Conversation
| ,@body)))) | ||
| (alexandria:once-only (auth-config) | ||
| `(pzmq:with-socket ,socket :dealer | ||
| (when ,auth-config |
There was a problem hiding this comment.
This check can be done at macro-expand time rather than runtime, but it complicates the macro slightly since then you also only want to once-only if auth-config is non-null, etc. The runtime penalty here seemed like a small price for a little readability.
| ;; Configuring the server secret key here enables encryption on the socket and allows clients | ||
| ;; to authenticate the server. However, this server is not currently authenticating connected | ||
| ;; client keys. In order to do, we'd need to implement that authentication ourselves on top of | ||
| ;; the ZeroMQ Authentication Protocol (ZAP) (unless such support is added to PZMQ). | ||
| ;; | ||
| ;; https://rfc.zeromq.org/spec/27/ |
There was a problem hiding this comment.
Adding an authenticator for client keys shouldn't be hard, but it does add some complication to an already complicated server loop, so I opted to leave it out until we actually need it.
There was a problem hiding this comment.
Also, fwiw not authenticating clients corresponds to the first security model described in the CURVEZMQ spec:
In a CurveZMQ architecture, the clients MUST know the server public key before they can connect. Servers MAY know clients’ public keys, and MAY distinguish different clients based on their keys. This gives us three possible security models:
- Where the server does not check client keys at all. In this case the clients can be certain they are talking securely to the correct server, but the server will accept connections from any client. This fits the conventional Internet model where a browser talks securely to a website to place and order and send credit card information.
|
gitlab results here: |
|
Z latest test results: |
|
fix merge confs and should be g2g |
The :MONITOR doesn't do anything useful. It winds up getting
macroexpanded as the first BODY form, like so:
(macroexpand-1 '(pzmq:with-sockets ((clients :router :monitor)
(workers :dealer :monitor))))
; =>
(PZMQ:WITH-SOCKET CLIENTS
:ROUTER
:MONITOR
(PZMQ:WITH-SOCKET WORKERS
:DEALER
:MONITOR))
This commit adds two new structures -- CLIENT-AUTH-CONFIG and
SERVER-AUTH-CONFIG -- that store the client/server authentication keys
required for configuring ZeroMQ curve auth on a socket.
In addition, both the RPCQ:WITH-RPC-CLIENT macro and RPCQ:START-SERVER
function get an additional :AUTH-CONFIG keyword argument allowing the
caller to pass in a {CLIENT,SERVER}-AUTH-CONFIG, respectively.
When the :AUTH-CONFIG option is provided, the client / server will set
the appropriate ZMQ socket options to enable curve encryption (and in
the case of the client socket, server authentication) for the socket.
This commit *does not* implement server-side authentication of
clients. Unlike the python pyzmq package, the lisp library we use,
PZMQ, does not come with any built-in authenticator, so if we ever
need that functionality, we'll either have to add it to PZMQ or else
implement one ourselves on top of the ZeroMQ Authentication
Protocol (ZAP).
Closes #111
Also nix the unused SERVER-AUTH-CONFIG-SERVER-PUBLIC-KEY
appleby
force-pushed
the
lisp-zmq-curve-auth
branch
from
ce5f29f to
0b4e94d
Compare
rebased. |
3 participants
Add support for ZeroMQ Curve Auth to lisp client and server
This commit adds two new structures --
CLIENT-AUTH-CONFIGandSERVER-AUTH-CONFIG-- that store the client/server authentication keys required for configuring ZeroMQ curve auth on a socket.In addition, both the
RPCQ:WITH-RPC-CLIENTmacro andRPCQ:START-SERVERfunction get an additional:AUTH-CONFIGkeyword argument allowing the caller to pass in a{CLIENT,SERVER}-AUTH-CONFIG, respectively.When the
:AUTH-CONFIGoption is provided, the client / server will set the appropriate ZMQ socket options to enable curve encryption (and in the case of the client socket, server authentication) for the socket.This commit does not implement server-side authentication of clients. Unlike the python pyzmq package, the lisp library we use, PZMQ, does not come with any built-in authenticator, so if we ever need that functionality, we'll either have to add it to PZMQ or else implement one ourselves on top of the ZeroMQ Authentication Protocol (ZAP).
Closes #111