Commit Graph

45 Commits

Author SHA1 Message Date
Simon Giesecke
e3c73d9881 Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions
Solution: apply and check _lower_case naming style for private data members
2018-05-27 13:24:07 +02:00
Simon Giesecke
12a97bb769 Problem: redundant else after return
Solution: remove else
2018-05-26 09:34:45 +02:00
Simon Giesecke
c581f43c97 Problem: parameter naming style inconsistent
Solution: define and apply parameter naming style: lower_case_
2018-05-26 09:34:44 +02:00
Simon Giesecke
4e616f30dd Problem: C-style casts used
Solution: replace by C++-style casts
2018-05-18 17:04:01 +02:00
sigiesec
41f459e1dc Problem: formatting inconsistent
Solution: applied clang-format
2018-02-02 15:47:43 +01:00
sigiesec
bd0675b93f Problem: no tests for client-side events for successful handshake and authentication failure in handshake
Solution: added tests for CURVE, add emitting of client-side event in curve_client_t; add ZAP code 300/500 tests for all mechanisms; suppress sending an error message for ZAP code 300
2017-08-20 22:45:14 +02:00
sigiesec
301f3c70c2 Problem: code duplication between curve_client_t and curve_server_t decode and encode
Solution: extracted common base class curve_mechanism_base_t
2017-08-18 11:34:22 +02:00
sigiesec
c66ae4656f Problem: curve_client_t may emit misleading event on bad data processed by curve_client_t::decode
Solution: use check_basic_command_structure in curve_client_t::decode, also prepare other client mechanisms to use that method by rearranging inheritance hierarchy
2017-08-18 10:04:58 +02:00
sigiesec
e22ca065d6 Problem: curve_client_t does not emit handshake failure events
Solution: add handshake failure events to curve_client_t
2017-08-18 09:18:06 +02:00
Simon Giesecke
4a18f6204c Problem: Possible buffer overruns related to metadata in various mechanisms (#2683)
* Problem: no test case with CURVE encryption and large identity

Solution: added test case (currently crashing)

* Problem: possible buffer overflow in mechanism_t::add_property

Solution: add target buffer length parameter and check the buffer is sufficiently large

* Problem: test cases accidentally excluded from build

Solution: remove #if/#endif

* Problem: possible buffer overruns related to metadata at various locations

Solution: allocate buffer large enough for actual metadata, reduce code duplication

* Problem: syntax error related to pointer type conversion

Solution: change argument type of make_command_with_basic_properties to const char *

* Problem: large metadata may cause an assertion in produce_initiate

Solution: Allow metadata of arbitrary size in produce_initiate
2017-08-15 18:42:31 +01:00
Simon Giesecke
d5e4319edc [WIP, do not merge] Problem: insufficient tests for ZMTP-CURVE protocol errors (#2680)
* Extracted connect_vanilla_socket function

* Problem: no tests for ZMTP-CURVE protocol errors

Solution: added two test cases with erroneous HELLO commands

* Problem: insufficient tests for ZMTP-CURVE protocol errors

Solution: added two test cases with erroneous HELLO command version

* Problem: test HELLO message is invalid apart from deliberate errors

Solution: create cryptographically correct HELLO message
add tweetnacl.c to test_security_curve

* Problem: nonce is incorrect, build fails with GCC

Solution: use correct non prefix

* Problem: make builds are failing

Solution: transfer CMake changes to (auto)make files

* Problem: nonce is incorrect, build fails with GCC

Solution: use correct non prefix

* Problem: make builds are failing

Solution: transfer CMake changes to (auto)make files

* Problem: no test with INITIATE command with invalid length

Solution: added test case

* Problem: code duplication between test_security_curve.cpp and curve_client.cpp

Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function

* Problem: code duplication between test_security_curve.cpp and curve_client.cpp

Solution: extracted further parts of zmq::curve_client_t into reusable functions
added missing file

* Problem: mechanism_t::add_property can be declared static

Solution: declare mechanism_t::add_property static

* Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t

Solution: add non-static member functions

* Problem: msg_t instance may be closed twice

Solution: remove offending close

* Problem: prepare_hello uses static curve_client_tools_t::produce_hello

Solution: Use non-static curve_client_tools_t::produce_hello

* Problem: no test with invalid command name where INITIATE command is expected

Solution: added test case

* Problem: make builds are failing due to curve_client_tools.hpp not being found

Solution: add curve_client_tools.hpp to list of source files

* Problem: wrong initializer order in zmq::curve_client_t

Solution: reorder

* Problem: under non-Windows systems, test fails because random_open was not called

