3party/libzmq
0
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2024-12-29 00:32:34 +08:00
Code Issues Projects Releases Wiki Activity
libzmq/src/curve_server.cpp

507 lines
18 KiB
C++
Raw Normal View History

Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
/*
Problem: copyright year is still 2015 Solution: update to 2016
2016-01-28 15:07:31 +01:00
Copyright (c) 2007-2016 Contributors as noted in the AUTHORS file
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Problem: source file headers are somewhat confusing about LGPLv3 Of course people still "can" distributed the sources under the LGPLv3. However we provide COPYING.LESSER with additional grants. Solution: specify these grants in the header of each source file.
2015-06-02 22:33:55 +02:00
This file is part of libzmq, the ZeroMQ core engine in C++.
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Problem: source file headers are somewhat confusing about LGPLv3 Of course people still "can" distributed the sources under the LGPLv3. However we provide COPYING.LESSER with additional grants. Solution: specify these grants in the header of each source file.
2015-06-02 22:33:55 +02:00
libzmq is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License (LGPL) as published
by the Free Software Foundation; either version 3 of the License, or
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
(at your option) any later version.
Problem: source file headers are somewhat confusing about LGPLv3 Of course people still "can" distributed the sources under the LGPLv3. However we provide COPYING.LESSER with additional grants. Solution: specify these grants in the header of each source file.
2015-06-02 22:33:55 +02:00
As a special exception, the Contributors give you permission to link
this library with independent modules to produce an executable,
regardless of the license terms of these independent modules, and to
copy and distribute the resulting executable under terms of your choice,
provided that you also meet, for each linked independent module, the
terms and conditions of the license of that module. An independent
module is a module which is not derived from or based on this library.
If you modify this library, you must extend this exception to your
version of the library.
libzmq is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
Problem: Precompiled headers not being used Solution: Phase I - make precompiled.hpp be first file included in every source file
2016-02-18 10:56:52 -06:00
#include "precompiled.hpp"
#include "macros.hpp"
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Problem: use of libsodium vs. tweetnacl is confused It's unclear which we need and in the source code, conditional code treats tweetnacl as a subclass of libsodium, which is inaccurate. Solution: redesign the configure/cmake API for this: * tweetnacl is present by default and cannot be enabled * libsodium can be enabled using --with-libsodium, which replaces the built-in tweetnacl * CURVE encryption can be disabled entirely using --enable-curve=no The macros we define in platform.hpp are: ZMQ_HAVE_CURVE 1 // When CURVE is enabled HAVE_LIBSODIUM 1 // When we are using libsodium HAVE_TWEETNACL 1 // When we're using tweetnacl (default) As of this patch, the default build of libzmq always has CURVE security, and always uses tweetnacl.
2016-02-11 13:32:01 +01:00
#ifdef ZMQ_HAVE_CURVE
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
#include "msg.hpp"
#include "session_base.hpp"
#include "err.hpp"
#include "curve_server.hpp"
#include "wire.hpp"
zmq::curve_server_t::curve_server_t (session_base_t *session_,
Update CURVE mechanism to the latest ZAP revision
2013-07-18 09:39:19 +02:00
const std::string &peer_address_,
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
const options_t &options_) :
Problem: curve_client_t may emit misleading event on bad data processed by curve_client_t::decode Solution: use check_basic_command_structure in curve_client_t::decode, also prepare other client mechanisms to use that method by rearranging inheritance hierarchy
2017-08-18 10:04:58 +02:00
mechanism_base_t (session_, options_),
Problem: zap_msg_available duplicated between curve_server_t and plain_server_t (with deviating behaviour) Solution: pull up into zap_client_common_handshake_t, along with handle_zap_status_code and error_detail/current_error_detail
2017-08-16 15:48:59 +02:00
zap_client_common_handshake_t (
session_, peer_address_, options_, sending_ready),
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t
2017-08-18 11:34:22 +02:00
curve_mechanism_base_t (
session_, options_, "CurveZMQMESSAGES", "CurveZMQMESSAGEC")
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
{
Problem: return code of sodium_init() is not checked. There are two todo comments in curve_client.cpp and curve_server.cpp that suggest checking the return code of sodium_init() call. sodium_init() returns -1 on error, 0 on success and 1 if it has been called before and is already initalized: https://github.com/jedisct1/libsodium/blob/master/src/libsodium/sodium/core.c
2014-11-08 10:50:17 +01:00
int rc;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Fetch our secret key from socket options
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
memcpy (_secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Revert "makes curve keys symetric as in libcurve + factorisation" This reverts commit bfd472f97cad5e37fa384b687a906f515600bac4.
2013-09-17 14:05:55 +02:00
// Generate short-term key pair
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
rc = crypto_box_keypair (_cn_public, _cn_secret);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
zmq_assert (rc == 0);
}
zmq::curve_server_t::~curve_server_t ()
{
}
Updated libzmq to match RFC 23, 24, 25, 26 * Command names changed from null terminated to length-specified * Command frames use the correct flag (bit 2) * test_stream acts as test case for command frames * Some code cleanups
2013-09-04 17:59:45 +02:00
int zmq::curve_server_t::next_handshake_command (msg_t *msg_)
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
{
int rc = 0;
switch (state) {
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
case sending_welcome:
Updated libzmq to match RFC 23, 24, 25, 26 * Command names changed from null terminated to length-specified * Command frames use the correct flag (bit 2) * test_stream acts as test case for command frames * Some code cleanups
2013-09-04 17:59:45 +02:00
rc = produce_welcome (msg_);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
if (rc == 0)
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
state = waiting_for_initiate;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
break;
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
case sending_ready:
Updated libzmq to match RFC 23, 24, 25, 26 * Command names changed from null terminated to length-specified * Command frames use the correct flag (bit 2) * test_stream acts as test case for command frames * Some code cleanups
2013-09-04 17:59:45 +02:00
rc = produce_ready (msg_);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
if (rc == 0)
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
state = ready;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
break;
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
case sending_error:
CURVE: Implement server-side ERROR handling
2014-05-16 07:25:29 +02:00
rc = produce_error (msg_);
if (rc == 0)
state = error_sent;
break;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
default:
errno = EAGAIN;
rc = -1;
break;
}
return rc;
}
Updated libzmq to match RFC 23, 24, 25, 26 * Command names changed from null terminated to length-specified * Command frames use the correct flag (bit 2) * test_stream acts as test case for command frames * Some code cleanups
2013-09-04 17:59:45 +02:00
int zmq::curve_server_t::process_handshake_command (msg_t *msg_)
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
{
int rc = 0;
switch (state) {
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
case waiting_for_hello:
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
rc = process_hello (msg_);
break;
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
case waiting_for_initiate:
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
rc = process_initiate (msg_);
break;
default:
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
// TODO I think this is not a case reachable with a misbehaving
// client. It is not an "invalid handshake command", but would be
// trying to process a handshake command in an invalid state,
// which is purely under control of this peer.
