-
-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CryptoFormatter #1
Comments
I use some encryption with my software to encrypt license keys. I am working on using the same encryption methods to encrypt every message. If I manage to make it work stable, I'll create a PR. |
I have merged your code and will adapt it a little according to my vision of the project. I need a little explanation about |
Thank you for the review. I will update my repo and work on that part. |
Please wait a little. I have already included your code in the main branch, I will change it a little and you will just provide a new PR on top of the master branch. |
I rewrote your code a bit, simplifying the end-use to: await using var server = new PipeServer<MyMessage>(pipeName, formatter: new InfernoFormatter(new SystemTextJsonFormatter()));
server.EnableEncryption();
await using var client = new PipeClient<MyMessage>(pipeName, formatter: new InfernoFormatter(new SystemTextJsonFormatter()));
client.EnableEncryption(); Please also study the code https://github.com/HavenDV/H.Pipes/tree/master/src/libs/H.Formatters.Inferno for errors in encryption. |
There is still a potential problem here: |
There is also a problem when the server has more than 1 connection, since the Formatter is common for all connections. |
My take was if the sent message is not a public key, ignore it. If it's a public key, then use it to calculate shared key. Afterwards, go on encrypted. But it's better to handle it in the library, you are right. In the Validation, I'll add a try catch and keep the length as a check step. I plan to ensure the sent message is a valid public key by using either dotnet core Cryptography library or Inferno. Since try-catch is costly, the precheck of length is still a valid step. And I think, client can send its public key only after it gets the server public key, or vice versa. |
I have changed the way for key exchange. Now the client and the server create a separate byte[] channel for this using the SingleConnection server and client. |
You are absolutely right. An instance of format is needed for each connection. I only created one KeyPair for each, but a Formatter is also needed for each. A dictionary might not suffice, I believe, there might be another class with Client Id, KeyPair and Formatter. There may be more ways to improve the quality. |
I have simplified the end-use to: await using var server = new PipeServer<MyMessage>(pipeName, formatter: new SystemTextJsonFormatter());
server.EnableEncryption();
await using var client = new PipeClient<MyMessage>(pipeName, formatter: new SystemTextJsonFormatter());
client.EnableEncryption(); solving the problem with multiple connections at the same time - I just create an InfernoFormatter for each connection after I get the key. |
I added |
I am going to sleep. It will be great if you test this and provide feedback. Thank you again for the your work and the provided PRs |
I'll test it this evening. |
There's a Heisenbug. It happens when not debugging but when you search for it, it does not occur. Currently there are two errors I could see but could not diagnose. First one is about serialization / deserialization. There's a byte array sent to a JSON converter, that I could not spot. The second is premature cancelation of a task. |
The current challenge is to recreate the problems in the tests so that they can be fixed. |
The first one is probably this:
Or this:
It sends a byte array but uses Formatter. Byte array cannot be (de)serialized as json. The exception was something like "0x17 is not a valid JSON". And the cancelation is caused by the same thing because here it has 10 seconds to communicate but could not succeed for reasons.
Since the other one did not succeed for non-alphanumeric characters in byte array that could not be (de)serialized, this line will wait and probably cause the timeout.
|
The timeout is needed to know about problems, instead of the method just waiting forever. |
I am using serialization |
I can use BinaryFormatter, but wouldn't that be another problem? |
|
It's probably the |
Since the attempt to send a public key fails, it will always hit the timeout. So yes, having a timeout here is the correct thing. Without it, it would be hard to understand the problem and also it would hang forever. |
I have another question. Think of TCP handshake. Would it be better to have this key share like that?
|
Can you grab the data that is throwing the exception? |
byte[] serialization should not depend on content in any way |
Yes, I think we need to add Disconnect if an error occurs or timed out while retrieving the key. Both client-side and non-server-side. |
Well, I only used the sample project you created. I did not want to make it more complicated. |
I cannot repeat the behavior you are talking about. Perhaps you have sent special characters or are you using not the most recent code from the master branch? |
Last night, I rebased my repo with the - then- latest state of the repo. It happened twice. But when I tried to debug it, Iit did not reoccur. I'll rebase with the latest version and try again. But for now, it seems it's OK. If I manage to find it, I'll create a new issue with steps to reproduce. If it cannot be reproduced, then I'll assume it does not exist 👍 |
Hi, I managed to find it. Here are the steps to reproduce:
|
I believe some unit tests are needed for this library but I cannot decide what is a unit. |
In addition, as I understand it, the exception occurs after the keys are received and the encrypted connection is established. |
A wrapper for other formatter that encrypts/decrypts data
At the moment, my knowledge is enough only to implement the simplest XOR encryption, which makes little sense
The text was updated successfully, but these errors were encountered: