Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in / Register
Toggle navigation
L
libzmq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Packages
Packages
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
submodule
libzmq
Commits
5975e00f
Commit
5975e00f
authored
Jun 22, 2013
by
Martin Hurton
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make ZAP optional for CURVE mechanism
parent
1b863243
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
19 additions
and
26 deletions
+19
-26
curve_server.cpp
src/curve_server.cpp
+15
-25
curve_server.hpp
src/curve_server.hpp
+4
-1
No files found.
src/curve_server.cpp
View file @
5975e00f
...
...
@@ -37,6 +37,7 @@ zmq::curve_server_t::curve_server_t (session_base_t *session_,
mechanism_t
(
options_
),
session
(
session_
),
state
(
expect_hello
),
expecting_zap_reply
(
false
),
cn_nonce
(
1
)
{
// Fetch our secret key from socket options
...
...
@@ -86,16 +87,8 @@ int zmq::curve_server_t::process_handshake_message (msg_t *msg_)
break
;
case
expect_initiate
:
rc
=
process_initiate
(
msg_
);
if
(
rc
==
0
)
{
rc
=
receive_and_process_zap_reply
();
if
(
rc
==
0
)
state
=
send_ready
;
else
if
(
errno
==
EAGAIN
)
{
rc
=
0
;
state
=
expect_zap_reply
;
}
}
state
=
expecting_zap_reply
?
expect_zap_reply
:
send_ready
;
break
;
default
:
errno
=
EPROTO
;
...
...
@@ -403,20 +396,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
return
-
1
;
}
// Use ZAP protocol (RFC 27) to authenticate user.
rc
=
session
->
zap_connect
();
if
(
rc
==
-
1
)
{
errno
=
EPROTO
;
return
-
1
;
}
// Check the decrypted client public key
const
uint8_t
*
client_key
=
initiate_plaintext
+
crypto_box_ZEROBYTES
;
rc
=
send_zap_request
(
client_key
);
if
(
rc
!=
0
)
{
errno
=
EPROTO
;
return
-
1
;
}
uint8_t
vouch_nonce
[
crypto_box_NONCEBYTES
];
uint8_t
vouch_plaintext
[
crypto_box_ZEROBYTES
+
32
];
...
...
@@ -449,6 +429,18 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
rc
=
crypto_box_beforenm
(
cn_precom
,
cn_client
,
cn_secret
);
zmq_assert
(
rc
==
0
);
// Use ZAP protocol (RFC 27) to authenticate the user.
rc
=
session
->
zap_connect
();
if
(
rc
==
0
)
{
send_zap_request
(
client_key
);
rc
=
receive_and_process_zap_reply
();
if
(
rc
!=
0
)
{
if
(
errno
!=
EAGAIN
)
return
-
1
;
expecting_zap_reply
=
true
;
}
}
return
parse_property_list
(
initiate_plaintext
+
crypto_box_ZEROBYTES
+
96
,
clen
-
crypto_box_ZEROBYTES
-
96
);
}
...
...
@@ -500,7 +492,7 @@ int zmq::curve_server_t::ready_msg (msg_t *msg_)
return
0
;
}
int
zmq
::
curve_server_t
::
send_zap_request
(
const
uint8_t
*
key
)
void
zmq
::
curve_server_t
::
send_zap_request
(
const
uint8_t
*
key
)
{
int
rc
;
msg_t
msg
;
...
...
@@ -549,8 +541,6 @@ int zmq::curve_server_t::send_zap_request (const uint8_t *key)
memcpy
(
msg
.
data
(),
key
,
crypto_box_PUBLICKEYBYTES
);
rc
=
session
->
write_zap_msg
(
&
msg
);
errno_assert
(
rc
==
0
);
return
0
;
}
int
zmq
::
curve_server_t
::
parse_property_list
(
const
uint8_t
*
ptr
,
...
...
src/curve_server.hpp
View file @
5975e00f
...
...
@@ -77,6 +77,9 @@ namespace zmq
// Current FSM state
state_t
state
;
// True iff we are awaiting reply from ZAP handler.
bool
expecting_zap_reply
;
uint64_t
cn_nonce
;
// Our secret key (s)
...
...
@@ -102,7 +105,7 @@ namespace zmq
int
process_initiate
(
msg_t
*
msg_
);
int
ready_msg
(
msg_t
*
msg_
);
int
send_zap_request
(
const
uint8_t
*
key
);
void
send_zap_request
(
const
uint8_t
*
key
);
int
receive_and_process_zap_reply
();
int
parse_property_list
(
const
uint8_t
*
ptr
,
size_t
length
);
};
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment