Pages: 1

#1 Re: mORMot 1 » Encryption/Decription » 2017-10-02 09:56:55

zemorango

Hi, Ab thank for you help, I know that I'm being persistent and boring but please,

I have enabled the protocol on both sides

On server 

  { WebSocketServerRest := } aHTTPServer.WebSocketsEnable(aServer, '2141D32ADAD54D9A9DB56000CC9A4A70', false);

On client  ( Delphi unigui aplication running on browser)

(fClient as TSQLHttpClientWebsockets).WebSocketsUpgrade('2141D32ADAD54D9A9DB56000CC9A4A70', False);

And still in fiddler or using the browser network console I can see all the data in plaintext, In my headers I just can't make  the ACCEPT-ENCODING: synshaaes
apears,

Do I missing something? If I'm using websocks do I need to still using  this code on server?

TSQLHttpServer.Create('888',[DataBase],'+',useHttpApiRegisteringURI,32,secSynShaAes);

and this one on client?

MyClient.Compression := [hcSynShaAes];

ps : I know that you are a busy man, but don't you have a support plan that I can pay for it and receive some help?

Regards

zemorango

#2 Re: mORMot 1 » Encryption/Decription » 2017-10-01 11:44:53

zemorango

Hi Ab, thanks for the help,
Now it works without errors, but no encryption is made, in fiddler in the header request there is no indication of encryption only gzip compression, so I can see everything in plain text,

Don't know what else to do to give some protection to the data, do you have any support plan that I can buy and get help?



Tanks

zemorango

#3 Re: mORMot 1 » Encryption/Decription » 2017-09-30 15:37:53

zemorango

Hi AB, thanks for the quick answer,

I try to change the sample 16 to work with websocks , the server start , but when i Start the Client I've got an error.

my code onde the server is this one :

aServer := TSQLRestServerFullMemory.Create(aModel,'users.json',false,true);
    try
      // register our IRemoteSQL service on the server side
      aServer.ServiceRegister(TServiceRemoteSQL,[TypeInfo(IRemoteSQL)],sicClientDriven).
        // fProps should better be executed/released in the one main thread
       SetOptions([],[optExecInMainThread,optFreeInMainThread]);
      // launch the HTTP server

     // aHTTPServer := TSQLHttpServer.Create(PORT_NAME,[aServer],'+',useHttpApiRegisteringURI,32,secNone);

       aHTTPServer := TSQLHttpServer.Create(AnsiString(PORT_NAME), [aServer], '+', useBidirSocket);
            TWebSocketServerRest(aHTTPServer.HttpServer).ServerKeepAliveTimeOut := CONNECTION_TIMEOUT;
            { WebSocketServerRest := } aHTTPServer.WebSocketsEnable(aServer, '2141D32ADAD54D9A9DB56000CC9A4A70', false);

my client code is running using unigui, so its a web aplication,  the code  for the initialization of the request to the server is .

fModel := TSQLModel.Create([],ROOT_NAME);
 // fClient := TSQLHttpClient.Create('localhost',PORT_NAME,fModel);

   fClient := TSQLHttpClientWebsockets.Create(AnsiString('localhost'), AnsiString(PORT_NAME), fModel,
      SendTimeout, ReceiveTimeout,
       ConnectTimeout);

   TSQLHttpClientWebsockets(fClient).KeepAliveMS := CONNECTION_TIMEOUT;
   (fClient as TSQLHttpClientWebsockets).WebSocketsUpgrade('', False);
   (fClient as TSQLHttpClientWebsockets).WebSocketsUpgrade('2141D32ADAD54D9A9DB56000CC9A4A70', False);


This is the result when I start the client




20170930 15095609  !  +    mORMotHttpServer.TSQLHttpServer(0230A510).Create useBidirSocket (secNone) on port 888
20170930 15095609  " info  SetThreadName 00001BEC=TSQLHttpServer 888/root TWebSocketServerRest
20170930 15095610  " trace mORMot.TSQLRestServerFullMemory(0237B680) BeginCurrentThread(TWebSocketServerRest) root=root ThreadID=00001BEC ThreadCount=1
20170930 15095610  ! http       mORMotHttpServer.TSQLHttpServer(0230A510) {"TWebSocketServerRest(02337A70)":{"ServerConnectionCount":0,"ServerKeepAliveTimeOut":3000,"TCPPrefix":"","ThreadPool":{"TSynThreadPoolTHttpServer(023A6840)":{"HeaderErrors":0,"HeaderProcessed":0,"BodyProcessed":0,"BodyOwnThreads":0,"RunningThreads":2}},"ThreadPoolContentionCount":0,"ThreadPoolContentionAbortCount":0,"APIVersion":"WinSock 2.0.514","ServerName":"mORMot (Windows)","ProcessName":"root "}} initialized for root
20170930 15095610  !  -    00.004.449

Background server is running.

Press [Enter] to close the server.

20170930 15103847  # info  SetThreadName 00002F14=TSQLHttpServer 888/root TWebSocketServerResp
20170930 15103847  # trace mORMot.TSQLRestServerFullMemory(0237B680) BeginCurrentThread(TWebSocketServerResp) root=root ThreadID=00002F14 ThreadCount=2
20170930 15103847  # EXC   ESynCrypto {"Message":"TAESCFB.DecryptPKCS7: Invalid InputLen=40"} at 0054AA76  stack trace API 0055BB3B 0055BB64 0040A880 775FD544 775EAD8F 0054AA76 0054AD9D 0054AE74 0054DD89 00662FA0 006647D1 006654DF 00665EA2 0066629E 006488DE 004B5E04 0040B36E 74F43744 775D9E54 775D9E1F
20170930 15103847  # EXC   EWebSockets {"Message":"TWebSocketProtocolBinary.AfterGetFrame: encryption error sprInvalidMAC"} at 00662FDE  stack trace API 0055BB3B 0055BB64 0040A880 775FD544 775EAD8F 00662FDE 006647D1 006654DF 00665EA2 0066629E 006488DE 004B5E04 0040B36E 74F43744 775D9E54 775D9E1F
20170930 15103847  # trace mORMot.TSQLRestServerFullMemory(0237B680) EndCurrentThread(TWebSocketServerResp) ThreadID=00002F14 ThreadCount=1

If I remove this line ( regarding encryption), then it work just fine, but using Fiddler I can se all the comunication in plain text, no security


 // AES encrypt
(fClient as TSQLHttpClientWebsockets).WebSocketsUpgrade('2141D32ADAD54D9A9DB56000CC9A4A70', False);

IF Using https, fiddler make a MIM attack and decode all the SSL encoding, so how can I protect my httprequest?
I'm building a big Unigui application, and I really just need a way to protect the data when making my request to the server.


Thank's in advance

zemorango

#4 Re: mORMot 1 » Understanding client connections » 2017-09-29 14:59:34

zemorango

Hi ertank, it seams that nobody give you a answer, but did you manage to make this work?

#5 Re: mORMot 1 » Encryption/Decription » 2017-09-29 14:55:24

zemorango

First off all I want to apologize to AB, because yesterday I created a Ticket for this and it was a huge mistake because that was not the place to do it, sorry AB for wasting you time, trully I'm. sad


A I said I'm a newbie to Mormot, But I already managed to recreate the sample nº 16 to work in Unigui smile just like the VCL one smile, This is really a great Framework.

But I would like to Encrypt the data between the client and server. I did as AB tells on this post https://synopse.info/forum/viewtopic.php?id=1553

But I can't see where to use the CompressShaAesSetKey() or how to use the global key.

I have this lines of code in server or the Sample nº 16 :

     // register our IRemoteSQL service on the server side
      aServer.ServiceRegister(TServiceRemoteSQL,[TypeInfo(IRemoteSQL)],sicClientDriven).
      // fProps should better be executed/released in the one main thread
       SetOptions([],[optExecInMainThread,optFreeInMainThread]);
      // launch the HTTP server
      aHTTPServer := TSQLHttpServer.Create(PORT_NAME,[aServer],'+',useHttpApiRegisteringURI,32,secSynShaAes);

And this one in the Client :

 fModel := TSQLModel.Create([],ROOT_NAME);
  fClient := TSQLHttpClient.Create('localhost',PORT_NAME,fModel);
  TSQLHttpClientWinHTTP(FClient).Compression := [hcSynShaAes];

So what its missing ? how to use the  CompressShaAesSetKey() or where to use the key for the encryption ?

Regards

Zemorango

Pages: 1

Board footer

Powered by FluxBB