Merge pull request #3580 from sigiesec/use-libsodium-based-allocator

Use libsodium based allocator

.clang-format

@@ -38,7 +38,7 @@ SpaceInEmptyParentheses: false
 SpacesInAngles: false
 SpacesInParentheses: false
 SpacesInSquareBrackets: false
-Standard: Cpp11
+Standard: Cpp03
 
 SortIncludes: false
 

CMakeLists.txt

@@ -871,6 +871,7 @@ set(cxx-sources
   req.hpp
   router.hpp
   scatter.hpp
+  secure_allocator.hpp
   select.hpp
   server.hpp
   session_base.hpp

Makefile.am

@@ -179,6 +179,7 @@ src_libzmq_la_SOURCES = \
 	src/router.hpp \
 	src/scatter.cpp \
 	src/scatter.hpp \
+	src/secure_allocator.hpp \
 	src/select.cpp \
 	src/select.hpp \
 	src/server.cpp \

src/curve_client.cpp

@@ -38,6 +38,7 @@
 #include "curve_client.hpp"
 #include "wire.hpp"
 #include "curve_client_tools.hpp"
+#include "secure_allocator.hpp"
 
 zmq::curve_client_t::curve_client_t (session_base_t *session_,
                                      const options_t &options_) :
@@ -175,7 +176,8 @@ int zmq::curve_client_t::process_welcome (const uint8_t *msg_data_,
 int zmq::curve_client_t::produce_initiate (msg_t *msg_)
 {
     const size_t metadata_length = basic_properties_len ();
-    std::vector<unsigned char> metadata_plaintext (metadata_length);
+    std::vector<unsigned char, secure_allocator_t<unsigned char> >
+      metadata_plaintext (metadata_length);
 
     add_basic_properties (&metadata_plaintext[0], metadata_length);
 
@@ -214,7 +216,8 @@ int zmq::curve_client_t::process_ready (const uint8_t *msg_data_,
     const size_t clen = (msg_size_ - 14) + crypto_box_BOXZEROBYTES;
 
     uint8_t ready_nonce[crypto_box_NONCEBYTES];
-    std::vector<uint8_t> ready_plaintext (crypto_box_ZEROBYTES + clen);
+    std::vector<uint8_t, secure_allocator_t<uint8_t> > ready_plaintext (
+      crypto_box_ZEROBYTES + clen);
     std::vector<uint8_t> ready_box (crypto_box_BOXZEROBYTES + 16 + clen);
 
     std::fill (ready_box.begin (), ready_box.begin () + crypto_box_BOXZEROBYTES,

src/curve_client_tools.hpp

@@ -46,6 +46,7 @@
 
 #include "wire.hpp"
 #include "err.hpp"
+#include "secure_allocator.hpp"
 
 #include <vector>
 
@@ -60,7 +61,8 @@ struct curve_client_tools_t
                               const uint8_t *cn_secret_)
     {
         uint8_t hello_nonce[crypto_box_NONCEBYTES];
-        uint8_t hello_plaintext[crypto_box_ZEROBYTES + 64];
+        std::vector<uint8_t, secure_allocator_t<uint8_t> > hello_plaintext (
+          crypto_box_ZEROBYTES + 64, 0);
         uint8_t hello_box[crypto_box_BOXZEROBYTES + 80];
 
         //  Prepare the full nonce
@@ -68,9 +70,8 @@ struct curve_client_tools_t
         put_uint64 (hello_nonce + 16, cn_nonce_);
 
         //  Create Box [64 * %x0](C'->S)
-        memset (hello_plaintext, 0, sizeof hello_plaintext);
+        int rc =
-
+          crypto_box (hello_box, &hello_plaintext[0], hello_plaintext.size (),
-        int rc = crypto_box (hello_box, hello_plaintext, sizeof hello_plaintext,
                       hello_nonce, server_key_, cn_secret_);
         if (rc == -1)
             return -1;
@@ -106,7 +107,8 @@ struct curve_client_tools_t
         }
 
         uint8_t welcome_nonce[crypto_box_NONCEBYTES];
-        uint8_t welcome_plaintext[crypto_box_ZEROBYTES + 128];
+        std::vector<uint8_t, secure_allocator_t<uint8_t> > welcome_plaintext (
+          crypto_box_ZEROBYTES + 128);
         uint8_t welcome_box[crypto_box_BOXZEROBYTES + 144];
 
         //  Open Box [S' + cookie](C'->S)
@@ -116,16 +118,16 @@ struct curve_client_tools_t
         memcpy (welcome_nonce, "WELCOME-", 8);
         memcpy (welcome_nonce + 8, msg_data_ + 8, 16);
 
-        int rc =
+        int rc = crypto_box_open (&welcome_plaintext[0], welcome_box,
-          crypto_box_open (welcome_plaintext, welcome_box, sizeof welcome_box,
+                                  sizeof welcome_box, welcome_nonce,
-                           welcome_nonce, server_key_, cn_secret_);
+                                  server_key_, cn_secret_);
         if (rc != 0) {
             errno = EPROTO;
             return -1;
         }
 
-        memcpy (cn_server_, welcome_plaintext + crypto_box_ZEROBYTES, 32);
+        memcpy (cn_server_, &welcome_plaintext[crypto_box_ZEROBYTES], 32);
-        memcpy (cn_cookie_, welcome_plaintext + crypto_box_ZEROBYTES + 32,
+        memcpy (cn_cookie_, &welcome_plaintext[crypto_box_ZEROBYTES + 32],
                 16 + 80);
 
         //  Message independent precomputation
@@ -149,18 +151,21 @@ struct curve_client_tools_t
                                  const size_t metadata_length_)
     {
         uint8_t vouch_nonce[crypto_box_NONCEBYTES];
-        uint8_t vouch_plaintext[crypto_box_ZEROBYTES + 64];
+        std::vector<uint8_t, secure_allocator_t<uint8_t> > vouch_plaintext (
+          crypto_box_ZEROBYTES + 64);
         uint8_t vouch_box[crypto_box_BOXZEROBYTES + 80];
 
         //  Create vouch = Box [C',S](C->S')
-        memset (vouch_plaintext, 0, crypto_box_ZEROBYTES);
+        std::fill (vouch_plaintext.begin (),
-        memcpy (vouch_plaintext + crypto_box_ZEROBYTES, cn_public_, 32);
+                   vouch_plaintext.begin () + crypto_box_ZEROBYTES, 0);
-        memcpy (vouch_plaintext + crypto_box_ZEROBYTES + 32, server_key_, 32);
+        memcpy (&vouch_plaintext[crypto_box_ZEROBYTES], cn_public_, 32);
+        memcpy (&vouch_plaintext[crypto_box_ZEROBYTES + 32], server_key_, 32);
 
         memcpy (vouch_nonce, "VOUCH---", 8);
         randombytes (vouch_nonce + 8, 16);
 
-        int rc = crypto_box (vouch_box, vouch_plaintext, sizeof vouch_plaintext,
+        int rc =
+          crypto_box (vouch_box, &vouch_plaintext[0], vouch_plaintext.size (),
                       vouch_nonce, cn_server_, secret_key_);
         if (rc == -1)
             return -1;
@@ -168,8 +173,8 @@ struct curve_client_tools_t
         uint8_t initiate_nonce[crypto_box_NONCEBYTES];
         std::vector<uint8_t> initiate_box (crypto_box_BOXZEROBYTES + 144
                                            + metadata_length_);
-        std::vector<uint8_t> initiate_plaintext (crypto_box_ZEROBYTES + 128
+        std::vector<uint8_t, secure_allocator_t<uint8_t> > initiate_plaintext (
-                                                 + metadata_length_);
+          crypto_box_ZEROBYTES + 128 + metadata_length_);
 
         //  Create Box [C + vouch + metadata](C'->S')
         std::fill (initiate_plaintext.begin (),

src/curve_mechanism_base.cpp

@@ -68,6 +68,8 @@ int zmq::curve_mechanism_base_t::encode (msg_t *msg_)
     std::fill (message_plaintext.begin (),
                message_plaintext.begin () + crypto_box_ZEROBYTES, 0);
     message_plaintext[crypto_box_ZEROBYTES] = flags;
+    // this is copying the data from insecure memory, so there is no point in
+    // using secure_allocator_t for message_plaintext
     memcpy (&message_plaintext[crypto_box_ZEROBYTES + 1], msg_->data (),
             msg_->size ());
 