Solution: call random_open/random_close within test

* Problem: conflict between custom function htonll and macro definition on Darwin

Solution: define htonll function only if not defined as a macro

* Problem: nullptr not defined on all platforms

Solution: replace nullptr by NULL

* Problem: libsodium builds not working

Solution: adapt compile and link file sets for libsodium builds

* Problem: Makefile.am broken

Solution: Fix syntax

* Problem: no tests for garbage encrypted cookie or content in INITIATE

Solution: added test cases

* Problem: test cases accidentally excluded from build

Solution: remove #if/#endif

* Solution: some error cases are unreachable

Problem: for the time being, added some comments without changing the code

* Added comments on hard-to-test cases
2017-08-15 15:28:24 +01:00
Simon Giesecke
9949965717 Problem: Property names are duplicated at several places
Solution: Define them in zmq.h and use them (currently in DRAFT API)
2017-08-04 10:33:51 +02:00
evoskuil
2b798e486a Problem: name conflicts from windows.h, draft API declared in pch. 2016-05-13 20:41:26 -07:00
Nikolay Edigaryev
884e00cb4a Problem: CURVE mechanism is unusable with chroot()
libsodium calls abort() when /dev/urandom can't be found
even if one creates ZeroMQ context before calling chroot()[1].

This happens because crypto gets initialized on handshake,
and at that moment the process is already chroot'ed.

Solution: initialize cryptographic libraries in ctx

randombytes_close() is already there in the destructor.

[1] https://download.libsodium.org/doc/usage/index.html
2016-03-30 03:45:12 +05:00
Pieter Hintjens
5b7bf7509f Problem: can't be sure crypto_box always returns 0
Libsodium has started returning -1 in some cases.

Solution: allow and handle error returns from these calls.

Fixes #1831
2016-03-01 15:01:23 +01:00
Osiris
4a5af9d58b Problem: Precompiled headers not being used
Solution: Phase I - make precompiled.hpp be first file included in every source file
2016-02-18 10:56:52 -06:00
Pieter Hintjens
f8ed793f76 Problem: tweetnacl sources are a mess
- they have no copyright / license statement
- they are in some randomish directory structure
- they are a mix of postable and non-portable files
- they do not conform to conditional compile environment

Overall, it makes it rather more work than needed, in build scripts.

Solution: clean up tweetnacl sauce.

- merged code into single tweetnacl.c and .h
- standard copyright header, DJB to AUTHORS
- moved into src/ along with all other source files
- all system and conditional compilation hidden in these files
- thus, they can be compiled and packaged in all cases
- ZMQ_USE_TWEETNACL is set when we're using built-in tweetnacl
- HAVE_LIBSODIUM is set when we're using external libsodium
2016-02-11 18:06:07 +01:00
Pieter Hintjens
b49a60410a Problem: use of libsodium vs. tweetnacl is confused
It's unclear which we need and in the source code, conditional code
treats tweetnacl as a subclass of libsodium, which is inaccurate.

Solution: redesign the configure/cmake API for this:

* tweetnacl is present by default and cannot be enabled
* libsodium can be enabled using --with-libsodium, which replaces
  the built-in tweetnacl
* CURVE encryption can be disabled entirely using --enable-curve=no

The macros we define in platform.hpp are:

    ZMQ_HAVE_CURVE    1        //  When CURVE is enabled
    HAVE_LIBSODIUM    1        //  When we are using libsodium
    HAVE_TWEETNACL    1        //  When we're using tweetnacl (default)

As of this patch, the default build of libzmq always has CURVE
security, and always uses tweetnacl.
2016-02-11 13:32:01 +01:00
Constantin Rack
a539b0c6e8 Problem: copyright year is still 2015
Solution: update to 2016
2016-01-28 15:07:31 +01:00
Jonathan Reams
cbb3b176a6 Add ZMTP heartbeats
This commit adds ZMTP connection heartbeats described in
http://rfc.zeromq.org/spec:37/ZMTP.
2015-06-24 13:24:53 -04:00
Pieter Hintjens
8620c3e032 Problem: source file headers are somewhat confusing about LGPLv3
Of course people still "can" distributed the sources under the
LGPLv3. However we provide COPYING.LESSER with additional grants.

