Commit 5975e00f authored by Martin Hurton's avatar Martin Hurton

Make ZAP optional for CURVE mechanism

parent 1b863243
...@@ -37,6 +37,7 @@ zmq::curve_server_t::curve_server_t (session_base_t *session_, ...@@ -37,6 +37,7 @@ zmq::curve_server_t::curve_server_t (session_base_t *session_,
mechanism_t (options_), mechanism_t (options_),
session (session_), session (session_),
state (expect_hello), state (expect_hello),
expecting_zap_reply (false),
cn_nonce (1) cn_nonce (1)
{ {
// Fetch our secret key from socket options // Fetch our secret key from socket options
...@@ -86,16 +87,8 @@ int zmq::curve_server_t::process_handshake_message (msg_t *msg_) ...@@ -86,16 +87,8 @@ int zmq::curve_server_t::process_handshake_message (msg_t *msg_)
break; break;
case expect_initiate: case expect_initiate:
rc = process_initiate (msg_); rc = process_initiate (msg_);
if (rc == 0) {
rc = receive_and_process_zap_reply ();
if (rc == 0) if (rc == 0)
state = send_ready; state = expecting_zap_reply? expect_zap_reply: send_ready;
else
if (errno == EAGAIN) {
rc = 0;
state = expect_zap_reply;
}
}
break; break;
default: default:
errno = EPROTO; errno = EPROTO;
...@@ -403,20 +396,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) ...@@ -403,20 +396,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
return -1; return -1;
} }
// Use ZAP protocol (RFC 27) to authenticate user.
rc = session->zap_connect ();
if (rc == -1) {
errno = EPROTO;
return -1;
}
// Check the decrypted client public key
const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES; const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
rc = send_zap_request (client_key);
if (rc != 0) {
errno = EPROTO;
return -1;
}
uint8_t vouch_nonce [crypto_box_NONCEBYTES]; uint8_t vouch_nonce [crypto_box_NONCEBYTES];
uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 32]; uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 32];
...@@ -449,6 +429,18 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) ...@@ -449,6 +429,18 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
rc = crypto_box_beforenm (cn_precom, cn_client, cn_secret); rc = crypto_box_beforenm (cn_precom, cn_client, cn_secret);
zmq_assert (rc == 0); zmq_assert (rc == 0);
// Use ZAP protocol (RFC 27) to authenticate the user.
rc = session->zap_connect ();
if (rc == 0) {
send_zap_request (client_key);
rc = receive_and_process_zap_reply ();
if (rc != 0) {
if (errno != EAGAIN)
return -1;
expecting_zap_reply = true;
}
}
return parse_property_list (initiate_plaintext + crypto_box_ZEROBYTES + 96, return parse_property_list (initiate_plaintext + crypto_box_ZEROBYTES + 96,
clen - crypto_box_ZEROBYTES - 96); clen - crypto_box_ZEROBYTES - 96);
} }
...@@ -500,7 +492,7 @@ int zmq::curve_server_t::ready_msg (msg_t *msg_) ...@@ -500,7 +492,7 @@ int zmq::curve_server_t::ready_msg (msg_t *msg_)
return 0; return 0;
} }
int zmq::curve_server_t::send_zap_request (const uint8_t *key) void zmq::curve_server_t::send_zap_request (const uint8_t *key)
{ {
int rc; int rc;
msg_t msg; msg_t msg;
...@@ -549,8 +541,6 @@ int zmq::curve_server_t::send_zap_request (const uint8_t *key) ...@@ -549,8 +541,6 @@ int zmq::curve_server_t::send_zap_request (const uint8_t *key)
memcpy (msg.data (), key, crypto_box_PUBLICKEYBYTES); memcpy (msg.data (), key, crypto_box_PUBLICKEYBYTES);
rc = session->write_zap_msg (&msg); rc = session->write_zap_msg (&msg);
errno_assert (rc == 0); errno_assert (rc == 0);
return 0;
} }
int zmq::curve_server_t::parse_property_list (const uint8_t *ptr, int zmq::curve_server_t::parse_property_list (const uint8_t *ptr,
......
...@@ -77,6 +77,9 @@ namespace zmq ...@@ -77,6 +77,9 @@ namespace zmq
// Current FSM state // Current FSM state
state_t state; state_t state;
// True iff we are awaiting reply from ZAP handler.
bool expecting_zap_reply;
uint64_t cn_nonce; uint64_t cn_nonce;
// Our secret key (s) // Our secret key (s)
...@@ -102,7 +105,7 @@ namespace zmq ...@@ -102,7 +105,7 @@ namespace zmq
int process_initiate (msg_t *msg_); int process_initiate (msg_t *msg_);
int ready_msg (msg_t *msg_); int ready_msg (msg_t *msg_);
int send_zap_request (const uint8_t *key); void send_zap_request (const uint8_t *key);
int receive_and_process_zap_reply (); int receive_and_process_zap_reply ();
int parse_property_list (const uint8_t *ptr, size_t length); int parse_property_list (const uint8_t *ptr, size_t length);
}; };
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment