generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2024-12-13 18:55:10 +01:00
Code Issues Projects Releases Wiki Activity
b49a60410a
libzmq/tests/test_security_curve.cpp

295 lines
10 KiB
C++
Raw Normal View History

Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
/*
Problem: copyright year is still 2015 Solution: update to 2016
2016-01-28 15:07:31 +01:00
Copyright (c) 2007-2016 Contributors as noted in the AUTHORS file
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
Problem: source file headers are somewhat confusing about LGPLv3 Of course people still "can" distributed the sources under the LGPLv3. However we provide COPYING.LESSER with additional grants. Solution: specify these grants in the header of each source file.
2015-06-02 22:33:55 +02:00
This file is part of libzmq, the ZeroMQ core engine in C++.
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
Problem: source file headers are somewhat confusing about LGPLv3 Of course people still "can" distributed the sources under the LGPLv3. However we provide COPYING.LESSER with additional grants. Solution: specify these grants in the header of each source file.
2015-06-02 22:33:55 +02:00
libzmq is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License (LGPL) as published
by the Free Software Foundation; either version 3 of the License, or
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
(at your option) any later version.
Problem: source file headers are somewhat confusing about LGPLv3 Of course people still "can" distributed the sources under the LGPLv3. However we provide COPYING.LESSER with additional grants. Solution: specify these grants in the header of each source file.
2015-06-02 22:33:55 +02:00
As a special exception, the Contributors give you permission to link
this library with independent modules to produce an executable,
regardless of the license terms of these independent modules, and to
copy and distribute the resulting executable under terms of your choice,
provided that you also meet, for each linked independent module, the
terms and conditions of the license of that module. An independent
module is a module which is not derived from or based on this library.
If you modify this library, you must extend this exception to your
version of the library.
libzmq is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "testutil.hpp"
test unauthenticated messages from vanilla sockets fails on all auth mechanisms
2014-12-03 19:34:34 +01:00
#if defined (ZMQ_HAVE_WINDOWS)
# include <winsock2.h>
allow vanilla socket security tests to run on Windows - add ws2tcpip.h - alias close->closesocket - increment port in sec_null test
2014-12-03 22:58:49 +01:00
# include <ws2tcpip.h>
test unauthenticated messages from vanilla sockets fails on all auth mechanisms
2014-12-03 19:34:34 +01:00
# include <stdexcept>
allow vanilla socket security tests to run on Windows - add ws2tcpip.h - alias close->closesocket - increment port in sec_null test
2014-12-03 22:58:49 +01:00
# define close closesocket
test unauthenticated messages from vanilla sockets fails on all auth mechanisms
2014-12-03 19:34:34 +01:00
#else
# include <sys/socket.h>
# include <netinet/in.h>
# include <arpa/inet.h>
# include <unistd.h>
#endif
Fixed ZAP authentication - if ZAP server returns anything except 200, connection is closed - all security tests now pass correctly - test_security_curve now does proper client key authentication using test key - test_security_plain now does proper password authentication
2013-09-02 18:21:36 +02:00
Packaging for zmq_curve_keypair function * Added new man page for this * Added test case, in tests/test_security_curve.cpp * Noted in zmq_utils.h that these methods are documented
2013-09-30 15:14:02 +02:00
// We'll generate random test keys at startup
static char client_public [41];
static char client_secret [41];
static char server_public [41];
static char server_secret [41];
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
Fixed Z85 methods to be static and not pollute library
2013-09-15 17:30:18 +02:00
// --------------------------------------------------------------------------
Fixed comment
2014-03-16 11:53:40 +01:00
// This methods receives and validates ZAP requestes (allowing or denying
// each client connection).
