zeromq / libcurve Goto Github PK
View Code? Open in Web Editor NEWAn encryption and authentication library for ZeroMQ applications
Home Page: http://curvezmq.org
License: Mozilla Public License 2.0
An encryption and authentication library for ZeroMQ applications
Home Page: http://curvezmq.org
License: Mozilla Public License 2.0
A bit long winded, but I am at a roadblock.
First of all, thank you so much for this library/project. Internet security, privacy, and end-to-end encryption has never been more important. To cut to the chase:
I am modifying the curve_server.c to my needs. Currently, I have left the recv portion of the code alone, for the most part, except instead of relying on decrementing the test clients, I have changed it to a while(true) to allow it to persist:
...
while (true) {
printf("recv \n");
zmsg_t *msg = curve_server_recv (server);
if (memcmp (zframe_data (zmsg_last (msg)), "END", 3) == 0)
live_clients--;
curve_server_send (server, &msg);
}
...
Currently, on my client side, I am supplying this:
...
client = curve_client_new(&client_cert);
curve_client_set_metadata (client, (char *)"Client", (char *)"CURVEZMQ/curve_client");
curve_client_set_metadata (client, (char *)"Identity", (char *)"E475DA11");
curve_client_set_verbose (client, true);
curve_client_connect (client, (char *)"tcp://redacted:9000", zcert_public_key (server_cert));
...
And I know it connects, because the log output is:
Received C:HELLO
Received C:INITIATE
ZAUTH I: ALLOWED (CURVE) client_key=XiI!mAM>RoWle35!v@wqhxNaf?93}2Ks@@LA#lrM
Now, the pattern I want to support is as such:
Currently, this leads me to the following questions:
Thank you so much for your help!
I look forward to contributing to this project once I get these basics out of the way.
.
Using Gentoo (4.8.0-gentoo x86_64 Intel(R) Core(TM) i7-2860QM CPU @ 2.50GHz) I have also configuration and compilation errors following the instructions. For libcurve.
I have uploaded the following patch to get around the issue ...
Configuration: configure.ac.patch
Compilation: libcurve_src.patch
--- cut: configure.ac.patch ---
diff -rup a/configure.ac b/configure.ac
--- a/configure.ac 2016-10-14 12:09:03.759810377 -0400
+++ b/configure.ac 2016-10-14 12:06:42.131814561 -0400
@@ -72,48 +72,48 @@ PREVIOUS_CFLAGS="${CFLAGS}"
PREVIOUS_LIBS="${LIBS}"
-was_libzmq_check_lib_detected=no
+was_zmq_check_lib_detected=no
-PKG_CHECK_MODULES([libzmq], [libzmq >= 0.0.0],
+PKG_CHECK_MODULES([zmq], [zmq >= 0.0.0],
[
],
[
- AC_ARG_WITH([libzmq],
+ AC_ARG_WITH([zmq],
[
- AS_HELP_STRING([--with-libzmq],
- [Specify libzmq prefix])
+ AS_HELP_STRING([--with-zmq],
+ [Specify zmq prefix])
],
- [search_libzmq="yes"],
+ [search_zmq="yes"],
[])
- libzmq_synthetic_cflags=""
- libzmq_synthetic_libs="-lzmq"
+ zmq_synthetic_cflags=""
+ zmq_synthetic_libs="-lzmq"