[WIP, do not merge] Problem: insufficient tests for ZMTP-CURVE protocol errors (#2680) * Extracted connect_vanilla_socket function * Problem: no tests for ZMTP-CURVE protocol errors Solution: added two test cases with erroneous HELLO commands * Problem: insufficient tests for ZMTP-CURVE protocol errors Solution: added two test cases with erroneous HELLO command version * Problem: test HELLO message is invalid apart from deliberate errors Solution: create cryptographically correct HELLO message add tweetnacl.c to test_security_curve * Problem: nonce is incorrect, build fails with GCC Solution: use correct non prefix * Problem: make builds are failing Solution: transfer CMake changes to (auto)make files * Problem: nonce is incorrect, build fails with GCC Solution: use correct non prefix * Problem: make builds are failing Solution: transfer CMake changes to (auto)make files * Problem: no test with INITIATE command with invalid length Solution: added test case * Problem: code duplication between test_security_curve.cpp and curve_client.cpp Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function * Problem: code duplication between test_security_curve.cpp and curve_client.cpp Solution: extracted further parts of zmq::curve_client_t into reusable functions added missing file * Problem: mechanism_t::add_property can be declared static Solution: declare mechanism_t::add_property static * Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t Solution: add non-static member functions * Problem: msg_t instance may be closed twice Solution: remove offending close * Problem: prepare_hello uses static curve_client_tools_t::produce_hello Solution: Use non-static curve_client_tools_t::produce_hello * Problem: no test with invalid command name where INITIATE command is expected Solution: added test case * Problem: make builds are failing due to curve_client_tools.hpp not being found Solution: add curve_client_tools.hpp to list of source files * Problem: wrong initializer order in zmq::curve_client_t Solution: reorder * Problem: under non-Windows systems, test fails because random_open was not called Solution: call random_open/random_close within test * Problem: conflict between custom function htonll and macro definition on Darwin Solution: define htonll function only if not defined as a macro * Problem: nullptr not defined on all platforms Solution: replace nullptr by NULL * Problem: libsodium builds not working Solution: adapt compile and link file sets for libsodium builds * Problem: Makefile.am broken Solution: Fix syntax * Problem: no tests for garbage encrypted cookie or content in INITIATE Solution: added test cases * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Solution: some error cases are unreachable Problem: for the time being, added some comments without changing the code * Added comments on hard-to-test cases
2017-08-15 16:28:24 +02:00
// Therefore, it should be changed to zmq_assert (false);
Replace console output by monitoring events for curve security issues (#2645) * Fixing #2002 one way of doing it * Mechanisms can implement a new method `error_detail()` * This error detail have three values for the moment: no_detail (default), protocol, encryption. + generic enough to make sense for all mechanisms. - low granularity level on information. * Fixing #2002: implementation of the error details The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details as value. * Removed Microsoft extenstion for enum member access This was leading to compilation error under linux. * Adaptation of CURVE test cases * Monitoring event: changed API for detailed events Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by: - ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL, - ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, - ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION Adaptation of text case `security_curve` * Removed event value comparison This was introduced for the previous API model adaptation * Removed the prints in std output and added missing details `current_error_detail` was not set in every protocol error cases * Fixed initialization of current_error_detail * Fixed error in greeting test case The handshake failure due to mechanism mismatch in greeting is actually a protocol error. The error handling method consider it like so and send a protocol handshake failure monitoring event instead of no_detail. Fixed the test_security_curve expectation as well. * Upgraded tests of monitoring events The tests check the number of monitoring events received * Problem: does not build under Linux or without ZMQ_DRAFT_API Solution: - properly use ZMQ_DRAFT_API conditional compilation - use receive timeouts instead of Sleep * Problem: duplicate definition of variable 'timeout' Solution: merged definitions * Problem: inconsistent timing dependencies Solution: reduce timing dependency by using timeouts at more places * Problem: assertion failure under Linux due to unexpected monitor event Solution: output event type to aid debugging * Problem: erroneous assertion code * Problem: assertion failure with a garbage server key due to an extra third event Solution: changed assertion to expect three events (needs to be checked) * Problem: extra include directive to non-existent file Solution: removed include directive * Problem: assertion failure on appveyor for unknown reason Solution: improve debug output * Problem: no build with libsodium and draft api Solution: add build configurations with libsodium and draft api * Problem: assertion failure on CI Solution: change assertion to reflect actual behaviour on CI (at least temporarily) * Problem: error in condition in assertion code * Problem: assertion failure on CI Solution: generalize assertion to match behavior on CI * Problem: assertion failures on CI Solution: removed inconsistent assertion on no monitor events before flushing improved debuggability by converting function into macro * Problem: diverging test code for three analogous test cases with garbage key Solution: extract common code into function * Problem: does not build without ZMQ_BUILD_DRAFT_API Solution: introduce dummy variable * Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again * Problem: EAGAIN error after handshake complete if there is no more data in inbuffer Solution: Skip tcp_read attempt in that case * Problem: handshaking event emitted after handshaking failed Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking * Include error code in debug output * Improve debugging output: output flushed events * Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP * Fixed compilation without ZMQ_BUILD_DRAFT_API * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Fixed assert_monitor_event (require event instead of allowing no event) Reverted erroneous change to handshaking condition Renamed test_wrong_key to test_garbage_key Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE * Better isolate test cases from each other by providing a fresh context & server for each * Added diagnostic output * Changed assertion to reflect actual behavior on CI * Fixed formatting, observe maximum line length * Fixed formatting, observe maximum line length * Increase timeout to check if this fixes valgrind run * Close server with close_zero_linger * Increase timeout to check if this fixes valgrind run * Increase timeout to check if this fixes valgrind run * Generalize assertion to also work with valgrind * Fixed formatting * Add more diagnostic output * Generalize assertion to also work with valgrind
2017-08-03 15:15:56 +02:00
// CURVE I: invalid handshake command
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_UNSPECIFIED);
Stop ZMTP handshake when an unexpected message comes
2013-06-22 08:11:55 +02:00
errno = EPROTO;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
rc = -1;
break;
}
if (rc == 0) {
rc = msg_->close ();
errno_assert (rc == 0);
rc = msg_->init ();
errno_assert (rc == 0);
}
return rc;
}
Implement CurveZMQ message encryption and authentication
2013-06-22 11:46:40 +02:00
int zmq::curve_server_t::encode (msg_t *msg_)
{
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
zmq_assert (state == ready);
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t
2017-08-18 11:34:22 +02:00
return curve_mechanism_base_t::encode (msg_);
Implement CurveZMQ message encryption and authentication
2013-06-22 11:46:40 +02:00
}
int zmq::curve_server_t::decode (msg_t *msg_)
{
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
zmq_assert (state == ready);
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t
2017-08-18 11:34:22 +02:00
return curve_mechanism_base_t::decode (msg_);
Implement CurveZMQ message encryption and authentication
2013-06-22 11:46:40 +02:00
}
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
int zmq::curve_server_t::process_hello (msg_t *msg_)
{
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
int rc = check_basic_command_structure (msg_);
if (rc == -1)
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
return -1;
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
Problem: console output for PLAIN protocol errors Solution: emit socket monitor events for PLAIN protocol errors (like CURVE)
2017-08-17 18:16:31 +02:00
const size_t size = msg_->size ();
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
const uint8_t *const hello = static_cast<uint8_t *> (msg_->data ());
Problem: console output for PLAIN protocol errors Solution: emit socket monitor events for PLAIN protocol errors (like CURVE)
2017-08-17 18:16:31 +02:00
if (size < 6 || memcmp (hello, "\x05HELLO", 6)) {
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_UNEXPECTED_COMMAND);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno = EPROTO;
return -1;
}
Problem: console output for PLAIN protocol errors Solution: emit socket monitor events for PLAIN protocol errors (like CURVE)
2017-08-17 18:16:31 +02:00
if (size != 200) {
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
session->get_endpoint (),
ZMQ_PROTOCOL_ERROR_ZMTP_MALFORMED_COMMAND_HELLO);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno = EPROTO;
return -1;
}
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
const uint8_t major = hello[6];
const uint8_t minor = hello[7];
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
if (major != 1 || minor != 0) {
Replace console output by monitoring events for curve security issues (#2645) * Fixing #2002 one way of doing it * Mechanisms can implement a new method `error_detail()` * This error detail have three values for the moment: no_detail (default), protocol, encryption. + generic enough to make sense for all mechanisms. - low granularity level on information. * Fixing #2002: implementation of the error details The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details as value. * Removed Microsoft extenstion for enum member access This was leading to compilation error under linux. * Adaptation of CURVE test cases * Monitoring event: changed API for detailed events Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by: - ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL, - ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, - ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION Adaptation of text case `security_curve` * Removed event value comparison This was introduced for the previous API model adaptation * Removed the prints in std output and added missing details `current_error_detail` was not set in every protocol error cases * Fixed initialization of current_error_detail * Fixed error in greeting test case The handshake failure due to mechanism mismatch in greeting is actually a protocol error. The error handling method consider it like so and send a protocol handshake failure monitoring event instead of no_detail. Fixed the test_security_curve expectation as well. * Upgraded tests of monitoring events The tests check the number of monitoring events received * Problem: does not build under Linux or without ZMQ_DRAFT_API Solution: - properly use ZMQ_DRAFT_API conditional compilation - use receive timeouts instead of Sleep * Problem: duplicate definition of variable 'timeout' Solution: merged definitions * Problem: inconsistent timing dependencies Solution: reduce timing dependency by using timeouts at more places * Problem: assertion failure under Linux due to unexpected monitor event Solution: output event type to aid debugging * Problem: erroneous assertion code * Problem: assertion failure with a garbage server key due to an extra third event Solution: changed assertion to expect three events (needs to be checked) * Problem: extra include directive to non-existent file Solution: removed include directive * Problem: assertion failure on appveyor for unknown reason Solution: improve debug output * Problem: no build with libsodium and draft api Solution: add build configurations with libsodium and draft api * Problem: assertion failure on CI Solution: change assertion to reflect actual behaviour on CI (at least temporarily) * Problem: error in condition in assertion code * Problem: assertion failure on CI Solution: generalize assertion to match behavior on CI * Problem: assertion failures on CI Solution: removed inconsistent assertion on no monitor events before flushing improved debuggability by converting function into macro * Problem: diverging test code for three analogous test cases with garbage key Solution: extract common code into function * Problem: does not build without ZMQ_BUILD_DRAFT_API Solution: introduce dummy variable * Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again * Problem: EAGAIN error after handshake complete if there is no more data in inbuffer Solution: Skip tcp_read attempt in that case * Problem: handshaking event emitted after handshaking failed Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking * Include error code in debug output * Improve debugging output: output flushed events * Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP * Fixed compilation without ZMQ_BUILD_DRAFT_API * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Fixed assert_monitor_event (require event instead of allowing no event) Reverted erroneous change to handshaking condition Renamed test_wrong_key to test_garbage_key Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE * Better isolate test cases from each other by providing a fresh context & server for each * Added diagnostic output * Changed assertion to reflect actual behavior on CI * Fixed formatting, observe maximum line length * Fixed formatting, observe maximum line length * Increase timeout to check if this fixes valgrind run * Close server with close_zero_linger * Increase timeout to check if this fixes valgrind run * Increase timeout to check if this fixes valgrind run * Generalize assertion to also work with valgrind * Fixed formatting * Add more diagnostic output * Generalize assertion to also work with valgrind
2017-08-03 15:15:56 +02:00
// CURVE I: client HELLO has unknown version number
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
session->get_endpoint (),
ZMQ_PROTOCOL_ERROR_ZMTP_MALFORMED_COMMAND_HELLO);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno = EPROTO;
return -1;
}
Revert "makes curve keys symetric as in libcurve + factorisation" This reverts commit bfd472f97cad5e37fa384b687a906f515600bac4.
2013-09-17 14:05:55 +02:00
// Save client's short-term public key (C')
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
memcpy (_cn_client, hello + 80, 32);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
uint8_t hello_nonce[crypto_box_NONCEBYTES];
uint8_t hello_plaintext[crypto_box_ZEROBYTES + 64];
uint8_t hello_box[crypto_box_BOXZEROBYTES + 80];
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
memcpy (hello_nonce, "CurveZMQHELLO---", 16);
memcpy (hello_nonce + 16, hello + 112, 8);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
cn_peer_nonce = get_uint64 (hello + 112);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
memset (hello_box, 0, crypto_box_BOXZEROBYTES);
memcpy (hello_box + crypto_box_BOXZEROBYTES, hello + 120, 80);
// Open Box [64 * %x0](C'->S)
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
rc = crypto_box_open (hello_plaintext, hello_box, sizeof hello_box,
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
hello_nonce, _cn_client, _secret_key);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
if (rc != 0) {
Replace console output by monitoring events for curve security issues (#2645) * Fixing #2002 one way of doing it * Mechanisms can implement a new method `error_detail()` * This error detail have three values for the moment: no_detail (default), protocol, encryption. + generic enough to make sense for all mechanisms. - low granularity level on information. * Fixing #2002: implementation of the error details The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details as value. * Removed Microsoft extenstion for enum member access This was leading to compilation error under linux. * Adaptation of CURVE test cases * Monitoring event: changed API for detailed events Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by: - ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL, - ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, - ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION Adaptation of text case `security_curve` * Removed event value comparison This was introduced for the previous API model adaptation * Removed the prints in std output and added missing details `current_error_detail` was not set in every protocol error cases * Fixed initialization of current_error_detail * Fixed error in greeting test case The handshake failure due to mechanism mismatch in greeting is actually a protocol error. The error handling method consider it like so and send a protocol handshake failure monitoring event instead of no_detail. Fixed the test_security_curve expectation as well. * Upgraded tests of monitoring events The tests check the number of monitoring events received * Problem: does not build under Linux or without ZMQ_DRAFT_API Solution: - properly use ZMQ_DRAFT_API conditional compilation - use receive timeouts instead of Sleep * Problem: duplicate definition of variable 'timeout' Solution: merged definitions * Problem: inconsistent timing dependencies Solution: reduce timing dependency by using timeouts at more places * Problem: assertion failure under Linux due to unexpected monitor event Solution: output event type to aid debugging * Problem: erroneous assertion code * Problem: assertion failure with a garbage server key due to an extra third event Solution: changed assertion to expect three events (needs to be checked) * Problem: extra include directive to non-existent file Solution: removed include directive * Problem: assertion failure on appveyor for unknown reason Solution: improve debug output * Problem: no build with libsodium and draft api Solution: add build configurations with libsodium and draft api * Problem: assertion failure on CI Solution: change assertion to reflect actual behaviour on CI (at least temporarily) * Problem: error in condition in assertion code * Problem: assertion failure on CI Solution: generalize assertion to match behavior on CI * Problem: assertion failures on CI Solution: removed inconsistent assertion on no monitor events before flushing improved debuggability by converting function into macro * Problem: diverging test code for three analogous test cases with garbage key Solution: extract common code into function * Problem: does not build without ZMQ_BUILD_DRAFT_API Solution: introduce dummy variable * Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again * Problem: EAGAIN error after handshake complete if there is no more data in inbuffer Solution: Skip tcp_read attempt in that case * Problem: handshaking event emitted after handshaking failed Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking * Include error code in debug output * Improve debugging output: output flushed events * Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP * Fixed compilation without ZMQ_BUILD_DRAFT_API * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Fixed assert_monitor_event (require event instead of allowing no event) Reverted erroneous change to handshaking condition Renamed test_wrong_key to test_garbage_key Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE * Better isolate test cases from each other by providing a fresh context & server for each * Added diagnostic output * Changed assertion to reflect actual behavior on CI * Fixed formatting, observe maximum line length * Fixed formatting, observe maximum line length * Increase timeout to check if this fixes valgrind run * Close server with close_zero_linger * Increase timeout to check if this fixes valgrind run * Increase timeout to check if this fixes valgrind run * Generalize assertion to also work with valgrind * Fixed formatting * Add more diagnostic output * Generalize assertion to also work with valgrind
2017-08-03 15:15:56 +02:00
// CURVE I: cannot open client HELLO -- wrong server key?
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC);
Problem: assert used for ZAP error handling aborts process.
2017-03-29 10:43:56 -07:00
errno = EPROTO;
Code formatting + reverted hard error handshake fail - Moved new events in draft section + added to zmq_draft.h - Removed the remainning tabs - Reverted the hard error (back to soft error) in curve_server.cpp => The feature doesn't works anymore
2016-12-30 18:26:56 +01:00
return -1;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
}
Problem: assert used for ZAP error handling aborts process.
2017-03-29 10:43:56 -07:00
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
state = sending_welcome;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
return rc;
}
Updated libzmq to match RFC 23, 24, 25, 26 * Command names changed from null terminated to length-specified * Command frames use the correct flag (bit 2) * test_stream acts as test case for command frames * Some code cleanups
2013-09-04 17:59:45 +02:00
int zmq::curve_server_t::produce_welcome (msg_t *msg_)
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
{
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
uint8_t cookie_nonce[crypto_secretbox_NONCEBYTES];
uint8_t cookie_plaintext[crypto_secretbox_ZEROBYTES + 64];
uint8_t cookie_ciphertext[crypto_secretbox_BOXZEROBYTES + 80];
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Create full nonce for encryption
// 8-byte prefix plus 16-byte random nonce
memcpy (cookie_nonce, "COOKIE--", 8);
randombytes (cookie_nonce + 8, 16);
// Generate cookie = Box [C' + s'](t)
memset (cookie_plaintext, 0, crypto_secretbox_ZEROBYTES);
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
memcpy (cookie_plaintext + crypto_secretbox_ZEROBYTES, _cn_client, 32);
memcpy (cookie_plaintext + crypto_secretbox_ZEROBYTES + 32, _cn_secret, 32);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Generate fresh cookie key
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
randombytes (_cookie_key, crypto_secretbox_KEYBYTES);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Encrypt using symmetric cookie key
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
int rc =
crypto_secretbox (cookie_ciphertext, cookie_plaintext,
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
sizeof cookie_plaintext, cookie_nonce, _cookie_key);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
zmq_assert (rc == 0);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
uint8_t welcome_nonce[crypto_box_NONCEBYTES];
uint8_t welcome_plaintext[crypto_box_ZEROBYTES + 128];
uint8_t welcome_ciphertext[crypto_box_BOXZEROBYTES + 144];
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Create full nonce for encryption
// 8-byte prefix plus 16-byte random nonce
memcpy (welcome_nonce, "WELCOME-", 8);
randombytes (welcome_nonce + 8, crypto_box_NONCEBYTES - 8);
// Create 144-byte Box [S' + cookie](S->C')
memset (welcome_plaintext, 0, crypto_box_ZEROBYTES);
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
memcpy (welcome_plaintext + crypto_box_ZEROBYTES, _cn_public, 32);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
memcpy (welcome_plaintext + crypto_box_ZEROBYTES + 32, cookie_nonce + 8,
16);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
memcpy (welcome_plaintext + crypto_box_ZEROBYTES + 48,
cookie_ciphertext + crypto_secretbox_BOXZEROBYTES, 80);
rc = crypto_box (welcome_ciphertext, welcome_plaintext,
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
sizeof welcome_plaintext, welcome_nonce, _cn_client,
_secret_key);
[WIP, do not merge] Problem: insufficient tests for ZMTP-CURVE protocol errors (#2680) * Extracted connect_vanilla_socket function * Problem: no tests for ZMTP-CURVE protocol errors Solution: added two test cases with erroneous HELLO commands * Problem: insufficient tests for ZMTP-CURVE protocol errors Solution: added two test cases with erroneous HELLO command version * Problem: test HELLO message is invalid apart from deliberate errors Solution: create cryptographically correct HELLO message add tweetnacl.c to test_security_curve * Problem: nonce is incorrect, build fails with GCC Solution: use correct non prefix * Problem: make builds are failing Solution: transfer CMake changes to (auto)make files * Problem: nonce is incorrect, build fails with GCC Solution: use correct non prefix * Problem: make builds are failing Solution: transfer CMake changes to (auto)make files * Problem: no test with INITIATE command with invalid length Solution: added test case * Problem: code duplication between test_security_curve.cpp and curve_client.cpp Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function * Problem: code duplication between test_security_curve.cpp and curve_client.cpp Solution: extracted further parts of zmq::curve_client_t into reusable functions added missing file * Problem: mechanism_t::add_property can be declared static Solution: declare mechanism_t::add_property static * Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t Solution: add non-static member functions * Problem: msg_t instance may be closed twice Solution: remove offending close * Problem: prepare_hello uses static curve_client_tools_t::produce_hello Solution: Use non-static curve_client_tools_t::produce_hello * Problem: no test with invalid command name where INITIATE command is expected Solution: added test case * Problem: make builds are failing due to curve_client_tools.hpp not being found Solution: add curve_client_tools.hpp to list of source files * Problem: wrong initializer order in zmq::curve_client_t Solution: reorder * Problem: under non-Windows systems, test fails because random_open was not called Solution: call random_open/random_close within test * Problem: conflict between custom function htonll and macro definition on Darwin Solution: define htonll function only if not defined as a macro * Problem: nullptr not defined on all platforms Solution: replace nullptr by NULL * Problem: libsodium builds not working Solution: adapt compile and link file sets for libsodium builds * Problem: Makefile.am broken Solution: Fix syntax * Problem: no tests for garbage encrypted cookie or content in INITIATE Solution: added test cases * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Solution: some error cases are unreachable Problem: for the time being, added some comments without changing the code * Added comments on hard-to-test cases
2017-08-15 16:28:24 +02:00
// TODO I think we should change this back to zmq_assert (rc == 0);
// as it was before https://github.com/zeromq/libzmq/pull/1832
// The reason given there was that secret_key might be 0ed.
// But if it were, we would never get this far, since we could
// not have opened the client's hello box with a 0ed key.
Problem: can't be sure crypto_box always returns 0 Libsodium has started returning -1 in some cases. Solution: allow and handle error returns from these calls. Fixes #1831
2016-03-01 15:01:23 +01:00
if (rc == -1)
return -1;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
rc = msg_->init_size (168);
errno_assert (rc == 0);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
uint8_t *const welcome = static_cast<uint8_t *> (msg_->data ());
Updated libzmq to match RFC 23, 24, 25, 26 * Command names changed from null terminated to length-specified * Command frames use the correct flag (bit 2) * test_stream acts as test case for command frames * Some code cleanups
2013-09-04 17:59:45 +02:00
memcpy (welcome, "\x07WELCOME", 8);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
memcpy (welcome + 8, welcome_nonce + 8, 16);
memcpy (welcome + 24, welcome_ciphertext + crypto_box_BOXZEROBYTES, 144);
return 0;
}
int zmq::curve_server_t::process_initiate (msg_t *msg_)
{
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
int rc = check_basic_command_structure (msg_);
if (rc == -1)
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
return -1;
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
Problem: console output for PLAIN protocol errors Solution: emit socket monitor events for PLAIN protocol errors (like CURVE)
2017-08-17 18:16:31 +02:00
const size_t size = msg_->size ();
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
const uint8_t *initiate = static_cast<uint8_t *> (msg_->data ());
Problem: console output for PLAIN protocol errors Solution: emit socket monitor events for PLAIN protocol errors (like CURVE)
2017-08-17 18:16:31 +02:00
if (size < 9 || memcmp (initiate, "\x08INITIATE", 9)) {
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_UNEXPECTED_COMMAND);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno = EPROTO;
return -1;
}
Problem: console output for PLAIN protocol errors Solution: emit socket monitor events for PLAIN protocol errors (like CURVE)
2017-08-17 18:16:31 +02:00
if (size < 257) {
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (),
ZMQ_PROTOCOL_ERROR_ZMTP_MALFORMED_COMMAND_INITIATE);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno = EPROTO;
return -1;
}
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
uint8_t cookie_nonce[crypto_secretbox_NONCEBYTES];
uint8_t cookie_plaintext[crypto_secretbox_ZEROBYTES + 64];
uint8_t cookie_box[crypto_secretbox_BOXZEROBYTES + 80];
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Open Box [C' + s'](t)
memset (cookie_box, 0, crypto_secretbox_BOXZEROBYTES);
Updated security mechanisms to use variable-length commands RFC23, RFC24, RFC26 now use variable-length command names that end in null octet (valid C strings) instead of fixed-length space padded strings.
2013-06-28 11:42:54 +02:00
memcpy (cookie_box + crypto_secretbox_BOXZEROBYTES, initiate + 25, 80);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
memcpy (cookie_nonce, "COOKIE--", 8);
Updated security mechanisms to use variable-length commands RFC23, RFC24, RFC26 now use variable-length command names that end in null octet (valid C strings) instead of fixed-length space padded strings.
2013-06-28 11:42:54 +02:00
memcpy (cookie_nonce + 8, initiate + 9, 16);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
rc = crypto_secretbox_open (cookie_plaintext, cookie_box, sizeof cookie_box,
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
cookie_nonce, _cookie_key);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
if (rc != 0) {
Replace console output by monitoring events for curve security issues (#2645) * Fixing #2002 one way of doing it * Mechanisms can implement a new method `error_detail()` * This error detail have three values for the moment: no_detail (default), protocol, encryption. + generic enough to make sense for all mechanisms. - low granularity level on information. * Fixing #2002: implementation of the error details The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details as value. * Removed Microsoft extenstion for enum member access This was leading to compilation error under linux. * Adaptation of CURVE test cases * Monitoring event: changed API for detailed events Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by: - ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL, - ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, - ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION Adaptation of text case `security_curve` * Removed event value comparison This was introduced for the previous API model adaptation * Removed the prints in std output and added missing details `current_error_detail` was not set in every protocol error cases * Fixed initialization of current_error_detail * Fixed error in greeting test case The handshake failure due to mechanism mismatch in greeting is actually a protocol error. The error handling method consider it like so and send a protocol handshake failure monitoring event instead of no_detail. Fixed the test_security_curve expectation as well. * Upgraded tests of monitoring events The tests check the number of monitoring events received * Problem: does not build under Linux or without ZMQ_DRAFT_API Solution: - properly use ZMQ_DRAFT_API conditional compilation - use receive timeouts instead of Sleep * Problem: duplicate definition of variable 'timeout' Solution: merged definitions * Problem: inconsistent timing dependencies Solution: reduce timing dependency by using timeouts at more places * Problem: assertion failure under Linux due to unexpected monitor event Solution: output event type to aid debugging * Problem: erroneous assertion code * Problem: assertion failure with a garbage server key due to an extra third event Solution: changed assertion to expect three events (needs to be checked) * Problem: extra include directive to non-existent file Solution: removed include directive * Problem: assertion failure on appveyor for unknown reason Solution: improve debug output * Problem: no build with libsodium and draft api Solution: add build configurations with libsodium and draft api * Problem: assertion failure on CI Solution: change assertion to reflect actual behaviour on CI (at least temporarily) * Problem: error in condition in assertion code * Problem: assertion failure on CI Solution: generalize assertion to match behavior on CI * Problem: assertion failures on CI Solution: removed inconsistent assertion on no monitor events before flushing improved debuggability by converting function into macro * Problem: diverging test code for three analogous test cases with garbage key Solution: extract common code into function * Problem: does not build without ZMQ_BUILD_DRAFT_API Solution: introduce dummy variable * Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again * Problem: EAGAIN error after handshake complete if there is no more data in inbuffer Solution: Skip tcp_read attempt in that case * Problem: handshaking event emitted after handshaking failed Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking * Include error code in debug output * Improve debugging output: output flushed events * Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP * Fixed compilation without ZMQ_BUILD_DRAFT_API * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Fixed assert_monitor_event (require event instead of allowing no event) Reverted erroneous change to handshaking condition Renamed test_wrong_key to test_garbage_key Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE * Better isolate test cases from each other by providing a fresh context & server for each * Added diagnostic output * Changed assertion to reflect actual behavior on CI * Fixed formatting, observe maximum line length * Fixed formatting, observe maximum line length * Increase timeout to check if this fixes valgrind run * Close server with close_zero_linger * Increase timeout to check if this fixes valgrind run * Increase timeout to check if this fixes valgrind run * Generalize assertion to also work with valgrind * Fixed formatting * Add more diagnostic output * Generalize assertion to also work with valgrind
2017-08-03 15:15:56 +02:00
// CURVE I: cannot open client INITIATE cookie
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno = EPROTO;
return -1;
}
// Check cookie plain text is as expected [C' + s']
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
if (memcmp (cookie_plaintext + crypto_secretbox_ZEROBYTES, _cn_client, 32)
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
|| memcmp (cookie_plaintext + crypto_secretbox_ZEROBYTES + 32,
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
_cn_secret, 32)) {
[WIP, do not merge] Problem: insufficient tests for ZMTP-CURVE protocol errors (#2680) * Extracted connect_vanilla_socket function * Problem: no tests for ZMTP-CURVE protocol errors Solution: added two test cases with erroneous HELLO commands * Problem: insufficient tests for ZMTP-CURVE protocol errors Solution: added two test cases with erroneous HELLO command version * Problem: test HELLO message is invalid apart from deliberate errors Solution: create cryptographically correct HELLO message add tweetnacl.c to test_security_curve * Problem: nonce is incorrect, build fails with GCC Solution: use correct non prefix * Problem: make builds are failing Solution: transfer CMake changes to (auto)make files * Problem: nonce is incorrect, build fails with GCC Solution: use correct non prefix * Problem: make builds are failing Solution: transfer CMake changes to (auto)make files * Problem: no test with INITIATE command with invalid length Solution: added test case * Problem: code duplication between test_security_curve.cpp and curve_client.cpp Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function * Problem: code duplication between test_security_curve.cpp and curve_client.cpp Solution: extracted further parts of zmq::curve_client_t into reusable functions added missing file * Problem: mechanism_t::add_property can be declared static Solution: declare mechanism_t::add_property static * Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t Solution: add non-static member functions * Problem: msg_t instance may be closed twice Solution: remove offending close * Problem: prepare_hello uses static curve_client_tools_t::produce_hello Solution: Use non-static curve_client_tools_t::produce_hello * Problem: no test with invalid command name where INITIATE command is expected Solution: added test case * Problem: make builds are failing due to curve_client_tools.hpp not being found Solution: add curve_client_tools.hpp to list of source files * Problem: wrong initializer order in zmq::curve_client_t Solution: reorder * Problem: under non-Windows systems, test fails because random_open was not called Solution: call random_open/random_close within test * Problem: conflict between custom function htonll and macro definition on Darwin Solution: define htonll function only if not defined as a macro * Problem: nullptr not defined on all platforms Solution: replace nullptr by NULL * Problem: libsodium builds not working Solution: adapt compile and link file sets for libsodium builds * Problem: Makefile.am broken Solution: Fix syntax * Problem: no tests for garbage encrypted cookie or content in INITIATE Solution: added test cases * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Solution: some error cases are unreachable Problem: for the time being, added some comments without changing the code * Added comments on hard-to-test cases
2017-08-15 16:28:24 +02:00
// TODO this case is very hard to test, as it would require a modified
// client that knows the server's secret temporary cookie key
Replace console output by monitoring events for curve security issues (#2645) * Fixing #2002 one way of doing it * Mechanisms can implement a new method `error_detail()` * This error detail have three values for the moment: no_detail (default), protocol, encryption. + generic enough to make sense for all mechanisms. - low granularity level on information. * Fixing #2002: implementation of the error details The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details as value. * Removed Microsoft extenstion for enum member access This was leading to compilation error under linux. * Adaptation of CURVE test cases * Monitoring event: changed API for detailed events Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by: - ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL, - ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, - ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION Adaptation of text case `security_curve` * Removed event value comparison This was introduced for the previous API model adaptation * Removed the prints in std output and added missing details `current_error_detail` was not set in every protocol error cases * Fixed initialization of current_error_detail * Fixed error in greeting test case The handshake failure due to mechanism mismatch in greeting is actually a protocol error. The error handling method consider it like so and send a protocol handshake failure monitoring event instead of no_detail. Fixed the test_security_curve expectation as well. * Upgraded tests of monitoring events The tests check the number of monitoring events received * Problem: does not build under Linux or without ZMQ_DRAFT_API Solution: - properly use ZMQ_DRAFT_API conditional compilation - use receive timeouts instead of Sleep * Problem: duplicate definition of variable 'timeout' Solution: merged definitions * Problem: inconsistent timing dependencies Solution: reduce timing dependency by using timeouts at more places * Problem: assertion failure under Linux due to unexpected monitor event Solution: output event type to aid debugging * Problem: erroneous assertion code * Problem: assertion failure with a garbage server key due to an extra third event Solution: changed assertion to expect three events (needs to be checked) * Problem: extra include directive to non-existent file Solution: removed include directive * Problem: assertion failure on appveyor for unknown reason Solution: improve debug output * Problem: no build with libsodium and draft api Solution: add build configurations with libsodium and draft api * Problem: assertion failure on CI Solution: change assertion to reflect actual behaviour on CI (at least temporarily) * Problem: error in condition in assertion code * Problem: assertion failure on CI Solution: generalize assertion to match behavior on CI * Problem: assertion failures on CI Solution: removed inconsistent assertion on no monitor events before flushing improved debuggability by converting function into macro * Problem: diverging test code for three analogous test cases with garbage key Solution: extract common code into function * Problem: does not build without ZMQ_BUILD_DRAFT_API Solution: introduce dummy variable * Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again * Problem: EAGAIN error after handshake complete if there is no more data in inbuffer Solution: Skip tcp_read attempt in that case * Problem: handshaking event emitted after handshaking failed Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking * Include error code in debug output * Improve debugging output: output flushed events * Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP * Fixed compilation without ZMQ_BUILD_DRAFT_API * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Fixed assert_monitor_event (require event instead of allowing no event) Reverted erroneous change to handshaking condition Renamed test_wrong_key to test_garbage_key Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE * Better isolate test cases from each other by providing a fresh context & server for each * Added diagnostic output * Changed assertion to reflect actual behavior on CI * Fixed formatting, observe maximum line length * Fixed formatting, observe maximum line length * Increase timeout to check if this fixes valgrind run * Close server with close_zero_linger * Increase timeout to check if this fixes valgrind run * Increase timeout to check if this fixes valgrind run * Generalize assertion to also work with valgrind * Fixed formatting * Add more diagnostic output * Generalize assertion to also work with valgrind
2017-08-03 15:15:56 +02:00
// CURVE I: client INITIATE cookie is not valid
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC);
Stop curve handshake when cookie box verification fails
2013-10-04 08:20:55 +02:00
errno = EPROTO;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
return -1;
}
Problem: console output for PLAIN protocol errors Solution: emit socket monitor events for PLAIN protocol errors (like CURVE)
2017-08-17 18:16:31 +02:00
const size_t clen = (size - 113) + crypto_box_BOXZEROBYTES;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
uint8_t initiate_nonce[crypto_box_NONCEBYTES];
Problem: application metadata not parsed correctly when using CURVE Solution: create buffers large enough to contain arbitrary metadata
2019-07-02 01:24:19 +01:00
uint8_t *initiate_plaintext =
static_cast<uint8_t *> (malloc (crypto_box_ZEROBYTES + clen));
alloc_assert (initiate_plaintext);
uint8_t *initiate_box =
static_cast<uint8_t *> (malloc (crypto_box_BOXZEROBYTES + clen));
alloc_assert (initiate_box);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Open Box [C + vouch + metadata](C'->S')
memset (initiate_box, 0, crypto_box_BOXZEROBYTES);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
memcpy (initiate_box + crypto_box_BOXZEROBYTES, initiate + 113,
clen - crypto_box_BOXZEROBYTES);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
memcpy (initiate_nonce, "CurveZMQINITIATE", 16);
Updated security mechanisms to use variable-length commands RFC23, RFC24, RFC26 now use variable-length command names that end in null octet (valid C strings) instead of fixed-length space padded strings.
2013-06-28 11:42:54 +02:00
memcpy (initiate_nonce + 16, initiate + 105, 8);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
cn_peer_nonce = get_uint64 (initiate + 105);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Problem: application metadata not parsed correctly when using CURVE Solution: create buffers large enough to contain arbitrary metadata
2019-07-02 01:24:19 +01:00
const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
rc = crypto_box_open (initiate_plaintext, initiate_box, clen,
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
initiate_nonce, _cn_client, _cn_secret);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
if (rc != 0) {
Replace console output by monitoring events for curve security issues (#2645) * Fixing #2002 one way of doing it * Mechanisms can implement a new method `error_detail()` * This error detail have three values for the moment: no_detail (default), protocol, encryption. + generic enough to make sense for all mechanisms. - low granularity level on information. * Fixing #2002: implementation of the error details The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details as value. * Removed Microsoft extenstion for enum member access This was leading to compilation error under linux. * Adaptation of CURVE test cases * Monitoring event: changed API for detailed events Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by: - ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL, - ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, - ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION Adaptation of text case `security_curve` * Removed event value comparison This was introduced for the previous API model adaptation * Removed the prints in std output and added missing details `current_error_detail` was not set in every protocol error cases * Fixed initialization of current_error_detail * Fixed error in greeting test case The handshake failure due to mechanism mismatch in greeting is actually a protocol error. The error handling method consider it like so and send a protocol handshake failure monitoring event instead of no_detail. Fixed the test_security_curve expectation as well. * Upgraded tests of monitoring events The tests check the number of monitoring events received * Problem: does not build under Linux or without ZMQ_DRAFT_API Solution: - properly use ZMQ_DRAFT_API conditional compilation - use receive timeouts instead of Sleep * Problem: duplicate definition of variable 'timeout' Solution: merged definitions * Problem: inconsistent timing dependencies Solution: reduce timing dependency by using timeouts at more places * Problem: assertion failure under Linux due to unexpected monitor event Solution: output event type to aid debugging * Problem: erroneous assertion code * Problem: assertion failure with a garbage server key due to an extra third event Solution: changed assertion to expect three events (needs to be checked) * Problem: extra include directive to non-existent file Solution: removed include directive * Problem: assertion failure on appveyor for unknown reason Solution: improve debug output * Problem: no build with libsodium and draft api Solution: add build configurations with libsodium and draft api * Problem: assertion failure on CI Solution: change assertion to reflect actual behaviour on CI (at least temporarily) * Problem: error in condition in assertion code * Problem: assertion failure on CI Solution: generalize assertion to match behavior on CI * Problem: assertion failures on CI Solution: removed inconsistent assertion on no monitor events before flushing improved debuggability by converting function into macro * Problem: diverging test code for three analogous test cases with garbage key Solution: extract common code into function * Problem: does not build without ZMQ_BUILD_DRAFT_API Solution: introduce dummy variable * Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again * Problem: EAGAIN error after handshake complete if there is no more data in inbuffer Solution: Skip tcp_read attempt in that case * Problem: handshaking event emitted after handshaking failed Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking * Include error code in debug output * Improve debugging output: output flushed events * Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP * Fixed compilation without ZMQ_BUILD_DRAFT_API * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Fixed assert_monitor_event (require event instead of allowing no event) Reverted erroneous change to handshaking condition Renamed test_wrong_key to test_garbage_key Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE * Better isolate test cases from each other by providing a fresh context & server for each * Added diagnostic output * Changed assertion to reflect actual behavior on CI * Fixed formatting, observe maximum line length * Fixed formatting, observe maximum line length * Increase timeout to check if this fixes valgrind run * Close server with close_zero_linger * Increase timeout to check if this fixes valgrind run * Increase timeout to check if this fixes valgrind run * Generalize assertion to also work with valgrind * Fixed formatting * Add more diagnostic output * Generalize assertion to also work with valgrind
2017-08-03 15:15:56 +02:00
// CURVE I: cannot open client INITIATE
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno = EPROTO;
Problem: application metadata not parsed correctly when using CURVE Solution: create buffers large enough to contain arbitrary metadata
2019-07-02 01:24:19 +01:00
rc = -1;
goto exit;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
}
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
uint8_t vouch_nonce[crypto_box_NONCEBYTES];
uint8_t vouch_plaintext[crypto_box_ZEROBYTES + 64];
uint8_t vouch_box[crypto_box_BOXZEROBYTES + 80];
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Updated libzmq CURVE to track RFC 27 * The INITIATE command vouch box is Box[C',S](C->S') instead of Box[C'](C->S), as recommended by https://codesinchaos.wordpress.com/2012/09/09/curvecp-1/, to reduce the risk of client impersonation. * Mirrors the change in libcurve and CurveZMQ specifications.
2013-09-24 15:31:10 +02:00
// Open Box Box [C',S](C->S') and check contents
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
memset (vouch_box, 0, crypto_box_BOXZEROBYTES);
memcpy (vouch_box + crypto_box_BOXZEROBYTES,
Updated libzmq CURVE to track RFC 27 * The INITIATE command vouch box is Box[C',S](C->S') instead of Box[C'](C->S), as recommended by https://codesinchaos.wordpress.com/2012/09/09/curvecp-1/, to reduce the risk of client impersonation. * Mirrors the change in libcurve and CurveZMQ specifications.
2013-09-24 15:31:10 +02:00
initiate_plaintext + crypto_box_ZEROBYTES + 48, 80);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
memcpy (vouch_nonce, "VOUCH---", 8);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
memcpy (vouch_nonce + 8, initiate_plaintext + crypto_box_ZEROBYTES + 32,
16);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
rc = crypto_box_open (vouch_plaintext, vouch_box, sizeof vouch_box,
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
vouch_nonce, client_key, _cn_secret);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
if (rc != 0) {
Replace console output by monitoring events for curve security issues (#2645) * Fixing #2002 one way of doing it * Mechanisms can implement a new method `error_detail()` * This error detail have three values for the moment: no_detail (default), protocol, encryption. + generic enough to make sense for all mechanisms. - low granularity level on information. * Fixing #2002: implementation of the error details The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details as value. * Removed Microsoft extenstion for enum member access This was leading to compilation error under linux. * Adaptation of CURVE test cases * Monitoring event: changed API for detailed events Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by: - ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL, - ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, - ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION Adaptation of text case `security_curve` * Removed event value comparison This was introduced for the previous API model adaptation * Removed the prints in std output and added missing details `current_error_detail` was not set in every protocol error cases * Fixed initialization of current_error_detail * Fixed error in greeting test case The handshake failure due to mechanism mismatch in greeting is actually a protocol error. The error handling method consider it like so and send a protocol handshake failure monitoring event instead of no_detail. Fixed the test_security_curve expectation as well. * Upgraded tests of monitoring events The tests check the number of monitoring events received * Problem: does not build under Linux or without ZMQ_DRAFT_API Solution: - properly use ZMQ_DRAFT_API conditional compilation - use receive timeouts instead of Sleep * Problem: duplicate definition of variable 'timeout' Solution: merged definitions * Problem: inconsistent timing dependencies Solution: reduce timing dependency by using timeouts at more places * Problem: assertion failure under Linux due to unexpected monitor event Solution: output event type to aid debugging * Problem: erroneous assertion code * Problem: assertion failure with a garbage server key due to an extra third event Solution: changed assertion to expect three events (needs to be checked) * Problem: extra include directive to non-existent file Solution: removed include directive * Problem: assertion failure on appveyor for unknown reason Solution: improve debug output * Problem: no build with libsodium and draft api Solution: add build configurations with libsodium and draft api * Problem: assertion failure on CI Solution: change assertion to reflect actual behaviour on CI (at least temporarily) * Problem: error in condition in assertion code * Problem: assertion failure on CI Solution: generalize assertion to match behavior on CI * Problem: assertion failures on CI Solution: removed inconsistent assertion on no monitor events before flushing improved debuggability by converting function into macro * Problem: diverging test code for three analogous test cases with garbage key Solution: extract common code into function * Problem: does not build without ZMQ_BUILD_DRAFT_API Solution: introduce dummy variable * Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again * Problem: EAGAIN error after handshake complete if there is no more data in inbuffer Solution: Skip tcp_read attempt in that case * Problem: handshaking event emitted after handshaking failed Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking * Include error code in debug output * Improve debugging output: output flushed events * Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP * Fixed compilation without ZMQ_BUILD_DRAFT_API * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Fixed assert_monitor_event (require event instead of allowing no event) Reverted erroneous change to handshaking condition Renamed test_wrong_key to test_garbage_key Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE * Better isolate test cases from each other by providing a fresh context & server for each * Added diagnostic output * Changed assertion to reflect actual behavior on CI * Fixed formatting, observe maximum line length * Fixed formatting, observe maximum line length * Increase timeout to check if this fixes valgrind run * Close server with close_zero_linger * Increase timeout to check if this fixes valgrind run * Increase timeout to check if this fixes valgrind run * Generalize assertion to also work with valgrind * Fixed formatting * Add more diagnostic output * Generalize assertion to also work with valgrind
2017-08-03 15:15:56 +02:00
// CURVE I: cannot open client INITIATE vouch
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno = EPROTO;
Problem: application metadata not parsed correctly when using CURVE Solution: create buffers large enough to contain arbitrary metadata
2019-07-02 01:24:19 +01:00
rc = -1;
goto exit;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
}
Revert "makes curve keys symetric as in libcurve + factorisation" This reverts commit bfd472f97cad5e37fa384b687a906f515600bac4.
2013-09-17 14:05:55 +02:00
// What we decrypted must be the client's short-term public key
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
if (memcmp (vouch_plaintext + crypto_box_ZEROBYTES, _cn_client, 32)) {
[WIP, do not merge] Problem: insufficient tests for ZMTP-CURVE protocol errors (#2680) * Extracted connect_vanilla_socket function * Problem: no tests for ZMTP-CURVE protocol errors Solution: added two test cases with erroneous HELLO commands * Problem: insufficient tests for ZMTP-CURVE protocol errors Solution: added two test cases with erroneous HELLO command version * Problem: test HELLO message is invalid apart from deliberate errors Solution: create cryptographically correct HELLO message add tweetnacl.c to test_security_curve * Problem: nonce is incorrect, build fails with GCC Solution: use correct non prefix * Problem: make builds are failing Solution: transfer CMake changes to (auto)make files * Problem: nonce is incorrect, build fails with GCC Solution: use correct non prefix * Problem: make builds are failing Solution: transfer CMake changes to (auto)make files * Problem: no test with INITIATE command with invalid length Solution: added test case * Problem: code duplication between test_security_curve.cpp and curve_client.cpp Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function * Problem: code duplication between test_security_curve.cpp and curve_client.cpp Solution: extracted further parts of zmq::curve_client_t into reusable functions added missing file * Problem: mechanism_t::add_property can be declared static Solution: declare mechanism_t::add_property static * Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t Solution: add non-static member functions * Problem: msg_t instance may be closed twice Solution: remove offending close * Problem: prepare_hello uses static curve_client_tools_t::produce_hello Solution: Use non-static curve_client_tools_t::produce_hello * Problem: no test with invalid command name where INITIATE command is expected Solution: added test case * Problem: make builds are failing due to curve_client_tools.hpp not being found Solution: add curve_client_tools.hpp to list of source files * Problem: wrong initializer order in zmq::curve_client_t Solution: reorder * Problem: under non-Windows systems, test fails because random_open was not called Solution: call random_open/random_close within test * Problem: conflict between custom function htonll and macro definition on Darwin Solution: define htonll function only if not defined as a macro * Problem: nullptr not defined on all platforms Solution: replace nullptr by NULL * Problem: libsodium builds not working Solution: adapt compile and link file sets for libsodium builds * Problem: Makefile.am broken Solution: Fix syntax * Problem: no tests for garbage encrypted cookie or content in INITIATE Solution: added test cases * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Solution: some error cases are unreachable Problem: for the time being, added some comments without changing the code * Added comments on hard-to-test cases
2017-08-15 16:28:24 +02:00
// TODO this case is very hard to test, as it would require a modified
// client that knows the server's secret short-term key