Fixed Z85 methods to be static and not pollute library
2013-09-15 17:30:18 +02:00
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
static void zap_handler (void *handler)
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
{
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
// Process ZAP requests forever
while (true) {
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
char *version = s_recv (handler);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
if (!version)
break; // Terminating
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
char *sequence = s_recv (handler);
char *domain = s_recv (handler);
char *address = s_recv (handler);
char *identity = s_recv (handler);
char *mechanism = s_recv (handler);
Fixed ZAP authentication - if ZAP server returns anything except 200, connection is closed - all security tests now pass correctly - test_security_curve now does proper client key authentication using test key - test_security_plain now does proper password authentication
2013-09-02 18:21:36 +02:00
uint8_t client_key [32];
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
int size = zmq_recv (handler, client_key, 32, 0);
Fixed ZAP authentication - if ZAP server returns anything except 200, connection is closed - all security tests now pass correctly - test_security_curve now does proper client key authentication using test key - test_security_plain now does proper password authentication
2013-09-02 18:21:36 +02:00
assert (size == 32);
z85 encoding buffer overrun
2013-09-05 15:18:42 +02:00
char client_key_text [41];
simplify test_security_curve.cpp with zmq_z85_encode
2013-09-16 00:06:24 +02:00
zmq_z85_encode (client_key_text, client_key, 32);
Fixed ZAP authentication - if ZAP server returns anything except 200, connection is closed - all security tests now pass correctly - test_security_curve now does proper client key authentication using test key - test_security_plain now does proper password authentication
2013-09-02 18:21:36 +02:00
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
assert (streq (version, "1.0"));
assert (streq (mechanism, "CURVE"));
assert (streq (identity, "IDENT"));
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
s_sendmore (handler, version);
s_sendmore (handler, sequence);
Added ZMQ_ZAP_DOMAIN socket option * This is passed to the ZAP handler in the 'domain' field * If not set, or empty, then NULL security does not call the ZAP handler * This resolves the phantom ZAP request syndrome seen with sockets where security was never intended (e.g. in test cases) * This means if you install a ZAP handler, it will not get any requests for new connections until you take some explicit action, which can be setting a username/password for PLAIN, a key for CURVE, or the domain for NULL.
2013-09-09 20:40:34 +02:00
Fixed ZAP authentication - if ZAP server returns anything except 200, connection is closed - all security tests now pass correctly - test_security_curve now does proper client key authentication using test key - test_security_plain now does proper password authentication
2013-09-02 18:21:36 +02:00
if (streq (client_key_text, client_public)) {
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
s_sendmore (handler, "200");
s_sendmore (handler, "OK");
s_sendmore (handler, "anonymous");
s_send (handler, "");
Fixed ZAP authentication - if ZAP server returns anything except 200, connection is closed - all security tests now pass correctly - test_security_curve now does proper client key authentication using test key - test_security_plain now does proper password authentication
2013-09-02 18:21:36 +02:00
}
else {
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
s_sendmore (handler, "400");
s_sendmore (handler, "Invalid client public key");
s_sendmore (handler, "");
s_send (handler, "");
Fixed ZAP authentication - if ZAP server returns anything except 200, connection is closed - all security tests now pass correctly - test_security_curve now does proper client key authentication using test key - test_security_plain now does proper password authentication
2013-09-02 18:21:36 +02:00
}
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
free (version);
free (sequence);
free (domain);
free (address);
free (identity);
free (mechanism);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
}
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
zmq_close (handler);
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
}
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
int main (void)
{
Problem: use of libsodium vs. tweetnacl is confused It's unclear which we need and in the source code, conditional code treats tweetnacl as a subclass of libsodium, which is inaccurate. Solution: redesign the configure/cmake API for this: * tweetnacl is present by default and cannot be enabled * libsodium can be enabled using --with-libsodium, which replaces the built-in tweetnacl * CURVE encryption can be disabled entirely using --enable-curve=no The macros we define in platform.hpp are: ZMQ_HAVE_CURVE 1 // When CURVE is enabled HAVE_LIBSODIUM 1 // When we are using libsodium HAVE_TWEETNACL 1 // When we're using tweetnacl (default) As of this patch, the default build of libzmq always has CURVE security, and always uses tweetnacl.
2016-02-11 13:32:01 +01:00
#ifndef ZMQ_HAVE_CURVE
printf ("CURVE encryption not installed, skipping test\n");
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
return 0;
#endif
Packaging for zmq_curve_keypair function * Added new man page for this * Added test case, in tests/test_security_curve.cpp * Noted in zmq_utils.h that these methods are documented
2013-09-30 15:14:02 +02:00
// Generate new keypairs for this test
int rc = zmq_curve_keypair (client_public, client_secret);
assert (rc == 0);
rc = zmq_curve_keypair (server_public, server_secret);
assert (rc == 0);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
setup_test_environment ();
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
void *ctx = zmq_ctx_new ();
assert (ctx);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
// Spawn ZAP handler
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
// We create and bind ZAP socket in main thread to avoid case
// where child thread does not start up fast enough.
void *handler = zmq_socket (ctx, ZMQ_REP);
assert (handler);
Packaging for zmq_curve_keypair function * Added new man page for this * Added test case, in tests/test_security_curve.cpp * Noted in zmq_utils.h that these methods are documented
2013-09-30 15:14:02 +02:00
rc = zmq_bind (handler, "inproc://zeromq.zap.01");
Fixed random failures in test_security_plain and _curve * ZAP handler thread was not getting time to start up * Code now creates and binds handler socket in parent thread and passes the socket to the zap_handler, so this always gets the authentication requests.
