Problem: use of libsodium vs. tweetnacl is confused

It's unclear which we need and in the source code, conditional code
treats tweetnacl as a subclass of libsodium, which is inaccurate.

Solution: redesign the configure/cmake API for this:

* tweetnacl is present by default and cannot be enabled
* libsodium can be enabled using --with-libsodium, which replaces
  the built-in tweetnacl
* CURVE encryption can be disabled entirely using --enable-curve=no

The macros we define in platform.hpp are:

    ZMQ_HAVE_CURVE    1        //  When CURVE is enabled
    HAVE_LIBSODIUM    1        //  When we are using libsodium
    HAVE_TWEETNACL    1        //  When we're using tweetnacl (default)

As of this patch, the default build of libzmq always has CURVE
security, and always uses tweetnacl.

.gitignore

@@ -127,6 +127,8 @@ test_udp
 test_large_msg
 test_use_fd_ipc
 test_use_fd_tcp
+test_pre_allocated_fd_ipc
+test_pre_allocated_fd_tcp
 tests/test*.log
 tests/test*.trs
 src/platform.hpp*

CMakeLists.txt

@@ -12,34 +12,44 @@ if(APPLE)
     option (ZMQ_BUILD_FRAMEWORK "Build as OS X framework" ON)
 endif ()
 
-option(WITH_SODIUM "Build with libsodium" ON)
-option(WITH_TWEETNACL "Build with tweetnacl" ON)
+# Select curve encryption library, defaults to tweetnacl
+# To use libsodium instead, use --with-libsodium (must be installed)
+# To disable curve, use --disable-curve
 
-if(WITH_SODIUM)
+option (WITH_LIBSODIUM "Use libsodium instead of built-in tweetnacl" OFF)
+option (ENABLE_CURVE "Enable CURVE security" ON)
+
+if (NOT ENABLE_CURVE)
+    message (STATUS "CURVE security is disabled")
+
+elseif (WITH_SODIUM)
     find_package (Sodium)
     if (SODIUM_FOUND)
-    add_definitions(-DHAVE_LIBSODIUM)
+        message (STATUS "Using libsodium for CURVE security")
+        add_definitions (-DZMQ_HAVE_CURVE -DHAVE_LIBSODIUM)
         include_directories (${SODIUM_INCLUDE_DIRS})
+
+        # On Solaris, libsodium depends on libssp
+        if (${CMAKE_SYSTEM_NAME} matches "SunOS")
+            target_link_libraries (libzmq ssp)
         endif ()
-endif()
-
-if(WITH_TWEETNACL)
-  message(STATUS "Building with TweetNaCL")
-  set(USE_TWEETNACL ON)
-  add_definitions(-DHAVE_TWEETNACL)
-  include_directories(
-    tweetnacl/contrib/randombytes
-    tweetnacl/src
-    )
-
-  set(TWEETNACL_SOURCES
-    tweetnacl/src/tweetnacl.c
-    )
-
-  if(WIN32)
-    list(APPEND TWEETNACL_SOURCES tweetnacl/contrib/randombytes/winrandom.c)
     else ()
-    list(APPEND TWEETNACL_SOURCES tweetnacl/contrib/randombytes/devurandom.c)
+        message (FATAL_ERROR
+            "libsodium is not installed. Install it, then run CMake again")
+    endif ()
+
+else ()
+    message (STATUS "Using tweetnacl for CURVE security")
+    add_definitions (-DZMQ_HAVE_CURVE -DHAVE_TWEETNACL)
+    include_directories (tweetnacl/contrib/randombytes tweetnacl/src)
+    list (APPEND sources ${CMAKE_CURRENT_SOURCE_DIR}/tweetnacl/src/tweetnacl.c)
+    #   TODO: this should be a single coherent source file
+    if (WIN32)
+        list (APPEND sources
+            ${CMAKE_CURRENT_SOURCE_DIR}/tweetnacl/contrib/randombytes/winrandom.c)
+    else ()
+        list (APPEND sources
+            ${CMAKE_CURRENT_SOURCE_DIR}/tweetnacl/contrib/randombytes/devurandom.c)
     endif ()
 endif ()
 