Replace console output by monitoring events for curve security issues (#2645) * Fixing #2002 one way of doing it * Mechanisms can implement a new method `error_detail()` * This error detail have three values for the moment: no_detail (default), protocol, encryption. + generic enough to make sense for all mechanisms. - low granularity level on information. * Fixing #2002: implementation of the error details The ZMQ_EVENT_HANDSHAKE_FAILED event carries the error details as value. * Removed Microsoft extenstion for enum member access This was leading to compilation error under linux. * Adaptation of CURVE test cases * Monitoring event: changed API for detailed events Removed ZMQ_EVENT_HANDSHAKE_FAILED and replaced it by: - ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL, - ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL, - ZMQ_EVENT_HANDSHAKE_FAILED_ENCRYPTION Adaptation of text case `security_curve` * Removed event value comparison This was introduced for the previous API model adaptation * Removed the prints in std output and added missing details `current_error_detail` was not set in every protocol error cases * Fixed initialization of current_error_detail * Fixed error in greeting test case The handshake failure due to mechanism mismatch in greeting is actually a protocol error. The error handling method consider it like so and send a protocol handshake failure monitoring event instead of no_detail. Fixed the test_security_curve expectation as well. * Upgraded tests of monitoring events The tests check the number of monitoring events received * Problem: does not build under Linux or without ZMQ_DRAFT_API Solution: - properly use ZMQ_DRAFT_API conditional compilation - use receive timeouts instead of Sleep * Problem: duplicate definition of variable 'timeout' Solution: merged definitions * Problem: inconsistent timing dependencies Solution: reduce timing dependency by using timeouts at more places * Problem: assertion failure under Linux due to unexpected monitor event Solution: output event type to aid debugging * Problem: erroneous assertion code * Problem: assertion failure with a garbage server key due to an extra third event Solution: changed assertion to expect three events (needs to be checked) * Problem: extra include directive to non-existent file Solution: removed include directive * Problem: assertion failure on appveyor for unknown reason Solution: improve debug output * Problem: no build with libsodium and draft api Solution: add build configurations with libsodium and draft api * Problem: assertion failure on CI Solution: change assertion to reflect actual behaviour on CI (at least temporarily) * Problem: error in condition in assertion code * Problem: assertion failure on CI Solution: generalize assertion to match behavior on CI * Problem: assertion failures on CI Solution: removed inconsistent assertion on no monitor events before flushing improved debuggability by converting function into macro * Problem: diverging test code for three analogous test cases with garbage key Solution: extract common code into function * Problem: does not build without ZMQ_BUILD_DRAFT_API Solution: introduce dummy variable * Attempt to remove workaround regarding ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL again * Problem: EAGAIN error after handshake complete if there is no more data in inbuffer Solution: Skip tcp_read attempt in that case * Problem: handshaking event emitted after handshaking failed Solution: use stream_engine_t::handshaking instead of mechanism_t::status() to determine whether still handshaking * Include error code in debug output * Improve debugging output: output flushed events * Split up ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL into ZMQ_EVENT_HANDSHAKE_FAILED_ZMTP and ZMQ_EVENT_HANDSHAKE_FAILED_ZAP * Fixed compilation without ZMQ_BUILD_DRAFT_API * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Renamed ZMQ_EVENT_HANDSHAKE_SUCCEED to ZMQ_EVENT_HANDSHAKE_SUCCEEDED for language consistency * Fixed assert_monitor_event (require event instead of allowing no event) Reverted erroneous change to handshaking condition Renamed test_wrong_key to test_garbage_key Generalized assumption in test_garbage_key to allow for ZMQ_EVENT_HANDSHAKE_FAILED_NO_DETAIL with error == EPIPE * Better isolate test cases from each other by providing a fresh context & server for each * Added diagnostic output * Changed assertion to reflect actual behavior on CI * Fixed formatting, observe maximum line length * Fixed formatting, observe maximum line length * Increase timeout to check if this fixes valgrind run * Close server with close_zero_linger * Increase timeout to check if this fixes valgrind run * Increase timeout to check if this fixes valgrind run * Generalize assertion to also work with valgrind * Fixed formatting * Add more diagnostic output * Generalize assertion to also work with valgrind
2017-08-03 15:15:56 +02:00
// CURVE I: invalid handshake from client (public key)
Problem: classification ZMQ_HANDSHAKE_FAILED_* events is coarse-grained and partially misleading Solution: redesign ZMQ_HANDSHAKE_FAILED_* events, introduce new class of ZMQ_HANDSHAKE_FAILED_AUTH events
2017-08-17 17:54:07 +02:00
session->get_socket ()->event_handshake_failed_protocol (
session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_KEY_EXCHANGE);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno = EPROTO;
Problem: application metadata not parsed correctly when using CURVE Solution: create buffers large enough to contain arbitrary metadata
2019-07-02 01:24:19 +01:00
rc = -1;
goto exit;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
}
// Precompute connection secret from client key
Problem: inconsistent naming style for private data members, conflicts with naming of local variables and member functions Solution: apply and check _lower_case naming style for private data members
2018-05-27 11:10:39 +02:00
rc = crypto_box_beforenm (cn_precom, _cn_client, _cn_secret);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
zmq_assert (rc == 0);
Problem: strict ZAP protocol adherence is backward incompatible Solution: add ZMQ_ZAP_ENFORCE_DOMAIN to hide backward incompatible change and make it disabled by default. In a future release that breaks API compatibility we can then switch the default to enabled in order to achieve full RFC compatibility. Fixes #2762
2017-10-07 18:34:18 +01:00
// Given this is a backward-incompatible change, it's behind a socket
// option disabled by default.
if (zap_required () || !options.zap_enforce_domain) {
Problem: duplicated code & inconsistent behaviour between mechanisms Solution: uniformly require a ZAP domain to be set to activate ZAP handling, clarify comment on Stonehouse pattern
2017-09-18 15:24:10 +02:00
// Use ZAP protocol (RFC 27) to authenticate the user.
Problem: tests without ZAP handler are failing Solution: emit events as expected by tests, and refuse connections when ZAP is required but no handler started Addresses #2711 partially
2017-09-18 11:48:14 +02:00
rc = session->zap_connect ();
if (rc == 0) {
send_zap_request (client_key);
Problem: duplicated code & inconsistent behaviour between mechanisms Solution: uniformly require a ZAP domain to be set to activate ZAP handling, clarify comment on Stonehouse pattern
2017-09-18 15:24:10 +02:00
state = waiting_for_zap_reply;
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
// TODO actually, it is quite unlikely that we can read the ZAP
Problem: duplicated code & inconsistent behaviour between mechanisms Solution: uniformly require a ZAP domain to be set to activate ZAP handling, clarify comment on Stonehouse pattern
2017-09-18 15:24:10 +02:00
// reply already, but removing this has some strange side-effect
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
// (probably because the pipe's in_active flag is true until a read
Problem: duplicated code & inconsistent behaviour between mechanisms Solution: uniformly require a ZAP domain to be set to activate ZAP handling, clarify comment on Stonehouse pattern
2017-09-18 15:24:10 +02:00
// is attempted)
Problem: tests without ZAP handler are failing Solution: emit events as expected by tests, and refuse connections when ZAP is required but no handler started Addresses #2711 partially
2017-09-18 11:48:14 +02:00
rc = receive_and_process_zap_reply ();
if (rc == -1)
Problem: application metadata not parsed correctly when using CURVE Solution: create buffers large enough to contain arbitrary metadata
2019-07-02 01:24:19 +01:00
goto exit;
Problem: strict ZAP protocol adherence is backward incompatible Solution: add ZMQ_ZAP_ENFORCE_DOMAIN to hide backward incompatible change and make it disabled by default. In a future release that breaks API compatibility we can then switch the default to enabled in order to achieve full RFC compatibility. Fixes #2762
2017-10-07 18:34:18 +01:00
} else if (!options.zap_enforce_domain) {
// This supports the Stonehouse pattern (encryption without
// authentication) in legacy mode (domain set but no handler).
state = sending_ready;
Problem: tests without ZAP handler are failing Solution: emit events as expected by tests, and refuse connections when ZAP is required but no handler started Addresses #2711 partially
2017-09-18 11:48:14 +02:00
} else {
session->get_socket ()->event_handshake_failed_no_detail (
session->get_endpoint (), EFAULT);
Problem: application metadata not parsed correctly when using CURVE Solution: create buffers large enough to contain arbitrary metadata
2019-07-02 01:24:19 +01:00
rc = -1;
goto exit;
Problem: tests without ZAP handler are failing Solution: emit events as expected by tests, and refuse connections when ZAP is required but no handler started Addresses #2711 partially
2017-09-18 11:48:14 +02:00
}
Problem: duplicated code & inconsistent behaviour between mechanisms Solution: uniformly require a ZAP domain to be set to activate ZAP handling, clarify comment on Stonehouse pattern
2017-09-18 15:24:10 +02:00
} else {
// This supports the Stonehouse pattern (encryption without authentication).