2013-09-16 10:56:49 +02:00
assert (rc == 0);
void *zap_thread = zmq_threadstart (&zap_handler, handler);
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
// Server socket will accept connections
void *server = zmq_socket (ctx, ZMQ_DEALER);
assert (server);
Revert "makes curve keys symetric as in libcurve + factorisation" This reverts commit bfd472f97cad5e37fa384b687a906f515600bac4.
2013-09-17 14:05:55 +02:00
int as_server = 1;
Revert "oblige the application to explicitely set the node type for PLAIN" This reverts commit 1206f4572b4b3bb405a14cc60605b75d53b819a0.
2013-09-17 14:05:41 +02:00
rc = zmq_setsockopt (server, ZMQ_CURVE_SERVER, &as_server, sizeof (int));
Added Z85 support The use of binary for CURVE keys is painful; you cannot easily copy these in e.g. email, or use them directly in source code. There are various encoding possibilities. Base16 and Base64 are not optimal. Ascii85 is not safe for source (it generates quotes and escapes). So, I've designed a new Base85 encoding, Z85, which is safe to use in code and elsewhere, and I've modified libzmq to use this where it also uses binary keys (in get/setsockopt). Very simply, if you use a 32-byte value, it's Base256 (binary), and if you use a 40-byte value, it's Base85 (Z85). I've put the Z85 codec into z85_codec.hpp, it's not elegant C++ but it is minimal and it works. Feel free to rewrap as a real class if this annoys you.
2013-06-28 22:10:22 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (server, ZMQ_CURVE_SECRETKEY, server_secret, 41);
Added Z85 support The use of binary for CURVE keys is painful; you cannot easily copy these in e.g. email, or use them directly in source code. There are various encoding possibilities. Base16 and Base64 are not optimal. Ascii85 is not safe for source (it generates quotes and escapes). So, I've designed a new Base85 encoding, Z85, which is safe to use in code and elsewhere, and I've modified libzmq to use this where it also uses binary keys (in get/setsockopt). Very simply, if you use a 32-byte value, it's Base256 (binary), and if you use a 40-byte value, it's Base85 (Z85). I've put the Z85 codec into z85_codec.hpp, it's not elegant C++ but it is minimal and it works. Feel free to rewrap as a real class if this annoys you.
2013-06-28 22:10:22 +02:00
assert (rc == 0);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
rc = zmq_setsockopt (server, ZMQ_IDENTITY, "IDENT", 6);
assert (rc == 0);
tests: don't listen on public ports
2013-09-18 12:58:19 +02:00
rc = zmq_bind (server, "tcp://127.0.0.1:9998");
Add the Socket Identity info to the ZAP Messages This change adds the socket identity infomartion from the socket to the zap frames. In doing this the ZAP is able preform different operations based on different sockets. This is not compaitable with the current ZAP RFC, but that can be updated. As the ZAP rfc is currently draft for I did not change the version number. Tests also modified and passing.
2013-08-20 19:48:05 +02:00
assert (rc == 0);
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
// Check CURVE security with valid credentials
void *client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 41);
Added Z85 support The use of binary for CURVE keys is painful; you cannot easily copy these in e.g. email, or use them directly in source code. There are various encoding possibilities. Base16 and Base64 are not optimal. Ascii85 is not safe for source (it generates quotes and escapes). So, I've designed a new Base85 encoding, Z85, which is safe to use in code and elsewhere, and I've modified libzmq to use this where it also uses binary keys (in get/setsockopt). Very simply, if you use a 32-byte value, it's Base256 (binary), and if you use a 40-byte value, it's Base85 (Z85). I've put the Z85 codec into z85_codec.hpp, it's not elegant C++ but it is minimal and it works. Feel free to rewrap as a real class if this annoys you.
