libzmq/src/curve_mechanism_base.hpp

/* SPDX-License-Identifier: MPL-2.0 */

#ifndef __ZMQ_CURVE_MECHANISM_BASE_HPP_INCLUDED__
#define __ZMQ_CURVE_MECHANISM_BASE_HPP_INCLUDED__

#ifdef ZMQ_HAVE_CURVE

#if defined(ZMQ_USE_LIBSODIUM)
#include "sodium.h"
#endif

#if crypto_box_NONCEBYTES != 24 || crypto_box_PUBLICKEYBYTES != 32             \
  || crypto_box_SECRETKEYBYTES != 32 || crypto_box_ZEROBYTES != 32             \
  || crypto_box_BOXZEROBYTES != 16 || crypto_secretbox_NONCEBYTES != 24        \
  || crypto_secretbox_ZEROBYTES != 32 || crypto_secretbox_BOXZEROBYTES != 16
#error "CURVE library not built properly"
#endif

#include "mechanism_base.hpp"
#include "options.hpp"

#include <memory>

namespace zmq
{
class curve_encoding_t
{
  public:
    curve_encoding_t (const char *encode_nonce_prefix_,
                      const char *decode_nonce_prefix_,
                      const bool downgrade_sub_);

    int encode (msg_t *msg_);
    int decode (msg_t *msg_, int *error_event_code_);

    uint8_t *get_writable_precom_buffer () { return _cn_precom; }
    const uint8_t *get_precom_buffer () const { return _cn_precom; }

    typedef uint64_t nonce_t;

    nonce_t get_and_inc_nonce () { return _cn_nonce++; }
    void set_peer_nonce (nonce_t peer_nonce_) { _cn_peer_nonce = peer_nonce_; };

  private:
    int check_validity (msg_t *msg_, int *error_event_code_);

    const char *_encode_nonce_prefix;
    const char *_decode_nonce_prefix;

    nonce_t _cn_nonce;
    nonce_t _cn_peer_nonce;

    //  Intermediary buffer used to speed up boxing and unboxing.
    uint8_t _cn_precom[crypto_box_BEFORENMBYTES];

    const bool _downgrade_sub;

    ZMQ_NON_COPYABLE_NOR_MOVABLE (curve_encoding_t)
};

class curve_mechanism_base_t : public virtual mechanism_base_t,
                               public curve_encoding_t
{
  public:
    curve_mechanism_base_t (session_base_t *session_,
                            const options_t &options_,
                            const char *encode_nonce_prefix_,
                            const char *decode_nonce_prefix_,
                            const bool downgrade_sub_);

    // mechanism implementation
    int encode (msg_t *msg_) ZMQ_OVERRIDE;
    int decode (msg_t *msg_) ZMQ_OVERRIDE;
};
}

#endif

#endif
Relicense from LGPL3 + exceptions to Mozilla Public License version 2.0 Relicense permission collected from all relevant authors as tallied at: https://github.com/rlenferink/libzmq-relicense/blob/master/checklist.md The relicense grants are collected under RELICENSE/ and will be moved to the above repository in a later commit. Fixes https://github.com/zeromq/libzmq/issues/2376 2023-06-05 00:16:05 +01:00			`/* SPDX-License-Identifier: MPL-2.0 */`
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t 2017-08-18 11:34:22 +02:00
			`#ifndef __ZMQ_CURVE_MECHANISM_BASE_HPP_INCLUDED__`
			`#define __ZMQ_CURVE_MECHANISM_BASE_HPP_INCLUDED__`

			`#ifdef ZMQ_HAVE_CURVE`

Problem: no permission to relicense tweetnacl integration Solution: remove implementation. Frank Hartmann <soundart@gmx.net>, the author, rejected our request to relicense under MPL2, so we have to remove his copyrighted work. Tweetnacl is not security-supported and could not be used in production environments anyway, the supported backend is libsodium. 2023-02-18 13:43:16 +00:00			`#if defined(ZMQ_USE_LIBSODIUM)`
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t 2017-08-18 11:34:22 +02:00			`#include "sodium.h"`
			`#endif`

			`#if crypto_box_NONCEBYTES != 24 \|\| crypto_box_PUBLICKEYBYTES != 32 \`
			`\|\| crypto_box_SECRETKEYBYTES != 32 \|\| crypto_box_ZEROBYTES != 32 \`
			`\|\| crypto_box_BOXZEROBYTES != 16 \|\| crypto_secretbox_NONCEBYTES != 24 \`
			`\|\| crypto_secretbox_ZEROBYTES != 32 \|\| crypto_secretbox_BOXZEROBYTES != 16`
			`#error "CURVE library not built properly"`
			`#endif`

			`#include "mechanism_base.hpp"`
			`#include "options.hpp"`

Problem: no C++ style secure memory allocator available Solution: Added secure_allocator_t based on libsodium's memory management functions when available 2019-07-11 12:59:23 +02:00			`#include <memory>`

Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t 2017-08-18 11:34:22 +02:00			`namespace zmq`
			`{`
Problem: curve encoding and decoding are not easily testable Solution: extract into separate class curve_encoding_t 2020-02-03 11:56:37 +01:00			`class curve_encoding_t`
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t 2017-08-18 11:34:22 +02:00			`{`
			`public:`
Problem: curve encoding and decoding are not easily testable Solution: extract into separate class curve_encoding_t 2020-02-03 11:56:37 +01:00			`curve_encoding_t (const char *encode_nonce_prefix_,`
Problem: sub/cancel broken with CURVE Solution: handle downgrading sub/cancel messages in CURVE engine 2020-05-03 17:29:19 +01:00			`const char *decode_nonce_prefix_,`
			`const bool downgrade_sub_);`
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t 2017-08-18 11:34:22 +02:00
Problem: curve encoding and decoding are not easily testable Solution: extract into separate class curve_encoding_t 2020-02-03 11:56:37 +01:00			`int encode (msg_t *msg_);`
			`int decode (msg_t msg_, int error_event_code_);`

			`uint8_t *get_writable_precom_buffer () { return _cn_precom; }`
			`const uint8_t *get_precom_buffer () const { return _cn_precom; }`

Problem: curve_encoding_t involves unnecesary heap allocations and copying of message data Solution: use crypto_box_easy_afternm and crypto_box_open_easy_afternm in-place 2020-02-03 15:26:29 +01:00			`typedef uint64_t nonce_t;`

			`nonce_t get_and_inc_nonce () { return _cn_nonce++; }`
			`void set_peer_nonce (nonce_t peer_nonce_) { _cn_peer_nonce = peer_nonce_; };`
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t 2017-08-18 11:34:22 +02:00
Problem: naming convention violated by curve_mechanism_base Solution: change to conform with naming convention 2020-02-03 11:44:10 +01:00			`private:`
Problem: curve_encoding_t involves unnecesary heap allocations and copying of message data Solution: use crypto_box_easy_afternm and crypto_box_open_easy_afternm in-place 2020-02-03 15:26:29 +01:00			`int check_validity (msg_t msg_, int error_event_code_);`

Problem: naming convention violated by curve_mechanism_base Solution: change to conform with naming convention 2020-02-03 11:44:10 +01:00			`const char *_encode_nonce_prefix;`
			`const char *_decode_nonce_prefix;`
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t 2017-08-18 11:34:22 +02:00
Problem: curve_encoding_t involves unnecesary heap allocations and copying of message data Solution: use crypto_box_easy_afternm and crypto_box_open_easy_afternm in-place 2020-02-03 15:26:29 +01:00			`nonce_t _cn_nonce;`
			`nonce_t _cn_peer_nonce;`
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t 2017-08-18 11:34:22 +02:00
			`// Intermediary buffer used to speed up boxing and unboxing.`
Problem: naming convention violated by curve_mechanism_base Solution: change to conform with naming convention 2020-02-03 11:44:10 +01:00			`uint8_t _cn_precom[crypto_box_BEFORENMBYTES];`
Problem: curve encoding and decoding are not easily testable Solution: extract into separate class curve_encoding_t 2020-02-03 11:56:37 +01:00
Problem: sub/cancel broken with CURVE Solution: handle downgrading sub/cancel messages in CURVE engine 2020-05-03 17:29:19 +01:00			`const bool _downgrade_sub;`

Problem: curve encoding and decoding are not easily testable Solution: extract into separate class curve_encoding_t 2020-02-03 11:56:37 +01:00			`ZMQ_NON_COPYABLE_NOR_MOVABLE (curve_encoding_t)`
			`};`

			`class curve_mechanism_base_t : public virtual mechanism_base_t,`
			`public curve_encoding_t`
			`{`
			`public:`
			`curve_mechanism_base_t (session_base_t *session_,`
			`const options_t &options_,`
			`const char *encode_nonce_prefix_,`
Problem: sub/cancel broken with CURVE Solution: handle downgrading sub/cancel messages in CURVE engine 2020-05-03 17:29:19 +01:00			`const char *decode_nonce_prefix_,`
			`const bool downgrade_sub_);`
Problem: curve encoding and decoding are not easily testable Solution: extract into separate class curve_encoding_t 2020-02-03 11:56:37 +01:00
			`// mechanism implementation`
			`int encode (msg_t *msg_) ZMQ_OVERRIDE;`
			`int decode (msg_t *msg_) ZMQ_OVERRIDE;`
Problem: code duplication between curve_client_t and curve_server_t decode and encode Solution: extracted common base class curve_mechanism_base_t 2017-08-18 11:34:22 +02:00			`};`
			`}`

			`#endif`

			`#endif`