curve_client_tools.hpp
Go to the documentation of this file.
1 /* SPDX-License-Identifier: MPL-2.0 */
2 
3 #ifndef __ZMQ_CURVE_CLIENT_TOOLS_HPP_INCLUDED__
4 #define __ZMQ_CURVE_CLIENT_TOOLS_HPP_INCLUDED__
5 
6 #ifdef ZMQ_HAVE_CURVE
7 
8 #if defined(ZMQ_USE_LIBSODIUM)
9 #include "sodium.h"
10 #endif
11 
12 #if crypto_box_NONCEBYTES != 24 || crypto_box_PUBLICKEYBYTES != 32 \
13  || crypto_box_SECRETKEYBYTES != 32 || crypto_box_ZEROBYTES != 32 \
14  || crypto_box_BOXZEROBYTES != 16
15 #error "CURVE library not built properly"
16 #endif
17 
18 #include "wire.hpp"
19 #include "err.hpp"
20 #include "secure_allocator.hpp"
21 
22 #include <vector>
23 
24 namespace zmq
25 {
26 struct curve_client_tools_t
27 {
28  static int produce_hello (void *data_,
29  const uint8_t *server_key_,
30  const uint64_t cn_nonce_,
31  const uint8_t *cn_public_,
32  const uint8_t *cn_secret_)
33  {
34  uint8_t hello_nonce[crypto_box_NONCEBYTES];
35  std::vector<uint8_t, secure_allocator_t<uint8_t> > hello_plaintext (
36  crypto_box_ZEROBYTES + 64, 0);
37  uint8_t hello_box[crypto_box_BOXZEROBYTES + 80];
38 
39  // Prepare the full nonce
40  memcpy (hello_nonce, "CurveZMQHELLO---", 16);
41  put_uint64 (hello_nonce + 16, cn_nonce_);
42 
43  // Create Box [64 * %x0](C'->S)
44  const int rc =
45  crypto_box (hello_box, &hello_plaintext[0], hello_plaintext.size (),
46  hello_nonce, server_key_, cn_secret_);
47  if (rc == -1)
48  return -1;
49 
50  uint8_t *hello = static_cast<uint8_t *> (data_);
51 
52  memcpy (hello, "\x05HELLO", 6);
53  // CurveZMQ major and minor version numbers
54  memcpy (hello + 6, "\1\0", 2);
55  // Anti-amplification padding
56  memset (hello + 8, 0, 72);
57  // Client public connection key
58  memcpy (hello + 80, cn_public_, crypto_box_PUBLICKEYBYTES);
59  // Short nonce, prefixed by "CurveZMQHELLO---"
60  memcpy (hello + 112, hello_nonce + 16, 8);
61  // Signature, Box [64 * %x0](C'->S)
62  memcpy (hello + 120, hello_box + crypto_box_BOXZEROBYTES, 80);
63 
64  return 0;
65  }
66 
67  static int process_welcome (const uint8_t *msg_data_,
68  size_t msg_size_,
69  const uint8_t *server_key_,
70  const uint8_t *cn_secret_,
71  uint8_t *cn_server_,
72  uint8_t *cn_cookie_,
73  uint8_t *cn_precom_)
74  {
75  if (msg_size_ != 168) {
76  errno = EPROTO;
77  return -1;
78  }
79 
80  uint8_t welcome_nonce[crypto_box_NONCEBYTES];
81  std::vector<uint8_t, secure_allocator_t<uint8_t> > welcome_plaintext (
82  crypto_box_ZEROBYTES + 128);
83  uint8_t welcome_box[crypto_box_BOXZEROBYTES + 144];
84 
85  // Open Box [S' + cookie](C'->S)
86  memset (welcome_box, 0, crypto_box_BOXZEROBYTES);
87  memcpy (welcome_box + crypto_box_BOXZEROBYTES, msg_data_ + 24, 144);
88 
89  memcpy (welcome_nonce, "WELCOME-", 8);
90  memcpy (welcome_nonce + 8, msg_data_ + 8, 16);
91 
92  int rc = crypto_box_open (&welcome_plaintext[0], welcome_box,
93  sizeof welcome_box, welcome_nonce,
94  server_key_, cn_secret_);
95  if (rc != 0) {
96  errno = EPROTO;
97  return -1;
98  }
99 
100  memcpy (cn_server_, &welcome_plaintext[crypto_box_ZEROBYTES], 32);
101  memcpy (cn_cookie_, &welcome_plaintext[crypto_box_ZEROBYTES + 32],
102  16 + 80);
103 
104  // Message independent precomputation
105  rc = crypto_box_beforenm (cn_precom_, cn_server_, cn_secret_);
106  zmq_assert (rc == 0);
107 
108  return 0;
109  }
110 
111  static int produce_initiate (void *data_,
112  size_t size_,
113  const uint64_t cn_nonce_,
114  const uint8_t *server_key_,
115  const uint8_t *public_key_,
116  const uint8_t *secret_key_,
117  const uint8_t *cn_public_,
118  const uint8_t *cn_secret_,
119  const uint8_t *cn_server_,
120  const uint8_t *cn_cookie_,
121  const uint8_t *metadata_plaintext_,
122  const size_t metadata_length_)
123  {
124  uint8_t vouch_nonce[crypto_box_NONCEBYTES];
125  std::vector<uint8_t, secure_allocator_t<uint8_t> > vouch_plaintext (
126  crypto_box_ZEROBYTES + 64);
127  uint8_t vouch_box[crypto_box_BOXZEROBYTES + 80];
128 
129  // Create vouch = Box [C',S](C->S')
130  std::fill (vouch_plaintext.begin (),
131  vouch_plaintext.begin () + crypto_box_ZEROBYTES, 0);
132  memcpy (&vouch_plaintext[crypto_box_ZEROBYTES], cn_public_, 32);
133  memcpy (&vouch_plaintext[crypto_box_ZEROBYTES + 32], server_key_, 32);
134 
135  memset (vouch_nonce, 0, crypto_box_NONCEBYTES);
136  memcpy (vouch_nonce, "VOUCH---", 8);
137  randombytes (vouch_nonce + 8, 16);
138 
139  int rc =
140  crypto_box (vouch_box, &vouch_plaintext[0], vouch_plaintext.size (),
141  vouch_nonce, cn_server_, secret_key_);
142  if (rc == -1)
143  return -1;
144 
145  uint8_t initiate_nonce[crypto_box_NONCEBYTES];
146  std::vector<uint8_t> initiate_box (crypto_box_BOXZEROBYTES + 144
147  + metadata_length_);
148  std::vector<uint8_t, secure_allocator_t<uint8_t> > initiate_plaintext (
149  crypto_box_ZEROBYTES + 128 + metadata_length_);
150 
151  // Create Box [C + vouch + metadata](C'->S')
152  std::fill (initiate_plaintext.begin (),
153  initiate_plaintext.begin () + crypto_box_ZEROBYTES, 0);
154 
155  // False positives due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
156 #if __GNUC__ >= 11
157 #pragma GCC diagnostic ignored "-Warray-bounds"
158 #pragma GCC diagnostic ignored "-Wstringop-overflow="
159 #endif
160  memcpy (&initiate_plaintext[crypto_box_ZEROBYTES], public_key_, 32);
161  memcpy (&initiate_plaintext[crypto_box_ZEROBYTES + 32], vouch_nonce + 8,
162  16);
163  memcpy (&initiate_plaintext[crypto_box_ZEROBYTES + 48],
164  vouch_box + crypto_box_BOXZEROBYTES, 80);
165  if (metadata_length_) {
166  memcpy (&initiate_plaintext[crypto_box_ZEROBYTES + 48 + 80],
167  metadata_plaintext_, metadata_length_);
168  }
169 #if __GNUC__ >= 11
170 #pragma GCC diagnostic pop
171 #pragma GCC diagnostic pop
172 #endif
173 
174  memcpy (initiate_nonce, "CurveZMQINITIATE", 16);
175  put_uint64 (initiate_nonce + 16, cn_nonce_);
176 
177  rc = crypto_box (&initiate_box[0], &initiate_plaintext[0],
178  crypto_box_ZEROBYTES + 128 + metadata_length_,
179  initiate_nonce, cn_server_, cn_secret_);
180 
181  if (rc == -1)
182  return -1;
183 
184  uint8_t *initiate = static_cast<uint8_t *> (data_);
185 
186  zmq_assert (size_
187  == 113 + 128 + crypto_box_BOXZEROBYTES + metadata_length_);
188 
189  memcpy (initiate, "\x08INITIATE", 9);
190  // Cookie provided by the server in the WELCOME command
191  memcpy (initiate + 9, cn_cookie_, 96);
192  // Short nonce, prefixed by "CurveZMQINITIATE"
193  memcpy (initiate + 105, initiate_nonce + 16, 8);
194  // Box [C + vouch + metadata](C'->S')
195  memcpy (initiate + 113, &initiate_box[crypto_box_BOXZEROBYTES],
196  128 + metadata_length_ + crypto_box_BOXZEROBYTES);
197 
198  return 0;
199  }
200 
201  static bool is_handshake_command_welcome (const uint8_t *msg_data_,
202  const size_t msg_size_)
203  {
204  return is_handshake_command (msg_data_, msg_size_, "\7WELCOME");
205  }
206 
207  static bool is_handshake_command_ready (const uint8_t *msg_data_,
208  const size_t msg_size_)
209  {
210  return is_handshake_command (msg_data_, msg_size_, "\5READY");
211  }
212 
213  static bool is_handshake_command_error (const uint8_t *msg_data_,
214  const size_t msg_size_)
215  {
216  return is_handshake_command (msg_data_, msg_size_, "\5ERROR");
217  }
218 
219  // non-static functions
220  curve_client_tools_t (
221  const uint8_t (&curve_public_key_)[crypto_box_PUBLICKEYBYTES],
222  const uint8_t (&curve_secret_key_)[crypto_box_SECRETKEYBYTES],
223  const uint8_t (&curve_server_key_)[crypto_box_PUBLICKEYBYTES])
224  {
225  int rc;
226  memcpy (public_key, curve_public_key_, crypto_box_PUBLICKEYBYTES);
227  memcpy (secret_key, curve_secret_key_, crypto_box_SECRETKEYBYTES);
228  memcpy (server_key, curve_server_key_, crypto_box_PUBLICKEYBYTES);
229 
230  // Generate short-term key pair
231  memset (cn_secret, 0, crypto_box_SECRETKEYBYTES);
232  memset (cn_public, 0, crypto_box_PUBLICKEYBYTES);
233  rc = crypto_box_keypair (cn_public, cn_secret);
234  zmq_assert (rc == 0);
235  }
236 
237  int produce_hello (void *data_, const uint64_t cn_nonce_) const
238  {
239  return produce_hello (data_, server_key, cn_nonce_, cn_public,
240  cn_secret);
241  }
242 
243  int process_welcome (const uint8_t *msg_data_,
244  size_t msg_size_,
245  uint8_t *cn_precom_)
246  {
247  return process_welcome (msg_data_, msg_size_, server_key, cn_secret,
248  cn_server, cn_cookie, cn_precom_);
249  }
250 
251  int produce_initiate (void *data_,
252  size_t size_,
253  const uint64_t cn_nonce_,
254  const uint8_t *metadata_plaintext_,
255  const size_t metadata_length_) const
256  {
257  return produce_initiate (data_, size_, cn_nonce_, server_key,
258  public_key, secret_key, cn_public, cn_secret,
259  cn_server, cn_cookie, metadata_plaintext_,
260  metadata_length_);
261  }
262 
263  // Our public key (C)
264  uint8_t public_key[crypto_box_PUBLICKEYBYTES];
265 
266  // Our secret key (c)
267  uint8_t secret_key[crypto_box_SECRETKEYBYTES];
268 
269  // Our short-term public key (C')
270  uint8_t cn_public[crypto_box_PUBLICKEYBYTES];
271 
272  // Our short-term secret key (c')
273  uint8_t cn_secret[crypto_box_SECRETKEYBYTES];
274 
275  // Server's public key (S)
276  uint8_t server_key[crypto_box_PUBLICKEYBYTES];
277 
278  // Server's short-term public key (S')
279  uint8_t cn_server[crypto_box_PUBLICKEYBYTES];
280 
281  // Cookie received from server
282  uint8_t cn_cookie[16 + 80];
283 
284  private:
285  template <size_t N>
286  static bool is_handshake_command (const uint8_t *msg_data_,
287  const size_t msg_size_,
288  const char (&prefix_)[N])
289  {
290  return msg_size_ >= (N - 1) && !memcmp (msg_data_, prefix_, N - 1);
291  }
292 };
293 }
294 
295 #endif
296 
297 #endif
data_
StringPiece data_
Definition: bytestream_unittest.cc:60
zmq_assert
#define zmq_assert(x)
Definition: err.hpp:102
errno
int errno
wire.hpp
zmq
Definition: zmq.hpp:229
EPROTO
#define EPROTO
Definition: err.hpp:26
secure_allocator.hpp
zmq::put_uint64
void put_uint64(unsigned char *buffer_, uint64_t value_)
Definition: wire.hpp:51
err.hpp
prefix_
std::string prefix_
Definition: src/google/protobuf/descriptor.cc:378

libaditof
Author(s):
autogenerated on Wed May 21 2025 02:06:49