@@ -156,6 +158,8 @@ int zmq::curve_mechanism_base_t::decode (msg_t *msg_)
         if (flags & 0x02)
             msg_->set_flags (msg_t::command);
 
+        // this is copying the data to insecure memory, so there is no point in
+        // using secure_allocator_t for message_plaintext
         memcpy (msg_->data (), &message_plaintext[crypto_box_ZEROBYTES + 1],
                 msg_->size ());
     } else {

src/curve_mechanism_base.hpp

@@ -48,6 +48,8 @@
 #include "mechanism_base.hpp"
 #include "options.hpp"
 
+#include <memory>
+
 namespace zmq
 {
 class curve_mechanism_base_t : public virtual mechanism_base_t

src/curve_server.cpp

@@ -37,6 +37,7 @@
 #include "err.hpp"
 #include "curve_server.hpp"
 #include "wire.hpp"
+#include "secure_allocator.hpp"
 
 zmq::curve_server_t::curve_server_t (session_base_t *session_,
                                      const std::string &peer_address_,
@@ -174,7 +175,8 @@ int zmq::curve_server_t::process_hello (msg_t *msg_)
     memcpy (_cn_client, hello + 80, 32);
 
     uint8_t hello_nonce[crypto_box_NONCEBYTES];
-    uint8_t hello_plaintext[crypto_box_ZEROBYTES + 64];
+    std::vector<uint8_t, secure_allocator_t<uint8_t> > hello_plaintext (
+      crypto_box_ZEROBYTES + 64);
     uint8_t hello_box[crypto_box_BOXZEROBYTES + 80];
 
     memcpy (hello_nonce, "CurveZMQHELLO---", 16);
@@ -185,7 +187,7 @@ int zmq::curve_server_t::process_hello (msg_t *msg_)
     memcpy (hello_box + crypto_box_BOXZEROBYTES, hello + 120, 80);
 
     //  Open Box [64 * %x0](C'->S)
-    rc = crypto_box_open (hello_plaintext, hello_box, sizeof hello_box,
+    rc = crypto_box_open (&hello_plaintext[0], hello_box, sizeof hello_box,
                           hello_nonce, _cn_client, _secret_key);
     if (rc != 0) {
         // CURVE I: cannot open client HELLO -- wrong server key?
@@ -202,7 +204,8 @@ int zmq::curve_server_t::process_hello (msg_t *msg_)
 int zmq::curve_server_t::produce_welcome (msg_t *msg_)
 {
     uint8_t cookie_nonce[crypto_secretbox_NONCEBYTES];
-    uint8_t cookie_plaintext[crypto_secretbox_ZEROBYTES + 64];
+    std::vector<uint8_t, secure_allocator_t<uint8_t> > cookie_plaintext (
+      crypto_secretbox_ZEROBYTES + 64);
     uint8_t cookie_ciphertext[crypto_secretbox_BOXZEROBYTES + 80];
 
     //  Create full nonce for encryption
@@ -211,21 +214,23 @@ int zmq::curve_server_t::produce_welcome (msg_t *msg_)
     randombytes (cookie_nonce + 8, 16);
 
     //  Generate cookie = Box [C' + s'](t)
-    memset (cookie_plaintext, 0, crypto_secretbox_ZEROBYTES);
+    std::fill (cookie_plaintext.begin (),
-    memcpy (cookie_plaintext + crypto_secretbox_ZEROBYTES, _cn_client, 32);
+               cookie_plaintext.begin () + crypto_secretbox_ZEROBYTES, 0);
-    memcpy (cookie_plaintext + crypto_secretbox_ZEROBYTES + 32, _cn_secret, 32);
+    memcpy (&cookie_plaintext[crypto_secretbox_ZEROBYTES], _cn_client, 32);
+    memcpy (&cookie_plaintext[crypto_secretbox_ZEROBYTES + 32], _cn_secret, 32);
 
     //  Generate fresh cookie key
     randombytes (_cookie_key, crypto_secretbox_KEYBYTES);
 