Problem: duplicate but equivalent state enums in curve_server_t and plain_server_t Solution: pull state enum up to zap_client_t and unify names of enum values
2017-08-16 15:25:08 +02:00
state = sending_ready;
Problem: duplicated code & inconsistent behaviour between mechanisms Solution: uniformly require a ZAP domain to be set to activate ZAP handling, clarify comment on Stonehouse pattern
2017-09-18 15:24:10 +02:00
}
Make ZAP optional for CURVE mechanism
2013-06-22 15:33:44 +02:00
Problem: application metadata not parsed correctly when using CURVE Solution: create buffers large enough to contain arbitrary metadata
2019-07-02 01:24:19 +01:00
rc = parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
clen - crypto_box_ZEROBYTES - 128);
exit:
free (initiate_plaintext);
free (initiate_box);
return rc;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
}
Updated libzmq to match RFC 23, 24, 25, 26 * Command names changed from null terminated to length-specified * Command frames use the correct flag (bit 2) * test_stream acts as test case for command frames * Some code cleanups
2013-09-04 17:59:45 +02:00
int zmq::curve_server_t::produce_ready (msg_t *msg_)
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
{
Problem: Possible buffer overruns related to metadata in various mechanisms (#2683) * Problem: no test case with CURVE encryption and large identity Solution: added test case (currently crashing) * Problem: possible buffer overflow in mechanism_t::add_property Solution: add target buffer length parameter and check the buffer is sufficiently large * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Problem: possible buffer overruns related to metadata at various locations Solution: allocate buffer large enough for actual metadata, reduce code duplication * Problem: syntax error related to pointer type conversion Solution: change argument type of make_command_with_basic_properties to const char * * Problem: large metadata may cause an assertion in produce_initiate Solution: Allow metadata of arbitrary size in produce_initiate
2017-08-15 19:42:31 +02:00
const size_t metadata_length = basic_properties_len ();
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
uint8_t ready_nonce[crypto_box_NONCEBYTES];
Problem: Possible buffer overruns related to metadata in various mechanisms (#2683) * Problem: no test case with CURVE encryption and large identity Solution: added test case (currently crashing) * Problem: possible buffer overflow in mechanism_t::add_property Solution: add target buffer length parameter and check the buffer is sufficiently large * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Problem: possible buffer overruns related to metadata at various locations Solution: allocate buffer large enough for actual metadata, reduce code duplication * Problem: syntax error related to pointer type conversion Solution: change argument type of make_command_with_basic_properties to const char * * Problem: large metadata may cause an assertion in produce_initiate Solution: Allow metadata of arbitrary size in produce_initiate
2017-08-15 19:42:31 +02:00
uint8_t *ready_plaintext =
Problem: C-style casts used Solution: replace by C++-style casts
2018-05-18 15:54:00 +02:00
static_cast<uint8_t *> (malloc (crypto_box_ZEROBYTES + metadata_length));
Problem: Possible buffer overruns related to metadata in various mechanisms (#2683) * Problem: no test case with CURVE encryption and large identity Solution: added test case (currently crashing) * Problem: possible buffer overflow in mechanism_t::add_property Solution: add target buffer length parameter and check the buffer is sufficiently large * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Problem: possible buffer overruns related to metadata at various locations Solution: allocate buffer large enough for actual metadata, reduce code duplication * Problem: syntax error related to pointer type conversion Solution: change argument type of make_command_with_basic_properties to const char * * Problem: large metadata may cause an assertion in produce_initiate Solution: Allow metadata of arbitrary size in produce_initiate
2017-08-15 19:42:31 +02:00
alloc_assert (ready_plaintext);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Create Box [metadata](S'->C')
memset (ready_plaintext, 0, crypto_box_ZEROBYTES);
uint8_t *ptr = ready_plaintext + crypto_box_ZEROBYTES;
Problem: Possible buffer overruns related to metadata in various mechanisms (#2683) * Problem: no test case with CURVE encryption and large identity Solution: added test case (currently crashing) * Problem: possible buffer overflow in mechanism_t::add_property Solution: add target buffer length parameter and check the buffer is sufficiently large * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Problem: possible buffer overruns related to metadata at various locations Solution: allocate buffer large enough for actual metadata, reduce code duplication * Problem: syntax error related to pointer type conversion Solution: change argument type of make_command_with_basic_properties to const char * * Problem: large metadata may cause an assertion in produce_initiate Solution: Allow metadata of arbitrary size in produce_initiate
2017-08-15 19:42:31 +02:00
ptr += add_basic_properties (ptr, metadata_length);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
const size_t mlen = ptr - ready_plaintext;
memcpy (ready_nonce, "CurveZMQREADY---", 16);
Problem: curve messages can be replayed Solution: ensure message short nonces are strictly increasing and validate them
2014-09-19 18:07:57 -06:00
put_uint64 (ready_nonce + 16, cn_nonce);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Problem: C-style casts used Solution: replace by C++-style casts
2018-05-18 15:54:00 +02:00
uint8_t *ready_box = static_cast<uint8_t *> (
malloc (crypto_box_BOXZEROBYTES + 16 + metadata_length));
Problem: Possible buffer overruns related to metadata in various mechanisms (#2683) * Problem: no test case with CURVE encryption and large identity Solution: added test case (currently crashing) * Problem: possible buffer overflow in mechanism_t::add_property Solution: add target buffer length parameter and check the buffer is sufficiently large * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Problem: possible buffer overruns related to metadata at various locations Solution: allocate buffer large enough for actual metadata, reduce code duplication * Problem: syntax error related to pointer type conversion Solution: change argument type of make_command_with_basic_properties to const char * * Problem: large metadata may cause an assertion in produce_initiate Solution: Allow metadata of arbitrary size in produce_initiate
2017-08-15 19:42:31 +02:00
alloc_assert (ready_box);
int rc = crypto_box_afternm (ready_box, ready_plaintext, mlen, ready_nonce,
cn_precom);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
zmq_assert (rc == 0);
Problem: Possible buffer overruns related to metadata in various mechanisms (#2683) * Problem: no test case with CURVE encryption and large identity Solution: added test case (currently crashing) * Problem: possible buffer overflow in mechanism_t::add_property Solution: add target buffer length parameter and check the buffer is sufficiently large * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Problem: possible buffer overruns related to metadata at various locations Solution: allocate buffer large enough for actual metadata, reduce code duplication * Problem: syntax error related to pointer type conversion Solution: change argument type of make_command_with_basic_properties to const char * * Problem: large metadata may cause an assertion in produce_initiate Solution: Allow metadata of arbitrary size in produce_initiate
2017-08-15 19:42:31 +02:00
free (ready_plaintext);
Updated security mechanisms to use variable-length commands RFC23, RFC24, RFC26 now use variable-length command names that end in null octet (valid C strings) instead of fixed-length space padded strings.
2013-06-28 11:42:54 +02:00
rc = msg_->init_size (14 + mlen - crypto_box_BOXZEROBYTES);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
errno_assert (rc == 0);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
uint8_t *ready = static_cast<uint8_t *> (msg_->data ());
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Updated libzmq to match RFC 23, 24, 25, 26 * Command names changed from null terminated to length-specified * Command frames use the correct flag (bit 2) * test_stream acts as test case for command frames * Some code cleanups
2013-09-04 17:59:45 +02:00
memcpy (ready, "\x05READY", 6);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Short nonce, prefixed by "CurveZMQREADY---"
Problem: curve messages can be replayed Solution: ensure message short nonces are strictly increasing and validate them
2014-09-19 18:07:57 -06:00
memcpy (ready + 6, ready_nonce + 16, 8);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
// Box [metadata](S'->C')
Updated security mechanisms to use variable-length commands RFC23, RFC24, RFC26 now use variable-length command names that end in null octet (valid C strings) instead of fixed-length space padded strings.
2013-06-28 11:42:54 +02:00
memcpy (ready + 14, ready_box + crypto_box_BOXZEROBYTES,
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
mlen - crypto_box_BOXZEROBYTES);
Problem: Possible buffer overruns related to metadata in various mechanisms (#2683) * Problem: no test case with CURVE encryption and large identity Solution: added test case (currently crashing) * Problem: possible buffer overflow in mechanism_t::add_property Solution: add target buffer length parameter and check the buffer is sufficiently large * Problem: test cases accidentally excluded from build Solution: remove #if/#endif * Problem: possible buffer overruns related to metadata at various locations Solution: allocate buffer large enough for actual metadata, reduce code duplication * Problem: syntax error related to pointer type conversion Solution: change argument type of make_command_with_basic_properties to const char * * Problem: large metadata may cause an assertion in produce_initiate Solution: Allow metadata of arbitrary size in produce_initiate
2017-08-15 19:42:31 +02:00
free (ready_box);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
Revert "makes curve keys symetric as in libcurve + factorisation" This reverts commit bfd472f97cad5e37fa384b687a906f515600bac4.
2013-09-17 14:05:55 +02:00
cn_nonce++;
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
return 0;
}
CURVE: Implement server-side ERROR handling
2014-05-16 07:25:29 +02:00
int zmq::curve_server_t::produce_error (msg_t *msg_) const
{
Problem: zmq::curve_server_t::produce_error sends sizeof std::string instead of status code length Solution: send status code length (always 3) instead
2017-08-04 16:54:46 +02:00
const size_t expected_status_code_length = 3;
CURVE: Implement server-side ERROR handling
2014-05-16 07:25:29 +02:00
zmq_assert (status_code.length () == 3);
Problem: zmq::curve_server_t::produce_error sends sizeof std::string instead of status code length Solution: send status code length (always 3) instead
2017-08-04 16:54:46 +02:00
const int rc = msg_->init_size (6 + 1 + expected_status_code_length);
CURVE: Implement server-side ERROR handling
2014-05-16 07:25:29 +02:00
zmq_assert (rc == 0);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
char *msg_data = static_cast<char *> (msg_->data ());
CURVE: Implement server-side ERROR handling
2014-05-16 07:25:29 +02:00
memcpy (msg_data, "\5ERROR", 6);
Problem: formatting inconsistent Solution: applied clang-format
2018-02-01 11:46:09 +01:00
msg_data[6] = expected_status_code_length;
Problem: zmq::curve_server_t::produce_error sends sizeof std::string instead of status code length Solution: send status code length (always 3) instead
2017-08-04 16:54:46 +02:00
memcpy (msg_data + 7, status_code.c_str (), expected_status_code_length);
CURVE: Implement server-side ERROR handling
2014-05-16 07:25:29 +02:00
return 0;
}
Problem: parameter naming style inconsistent Solution: define and apply parameter naming style: lower_case_
2018-05-24 17:58:30 +02:00
void zmq::curve_server_t::send_zap_request (const uint8_t *key_)
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
{
Problem: parameter naming style inconsistent Solution: define and apply parameter naming style: lower_case_
2018-05-24 17:58:30 +02:00
zap_client_t::send_zap_request ("CURVE", 5, key_,
crypto_box_PUBLICKEYBYTES);
Implement ZMTP/3.0 CURVE handshake
2013-06-18 23:38:24 +02:00
}
#endif
Reference in New Issue Copy Permalink