@@ -48,39 +58,52 @@ set(POLLER "" CACHE STRING "Choose polling system. valid values are
 
 include (CheckFunctionExists)
 include (CheckTypeSize)
+
 if (POLLER STREQUAL "")
     set (CMAKE_REQUIRED_INCLUDES sys/event.h)
     check_function_exists (kqueue HAVE_KQUEUE)
     set (CMAKE_REQUIRED_INCLUDES)
     if (HAVE_KQUEUE)
         set (POLLER "kqueue")
-    else()
+    endif()
+endif ()
+
+if (POLLER STREQUAL "")
     set (CMAKE_REQUIRED_INCLUDES sys/epoll.h)
     check_function_exists (epoll_create HAVE_EPOLL)
     set (CMAKE_REQUIRED_INCLUDES)
     if (HAVE_EPOLL)
         set (POLLER "epoll")
-        else()
+    endif ()
+endif ()
+
+if (POLLER STREQUAL "")
     set (CMAKE_REQUIRED_INCLUDES sys/devpoll.h)
     check_type_size ("struct pollfd" DEVPOLL)
     set (CMAKE_REQUIRED_INCLUDES)
     if (HAVE_DEVPOLL)
         set (POLLER "devpoll")
-            else()
+    endif ()
+endif ()
+
+if (POLLER STREQUAL "")
     set (CMAKE_REQUIRED_INCLUDES poll.h)
     check_function_exists (poll HAVE_POLL)
     set (CMAKE_REQUIRED_INCLUDES)
     if (HAVE_POLL)
         set (POLLER "poll")
-                else()
+    endif ()
+endif ()
+
+if (POLLER STREQUAL "")
     if (WIN32)
         set (CMAKE_REQUIRED_INCLUDES winsock2.h)
         set (HAVE_SELECT 1)
     else ()
         set (CMAKE_REQUIRED_INCLUDES sys/select.h)
         check_function_exists (select HAVE_SELECT)
-                    endif()
         set (CMAKE_REQUIRED_INCLUDES)
+    endif ()
     if (HAVE_SELECT)
         set (POLLER "select")
     else ()
@@ -88,22 +111,17 @@ if(POLLER STREQUAL "")
             "Could not autodetect polling method")
     endif ()
 endif ()
-            endif()
-        endif()
-    endif()
-endif()
 
-if(     NOT POLLER STREQUAL "kqueue"
-    AND NOT POLLER STREQUAL "epoll"
-    AND NOT POLLER STREQUAL "devpoll"
-    AND NOT POLLER STREQUAL "poll"
-    AND NOT POLLER STREQUAL "select")
-  message(FATAL_ERROR "Invalid polling method")
-endif()
-
-if(NOT ${POLLER} STREQUAL "")
+if (POLLER STREQUAL "kqueue"
+ OR POLLER STREQUAL "epoll"
+ OR POLLER STREQUAL "devpoll"
+ OR POLLER STREQUAL "poll"
+ OR POLLER STREQUAL "select")
+    message (STATUS "Detected ${POLLER} polling method")
     string (TOUPPER ${POLLER} UPPER_POLLER)
     set (ZMQ_USE_${UPPER_POLLER} 1)
+else ()
+    message (FATAL_ERROR "Invalid polling method")
 endif ()
 
 set (ZMQ_CMAKE_MODULES_DIR ${CMAKE_CURRENT_SOURCE_DIR}/builds/cmake/Modules)
@@ -194,6 +212,7 @@ if(CMAKE_COMPILER_IS_GNUCXX OR CMAKE_CXX_COMPILER_ID MATCHES "Clang")
   zmq_check_cxx_flag_prepend ("-Wextra")
 endif ()
 
+#   TODO: why is -Wno-long-long defined differently than in configure.ac?
 zmq_check_cxx_flag_prepend ("-Wno-long-long")
 zmq_check_cxx_flag_prepend ("-Wno-uninitialized")
 