2013-06-28 22:10:22 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_PUBLICKEY, client_public, 41);
Added Z85 support The use of binary for CURVE keys is painful; you cannot easily copy these in e.g. email, or use them directly in source code. There are various encoding possibilities. Base16 and Base64 are not optimal. Ascii85 is not safe for source (it generates quotes and escapes). So, I've designed a new Base85 encoding, Z85, which is safe to use in code and elsewhere, and I've modified libzmq to use this where it also uses binary keys (in get/setsockopt). Very simply, if you use a 32-byte value, it's Base256 (binary), and if you use a 40-byte value, it's Base85 (Z85). I've put the Z85 codec into z85_codec.hpp, it's not elegant C++ but it is minimal and it works. Feel free to rewrap as a real class if this annoys you.
2013-06-28 22:10:22 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, client_secret, 41);
Added Z85 support The use of binary for CURVE keys is painful; you cannot easily copy these in e.g. email, or use them directly in source code. There are various encoding possibilities. Base16 and Base64 are not optimal. Ascii85 is not safe for source (it generates quotes and escapes). So, I've designed a new Base85 encoding, Z85, which is safe to use in code and elsewhere, and I've modified libzmq to use this where it also uses binary keys (in get/setsockopt). Very simply, if you use a 32-byte value, it's Base256 (binary), and if you use a 40-byte value, it's Base85 (Z85). I've put the Z85 codec into z85_codec.hpp, it's not elegant C++ but it is minimal and it works. Feel free to rewrap as a real class if this annoys you.
2013-06-28 22:10:22 +02:00
assert (rc == 0);
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
rc = zmq_connect (client, "tcp://localhost:9998");
assert (rc == 0);
bounce (server, client);
rc = zmq_close (client);
assert (rc == 0);
Added ZMQ_ZAP_DOMAIN socket option * This is passed to the ZAP handler in the 'domain' field * If not set, or empty, then NULL security does not call the ZAP handler * This resolves the phantom ZAP request syndrome seen with sockets where security was never intended (e.g. in test cases) * This means if you install a ZAP handler, it will not get any requests for new connections until you take some explicit action, which can be setting a username/password for PLAIN, a key for CURVE, or the domain for NULL.
2013-09-09 20:40:34 +02:00
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
// Check CURVE security with a garbage server key
// This will be caught by the curve_server class, not passed to ZAP
char garbage_key [] = "0000111122223333444455556666777788889999";
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, garbage_key, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_PUBLICKEY, client_public, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, client_secret, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
rc = zmq_connect (client, "tcp://localhost:9998");
assert (rc == 0);
expect_bounce_fail (server, client);
close_zero_linger (client);
Added ZMQ_ZAP_DOMAIN socket option * This is passed to the ZAP handler in the 'domain' field * If not set, or empty, then NULL security does not call the ZAP handler * This resolves the phantom ZAP request syndrome seen with sockets where security was never intended (e.g. in test cases) * This means if you install a ZAP handler, it will not get any requests for new connections until you take some explicit action, which can be setting a username/password for PLAIN, a key for CURVE, or the domain for NULL.
2013-09-09 20:40:34 +02:00
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
// Check CURVE security with a garbage client public key
// This will be caught by the curve_server class, not passed to ZAP
client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_PUBLICKEY, garbage_key, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, client_secret, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
rc = zmq_connect (client, "tcp://localhost:9998");
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
expect_bounce_fail (server, client);
close_zero_linger (client);
Added ZMQ_ZAP_DOMAIN socket option * This is passed to the ZAP handler in the 'domain' field * If not set, or empty, then NULL security does not call the ZAP handler * This resolves the phantom ZAP request syndrome seen with sockets where security was never intended (e.g. in test cases) * This means if you install a ZAP handler, it will not get any requests for new connections until you take some explicit action, which can be setting a username/password for PLAIN, a key for CURVE, or the domain for NULL.
2013-09-09 20:40:34 +02:00
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
// Check CURVE security with a garbage client secret key
// This will be caught by the curve_server class, not passed to ZAP
client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_PUBLICKEY, client_public, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, garbage_key, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
rc = zmq_connect (client, "tcp://localhost:9998");
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
expect_bounce_fail (server, client);
close_zero_linger (client);
Added ZMQ_ZAP_DOMAIN socket option * This is passed to the ZAP handler in the 'domain' field * If not set, or empty, then NULL security does not call the ZAP handler * This resolves the phantom ZAP request syndrome seen with sockets where security was never intended (e.g. in test cases) * This means if you install a ZAP handler, it will not get any requests for new connections until you take some explicit action, which can be setting a username/password for PLAIN, a key for CURVE, or the domain for NULL.