Solution: specify these grants in the header of each source file.
2015-06-02 22:33:55 +02:00
Pieter Hintjens
94d9a4ffdf Problem: copyright statements are out of date
Solution: update for 2015

Fixes #1320
2015-01-22 10:32:37 +01:00
Constantin Rack
479db21136 Problem: return code of sodium_init() is not checked.
There are two todo comments in curve_client.cpp and curve_server.cpp that suggest
checking the return code of sodium_init() call. sodium_init() returns -1 on error,
0 on success and 1 if it has been called before and is already initalized:
https://github.com/jedisct1/libsodium/blob/master/src/libsodium/sodium/core.c
2014-11-08 10:50:17 +01:00
Matthew Hawn
0900a48921 Problem: curve messages can be replayed
Solution: ensure message short nonces are strictly increasing and validate them
2014-09-19 18:07:57 -06:00
Martin Hurton
0750303bfe CURVE: Implement client-side ERROR handling 2014-05-15 06:39:45 +02:00
Frank
b846f3075c ws 2014-05-09 00:07:02 +02:00
Frank
8962b7de45 removed return code check for now, got -1 in test_security_curve. 2014-05-09 00:04:20 +02:00
Frank
05ab9a848f find libsodium with cmake 2014-05-09 00:04:19 +02:00
Frank
2cdfa1fff3 initialize libsodium and tweetnacl 2014-05-09 00:04:19 +02:00
Martin Hurton
0be8144176 Update mechanism API so we can check for ERROR status 2014-05-06 17:08:56 +02:00
Pieter Hintjens
84ed81c014 Added test_metadata
- also prioritize ZAP metadata over ZMTP metadata in case application
  uses same names.
2014-05-02 22:21:50 +02:00
Frank
e5a294ec02 tweetnacl integration 2014-05-01 21:30:02 +02:00
Pieter Hintjens
b3b9e046ee Updated copyright statements for 2014 2014-01-02 12:00:57 +01:00
Pieter Hintjens
82149dde19 Updated libzmq CURVE to track RFC 27
* The INITIATE command vouch box is Box[C',S](C->S') instead of Box[C'](C->S),
  as recommended by https://codesinchaos.wordpress.com/2012/09/09/curvecp-1/,
  to reduce the risk of client impersonation.

* Mirrors the change in libcurve and CurveZMQ specifications.
2013-09-24 15:31:10 +02:00
Pieter Hintjens
825052f83f Revert "makes curve keys symetric as in libcurve + factorisation"
This reverts commit bfd472f97c.
2013-09-17 14:05:55 +02:00
Laurent Alebarde
bfd472f97c makes curve keys symetric as in libcurve + factorisation 2013-09-17 12:44:14 +02:00
Pieter Hintjens
28b0a5fa27 Updated libzmq to match RFC 23, 24, 25, 26
* Command names changed from null terminated to length-specified
* Command frames use the correct flag (bit 2)
* test_stream acts as test case for command frames
* Some code cleanups
2013-09-04 17:59:45 +02:00
Martin Hurton
783bb890a9 Check socket types during mechanism handshake 2013-07-01 10:12:08 +02:00
Pieter Hintjens
7832addd20 Updated security mechanisms to use variable-length commands
RFC23, RFC24, RFC26 now use variable-length command names that
end in null octet (valid C strings) instead of fixed-length
space padded strings.
2013-06-28 11:42:54 +02:00
Martin Hurton
b12be41736 Rename parse_properties to parse_metadata 2013-06-23 09:01:52 +02:00
Martin Hurton
99d4974580 Refactor how properties are parsed 2013-06-22 19:02:08 +02:00
Martin Hurton
e4a211870c Implement CurveZMQ message encryption and authentication 2013-06-22 11:46:40 +02:00
Martin Hurton
20a7978d67 Stop ZMTP handshake when an unexpected message comes 2013-06-22 08:12:11 +02:00
Pieter Hintjens
d9bb16725e Added options for CURVE security
- ZMQ_CURVE_PUBLICKEY for clients and servers
- ZMQ_CURVE_SECRETKEY for clients
- ZMQ_CURVE_SERVERKEY for clients
- ZMQ_CURVE_SERVER for servers
- added tools/curve_keygen.c as example
- updated man pages
2013-06-20 18:09:12 +02:00
Martin Hurton
37b99c0b4b Implement ZMTP/3.0 CURVE handshake 2013-06-20 13:36:12 +02:00