[zeromq-dev] Implementing a ZAP handler in C#

Robert Pickering robertfpickering at fastmail.com
Fri Jul 24 05:36:57 CEST 2015


Here are the logs from the hw example. There"s a log from a successful
run with no encryption and a log from a failed run with the curve
encryption enabled:
https://gist.github.com/robertpi/2424193e35d67bcd0b70

The log messages I added can be seen here:
https://github.com/robertpi/libzmq/commit/eda22e7b234d7fc2c7b9957f6a853f80864d390b

Looking at the logs it seems the problem maybe in the client. In the
plain cases after a successful handshake the client calls into
zmq::stream_engine_t::process_handshake_command straight after the hand
shake finishes. In the curve case there's no more data in the buffer
(the call to tcp_read returns  -1) so the zmq::stream_engine_t::in_event
exits and no further processing takes place. What data should be
returned to the client after a sucesful handshake?

Are there any existing examples that work use curve encryption with
libzmq directly, not going via czmq? If not I'll try and port my C# code
to C that uses libzmq.

Thanks,
Rob

On Fri, Jul 24, 2015, at 04:38 AM, Robert Pickering wrote:
> The next thing I tried was porting the code to the hw sample, so see if
> the problem was specific to sub/pub or not. The hw sample doesn't work
> either, so the problem is not specific to sub/pub as I thought:
> https://gist.github.com/robertpi/224d834bc04e42f6cf23
> 
> I'll try porting the code to the libzmq directly. I also tidy up my
> debug logs and publish them.
> 
> Thanks,
> Robert
> 
> On Thu, Jul 23, 2015, at 09:41 PM, Arnaud Kapp wrote:
> > Hello,
> > 
> > The authentication should happen automatically if the socket has the
> > correct option configured (curve server flag, and a private key /
> > public key).
> > I am not aware of any limitation of the authentication / security code
> > when using PUB/SUB. It should work.
> > 
> > I am not familiar enough with C# to know if there is something wrong
> > with your code, but it looks ok.
> > Are you able to get this to work using the libzmq C API?
> > 
> > On Thu, Jul 23, 2015 at 7:16 PM, Robert Pickering
> > <robertfpickering at fastmail.com> wrote:
> > > I've been continuing to look at this today. To investigate further I
> > > build my own version of libzmq and added some debug code. What I think I
> > > see is the handshake in zmq::stream_engine_t::in_event is successful but
> > > in the sub/pub model the client sends no further data so there's nothing
> > > to trigger the ZAP handler. Is there anyway to force authentication to
> > > take place? Or is curve security just not an option with the sub/pub
> > > model?
> > >
> > > Thanks,
> > > Rob
> > >
> > > On Wed, Jul 22, 2015, at 04:54 PM, Robert Pickering wrote:
> > >> I'm trying to implement a ZAP handler in C#. I've updated the patho
> > >> sub/pub example to include curve cryptography and tried to add a ZAP
> > >> handler in the publisher. Here's a gist of what I have so far:
> > >> https://gist.github.com/robertpi/a140eaa62378c14678ad
> > >>
> > >> Basically in the publisher I bind a REP socket to
> > >> inproc://zeromq.zap.01. I then set the ZMQ_CURVE_SERVER and
> > >> ZMQ_CURVE_SECRETKEY on the publisher, while on the client I
> > >> ZMQ_CURVE_SERVERKEY to be the servers public key, and set it's
> > >> ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY to be the clients
> > >> public/secret key.
> > >>
> > >> Before I sent up the curve options the messages follow and the example
> > >> works just fine. After I set the curve options the messages stop
> > >> following. I was expecting my ZAP handling method to be called, so I
> > >> could respond with with whether the client is valid or not, but it seem
> > >> the ZAP handler never receives a message.
> > >>
> > >> I feel I'm missing some simple step to enable the ZAP handler. Do I need
> > >> to send messages to inproc://zeromq.zap.01 to enable the ZAP handler? I
> > >> see some examples set a verbosity option and an IP filter, are these
> > >> messages that need to be sent to inproc://zeromq.zap.01? Or are they
> > >> values that need to be set somewhere else?
> > >>
> > >> Many thanks for any help!
> > >>
> > >> Rob
> > >>
> > >> --
> > >>   Robert Pickering
> > >>   robertfpickering at fastmail.com
> > >> _______________________________________________
> > >> zeromq-dev mailing list
> > >> zeromq-dev at lists.zeromq.org
> > >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> > > _______________________________________________
> > > zeromq-dev mailing list
> > > zeromq-dev at lists.zeromq.org
> > > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> > 
> > 
> > 
> > -- 
> > Kapp Arnaud - Xaqq
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev



More information about the zeromq-dev mailing list