#1 Re: mORMot 1 » Encryption/Decription » 2017-10-02 09:56:55

Hi, Ab thank for you help, I know that I'm being persistent and boring but please,

I have enabled the protocol on both sides

On server

  { WebSocketServerRest := } aHTTPServer.WebSocketsEnable(aServer, '2141D32ADAD54D9A9DB56000CC9A4A70', false);

On client  ( Delphi unigui aplication running on browser)

(fClient as TSQLHttpClientWebsockets).WebSocketsUpgrade('2141D32ADAD54D9A9DB56000CC9A4A70', False);

And still in fiddler or using the browser network console I can see all the data in plaintext, In my headers I just can't make  the ACCEPT-ENCODING: synshaaes
apears,

Do I missing something? If I'm using websocks do I need to still using  this code on server?

TSQLHttpServer.Create('888',[DataBase],'+',useHttpApiRegisteringURI,32,secSynShaAes);

and this one on client?

MyClient.Compression := [hcSynShaAes];

ps : I know that you are a busy man, but don't you have a support plan that I can pay for it and receive some help?

Regards

zemorango

#2 Re: mORMot 1 » Encryption/Decription » 2017-10-01 11:44:53

Hi Ab, thanks for the help,
Now it works without errors, but no encryption is made, in fiddler in the header request there is no indication of encryption only gzip compression, so I can see everything in plain text,

Don't know what else to do to give some protection to the data, do you have any support plan that I can buy and get help?



Tanks

zemorango

#3 Re: mORMot 1 » Encryption/Decription » 2017-09-30 15:37:53

Hi AB, thanks for the quick answer,

I try to change the sample 16 to work with websocks , the server start , but when i Start the Client I've got an error.

my code onde the server is this one :

aServer := TSQLRestServerFullMemory.Create(aModel,'users.json',false,true);
    try
      // register our IRemoteSQL service on the server side
      aServer.ServiceRegister(TServiceRemoteSQL,[TypeInfo(IRemoteSQL)],sicClientDriven).
        // fProps should better be executed/released in the one main thread
       SetOptions([],[optExecInMainThread,optFreeInMainThread]);
      // launch the HTTP server

     // aHTTPServer := TSQLHttpServer.Create(PORT_NAME,[aServer],'+',useHttpApiRegisteringURI,32,secNone);

       aHTTPServer := TSQLHttpServer.Create(AnsiString(PORT_NAME), [aServer], '+', useBidirSocket);
            TWebSocketServerRest(aHTTPServer.HttpServer).ServerKeepAliveTimeOut := CONNECTION_TIMEOUT;
            { WebSocketServerRest := } aHTTPServer.WebSocketsEnable(aServer, '2141D32ADAD54D9A9DB56000CC9A4A70', false);

my client code is running using unigui, so its a web aplication,  the code  for the initialization of the request to the server is .

fModel := TSQLModel.Create([],ROOT_NAME);
 // fClient := TSQLHttpClient.Create('localhost',PORT_NAME,fModel);

   fClient := TSQLHttpClientWebsockets.Create(AnsiString('localhost'), AnsiString(PORT_NAME), fModel,
      SendTimeout, ReceiveTimeout,
       ConnectTimeout);

   TSQLHttpClientWebsockets(fClient).KeepAliveMS := CONNECTION_TIMEOUT;
   (fClient as TSQLHttpClientWebsockets).WebSocketsUpgrade('', False);
   (fClient as TSQLHttpClientWebsockets).WebSocketsUpgrade('2141D32ADAD54D9A9DB56000CC9A4A70', False);


This is the result when I start the client




20170930 15095609  !  +    mORMotHttpServer.TSQLHttpServer(0230A510).Create useBidirSocket (secNone) on port 888
20170930 15095609  " info  SetThreadName 00001BEC=TSQLHttpServer 888/root TWebSocketServerRest
20170930 15095610  " trace mORMot.TSQLRestServerFullMemory(0237B680) BeginCurrentThread(TWebSocketServerRest) root=root ThreadID=00001BEC ThreadCount=1
20170930 15095610  ! http       mORMotHttpServer.TSQLHttpServer(0230A510) {"TWebSocketServerRest(02337A70)":{"ServerConnectionCount":0,"ServerKeepAliveTimeOut":3000,"TCPPrefix":"","ThreadPool":{"TSynThreadPoolTHttpServer(023A6840)":{"HeaderErrors":0,"HeaderProcessed":0,"BodyProcessed":0,"BodyOwnThreads":0,"RunningThreads":2}},"ThreadPoolContentionCount":0,"ThreadPoolContentionAbortCount":0,"APIVersion":"WinSock 2.0.514","ServerName":"mORMot (Windows)","ProcessName":"root "}} initialized for root
20170930 15095610  !  -    00.004.449

Background server is running.

