[IPython-dev] pyzmq authentication

[Fernando Perez]

On Wed, Jun 1, 2011 at 9:41 AM, MinRK <benjaminrk at gmail.com> wrote:
> What we have currently is extremely primitive, and only meant to
> protect against accidental execution rather than
> malicious intrusion. The key is sent and checked with every message.

If I understand correctly the link Jason sent, and from a quick
reading of the multiprocessing code, we should be able to use the same
machinery to avoid sending/receving the keys.  The main functions that
do the work in MP are in the 'connection' submodule, and they are
really two standalone functions:

def deliver_challenge(connection, authkey):
    import hmac
    assert isinstance(authkey, bytes)
    message = os.urandom(MESSAGE_LENGTH)
    connection.send_bytes(CHALLENGE + message)
    digest = hmac.new(authkey, message).digest()
    response = connection.recv_bytes(256)        # reject large message
    if response == digest:
        connection.send_bytes(WELCOME)
    else:
        connection.send_bytes(FAILURE)
        raise AuthenticationError('digest received was wrong')

def answer_challenge(connection, authkey):
    import hmac
    assert isinstance(authkey, bytes)
    message = connection.recv_bytes(256)         # reject large message
    assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
    message = message[len(CHALLENGE):]
    digest = hmac.new(authkey, message).digest()
    connection.send_bytes(digest)
    response = connection.recv_bytes(256)        # reject large message
    if response != WELCOME:
        raise AuthenticationError('digest sent was rejected')


They work with objects that have a basic socket interface, but
adapting this to zmq sockets should be possible.  Am I missing
something?

Cheers,

f