- if test "x$search_libzmq" = "xyes"; then
- if test -r "${with_libzmq}/include/zmq.h"; then
- libzmq_synthetic_cflags="-I${with_libzmq}/include"
- libzmq_synthetic_libs="-L${with_libzmq}/lib -lzmq"
+ if test "x$search_zmq" = "xyes"; then
+ if test -r "${with_zmq}/include/zmq.h"; then
+ zmq_synthetic_cflags="-I${with_zmq}/include"
+ zmq_synthetic_libs="-L${with_zmq}/lib -lzmq"
else
- AC_MSG_ERROR([${with_libzmq}/include/zmq.h not found. Please check libzmq prefix])
+ AC_MSG_ERROR([${with_zmq}/include/zmq.h not found. Please check zmq prefix])
fi
fi
- AC_CHECK_LIB([libzmq], [zmq_init],
+ AC_CHECK_LIB([zmq], [zmq_init],
[
- CFLAGS="${libzmq_synthetic_cflags} ${CFLAGS}"
- LDFLAGS="${libzmq_synthetic_libs} ${LDFLAGS}"
- LIBS="${libzmq_synthetic_libs} ${LIBS}"
+ CFLAGS="${zmq_synthetic_cflags} ${CFLAGS}"
+ LDFLAGS="${zmq_synthetic_libs} ${LDFLAGS}"
+ LIBS="${zmq_synthetic_libs} ${LIBS}"
- AC_SUBST([libzmq_CFLAGS],[${libzmq_synthetic_cflags}])
- AC_SUBST([libzmq_LIBS],[${libzmq_synthetic_libs}])
- was_libzmq_check_lib_detected=yes
+ AC_SUBST([zmq_CFLAGS],[${zmq_synthetic_cflags}])
+ AC_SUBST([zmq_LIBS],[${zmq_synthetic_libs}])
+ was_zmq_check_lib_detected=yes
],
- [AC_MSG_ERROR([cannot link with -lzmq, install libzmq])])
+ [AC_MSG_ERROR([cannot link with -lzmq, install zmq])])
])
-if test "x$was_libzmq_check_lib_detected" = "xno"; then
- CFLAGS="${libzmq_CFLAGS} ${CFLAGS}"
- LIBS="${libzmq_LIBS} ${LIBS}"
+if test "x$was_zmq_check_lib_detected" = "xno"; then
+ CFLAGS="${zmq_CFLAGS} ${CFLAGS}"
+ LIBS="${zmq_LIBS} ${LIBS}"
fi
was_uuid_check_lib_detected=no
@@ -164,31 +164,31 @@ fi
was_czmq_check_lib_detected=no
-PKG_CHECK_MODULES([czmq], [libczmq >= 0.0.0],
+PKG_CHECK_MODULES([czmq], [czmq >= 0.0.0],
[
],
[
- AC_ARG_WITH([libczmq],
+ AC_ARG_WITH([czmq],
[
- AS_HELP_STRING([--with-libczmq],
- [Specify libczmq prefix])
+ AS_HELP_STRING([--with-czmq],
+ [Specify czmq prefix])
],
- [search_libczmq="yes"],
+ [search_czmq="yes"],
[])
czmq_synthetic_cflags=""
czmq_synthetic_libs="-lczmq"
- if test "x$search_libczmq" = "xyes"; then
- if test -r "${with_libczmq}/include/czmq.h"; then
- czmq_synthetic_cflags="-I${with_libczmq}/include"
- czmq_synthetic_libs="-L${with_libczmq}/lib -lczmq"
+ if test "x$search_czmq" = "xyes"; then
+ if test -r "${with_czmq}/include/czmq.h"; then
+ czmq_synthetic_cflags="-I${with_czmq}/include"
+ czmq_synthetic_libs="-L${with_czmq}/lib -lczmq"
else
- AC_MSG_ERROR([${with_libczmq}/include/czmq.h not found. Please check libczmq prefix])
+ AC_MSG_ERROR([${with_czmq}/include/czmq.h not found. Please check czmq prefix])
fi
fi
- AC_CHECK_LIB([libczmq], [zctx_test],
+ AC_CHECK_LIB([czmq], [zctx_test],
[
CFLAGS="${czmq_synthetic_cflags} ${CFLAGS}"
LDFLAGS="${czmq_synthetic_libs} ${LDFLAGS}"
@@ -198,7 +198,7 @@ PKG_CHECK_MODULES([czmq], [libczmq >= 0.
AC_SUBST([czmq_LIBS],[${czmq_synthetic_libs}])
was_czmq_check_lib_detected=yes
],
- [AC_MSG_ERROR([cannot link with -lczmq, install libczmq])])
+ [AC_MSG_ERROR([cannot link with -lczmq, install czmq])])
])
if test "x$was_czmq_check_lib_detected" = "xno"; then
@@ -206,48 +206,48 @@ if test "x$was_czmq_check_lib_detected"
LIBS="${czmq_LIBS} ${LIBS}"
fi
-was_libsodium_check_lib_detected=no
+was_sodium_check_lib_detected=no
-PKG_CHECK_MODULES([libsodium], [libsodium >= 0.0.0],
+PKG_CHECK_MODULES([sodium], [sodium >= 0.0.0],
[
],
[
- AC_ARG_WITH([libsodium],
+ AC_ARG_WITH([sodium],
[
- AS_HELP_STRING([--with-libsodium],
- [Specify libsodium prefix])
+ AS_HELP_STRING([--with-sodium],
+ [Specify sodium prefix])
],
- [search_libsodium="yes"],
+ [search_sodium="yes"],
[])
- libsodium_synthetic_cflags=""
- libsodium_synthetic_libs="-lsodium"
+ sodium_synthetic_cflags=""
+ sodium_synthetic_libs="-lsodium"
- if test "x$search_libsodium" = "xyes"; then
- if test -r "${with_libsodium}/include/sodium.h"; then
- libsodium_synthetic_cflags="-I${with_libsodium}/include"
- libsodium_synthetic_libs="-L${with_libsodium}/lib -lsodium"
+ if test "x$search_sodium" = "xyes"; then
+ if test -r "${with_sodium}/include/sodium.h"; then
+ sodium_synthetic_cflags="-I${with_sodium}/include"
+ sodium_synthetic_libs="-L${with_sodium}/lib -lsodium"
else
- AC_MSG_ERROR([${with_libsodium}/include/sodium.h not found. Please check libsodium prefix])
+ AC_MSG_ERROR([${with_sodium}/include/sodium.h not found. Please check sodium prefix])
fi
fi
- AC_CHECK_LIB([libsodium], [sodium_init],
+ AC_CHECK_LIB([sodium], [sodium_init],
[
- CFLAGS="${libsodium_synthetic_cflags} ${CFLAGS}"
- LDFLAGS="${libsodium_synthetic_libs} ${LDFLAGS}"
- LIBS="${libsodium_synthetic_libs} ${LIBS}"
+ CFLAGS="${sodium_synthetic_cflags} ${CFLAGS}"
+ LDFLAGS="${sodium_synthetic_libs} ${LDFLAGS}"
+ LIBS="${sodium_synthetic_libs} ${LIBS}"
- AC_SUBST([libsodium_CFLAGS],[${libsodium_synthetic_cflags}])
- AC_SUBST([libsodium_LIBS],[${libsodium_synthetic_libs}])
- was_libsodium_check_lib_detected=yes
+ AC_SUBST([sodium_CFLAGS],[${sodium_synthetic_cflags}])
+ AC_SUBST([sodium_LIBS],[${sodium_synthetic_libs}])
+ was_sodium_check_lib_detected=yes
],
- [AC_MSG_ERROR([cannot link with -lsodium, install libsodium])])
+ [AC_MSG_ERROR([cannot link with -lsodium, install sodium])])
])
-if test "x$was_libsodium_check_lib_detected" = "xno"; then
- CFLAGS="${libsodium_CFLAGS} ${CFLAGS}"
- LIBS="${libsodium_LIBS} ${LIBS}"
+if test "x$was_sodium_check_lib_detected" = "xno"; then
+ CFLAGS="${sodium_CFLAGS} ${CFLAGS}"
+ LIBS="${sodium_LIBS} ${LIBS}"
fi
CFLAGS="${PREVIOUS_CFLAGS}"
--- cut ---
--- cut: libcurve_src.patch ---
diff -rup a/src/curve_client.c b/src/curve_client.c
--- a/src/curve_client.c 2016-10-14 12:17:20.363795704 -0400
+++ b/src/curve_client.c 2016-10-14 12:17:04.746796165 -0400
@@ -518,7 +518,7 @@ curve_client_test (bool verbose)
curve_client_set_metadata (client, "Client", "CURVEZMQ/curve_client");
curve_client_set_metadata (client, "Identity", "E475DA11");
curve_client_set_verbose (client, verbose);
- curve_client_connect (client, "tcp://127.0.0.1:9005", zcert_public_key (server_cert));
+ curve_client_connect (client, "tcp://127.0.0.1:9005", (byte *)zcert_public_key (server_cert));
curve_client_sendstr (client, "Hello, World");
char *reply = curve_client_recvstr (client);
diff -rup a/src/curve_codec.c b/src/curve_codec.c
--- a/src/curve_codec.c 2016-10-14 12:17:20.363795704 -0400
+++ b/src/curve_codec.c 2016-10-14 12:17:04.746796165 -0400
@@ -496,7 +496,7 @@ s_produce_hello (curve_codec_t *self)
signature, 64,
"CurveZMQHELLO---",
self->peer_permakey, // Server public key
