLND2sNR1tol127V4j2o6mgws6g0ewz21KoSW5Ji1Xtb6PBUqmq+Uhjpd xl9skrF4vM1YF6AJbY96sxygIbFGAtuKBGekqUpIG4YlbCDECsYpN+2ZkfdF9HQP4umjiOD1U3j 1KZADNbrRHuR33yo7YIPlrXHItINdpmnVFgjf/E= X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0 Subject: Re: [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2018 07:01:45 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Karunakar p -----Original Message----- From: Jiaxin Wu [mailto:jiaxin.wu@intel.com]=20 Sent: Tuesday, March 20, 2018 6:07 AM To: edk2-devel@lists.01.org Cc: Karunakar P; Fu Siyuan; Ye Ting Subject: [Patch 2/3] NetworkPkg/TlsDxe: Handle the multiple TLS record mess= ages encryption/decryption. Cc: Karunakar P Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- NetworkPkg/TlsDxe/TlsImpl.c | 74 +++++++++++++++++++++++++++++++----------= ---- NetworkPkg/TlsDxe/TlsImpl.h | 6 +--- 2 files changed, 52 insertions(+), 28 deletions(-) diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c inde= x 8e1238216b..a026075f36 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.c +++ b/NetworkPkg/TlsDxe/TlsImpl.c @@ -1,9 +1,9 @@ /** @file The Miscellaneous Routines for TlsDxe driver. =20 -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
=20 This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at http://opens= ource.org/licenses/bsd-license.php @@ -48,10 +48,11 @@ TlsEncryptPacket ( UINT16 ThisPlainMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisMessageSize; UINT32 BufferOutSize; UINT8 *BufferOut; + UINT32 RecordCount; INTN Ret; =20 Status =3D EFI_SUCCESS; BytesCopied =3D 0; BufferInSize =3D 0; @@ -59,10 +60,11 @@ TlsEncryptPacket ( BufferInPtr =3D NULL; RecordHeaderIn =3D NULL; TempRecordHeader =3D NULL; BufferOutSize =3D 0; BufferOut =3D NULL; + RecordCount =3D 0; Ret =3D 0; =20 // // Calculate the size according to the fragment table. // @@ -89,34 +91,46 @@ TlsEncryptPacket ( (*FragmentTable)[Index].FragmentLength ); BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; } =20 - BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr =3D BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { + RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; + if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData || = RecordHeaderIn->Length > TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH) { + Status =3D EFI_INVALID_PARAMETER; + goto ERROR; + } + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + RecordHeaderIn->Length; + RecordCount ++; + } + =20 + // + // Allocate enough buffer to hold TLS Ciphertext. + // + BufferOut =3D AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH= =20 + + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto ERROR; } =20 // - // Parsing buffer. + // Parsing buffer. Received packet may have multiple TLS record messages= . // BufferInPtr =3D BufferIn; TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; =20 - if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) { - Status =3D EFI_INVALID_PARAMETER; - goto ERROR; - } - ThisPlainMessageSize =3D RecordHeaderIn->Length; =20 TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPl= ainMessageSize); =20 - Ret =3D TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordH= eader), MAX_BUFFER_SIZE - BufferOutSize); + Ret =3D TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8=20 + *)(TempRecordHeader), TLS_RECORD_HEADER_LENGTH +=20 + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH); =20 if (Ret > 0) { ThisMessageSize =3D (UINT16) Ret; } else { // @@ -127,11 +141,11 @@ TlsEncryptPacket ( ThisMessageSize =3D 0; } =20 BufferOutSize +=3D ThisMessageSize; =20 - BufferInPtr +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; TempRecordHeader +=3D ThisMessageSize; } =20 FreePool (BufferIn); BufferIn =3D NULL; @@ -199,10 +213,11 @@ TlsDecryptPacket ( UINT16 ThisCipherMessageSize; TLS_RECORD_HEADER *TempRecordHeader; UINT16 ThisPlainMessageSize; UINT8 *BufferOut; UINT32 BufferOutSize; + UINT32 RecordCount; INTN Ret; =20 Status =3D EFI_SUCCESS; BytesCopied =3D 0; BufferIn =3D NULL; @@ -210,10 +225,11 @@ TlsDecryptPacket ( BufferInPtr =3D NULL; RecordHeaderIn =3D NULL; TempRecordHeader =3D NULL; BufferOut =3D NULL; BufferOutSize =3D 0; + RecordCount =3D 0; Ret =3D 0; =20 // // Calculate the size according to the fragment table. // @@ -240,11 +256,28 @@ TlsDecryptPacket ( (*FragmentTable)[Index].FragmentLength ); BytesCopied +=3D (*FragmentTable)[Index].FragmentLength; } =20 - BufferOut =3D AllocateZeroPool (MAX_BUFFER_SIZE); + // + // Count TLS record number. + // + BufferInPtr =3D BufferIn; + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { + RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; + if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData || = NTOHS (RecordHeaderIn->Length) > TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH) = { + Status =3D EFI_INVALID_PARAMETER; + goto ERROR; + } + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + NTOHS (RecordHeaderIn->Len= gth); + RecordCount ++; + } + + // + // Allocate enough buffer to hold TLS Plaintext. + // + BufferOut =3D AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_LENGTH= =20 + + TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH)); if (BufferOut =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto ERROR; } =20 @@ -254,26 +287,21 @@ TlsDecryptPacket ( BufferInPtr =3D BufferIn; TempRecordHeader =3D (TLS_RECORD_HEADER *) BufferOut; while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) { RecordHeaderIn =3D (TLS_RECORD_HEADER *) BufferInPtr; =20 - if (RecordHeaderIn->ContentType !=3D TlsContentTypeApplicationData) { - Status =3D EFI_INVALID_PARAMETER; - goto ERROR; - } - ThisCipherMessageSize =3D NTOHS (RecordHeaderIn->Length); =20 - Ret =3D TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeade= rIn), RECORD_HEADER_LEN + ThisCipherMessageSize); - if (Ret !=3D RECORD_HEADER_LEN + ThisCipherMessageSize) { + Ret =3D TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeade= rIn), TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize); + if (Ret !=3D TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize) { TlsInstance->TlsSessionState =3D EfiTlsSessionError; Status =3D EFI_ABORTED; goto ERROR; } =20 Ret =3D 0; - Ret =3D TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1= ), MAX_BUFFER_SIZE - BufferOutSize); + Ret =3D TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader +=20 + 1), TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH); =20 if (Ret > 0) { ThisPlainMessageSize =3D (UINT16) Ret; } else { // @@ -282,16 +310,16 @@ TlsDecryptPacket ( DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.= \n")); =20 ThisPlainMessageSize =3D 0; } =20 - CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN); + CopyMem (TempRecordHeader, RecordHeaderIn,=20 + TLS_RECORD_HEADER_LENGTH); TempRecordHeader->Length =3D ThisPlainMessageSize; - BufferOutSize +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferOutSize +=3D TLS_RECORD_HEADER_LENGTH + ThisPlainMessageSize; =20 - BufferInPtr +=3D RECORD_HEADER_LEN + ThisCipherMessageSize; - TempRecordHeader +=3D RECORD_HEADER_LEN + ThisPlainMessageSize; + BufferInPtr +=3D TLS_RECORD_HEADER_LENGTH + ThisCipherMessageSize; + TempRecordHeader +=3D TLS_RECORD_HEADER_LENGTH +=20 + ThisPlainMessageSize; } =20 FreePool (BufferIn); BufferIn =3D NULL; =20 diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h inde= x 3ae9d0d546..e04b312c19 100644 --- a/NetworkPkg/TlsDxe/TlsImpl.h +++ b/NetworkPkg/TlsDxe/TlsImpl.h @@ -1,9 +1,9 @@ /** @file Header file of Miscellaneous Routines for TlsDxe driver. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
=20 This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at http://opens= ource.org/licenses/bsd-license.php @@ -44,14 +44,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. // extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding; extern EFI_TLS_PROTOCOL mTlsProtocol; extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol; =20 -#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2) - -#define MAX_BUFFER_SIZE 32768 - /** Encrypt the message listed in fragment. =20 @param[in] TlsInstance The pointer to the TLS instance. @param[in, out] FragmentTable Pointer to a list of fragment. -- 2.16.2.windows.1