@@ -356,7 +375,7 @@ set(LIBRARY_OUTPUT_PATH  ${CMAKE_CURRENT_BINARY_DIR}/lib)
 # platform specifics
 
 if (WIN32)
-  # NB: May require tweaking for highly connected applications.
+    #   Socket limit is 4K (can be raised arbitrarily)
     add_definitions (-DFD_SETSIZE=4096)
     add_definitions (-D_CRT_SECURE_NO_WARNINGS)
 endif ()
@@ -528,12 +547,6 @@ foreach(source ${cxx-sources})
   list (APPEND sources ${CMAKE_CURRENT_SOURCE_DIR}/src/${source})
 endforeach ()
 
-if(USE_TWEETNACL)
-  foreach(source ${TWEETNACL_SOURCES})
-    list(APPEND sources ${CMAKE_CURRENT_SOURCE_DIR}/${source})
-  endforeach()
-endif()
-
 foreach (source ${rc-sources})
   list (APPEND sources ${CMAKE_CURRENT_BINARY_DIR}/${source})
   configure_file (${CMAKE_CURRENT_SOURCE_DIR}/src/${source}.in ${CMAKE_CURRENT_BINARY_DIR}/${source})

Makefile.am

@@ -269,11 +269,6 @@ src_libzmq_la_CPPFLAGS =
 src_libzmq_la_CXXFLAGS = @LIBZMQ_EXTRA_CXXFLAGS@
 src_libzmq_la_LIBADD =
 
-if HAVE_SODIUM
-src_libzmq_la_CPPFLAGS += ${sodium_CFLAGS}
-src_libzmq_la_LIBADD += ${sodium_LIBS}
-endif
-
 if USE_TWEETNACL
 src_libzmq_la_SOURCES += \
     tweetnacl/src/tweetnacl.c \
@@ -283,6 +278,11 @@ src_libzmq_la_CXXFLAGS += \
     -I$(top_builddir)/tweetnacl/src
 endif
 
+if USE_LIBSODIUM
+src_libzmq_la_CPPFLAGS += ${sodium_CFLAGS}
+src_libzmq_la_LIBADD += ${sodium_LIBS}
+endif
+
 if HAVE_PGM
 src_libzmq_la_CPPFLAGS += ${pgm_CFLAGS}
 src_libzmq_la_LIBADD += ${pgm_LIBS}

configure.ac

@@ -67,8 +67,6 @@ LIBZMQ_CHECK_ENABLE_DEBUG
 # Check wheter to enable code coverage
 LIBZMQ_WITH_GCOV
 
-
-
 AC_MSG_CHECKING([if TIPC is available and supports nonblocking connect])
 
 AC_RUN_IFELSE(
@@ -103,7 +101,6 @@ AC_RUN_IFELSE(
 
 AC_MSG_RESULT([$libzmq_tipc_support])
 
-
 AC_ARG_WITH([relaxed],
     [AS_HELP_STRING([--with-relaxed],
         [Switch off pedantic compiler])],
@@ -423,58 +420,49 @@ if test "x$require_libgssapi_krb5_ext" != "xno"; then
         AC_MSG_ERROR(libgssapi_krb5 is needed for GSSAPI security))
 fi
 
-# build using libsodium
-have_sodium_library="no"
+# Select curve encryption library, defaults to tweetnacl
+# To use libsodium instead, use --with-libsodium (must be installed)
+# To disable curve, use --disable-curve
 
-AC_ARG_WITH([libsodium], [AS_HELP_STRING([--with-libsodium],
-    [require libzmq build with libsodium crypto library. Requires pkg-config [default=check]])],
-    [require_libsodium_ext=$withval],
-    [require_libsodium_ext=check])
+AC_ARG_WITH([libsodium],
+    AS_HELP_STRING([--with-libsodium], [Use libsodium instead of built-in tweetnacl [default=no]]))
 