     //  Encrypt using symmetric cookie key
     int rc =
-      crypto_secretbox (cookie_ciphertext, cookie_plaintext,
+      crypto_secretbox (cookie_ciphertext, &cookie_plaintext[0],
-                        sizeof cookie_plaintext, cookie_nonce, _cookie_key);
+                        cookie_plaintext.size (), cookie_nonce, _cookie_key);
     zmq_assert (rc == 0);
 
     uint8_t welcome_nonce[crypto_box_NONCEBYTES];
-    uint8_t welcome_plaintext[crypto_box_ZEROBYTES + 128];
+    std::vector<uint8_t, secure_allocator_t<uint8_t> > welcome_plaintext (
+      crypto_box_ZEROBYTES + 128);
     uint8_t welcome_ciphertext[crypto_box_BOXZEROBYTES + 144];
 
     //  Create full nonce for encryption
@@ -234,15 +239,16 @@ int zmq::curve_server_t::produce_welcome (msg_t *msg_)
     randombytes (welcome_nonce + 8, crypto_box_NONCEBYTES - 8);
 
     //  Create 144-byte Box [S' + cookie](S->C')
-    memset (welcome_plaintext, 0, crypto_box_ZEROBYTES);
+    std::fill (welcome_plaintext.begin (),
-    memcpy (welcome_plaintext + crypto_box_ZEROBYTES, _cn_public, 32);
+               welcome_plaintext.begin () + crypto_box_ZEROBYTES, 0);
-    memcpy (welcome_plaintext + crypto_box_ZEROBYTES + 32, cookie_nonce + 8,
+    memcpy (&welcome_plaintext[crypto_box_ZEROBYTES], _cn_public, 32);
+    memcpy (&welcome_plaintext[crypto_box_ZEROBYTES + 32], cookie_nonce + 8,
             16);
-    memcpy (welcome_plaintext + crypto_box_ZEROBYTES + 48,
+    memcpy (&welcome_plaintext[crypto_box_ZEROBYTES + 48],
             cookie_ciphertext + crypto_secretbox_BOXZEROBYTES, 80);
 
-    rc = crypto_box (welcome_ciphertext, welcome_plaintext,
+    rc = crypto_box (welcome_ciphertext, &welcome_plaintext[0],
-                     sizeof welcome_plaintext, welcome_nonce, _cn_client,
+                     welcome_plaintext.size (), welcome_nonce, _cn_client,
                      _secret_key);
 
     //  TODO I think we should change this back to zmq_assert (rc == 0);
@@ -327,7 +333,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
     const size_t clen = (size - 113) + crypto_box_BOXZEROBYTES;
 
     uint8_t initiate_nonce[crypto_box_NONCEBYTES];
-    std::vector<uint8_t> initiate_plaintext (crypto_box_ZEROBYTES + clen);
+    std::vector<uint8_t, secure_allocator_t<uint8_t> > initiate_plaintext (
+      crypto_box_ZEROBYTES + clen);
     std::vector<uint8_t> initiate_box (crypto_box_BOXZEROBYTES + clen);
 
     //  Open Box [C + vouch + metadata](C'->S')
@@ -353,7 +360,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
     }
 
     uint8_t vouch_nonce[crypto_box_NONCEBYTES];
-    uint8_t vouch_plaintext[crypto_box_ZEROBYTES + 64];
+    std::vector<uint8_t, secure_allocator_t<uint8_t> > vouch_plaintext (
+      crypto_box_ZEROBYTES + 64);
     uint8_t vouch_box[crypto_box_BOXZEROBYTES + 80];
 
     //  Open Box Box [C',S](C->S') and check contents
@@ -365,7 +373,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
     memcpy (vouch_nonce + 8, &initiate_plaintext[crypto_box_ZEROBYTES + 32],
             16);
 
-    rc = crypto_box_open (vouch_plaintext, vouch_box, sizeof vouch_box,
+    rc = crypto_box_open (&vouch_plaintext[0], vouch_box, sizeof vouch_box,
                           vouch_nonce, client_key, _cn_secret);
     if (rc != 0) {
         // CURVE I: cannot open client INITIATE vouch
@@ -376,7 +384,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
     }
 
     //  What we decrypted must be the client's short-term public key
-    if (memcmp (vouch_plaintext + crypto_box_ZEROBYTES, _cn_client, 32)) {
+    if (memcmp (&vouch_plaintext[crypto_box_ZEROBYTES], _cn_client, 32)) {
         // TODO this case is very hard to test, as it would require a modified
         //  client that knows the server's secret short-term key
 
@@ -429,8 +437,8 @@ int zmq::curve_server_t::produce_ready (msg_t *msg_)
     const size_t metadata_length = basic_properties_len ();
     uint8_t ready_nonce[crypto_box_NONCEBYTES];
 