2013-09-09 20:40:34 +02:00
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
// Check CURVE security with bogus client credentials
// This must be caught by the ZAP handler
Packaging for zmq_curve_keypair function * Added new man page for this * Added test case, in tests/test_security_curve.cpp * Noted in zmq_utils.h that these methods are documented
2013-09-30 15:14:02 +02:00
char bogus_public [41];
char bogus_secret [41];
zmq_curve_keypair (bogus_public, bogus_secret);
Added ZMQ_ZAP_DOMAIN socket option * This is passed to the ZAP handler in the 'domain' field * If not set, or empty, then NULL security does not call the ZAP handler * This resolves the phantom ZAP request syndrome seen with sockets where security was never intended (e.g. in test cases) * This means if you install a ZAP handler, it will not get any requests for new connections until you take some explicit action, which can be setting a username/password for PLAIN, a key for CURVE, or the domain for NULL.
2013-09-09 20:40:34 +02:00
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_PUBLICKEY, bogus_public, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Problem: ZMQ_CURVE_SECRETKEY reads beyond end of Z85 data Solution: change setsockopts on printable keys to expect 41, nor 40 bytes. Code still accepts 40 bytes for compatibility, and copies the key to a well-terminated string before using it. Fixes #1148
2014-08-09 10:24:26 +02:00
rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, bogus_secret, 41);
test failed CURVE auth adds expect_bounce_fail test function which is like bounce, but fails if messages arrive.
2013-08-31 02:56:59 +02:00
assert (rc == 0);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
rc = zmq_connect (client, "tcp://localhost:9998");
assert (rc == 0);
Fixed ZAP authentication - if ZAP server returns anything except 200, connection is closed - all security tests now pass correctly - test_security_curve now does proper client key authentication using test key - test_security_plain now does proper password authentication
2013-09-02 18:21:36 +02:00
expect_bounce_fail (server, client);
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
close_zero_linger (client);
Added ZMQ_ZAP_DOMAIN socket option * This is passed to the ZAP handler in the 'domain' field * If not set, or empty, then NULL security does not call the ZAP handler * This resolves the phantom ZAP request syndrome seen with sockets where security was never intended (e.g. in test cases) * This means if you install a ZAP handler, it will not get any requests for new connections until you take some explicit action, which can be setting a username/password for PLAIN, a key for CURVE, or the domain for NULL.
2013-09-09 20:40:34 +02:00
Problem: test_security_curve does't try wrong mechanisms Solution: check that it rejects attempts to connect to a CURVE server using NULL or PLAIN client.
2014-09-18 07:32:07 +02:00
// Check CURVE security with NULL client credentials
Problem: stream_engine.cpp security can be downgraded Solution: accept only the mechanism defined by the socket options. I've not tested this yet, so it's a speculative fix.
2014-09-19 19:24:45 +02:00
// This must be caught by the curve_server class, not passed to ZAP
Problem: test_security_curve does't try wrong mechanisms Solution: check that it rejects attempts to connect to a CURVE server using NULL or PLAIN client.
2014-09-18 07:32:07 +02:00
client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
rc = zmq_connect (client, "tcp://localhost:9998");
assert (rc == 0);
expect_bounce_fail (server, client);
close_zero_linger (client);
// Check CURVE security with PLAIN client credentials
Problem: stream_engine.cpp security can be downgraded Solution: accept only the mechanism defined by the socket options. I've not tested this yet, so it's a speculative fix.
2014-09-19 19:24:45 +02:00
// This must be caught by the curve_server class, not passed to ZAP
Problem: test_security_curve does't try wrong mechanisms Solution: check that it rejects attempts to connect to a CURVE server using NULL or PLAIN client.
2014-09-18 07:32:07 +02:00
client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
rc = zmq_setsockopt (client, ZMQ_PLAIN_USERNAME, "admin", 5);
assert (rc == 0);
rc = zmq_setsockopt (client, ZMQ_PLAIN_PASSWORD, "password", 8);
assert (rc == 0);
expect_bounce_fail (server, client);
close_zero_linger (client);
Add tests for issue #1094.