-AC_ARG_WITH([tweetnacl], [AS_HELP_STRING([--with-tweetnacl],
-    [build libzmq  with bundled tweetnacl crypto library [default=no]])],
-    [require_libsodium_ext=no
-     with_tweetnacl=yes
-     AC_MSG_CHECKING(for sodium)
-     AC_MSG_RESULT(tweetnacl)],
-    [with_tweetnacl=check])
-
-# conditionally require libsodium package
-if test "x$require_libsodium_ext" != "xno"; then
-  PKG_CHECK_MODULES([sodium], [libsodium],
-    [
-      have_sodium_library=yes
-      with_tweetnacl=no
-    ],
-    [
-      if test "x$require_libsodium_ext" == "xyes"; then
-        AC_MSG_ERROR(libsodium has been requested but not found)
-      else
-        AC_MSG_RESULT([             libsodium not found, using tweetnacl])
-        have_sodium_library=no
-        with_tweetnacl=yes
-      fi
+AS_IF([test "x$with_libsodium" = "xyes"], [
+    PKG_CHECK_MODULES([sodium], [libsodium], [libsodium_found=yes], [
+        AC_MSG_ERROR(libsodium is not installed. Install it, then run configure again)
+    ])
 ])
-fi
 
-if test "x$have_sodium_library" != "xno"; then
-    AC_DEFINE(HAVE_LIBSODIUM, 1, [The libsodium library is to be used.])
+AC_ARG_ENABLE([curve],
+    AS_HELP_STRING([--disable-curve], [Disable CURVE security [default=no]]))
 
-    # ssp library is required for libsodium on Solaris-like systems
+if test "x$enable_curve" == "xno"; then
+    curve_library=""
+    AC_MSG_NOTICE([CURVE security is disabled])
+
+elif test "x$with_libsodium" == "xyes"; then
+    AC_MSG_NOTICE([Using libsodium for CURVE security])
+    AC_DEFINE(ZMQ_HAVE_CURVE, [1], [Using curve encryption])
+    AC_DEFINE(HAVE_LIBSODIUM, [1], [Using libsodium for curve encryption])
+    curve_library="libsodium"
+
+    # On Solaris, libsodium depends on libssp
     case "${host_os}" in
         *solaris*)
             LDFLAGS="-lssp $LDFLAGS"
-            CPPFLAGS="$CPPFLAGS -Wno-long-long"
+            CPPFLAGS="-Wno-long-long $CPPFLAGS"
         ;;
     esac
-elif test "x$with_tweetnacl" != "xno"; then
-    AC_DEFINE(HAVE_LIBSODIUM, 1, [Sodium is provided by tweetnacl.])
-    AC_DEFINE(HAVE_TWEETNACL, 1, [Using tweetnacl.])
-    libzmq_pedantic="no"
+else
+    AC_MSG_NOTICE([Using tweetnacl for CURVE security])
+    AC_DEFINE(ZMQ_HAVE_CURVE, [1], [Using curve encryption])
+    AC_DEFINE(HAVE_TWEETNACL, [1], [Using tweetnacl for curve encryption])
+    curve_library="tweetnacl"
+    libzmq_pedantic="no"    #   Disable pedantic warnings
 fi
 
-AM_CONDITIONAL(HAVE_SODIUM, test "x$have_sodium_library" != "xno")
-AM_CONDITIONAL(USE_TWEETNACL, test "x$with_tweetnacl" != "xno")
+AM_CONDITIONAL(USE_LIBSODIUM, test "$curve_library" == "sodium")
+AM_CONDITIONAL(USE_TWEETNACL, test "$curve_library" == "tweetnacl")
 
 # build using pgm
 have_pgm_library="no"
@@ -507,8 +495,6 @@ AC_ARG_WITH([norm],
     [with_norm_ext=$withval],
     [with_norm_ext=no])
 
-
-
 AC_MSG_CHECKING("with_norm_ext = ${with_norm_ext}")
 
 if test "x$with_norm_ext" != "xno"; then

src/ctx.cpp

@@ -48,13 +48,11 @@
 #include "err.hpp"
 #include "msg.hpp"
 