- zcert_secret_key (self->transcert));
+ (byte *)zcert_secret_key (self->transcert));
return command;
}
@@ -513,7 +513,7 @@ s_process_hello (curve_codec_t *self, zf
signature_received, 64,
"CurveZMQHELLO---",
hello->client,
- zcert_secret_key (self->permacert));
+ (byte *)zcert_secret_key (self->permacert));
return rc;
}
@@ -562,7 +562,7 @@ s_produce_welcome (curve_codec_t *self)
plain, 128,
"WELCOME-",
self->peer_transkey,
- zcert_secret_key (self->permacert));
+ (byte *)zcert_secret_key (self->permacert));
return command;
}
@@ -579,7 +579,7 @@ s_process_welcome (curve_codec_t *self,
plain, 128,
"WELCOME-",
self->peer_permakey, // Server public key
- zcert_secret_key (self->transcert));
+ (byte *)zcert_secret_key (self->transcert));
if (rc == 0) {
memcpy (self->peer_transkey, plain, 32);
@@ -618,7 +618,7 @@ s_produce_initiate (curve_codec_t *self)
vouch_plain, 64,
"VOUCH---",
self->peer_transkey,
- zcert_secret_key (self->permacert));
+ (byte *)zcert_secret_key (self->permacert));
// Working variables for crypto calls
size_t box_size = 128 + self->metadata_size;
@@ -697,7 +697,7 @@ s_process_initiate (curve_codec_t *self,
plain, 64,
"VOUCH---",
self->peer_permakey,
- zcert_secret_key (self->transcert));
+ (byte *)zcert_secret_key (self->transcert));
// Check vouch is short term client public key plus our public key
if (rc == 0
diff -rup a/src/curve_server.c b/src/curve_server.c
--- a/src/curve_server.c 2016-10-14 12:17:20.363795704 -0400
+++ b/src/curve_server.c 2016-10-14 12:17:04.746796165 -0400
@@ -608,7 +608,7 @@ client_task (void *args)
zcert_t *server_cert = zcert_load (TESTDIR "/server.cert");
assert (server_cert);
- curve_client_connect (client, "tcp://127.0.0.1:9006", zcert_public_key (server_cert));
+ curve_client_connect (client, "tcp://127.0.0.1:9006", (byte *)zcert_public_key (server_cert));
zcert_destroy (&server_cert);
curve_client_sendstr (client, "Hello, World");
--- cut ---
... hope this helps someone.
.
Fix #14 introduced an error while generating the vouch for INITIATE Message
vouch-box = Box C',S
The actual code is using the precomputed key --> Box C',S therefore there's no way of validating the Client's Permanent Secret Key
To fix the issue
Line 627:
s_encrypt (self, vouch_crypt,
vouch_plain, 64,
"VOUCH---",
NULL, NULL);
Should be replaced with:
s_encrypt (self, vouch_crypt,
vouch_plain, 64,
"VOUCH---",
self->peer_transkey, zcert_secret_key (self->permacert));
Line 704:
int rc = s_decrypt (self,
vouch,
plain, 64,
"VOUCH---",
NULL, NULL);
Should be replaced with:
int rc = s_decrypt (self,
vouch,
plain, 64,
"VOUCH---",
self->peer_permakey, zcert_secret_key(self->transcert));
Are there any other examples of using libcurve other than the selftest.
My application will send messages over arbitrary transports, anything from email, to http to sneaker net using a storage device.
...
I've been code surfing the libcurve and czmq repositories and I can't find where frames are encrypted. What cipher is being used? Where in the code is this done?
Can someone offer a high level walk through of how libcurve/czmq uses libsodium from start to finish? My hope is to get an established pair of keys via getsocketop() and use them to manually encrypt messages being sent on an existing RPC channel between two points.
Thanks
I am new to zeromq. I was trying to follow the instruction however failed to build the libcurve with MSBuild (all version from VS2010, VS2012, VS2013 and VS2015). I have the following built success:
I would like to get your opinion on how to build libcurve in a proper way. I have attached the build log files for more details.
Thank you very much.
