DBCrypt Plugin remote

[Elmar Haneke]

I'm proceeding with my crypt plugin.

Currently embedded mode works fine.

When using it in ClientServer setup I can see the calls at server side
but the callback at client side is not invoked and the ICryptKeyCallback
assigned to keyholder plugin returns an keylen of 0

Client is identical to the one in embedded mode (just connecting to remote database).

I'm testing with FB3.0.10 in win32 setup, precompiled binaries from ZIP download an VisualStudio 2019 as compiler.

Any Idea what's going wrong?


Elmar

[Dimitry Sibiryakov]

Elmar Haneke wrote 15.05.2023 16:26:
> Any Idea what's going wrong?

Another shoot at the dark: callback doesn't work via XNET by design. May be
WNET is also affected.

--
WBR, SD.

[Elmar Haneke]

>> Any Idea what's going wrong?
>
>   Another shoot at the dark: callback doesn't work via XNET by design.
> May be WNET is also affected.
>

It's not that simple, but I found an Error in firebird.log at server side:

INET/inet_error: read errno = 10054, client host = win10system, address = 192.168.1.51/60363, user = elmar

Is KeyData returned by callback at client side expectet to be 0-terminated?

Elmar

[Dimitry Sibiryakov]

Elmar Haneke wrote 15.05.2023 17:00:
> Is KeyData returned by callback at client side expectet to be 0-terminated?

No, it is expected to match returned size of it.

--
WBR, SD.

[Elmar Haneke]

Am 15.05.23 um 17:00 schrieb Elmar Haneke:

>>> Any Idea what's going wrong?
>>
>>   Another shoot at the dark: callback doesn't work via XNET by
>> design. May be WNET is also affected.
>>
> It's not that simple, but I found an Error in firebird.log at server
> side:
>
> INET/inet_error: read errno = 10054, client host = win10system,
> address = 192.168.1.51/60363, user = elmar
>

The Callback fails at CryptKeyCallback.callback (in server.cpp) since
networkCallback.isStopped()

What can cause this "stopped" callback?

[Elmar Haneke]

Am 15.05.23 um 17:42 schrieb Elmar Haneke:

Debugging results in more strange information:

If I do set the "stopped" attribute manually to false callback does work.

Problem does affect only the "ALTER DATABASE" command for initial
encryption. On opening an encrypted database calback does work without
manipulation in debugger.

[Dimitry Sibiryakov]

Elmar Haneke wrote 15.05.2023 18:22:
> Debugging results in more strange information:
>
> If I do set the "stopped" attribute manually to false callback does work.
>
> Problem does affect only the "ALTER DATABASE" command for initial encryption. On
> opening an encrypted database calback does work without manipulation in debugger.

According to sources it is "stopped" after received the key or received an
empty buffer, so look carefully how you call callback() in your key holder.

--
WBR, SD.

[Elmar Haneke]

Am 15.05.23 um 18:29 schrieb 'Dimitry Sibiryakov' via firebird-support:

There are nor other calls on that callback.

I assume the the stopped attribute is also set at end of database attachement.
That does prevent initial encryption with an client callback requirement.

How can I determine if initial encryption is completed?
I cannot see any change in MON$DATABASE.MON$CRYPT_PAGE - it simply remains at "0".