-    std::vector<uint8_t> ready_plaintext (crypto_box_ZEROBYTES
+    std::vector<uint8_t, secure_allocator_t<uint8_t> > ready_plaintext (
-                                          + metadata_length);
+      crypto_box_ZEROBYTES + metadata_length);
 
     //  Create Box [metadata](S'->C')
     std::fill (ready_plaintext.begin (),

src/secure_allocator.hpp

@@ -0,0 +1,103 @@
+/*
+    Copyright (c) 2007-2019 Contributors as noted in the AUTHORS file
+
+    This file is part of libzmq, the ZeroMQ core engine in C++.
+
+    libzmq is free software; you can redistribute it and/or modify it under
+    the terms of the GNU Lesser General Public License (LGPL) as published
+    by the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    As a special exception, the Contributors give you permission to link
+    this library with independent modules to produce an executable,
+    regardless of the license terms of these independent modules, and to
+    copy and distribute the resulting executable under terms of your choice,
+    provided that you also meet, for each linked independent module, the
+    terms and conditions of the license of that module. An independent
+    module is a module which is not derived from or based on this library.
+    If you modify this library, you must extend this exception to your
+    version of the library.
+
+    libzmq is distributed in the hope that it will be useful, but WITHOUT
+    ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+    FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+    License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __ZMQ_SECURE_ALLOCATOR_HPP_INCLUDED__
+#define __ZMQ_SECURE_ALLOCATOR_HPP_INCLUDED__
+
+#include "platform.hpp"
+#include "macros.hpp"
+
+#ifdef ZMQ_HAVE_CURVE
+
+#if defined(ZMQ_USE_LIBSODIUM)
+#include "sodium.h"
+#endif
+
+#include <memory>
+
+namespace zmq
+{
+#if defined(ZMQ_USE_LIBSODIUM)
+template <class T> struct secure_allocator_t
+{
+    typedef T value_type;
+
+    secure_allocator_t () {}
+    template <class U>
+    secure_allocator_t (const secure_allocator_t<U> &) ZMQ_NOEXCEPT
+    {
+    }
+    T *allocate (std::size_t n) ZMQ_NOEXCEPT
+    {
+        T *res = static_cast<T *> (sodium_allocarray (sizeof (T), n));
+        alloc_assert (res);
+        return res;
+    }
+    void deallocate (T *p, std::size_t) ZMQ_NOEXCEPT { sodium_free (p); }
+
+    // the following is only required with C++98
+    // TODO maybe make this conditionally compiled
+    typedef T *pointer;
+    typedef const T *const_pointer;
+    typedef T &reference;
+    typedef const T &const_reference;
+    typedef std::size_t size_type;
+    typedef std::ptrdiff_t difference_type;
+    template <class U> struct rebind
+    {
+        typedef secure_allocator_t<U> other;
+    };
+
+    void construct (pointer p, const_reference val)
+    {
+        new ((void *) p) value_type (val);
+    }
+    void destroy (pointer p) { p->~value_type (); }
+    size_type max_size () const { return SIZE_MAX; }
+};
+template <class T, class U>
+bool operator== (const secure_allocator_t<T> &, const secure_allocator_t<U> &)
+{
+    return true;
+}
+template <class T, class U>
+bool operator!= (const secure_allocator_t<T> &, const secure_allocator_t<U> &)
+{
+    return false;
+}
+#else
+template <typename T> struct secure_allocator_t : std::allocator<T>
+{
+};
+#endif
+}
+
+#endif
+
+#endif

tests/test_security_curve.cpp

@@ -27,6 +27,21 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+// TODO remove this workaround for handling libsodium/tweetnacl
+
+#if defined ZMQ_CUSTOM_PLATFORM_HPP
+#include "platform.hpp"
+#else
+#include "../src/platform.hpp"
+#endif
+
+#ifndef ZMQ_USE_TWEETNACL
+#define ZMQ_USE_TWEETNACL
+#endif
+#ifdef ZMQ_USE_LIBSODIUM
+#undef ZMQ_USE_LIBSODIUM
+#endif
+
 #include "testutil.hpp"
 #include "testutil_security.hpp"
 #if defined(ZMQ_HAVE_WINDOWS)