Press [Enter] to close the server.

20170930 15103847  # info  SetThreadName 00002F14=TSQLHttpServer 888/root TWebSocketServerResp
20170930 15103847  # trace mORMot.TSQLRestServerFullMemory(0237B680) BeginCurrentThread(TWebSocketServerResp) root=root ThreadID=00002F14 ThreadCount=2
20170930 15103847  # EXC   ESynCrypto {"Message":"TAESCFB.DecryptPKCS7: Invalid InputLen=40"} at 0054AA76  stack trace API 0055BB3B 0055BB64 0040A880 775FD544 775EAD8F 0054AA76 0054AD9D 0054AE74 0054DD89 00662FA0 006647D1 006654DF 00665EA2 0066629E 006488DE 004B5E04 0040B36E 74F43744 775D9E54 775D9E1F
20170930 15103847  # EXC   EWebSockets {"Message":"TWebSocketProtocolBinary.AfterGetFrame: encryption error sprInvalidMAC"} at 00662FDE  stack trace API 0055BB3B 0055BB64 0040A880 775FD544 775EAD8F 00662FDE 006647D1 006654DF 00665EA2 0066629E 006488DE 004B5E04 0040B36E 74F43744 775D9E54 775D9E1F
20170930 15103847  # trace mORMot.TSQLRestServerFullMemory(0237B680) EndCurrentThread(TWebSocketServerResp) ThreadID=00002F14 ThreadCount=1

If I remove this line ( regarding encryption), then it work just fine, but using Fiddler I can se all the comunication in plain text, no security


 // AES encrypt
(fClient as TSQLHttpClientWebsockets).WebSocketsUpgrade('2141D32ADAD54D9A9DB56000CC9A4A70', False);

IF Using https, fiddler make a MIM attack and decode all the SSL encoding, so how can I protect my httprequest?
I'm building a big Unigui application, and I really just need a way to protect the data when making my request to the server.


Thank's in advance

zemorango

#4 Re: mORMot 1 » Understanding client connections » 2017-09-29 14:59:34

Hi ertank, it seams that nobody give you a answer, but did you manage to make this work?

#5 Re: mORMot 1 » Encryption/Decription » 2017-09-29 14:55:24

First off all I want to apologize to AB, because yesterday I created a Ticket for this and it was a huge mistake because that was not the place to do it, sorry AB for wasting you time, trully I'm. sad


A I said I'm a newbie to Mormot, But I already managed to recreate the sample nº 16 to work in Unigui smile just like the VCL one smile, This is really a great Framework.

But I would like to Encrypt the data between the client and server. I did as AB tells on this post https://synopse.info/forum/viewtopic.php?id=1553

But I can't see where to use the CompressShaAesSetKey() or how to use the global key.

I have this lines of code in server or the Sample nº 16 :

     // register our IRemoteSQL service on the server side
      aServer.ServiceRegister(TServiceRemoteSQL,[TypeInfo(IRemoteSQL)],sicClientDriven).
      // fProps should better be executed/released in the one main thread
       SetOptions([],[optExecInMainThread,optFreeInMainThread]);
      // launch the HTTP server
      aHTTPServer := TSQLHttpServer.Create(PORT_NAME,[aServer],'+',useHttpApiRegisteringURI,32,secSynShaAes);

And this one in the Client :

 fModel := TSQLModel.Create([],ROOT_NAME);
  fClient := TSQLHttpClient.Create('localhost',PORT_NAME,fModel);
  TSQLHttpClientWinHTTP(FClient).Compression := [hcSynShaAes];
 

So what its missing ? how to use the  CompressShaAesSetKey() or where to use the key for the encryption ?

Regards

Zemorango

Board footer

Powered by FluxBB