[pgsqlclient-checkins] pgsqlclient_10/PgSqlClient.Security.Tls/source TlsSocket.cs,1.1,1.2

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source
In directory sc8-pr-cvs1:/tmp/cvs-serv7610

Modified Files:
	TlsSocket.cs 
Log Message:
Some improvements for best handling of TLS messages

Index: TlsSocket.cs
===================================================================
RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PgSqlClient.Security.Tls/source/TlsSocket.cs,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** TlsSocket.cs	16 Sep 2003 12:28:05 -0000	1.1
--- TlsSocket.cs	16 Sep 2003 14:28:45 -0000	1.2
***************
*** 45,51 ****
  				SocketType		socketType,
  				ProtocolType	protocolType
! 				) : base (addressFamily, socketType, protocolType)
  		{
! 			inputBuffer = new BufferedStream(new MemoryStream());
  		}

--- 45,51 ----
  				SocketType		socketType,
  				ProtocolType	protocolType
! 				) : base(addressFamily, socketType, protocolType)
  		{
! 			this.inputBuffer = new BufferedStream(new MemoryStream());
  		}

***************
*** 55,59 ****
  			SocketType		socketType,
  			ProtocolType	protocolType
! 			) : base (addressFamily, socketType, protocolType)
  		{
  			this.session = session;
--- 55,59 ----
  			SocketType		socketType,
  			ProtocolType	protocolType
! 			) : this(addressFamily, socketType, protocolType)
  		{
  			this.session = session;
***************
*** 91,97 ****
  				return base.Receive(buffer, offset, size, socketFlags);
  			}
  			// Check if we have space in the middle buffer
  			// if not Read next TLS record and update the inputBuffer
! 			if (inputBuffer.Length < size)
  			{
  				// Read next record and write it into the inputBuffer
--- 91,98 ----
  				return base.Receive(buffer, offset, size, socketFlags);
  			}
+ 
  			// Check if we have space in the middle buffer
  			// if not Read next TLS record and update the inputBuffer
! 			while ((inputBuffer.Length - inputBuffer.Position) < size)
  			{
  				// Read next record and write it into the inputBuffer
***************
*** 99,108 ****
  				byte[]	record		= this.receiveRecord();

! 				// Write new data to the inputBuffer
! 				inputBuffer.Seek(0, SeekOrigin.End);
! 				inputBuffer.Write(record, 0, record.Length);

! 				// Restore buffer position
! 				inputBuffer.Seek(position, SeekOrigin.Begin);
  			}

--- 100,112 ----
  				byte[]	record		= this.receiveRecord();

! 				if (record.Length > 0)
! 				{
! 					// Write new data to the inputBuffer
! 					inputBuffer.Seek(0, SeekOrigin.End);
! 					inputBuffer.Write(record, 0, record.Length);

! 					// Restore buffer position
! 					inputBuffer.Seek(position, SeekOrigin.Begin);
! 				}
  			}

***************
*** 171,175 ****
  					contentType != TlsContentType.ChangeCipherSpec)
  				{
! 					message = new TlsStreamReader(processCipherTextRecord(contentType, protocol, message.GetBytes()));
  				}
  			}
--- 175,179 ----
  					contentType != TlsContentType.ChangeCipherSpec)
  				{
! 					message = new TlsStreamReader(decryptRecordFragment(contentType, protocol, message.GetBytes()));
  				}
  			}
***************
*** 215,219 ****
  		#region TLS_READ_CRYPT_METHODS

! 		private byte[] processCipherTextRecord(TlsContentType contentType, 
  			TlsProtocol protocol,
  			byte[] fragment)
--- 219,223 ----
  		#region TLS_READ_CRYPT_METHODS

! 		private byte[] decryptRecordFragment(TlsContentType contentType, 
  			TlsProtocol protocol,
  			byte[] fragment)
***************
*** 234,238 ****

  			// Check MAC code
! 			byte[] mac = this.encodeRecordMAC(contentType, dcrFragment, false);

  			// Check that the mac is correct
--- 238,242 ----

  			// Check MAC code
! 			byte[] mac = this.encodeServerRecordMAC(contentType, dcrFragment);

  			// Check that the mac is correct
***************
*** 322,326 ****
  				{
  					// Encrypt fragment
! 					fragment = encodeCipherTextRecord(contentType, fragment);
  				}

--- 326,330 ----
  				{
  					// Encrypt fragment
! 					fragment = encryptRecordFragment(contentType, fragment);
  				}

***************
*** 342,349 ****
  		}

! 		private byte[] encodeCipherTextRecord(TlsContentType contentType, byte[] fragment)
  		{
  			// Calculate message MAC
! 			byte[] mac	= encodeRecordMAC(contentType, fragment, true);					

  			// Encrypt the message
--- 346,353 ----
  		}

! 		private byte[] encryptRecordFragment(TlsContentType contentType, byte[] fragment)
  		{
  			// Calculate message MAC
! 			byte[] mac	= encodeClientRecordMAC(contentType, fragment);

  			// Encrypt the message
***************
*** 448,452 ****
  		#region MISC_METHODS

! 		private byte[] encodeRecordMAC(TlsContentType contentType, byte[] fragment, bool useClientMac)
  		{
  			TlsStreamWriter data	= new TlsStreamWriter();
--- 452,456 ----
  		#region MISC_METHODS

! 		private byte[] encodeServerRecordMAC(TlsContentType contentType, byte[] fragment)
  		{
  			TlsStreamWriter data	= new TlsStreamWriter();
***************
*** 459,470 ****
  			data.Write(fragment);

! 			if (useClientMac)
! 			{
! 				result = session.Context.Cipher.ComputeClientMAC(data.GetBytes());
! 			}
! 			else
! 			{
! 				result = session.Context.Cipher.ComputeServerMAC(data.GetBytes());
! 			}

  			data.Reset();
--- 463,485 ----
  			data.Write(fragment);

! 			result = session.Context.Cipher.ComputeServerMAC(data.GetBytes());
! 
! 			data.Reset();
! 
! 			return result;
! 		}
! 
! 		private byte[] encodeClientRecordMAC(TlsContentType contentType, byte[] fragment)
! 		{
! 			TlsStreamWriter data	= new TlsStreamWriter();
! 			byte[]			result	= null;
! 
! 			data.WriteLong(session.Context.WriteSequenceNumber);
! 			data.Write((byte)contentType);
! 			data.WriteShort((short)TlsProtocol.Tls1);
! 			data.WriteShort((short)fragment.Length);
! 			data.Write(fragment);
! 
! 			result = session.Context.Cipher.ComputeClientMAC(data.GetBytes());

  			data.Reset();