-#ifdef HAVE_LIBSODIUM
-#ifdef HAVE_TWEETNACL
+#if defined (HAVE_TWEETNACL)
 #   include "randombytes.h"
-#else
+#elif defined (HAVE_LIBSODIUM)
 #   include "sodium.h"
 #endif
-#endif
 
 #ifdef ZMQ_HAVE_VMCI
 #include <vmci_sockets.h>
@@ -127,7 +125,7 @@ zmq::ctx_t::~ctx_t ()
 
     //  If we've done any Curve encryption, we may have a file handle
     //  to /dev/urandom open that needs to be cleaned up.
-#ifdef HAVE_LIBSODIUM
+#ifdef ZMQ_HAVE_CURVE
     randombytes_close ();
 #endif
 

src/curve_client.cpp

@@ -29,7 +29,7 @@
 
 #include "platform.hpp"
 
-#ifdef HAVE_LIBSODIUM
+#ifdef ZMQ_HAVE_CURVE
 
 #ifdef ZMQ_HAVE_WINDOWS
 #include "windows.hpp"

src/curve_client.hpp

@@ -30,14 +30,15 @@
 #ifndef __ZMQ_CURVE_CLIENT_HPP_INCLUDED__
 #define __ZMQ_CURVE_CLIENT_HPP_INCLUDED__
 
+#ifdef ZMQ_HAVE_CURVE
+
 #include "platform.hpp"
 #include "mutex.hpp"
 
-#ifdef HAVE_LIBSODIUM
-#ifdef HAVE_TWEETNACL
+#if defined (HAVE_TWEETNACL)
 #   include "tweetnacl_base.h"
 #   include "randombytes.h"
-#else
+#elif defined (HAVE_LIBSODIUM)
 #   include "sodium.h"
 #endif
 

src/curve_server.cpp

@@ -29,7 +29,7 @@
 
 #include "platform.hpp"
 
-#ifdef HAVE_LIBSODIUM
+#ifdef ZMQ_HAVE_CURVE
 
 #ifdef ZMQ_HAVE_WINDOWS
 #include "windows.hpp"

src/curve_server.hpp

@@ -30,15 +30,17 @@
 #ifndef __ZMQ_CURVE_SERVER_HPP_INCLUDED__
 #define __ZMQ_CURVE_SERVER_HPP_INCLUDED__
 
+#ifdef ZMQ_HAVE_CURVE
+
 #include "platform.hpp"
 
-#ifdef HAVE_LIBSODIUM
-#ifdef HAVE_TWEETNACL
+#if defined (HAVE_TWEETNACL)
 #   include "tweetnacl_base.h"
 #   include "randombytes.h"
-#else
+#elif defined (HAVE_LIBSODIUM)
 #   include "sodium.h"
 #endif
+
 #if crypto_box_NONCEBYTES != 24 \
 ||  crypto_box_PUBLICKEYBYTES != 32 \
 ||  crypto_box_SECRETKEYBYTES != 32 \

src/options.cpp

@@ -403,8 +403,8 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
             }
             break;
 
-        //  If libsodium isn't installed, these options provoke EINVAL
-#       ifdef HAVE_LIBSODIUM
+        //  If curve encryption isn't built, these options provoke EINVAL
+#ifdef ZMQ_HAVE_CURVE
         case ZMQ_CURVE_SERVER:
             if (is_int && (value == 0 || value == 1)) {
                 as_server = value;
@@ -888,8 +888,8 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
             }
             break;
 
