From de91f9ef7ad3856a695e9b3ae5b565bc3301912e Mon Sep 17 00:00:00 2001 From: David Wilson Date: Sat, 9 Sep 2017 01:59:26 +0530 Subject: [PATCH] Get rid of HMAC use. --- docs/howitworks.rst | 17 +++-------------- econtext/core.py | 22 +++------------------- 2 files changed, 6 insertions(+), 33 deletions(-) diff --git a/docs/howitworks.rst b/docs/howitworks.rst index 286cd3a8..8dabfa88 100644 --- a/docs/howitworks.rst +++ b/docs/howitworks.rst @@ -87,9 +87,9 @@ The script sent is simply the source code for :py:mod:`econtext.core`, with a single line suffixed to trigger execution of the :py:meth:`econtext.core.ExternalContext.main` function. The encoded arguments to the main function include some additional details, such as the logging package -level that was active in the parent process, and a random secret key used to -generate HMAC signatures over the data frames that will be exchanged after -bootstrap. +level that was active in the parent process, and a random secret key that may +later be used to generate HMAC signatures over the data frames that will be +exchanged after bootstrap. After the script source code is prepared, it is passed through :py:func:`econtext.master.minimize_source` to strip it of docstrings and @@ -245,8 +245,6 @@ master and slave: +--------------------+------+------------------------------------------------------+ | Field | Size | Description | +====================+======+======================================================+ -| ``hmac`` | 20 | SHA-1 over remaining fields. | -+--------------------+------+------------------------------------------------------+ | ``dst_id`` | 2 | Integer target context ID. | +--------------------+------+------------------------------------------------------+ | ``src_id`` | 2 | Integer source context ID. | @@ -373,15 +371,6 @@ restrictive class whitelist. perform serialization from within the broker thread. -Use of HMAC -########### - -In the current implementation the use of HMAC signatures over data frames is -mostly redundant since all communication occurs over SSH, however in order to -reduce resource usage, it is planned to support connecting back to the master -via plain TCP, at which point the signatures become important. - - The IO Multiplexer ------------------ diff --git a/econtext/core.py b/econtext/core.py index 75d5340b..dbd35b50 100644 --- a/econtext/core.py +++ b/econtext/core.py @@ -9,14 +9,12 @@ import cPickle import cStringIO import errno import fcntl -import hmac import imp import itertools import logging import os import random import select -import sha import socket import struct import sys @@ -510,8 +508,6 @@ class Stream(BasicStream): self._router = router self.remote_id = remote_id self.key = key - self._rhmac = hmac.new(key, digestmod=sha) - self._whmac = self._rhmac.copy() self.name = 'default' self.construct(**kwargs) @@ -534,16 +530,15 @@ class Stream(BasicStream): if not buf: return self.on_disconnect(broker) - HEADER_FMT = '>20shhLLL' + HEADER_FMT = '>hhLLL' HEADER_LEN = struct.calcsize(HEADER_FMT) - MAC_LEN = sha.digest_size def _receive_one(self, broker): if len(self._input_buf) < self.HEADER_LEN: return False msg = Message() - (msg_mac, msg.dst_id, msg.src_id, + (msg.dst_id, msg.src_id, msg.handle, msg.reply_to, msg_len) = struct.unpack( self.HEADER_FMT, self._input_buf[:self.HEADER_LEN] @@ -554,16 +549,6 @@ class Stream(BasicStream): self, msg_len, len(self._input_buf) - self.HEADER_LEN) return False - self._rhmac.update(self._input_buf[ - self.MAC_LEN : (msg_len + self.HEADER_LEN) - ]) - expected_mac = self._rhmac.digest() - if msg_mac != expected_mac: - raise StreamError('bad MAC: %r != got %r; %r', - msg_mac.encode('hex'), - expected_mac.encode('hex'), - self._input_buf[24:msg_len+24]) - msg.data = self._input_buf[self.HEADER_LEN:self.HEADER_LEN+msg_len] self._input_buf = self._input_buf[self.HEADER_LEN+msg_len:] self._router.route(msg) @@ -590,8 +575,7 @@ class Stream(BasicStream): pkt = struct.pack('>hhLLL', msg.dst_id, msg.src_id, msg.handle, msg.reply_to or 0, len(msg.data) ) + msg.data - self._whmac.update(pkt) - self._output_buf += self._whmac.digest() + pkt + self._output_buf += pkt self._router.broker.start_transmit(self) def on_disconnect(self, broker):