I followed all the installation procedure and I got following error. anyone can help out?
gcc --version
gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3
Copyright (C) 2011 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
make check
Making check in src
make[1]: Entering directory /root/libcurve/src' /bin/sh ../libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../include -pedantic -Werror -Wall -D_GNU_SOURCE -DLINUX -D_REENTRANT -D_THREAD_SAFE -g -O2 -MT curve_client.lo -MD -MP -MF .deps/curve_client.Tpo -c -o curve_client.lo curve_client.c libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../include -pedantic -Werror -Wall -D_GNU_SOURCE -DLINUX -D_REENTRANT -D_THREAD_SAFE -g -O2 -MT curve_client.lo -MD -MP -MF .deps/curve_client.Tpo -c curve_client.c -fPIC -DPIC -o .libs/curve_client.o curve_client.c: In function 'curve_client_new': curve_client.c:68:5: error: too many arguments to function 'zstr_sendm' /usr/include/zstr.h:37:5: note: declared here curve_client.c: In function 'curve_client_set_verbose': curve_client.c:126:5: error: too many arguments to function 'zstr_send' /usr/include/zstr.h:32:5: note: declared here curve_client.c: In function 's_agent_new': curve_client.c:253:5: error: format not a string literal and no format arguments [-Werror=format-security] curve_client.c: In function 's_agent_handle_control': curve_client.c:308:9: error: format not a string literal and no format arguments [-Werror=format-security] curve_client.c:318:13: error: format not a string literal and no format arguments [-Werror=format-security] cc1: all warnings being treated as errors make[1]: *** [curve_client.lo] Error 1 make[1]: Leaving directory
/root/libcurve/src'
make: *** [check-recursive] Error 1
I got an issue compiling the current master of libcurve
I pushed my console-output to gist for review:
https://gist.github.com/krombel/8490f556d784bbf67ce5
libsodium, libzmq and czmq were installed previously and could be tested with small examples
I was testing with linuxmint 17.3 and debian 8
Thank you for you help.
I followed the steps in the README.md
All the required dependency (libsodium, libzmq, czmq) are latest. Am able to build upto czmq, however libcurve build fails with error: configure: error: cannot link with -lczmq, install libczmq
config.log shows the following error:
configure:13007: checking for pkg-config
configure:13025: found /usr/bin/pkg-config
configure:13037: result: /usr/bin/pkg-config
configure:13062: checking pkg-config is at least version 0.9.0
configure:13065: result: yes
configure:13174: checking for libzmq
configure:13181: $PKG_CONFIG --exists --print-errors "libzmq >= 0.0.0"
configure:13184: $? = 0
configure:13198: $PKG_CONFIG --exists --print-errors "libzmq >= 0.0.0"
configure:13201: $? = 0
configure:13383: result: yes
configure:13462: checking for czmq
configure:13486: $PKG_CONFIG --exists --print-errors "libczmq < 4"
Requested 'libczmq < 4' but version of libczmq is 4.0.3
configure:13489: $? = 1
configure:13503: result: no
Requested 'libczmq < 4' but version of libczmq is 4.0.3
configure:13520: Package libczmq not found with needed constraints; falling back to defined compilability tests
Looks like i need to use a older version of libczmq which might further need older version of previous libraries. However before I try that any better workaround??
I followed the instructions, however it fails for me on the the checking stage.
My environment is: gcc (Ubuntu 5.4.0-6ubuntu1~16.04.2) 5.4.0 20160609
The error seem a bit trivial related to byte_/const byte_, but I'd rather don't touch as I'm not familiar with the module internals.
I copy from the relevant part of the checks, the error I get is:
configure: ENABLE_CURVE_SELFTEST defined
checking return type of signal handlers... void
checking for perror... yes
checking for gettimeofday... yes
checking for memset... no
checking for getifaddrs... yes
configure: Building stable and legacy API + draft API
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating doc/Makefile
config.status: creating src/libcurve.pc
config.status: creating src/platform.h
config.status: src/platform.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
Making all in doc
make[1]: Entering directory '/home/test/workspace/libcurve/doc'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/test/workspace/libcurve/doc'
make[1]: Entering directory '/home/test/workspace/libcurve'
CC src/src_libcurve_la-curve_client.lo
src/curve_client.c: In function ‘curve_client_test’:
src/curve_client.c:521:59: error: passing argument 3 of ‘curve_client_connect’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
curve_client_connect (client, "tcp://127.0.0.1:9005", zcert_public_key (ser
^
src/curve_client.c:123:1: note: expected ‘byte * {aka unsigned char }’ but argument is of type ‘const byte * {aka const unsigned char *}’
curve_client_connect (curve_client_t *self, char *endpoint, byte *server_key)
^
cc1: all warnings being treated as errors
Makefile:922: recipe for target 'src/src_libcurve_la-curve_client.lo' failed
make[1]: ** [src/src_libcurve_la-curve_client.lo] Error 1
make[1]: Leaving directory '/home/test/workspace/libcurve'
Makefile:1022: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.