2014-11-07 17:35:41 +01:00
test unauthenticated messages from vanilla sockets fails on all auth mechanisms
2014-12-03 19:34:34 +01:00
// Unauthenticated messages from a vanilla socket shouldn't be received
struct sockaddr_in ip4addr;
int s;
ip4addr.sin_family = AF_INET;
ip4addr.sin_port = htons (9998);
added ZMQ_HAVE_WINDOWS check to _WIN32_WINNT usage
2016-02-06 12:59:13 +01:00
#if (ZMQ_HAVE_WINDOWS and _WIN32_WINNT < 0x0600)
Some test fail to build targeting less that Windows Vista When targeting a version of Windows less than Windows Vista, the security tests fail to build. Added a check for Windows version and substituted inet_pton for inet_addr. Fixes libzmq issue #1396.
2015-05-07 22:52:37 +02:00
ip4addr.sin_addr.s_addr = inet_addr ("127.0.0.1");
#else
inet_pton(AF_INET, "127.0.0.1", &ip4addr.sin_addr);
#endif
test unauthenticated messages from vanilla sockets fails on all auth mechanisms
2014-12-03 19:34:34 +01:00
s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr));
assert (rc > -1);
craft vanilla socket security test messages use explicit ZMTP/1.0 anonymous greeting rather than HTTP request that just happened to work
2014-12-03 23:51:57 +01:00
// send anonymous ZMTP/1.0 greeting
send (s, "\x01\x00", 2, 0);
// send sneaky message that shouldn't be received
send (s, "\x08\x00sneaky\0", 9, 0);
Problem: test cases are failing on slower PCs (eee PC) Solution: raise timeouts from 100-150 msec to 250 msec
2015-01-30 11:57:31 +01:00
int timeout = 250;
test unauthenticated messages from vanilla sockets fails on all auth mechanisms
2014-12-03 19:34:34 +01:00
zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout));
char *buf = s_recv (server);
craft vanilla socket security test messages use explicit ZMTP/1.0 anonymous greeting rather than HTTP request that just happened to work
2014-12-03 23:51:57 +01:00
if (buf != NULL) {
printf ("Received unauthenticated message: %s\n", buf);
assert (buf == NULL);
}
test unauthenticated messages from vanilla sockets fails on all auth mechanisms
2014-12-03 19:34:34 +01:00
close (s);
Add tests for issue #1094.
2014-11-07 17:35:41 +01:00
// Check return codes for invalid buffer sizes
client = zmq_socket (ctx, ZMQ_DEALER);
assert (client);
errno = 0;
rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 123);
assert (rc == -1 && errno == EINVAL);
errno = 0;
rc = zmq_setsockopt (client, ZMQ_CURVE_PUBLICKEY, client_public, 123);
assert (rc == -1 && errno == EINVAL);
errno = 0;
rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, client_secret, 123);
assert (rc == -1 && errno == EINVAL);
rc = zmq_close (client);
assert (rc == 0);
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
// Shutdown
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
rc = zmq_close (server);
assert (rc == 0);
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
rc = zmq_ctx_term (ctx);
assert (rc == 0);
Added ZMQ_ZAP_DOMAIN socket option * This is passed to the ZAP handler in the 'domain' field * If not set, or empty, then NULL security does not call the ZAP handler * This resolves the phantom ZAP request syndrome seen with sockets where security was never intended (e.g. in test cases) * This means if you install a ZAP handler, it will not get any requests for new connections until you take some explicit action, which can be setting a username/password for PLAIN, a key for CURVE, or the domain for NULL.
2013-09-09 20:40:34 +02:00
Fixed 'make check' failures - Split off NULL security check from PLAIN - Cleaned up test_linger code a little - Got all tests to pass, added TODOs for outstanding issues - Added ZAP authentication for NULL test case - NULL mechanism was not passing server identity - fixed - cleaned up test_security_plain and removed option double-checks (made code ugly) - lowered timeout on expect_bounce_fail to 150 msec to speed up checks - removed all sleeps from test_fork and simplified code (it still passes :-)
2013-09-02 17:22:24 +02:00
// Wait until ZAP handler terminates
zmq_threadclose (zap_thread);
Added security curve test Test is skipped if no libsodium. Added warning if libsodium not configured
2013-06-22 17:17:25 +02:00
return 0;
}
Reference in New Issue Copy Permalink