-        //  If libsodium isn't installed, these options provoke EINVAL
-#       ifdef HAVE_LIBSODIUM
+        //  If curve encryption isn't built, these options provoke EINVAL
+#ifdef ZMQ_HAVE_CURVE
         case ZMQ_CURVE_SERVER:
             if (is_int) {
                 *value = as_server && mechanism == ZMQ_CURVE;

src/stream_engine.cpp

@@ -682,7 +682,7 @@ bool zmq::stream_engine_t::handshake ()
                     plain_client_t (options);
             alloc_assert (mechanism);
         }
-#ifdef HAVE_LIBSODIUM
+#ifdef ZMQ_HAVE_CURVE
         else
         if (options.mechanism == ZMQ_CURVE
         &&  memcmp (greeting_recv + 12, "CURVE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {

src/zmq.cpp

@@ -1211,7 +1211,8 @@ int zmq_poller_wait (void *poller_, zmq_poller_event_t *event, long timeout_)
         return -1;
     }
 
-    zmq::socket_poller_t::event_t e = {};
+    zmq::socket_poller_t::event_t e;
+    memset (&e, 0, sizeof (e));
 
     int rc = ((zmq::socket_poller_t*)poller_)->wait (&e, timeout_);
 
@@ -1360,7 +1361,7 @@ int zmq_has (const char *capability)
     if (strcmp (capability, "norm") == 0)
         return true;
 #endif
-#if defined (HAVE_LIBSODIUM)
+#if defined (ZMQ_HAVE_CURVE)
     if (strcmp (capability, "curve") == 0)
         return true;
 #endif

src/zmq_utils.cpp

@@ -43,14 +43,12 @@
 #include "windows.hpp"
 #endif
 
-#ifdef HAVE_LIBSODIUM
-#ifdef HAVE_TWEETNACL
+#if defined (HAVE_TWEETNACL)
 #   include "tweetnacl_base.h"
-#else
+#   include "randombytes.h"
+#elif defined (HAVE_LIBSODIUM)
 #   include "sodium.h"
 #endif
-#endif
-
 
 void zmq_sleep (int seconds_)
 {
@@ -185,17 +183,17 @@ uint8_t *zmq_z85_decode (uint8_t *dest, const char *string)
 }
 
 //  --------------------------------------------------------------------------
-//  Generate a public/private keypair with libsodium.
+//  Generate a public/private keypair with tweetnacl or libsodium.
 //  Generated keys will be 40 byte z85-encoded strings.
 //  Returns 0 on success, -1 on failure, setting errno.
-//  Sets errno = ENOTSUP in the absence of libsodium.
+//  Sets errno = ENOTSUP in the absence of a CURVE library.
 
 int zmq_curve_keypair (char *z85_public_key, char *z85_secret_key)
 {
-#ifdef HAVE_LIBSODIUM
+#if defined (ZMQ_HAVE_CURVE)
 #   if crypto_box_PUBLICKEYBYTES != 32 \
     || crypto_box_SECRETKEYBYTES != 32
-#       error "libsodium not built correctly"
+#       error "CURVE encryption library not built correctly"
 #   endif
 
     uint8_t public_key [32];
@@ -210,7 +208,7 @@ int zmq_curve_keypair (char *z85_public_key, char *z85_secret_key)
     zmq_z85_encode (z85_secret_key, secret_key, 32);
 
     return 0;
-#else // requires libsodium
+#else
     (void) z85_public_key, (void) z85_secret_key;
     errno = ENOTSUP;
     return -1;

tests/test_capabilities.cpp

@@ -55,7 +55,7 @@ int main (void)
     assert (!zmq_has ("norm"));
 #endif
     
-#if defined (HAVE_LIBSODIUM)
+#if defined (ZMQ_HAVE_CURVE)
     assert (zmq_has ("curve"));
 #else
     assert (!zmq_has ("curve"));

tests/test_security_curve.cpp

@@ -102,11 +102,10 @@ static void zap_handler (void *handler)
 
 int main (void)
 {
-#ifndef HAVE_LIBSODIUM
-    printf ("libsodium not installed, skipping CURVE test\n");
+#ifndef ZMQ_HAVE_CURVE
+    printf ("CURVE encryption not installed, skipping test\n");
     return 0;
 #endif
-
     //  Generate new keypairs for this test
     int rc = zmq_curve_keypair (client_public, client_secret);
     assert (rc == 0);