##// END OF EJS Templates
add signature_scheme to Session and connection files...
MinRK -
Show More
@@ -265,6 +265,8 b' class IPythonConsoleApp(Configurable):'
265 265 setattr(self, name, cfg[name])
266 266 if 'key' in cfg:
267 267 self.config.Session.key = str_to_bytes(cfg['key'])
268 if 'signature_scheme' in cfg:
269 self.config.Session.signature_scheme = cfg['signature_scheme']
268 270
269 271 def init_ssh(self):
270 272 """set up ssh tunnels, if needed."""
@@ -50,7 +50,9 b' from IPython.utils.traitlets import ('
50 50 #-----------------------------------------------------------------------------
51 51
52 52 def write_connection_file(fname=None, shell_port=0, iopub_port=0, stdin_port=0, hb_port=0,
53 control_port=0, ip=LOCALHOST, key=b'', transport='tcp'):
53 control_port=0, ip=LOCALHOST, key=b'', transport='tcp',
54 signature_scheme='hmac-sha256',
55 ):
54 56 """Generates a JSON config file, including the selection of random ports.
55 57
56 58 Parameters
@@ -78,7 +80,15 b' def write_connection_file(fname=None, shell_port=0, iopub_port=0, stdin_port=0, '
78 80 The ip address the kernel will bind to.
79 81
80 82 key : str, optional
81 The Session key used for HMAC authentication.
83 The Session key used for message authentication.
84
85 signature_scheme : str, optional
86 The scheme used for message authentication.
87 This has the form 'digest-hash', where 'digest'
88 is the scheme used for digests, and 'hash' is the name of the hash function
89 used by the digest scheme.
90 Currently, 'hmac' is the only supported digest scheme,
91 and 'sha256' is the default hash function.
82 92
83 93 """
84 94 # default to temporary connector file
@@ -129,6 +139,7 b' def write_connection_file(fname=None, shell_port=0, iopub_port=0, stdin_port=0, '
129 139 cfg['ip'] = ip
130 140 cfg['key'] = bytes_to_str(key)
131 141 cfg['transport'] = transport
142 cfg['signature_scheme'] = signature_scheme
132 143
133 144 with open(fname, 'w') as f:
134 145 f.write(json.dumps(cfg, indent=2))
@@ -380,6 +391,7 b' class ConnectionFileMixin(HasTraits):'
380 391 _connection_file_written = Bool(False)
381 392
382 393 transport = CaselessStrEnum(['tcp', 'ipc'], default_value='tcp', config=True)
394 signature_scheme = Unicode('')
383 395
384 396 ip = Unicode(LOCALHOST, config=True,
385 397 help="""Set the kernel\'s IP address [default localhost].
@@ -427,6 +439,7 b' class ConnectionFileMixin(HasTraits):'
427 439 stdin_port=self.stdin_port,
428 440 hb_port=self.hb_port,
429 441 control_port=self.control_port,
442 signature_scheme=self.signature_scheme,
430 443 )
431 444
432 445 def cleanup_connection_file(self):
@@ -463,6 +476,7 b' class ConnectionFileMixin(HasTraits):'
463 476 stdin_port=self.stdin_port, iopub_port=self.iopub_port,
464 477 shell_port=self.shell_port, hb_port=self.hb_port,
465 478 control_port=self.control_port,
479 signature_scheme=self.signature_scheme,
466 480 )
467 481 # write_connection_file also sets default ports:
468 482 for name in port_names:
@@ -479,7 +493,10 b' class ConnectionFileMixin(HasTraits):'
479 493 self.ip = cfg['ip']
480 494 for name in port_names:
481 495 setattr(self, name, cfg[name])
496 if 'key' in cfg:
482 497 self.session.key = str_to_bytes(cfg['key'])
498 if cfg.get('signature_scheme'):
499 self.session.signature_scheme = cfg['signature_scheme']
483 500
484 501 #--------------------------------------------------------------------------
485 502 # Creating connected sockets
@@ -24,6 +24,7 b' Authors:'
24 24 # Imports
25 25 #-----------------------------------------------------------------------------
26 26
27 import hashlib
27 28 import hmac
28 29 import logging
29 30 import os
@@ -50,7 +51,9 b' from IPython.utils.importstring import import_item'
50 51 from IPython.utils.jsonutil import extract_dates, squash_dates, date_default
51 52 from IPython.utils.py3compat import str_to_bytes, str_to_unicode
52 53 from IPython.utils.traitlets import (CBytes, Unicode, Bool, Any, Instance, Set,
53 DottedObjectName, CUnicode, Dict, Integer)
54 DottedObjectName, CUnicode, Dict, Integer,
55 TraitError,
56 )
54 57 from IPython.kernel.zmq.serialize import MAX_ITEMS, MAX_BYTES
55 58
56 59 #-----------------------------------------------------------------------------
@@ -308,10 +311,26 b' class Session(Configurable):'
308 311 help="""execution key, for extra authentication.""")
309 312 def _key_changed(self, name, old, new):
310 313 if new:
311 self.auth = hmac.HMAC(new)
314 self.auth = hmac.HMAC(new, digestmod=self.digest_mod)
312 315 else:
313 316 self.auth = None
314 317
318 signature_scheme = Unicode('hmac-sha256', config=True,
319 help="""The digest scheme used to construct the message signatures.
320 Must have the form 'hmac-HASH'.""")
321 def _signature_scheme_changed(self, name, old, new):
322 if not new.startswith('hmac-'):
323 raise TraitError("signature_scheme must start with 'hmac-', got %r" % new)
324 hash_name = new.split('-', 1)[1]
325 try:
326 self.digest_mod = getattr(hashlib, hash_name)
327 except AttributeError:
328 raise TraitError("hashlib has no such attribute: %s" % hash_name)
329
330 digest_mod = Any()
331 def _digest_mod_default(self):
332 return hashlib.sha256
333
315 334 auth = Instance(hmac.HMAC)
316 335
317 336 digest_history = Set()
@@ -387,6 +406,11 b' class Session(Configurable):'
387 406 key : bytes
388 407 The key used to initialize an HMAC signature. If unset, messages
389 408 will not be signed or checked.
409 signature_scheme : str
410 The message digest scheme. Currently must be of the form 'hmac-HASH',
411 where 'HASH' is a hashing function available in Python's hashlib.
412 The default is 'hmac-sha256'.
413 This is ignored if 'key' is empty.
390 414 keyfile : filepath
391 415 The file containing a key. If this is set, `key` will be
392 416 initialized to the contents of the file.
General Comments 0
You need to be logged in to leave comments. Login now