Solution: added tests for CURVE, add emitting of client-side event in curve_client_t; add ZAP code 300/500 tests for all mechanisms; suppress sending an error message for ZAP code 300
Solution: use check_basic_command_structure in curve_client_t::decode, also prepare other client mechanisms to use that method by rearranging inheritance hierarchy
* Problem: no test case with CURVE encryption and large identity
Solution: added test case (currently crashing)
* Problem: possible buffer overflow in mechanism_t::add_property
Solution: add target buffer length parameter and check the buffer is sufficiently large
* Problem: test cases accidentally excluded from build
Solution: remove #if/#endif
* Problem: possible buffer overruns related to metadata at various locations
Solution: allocate buffer large enough for actual metadata, reduce code duplication
* Problem: syntax error related to pointer type conversion
Solution: change argument type of make_command_with_basic_properties to const char *
* Problem: large metadata may cause an assertion in produce_initiate
Solution: Allow metadata of arbitrary size in produce_initiate
* Extracted connect_vanilla_socket function
* Problem: no tests for ZMTP-CURVE protocol errors
Solution: added two test cases with erroneous HELLO commands
* Problem: insufficient tests for ZMTP-CURVE protocol errors
Solution: added two test cases with erroneous HELLO command version
* Problem: test HELLO message is invalid apart from deliberate errors
Solution: create cryptographically correct HELLO message
add tweetnacl.c to test_security_curve
* Problem: nonce is incorrect, build fails with GCC
Solution: use correct non prefix
* Problem: make builds are failing
Solution: transfer CMake changes to (auto)make files
* Problem: nonce is incorrect, build fails with GCC
Solution: use correct non prefix
* Problem: make builds are failing
Solution: transfer CMake changes to (auto)make files
* Problem: no test with INITIATE command with invalid length
Solution: added test case
* Problem: code duplication between test_security_curve.cpp and curve_client.cpp
Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function
* Problem: code duplication between test_security_curve.cpp and curve_client.cpp
Solution: extracted further parts of zmq::curve_client_t into reusable functions
added missing file
* Problem: mechanism_t::add_property can be declared static
Solution: declare mechanism_t::add_property static
* Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t
Solution: add non-static member functions
* Problem: msg_t instance may be closed twice
Solution: remove offending close
* Problem: prepare_hello uses static curve_client_tools_t::produce_hello
Solution: Use non-static curve_client_tools_t::produce_hello
* Problem: no test with invalid command name where INITIATE command is expected
Solution: added test case
* Problem: make builds are failing due to curve_client_tools.hpp not being found
Solution: add curve_client_tools.hpp to list of source files
* Problem: wrong initializer order in zmq::curve_client_t
Solution: reorder
* Problem: under non-Windows systems, test fails because random_open was not called
Solution: call random_open/random_close within test
* Problem: conflict between custom function htonll and macro definition on Darwin
Solution: define htonll function only if not defined as a macro
* Problem: nullptr not defined on all platforms
Solution: replace nullptr by NULL
* Problem: libsodium builds not working
Solution: adapt compile and link file sets for libsodium builds
* Problem: Makefile.am broken
Solution: Fix syntax
* Problem: no tests for garbage encrypted cookie or content in INITIATE
Solution: added test cases
* Problem: test cases accidentally excluded from build
Solution: remove #if/#endif
* Solution: some error cases are unreachable
Problem: for the time being, added some comments without changing the code
* Added comments on hard-to-test cases
libsodium calls abort() when /dev/urandom can't be found
even if one creates ZeroMQ context before calling chroot()[1].
This happens because crypto gets initialized on handshake,
and at that moment the process is already chroot'ed.
Solution: initialize cryptographic libraries in ctx
randombytes_close() is already there in the destructor.
[1] https://download.libsodium.org/doc/usage/index.html
- they have no copyright / license statement
- they are in some randomish directory structure
- they are a mix of postable and non-portable files
- they do not conform to conditional compile environment
Overall, it makes it rather more work than needed, in build scripts.
Solution: clean up tweetnacl sauce.
- merged code into single tweetnacl.c and .h
- standard copyright header, DJB to AUTHORS
- moved into src/ along with all other source files
- all system and conditional compilation hidden in these files
- thus, they can be compiled and packaged in all cases
- ZMQ_USE_TWEETNACL is set when we're using built-in tweetnacl
- HAVE_LIBSODIUM is set when we're using external libsodium
It's unclear which we need and in the source code, conditional code
treats tweetnacl as a subclass of libsodium, which is inaccurate.
Solution: redesign the configure/cmake API for this:
* tweetnacl is present by default and cannot be enabled
* libsodium can be enabled using --with-libsodium, which replaces
the built-in tweetnacl
* CURVE encryption can be disabled entirely using --enable-curve=no
The macros we define in platform.hpp are:
ZMQ_HAVE_CURVE 1 // When CURVE is enabled
HAVE_LIBSODIUM 1 // When we are using libsodium
HAVE_TWEETNACL 1 // When we're using tweetnacl (default)
As of this patch, the default build of libzmq always has CURVE
security, and always uses tweetnacl.
Of course people still "can" distributed the sources under the
LGPLv3. However we provide COPYING.LESSER with additional grants.
Solution: specify these grants in the header of each source file.
There are two todo comments in curve_client.cpp and curve_server.cpp that suggest
checking the return code of sodium_init() call. sodium_init() returns -1 on error,
0 on success and 1 if it has been called before and is already initalized:
https://github.com/jedisct1/libsodium/blob/master/src/libsodium/sodium/core.c
* The INITIATE command vouch box is Box[C',S](C->S') instead of Box[C'](C->S),
as recommended by https://codesinchaos.wordpress.com/2012/09/09/curvecp-1/,
to reduce the risk of client impersonation.
* Mirrors the change in libcurve and CurveZMQ specifications.
* Command names changed from null terminated to length-specified
* Command frames use the correct flag (bit 2)
* test_stream acts as test case for command frames
* Some code cleanups
- ZMQ_CURVE_PUBLICKEY for clients and servers
- ZMQ_CURVE_SECRETKEY for clients
- ZMQ_CURVE_SERVERKEY for clients
- ZMQ_CURVE_SERVER for servers
- added tools/curve_keygen.c as example
- updated man pages