The CAKE protocol looks interesting but it mixes two concepts: structured data encoding, and security encapsulation of message passing.
IMHO, if you were enforcing and reusing off the shelf encoding like thrift or protobuf, it would make the design and code much simpler to parse.
The following will probably look naive as I haven't looked at CAKE implementation code, maybe I haven't scoped the whole problem.
Once you've done that, it would be merely:
raw_data = pipe.read()
# unpack_header is a thrift/protobuf raw reader.
hdr = unpack_header(raw_data)
# hdr.firsthmac and hdr.messages are still encrypted at this point
# hdr.messages is a list of message as defined at http://www.cakem.net/v2/sessions.html#repeated
# Grab valid key, verify signature. Throws on invalid signature, etc.
process(hdr)
# hdr.firsthmac is now decrypted and verified
if hdr.message_type == 1: # session continuation
for message in hdr.messages:
# unpack_data is whatever decoding the user wants to use.
# in practice, it's probably better to not even have this function here and
# just yield the raw buffer.
data = unpack_data(decrypt_and_verify(hdr.key, message.padding))
yield data
Both thrift and protobuf handle a lots of the problems for you like: futureproofing the protocol message format, efficient encoding & decoding of native types line int&string, multi-language support, golden message definition in a single file, etc.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
Simplification by reusing encoding protocols
Date: 2011-02-04 07:01 pm (UTC)IMHO, if you were enforcing and reusing off the shelf encoding like thrift or protobuf, it would make the design and code much simpler to parse.
The following will probably look naive as I haven't looked at CAKE implementation code, maybe I haven't scoped the whole problem.
Once you've done that, it would be merely:
raw_data = pipe.read() # unpack_header is a thrift/protobuf raw reader. hdr = unpack_header(raw_data) # hdr.firsthmac and hdr.messages are still encrypted at this point # hdr.messages is a list of message as defined at http://www.cakem.net/v2/sessions.html#repeated # Grab valid key, verify signature. Throws on invalid signature, etc. process(hdr) # hdr.firsthmac is now decrypted and verified if hdr.message_type == 1: # session continuation for message in hdr.messages: # unpack_data is whatever decoding the user wants to use. # in practice, it's probably better to not even have this function here and # just yield the raw buffer. data = unpack_data(decrypt_and_verify(hdr.key, message.padding)) yield dataBoth thrift and protobuf handle a lots of the problems for you like: futureproofing the protocol message format, efficient encoding & decoding of native types line int&string, multi-language support, golden message definition in a single file, etc.