Merge pull request #1018 from soundart/master

curve: initialize crypto libs before usage

Merge pull request #1018 from soundart/master
curve: initialize crypto libs before usage
1cf12ee6 · Pieter Hintjens · ba22eff6 · b846f307 · 1cf12ee6 · 1cf12ee6
Commit 1cf12ee6 authored May 09, 2014 by Pieter Hintjens
5 changed files
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -29,6 +29,8 @@ if(WITH_TWEETNACL)
  else()
    list(APPEND TWEETNACL_SOURCES tweetnacl/contrib/randombytes/devurandom.c)
  endif()
+else()
+  find_library(SODIUM_FOUND sodium)
 endif()


@@ -610,7 +612,7 @@ else()
    endif()
 endif()

-target_link_libraries(libzmq ${CMAKE_THREAD_LIBS_INIT})
+target_link_libraries(libzmq ${SODIUM_LIBRARY} ${CMAKE_THREAD_LIBS_INIT})
 if(HAVE_WS2_32)
  target_link_libraries(libzmq ws2_32)
 elseif(HAVE_WS2)

--- a/src/curve_client.cpp
+++ b/src/curve_client.cpp
@@ -33,11 +33,21 @@

 zmq::curve_client_t::curve_client_t (const options_t &options_) :
    mechanism_t (options_),
-    state (send_hello)
+    state (send_hello),
+    sync()
 {
    memcpy (public_key, options_.curve_public_key, crypto_box_PUBLICKEYBYTES);
    memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES);
    memcpy (server_key, options_.curve_server_key, crypto_box_PUBLICKEYBYTES);
+    scoped_lock_t lock (sync);
+#if defined(HAVE_TWEETNACL)
+    // allow opening of /dev/urandom
+    unsigned char tmpbytes[4];
+    randombytes(tmpbytes, 4);
+#else
+    // todo check return code
+    sodium_init();
+#endif

    //  Generate short-term key pair
    const int rc = crypto_box_keypair (cn_public, cn_secret);
@@ -318,7 +328,7 @@ int zmq::curve_client_t::produce_initiate (msg_t *msg_)

    //  Create Box [C + vouch + metadata](C'->S')
    memset (initiate_plaintext, 0, crypto_box_ZEROBYTES);
-    memcpy (initiate_plaintext + crypto_box_ZEROBYTES, 
+    memcpy (initiate_plaintext + crypto_box_ZEROBYTES,
            public_key, 32);
    memcpy (initiate_plaintext + crypto_box_ZEROBYTES + 32,
            vouch_nonce + 8, 16);

--- a/src/curve_client.hpp
+++ b/src/curve_client.hpp
@@ -21,6 +21,7 @@
 #define __ZMQ_CURVE_CLIENT_HPP_INCLUDED__

 #include "platform.hpp"
+#include "mutex.hpp"

 #ifdef HAVE_LIBSODIUM
 #ifdef HAVE_TWEETNACL
@@ -105,6 +106,7 @@ namespace zmq
        int process_welcome (msg_t *msg_);
        int produce_initiate (msg_t *msg_);
        int process_ready (msg_t *msg_);
+        mutex_t sync;
    };

 }

--- a/src/curve_server.cpp
+++ b/src/curve_server.cpp
@@ -39,10 +39,20 @@ zmq::curve_server_t::curve_server_t (session_base_t *session_,
    peer_address (peer_address_),
    state (expect_hello),
    expecting_zap_reply (false),
-    cn_nonce (1)
+    cn_nonce (1),
+    sync()
 {
    //  Fetch our secret key from socket options
    memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES);
+    scoped_lock_t lock (sync);
+#if defined(HAVE_TWEETNACL)
+    // allow opening of /dev/urandom
+    unsigned char tmpbytes[4];
+    randombytes(tmpbytes, 4);
+#else
+    // todo check return code
+    sodium_init();
+#endif

    //  Generate short-term key pair
    const int rc = crypto_box_keypair (cn_public, cn_secret);

--- a/src/curve_server.hpp
+++ b/src/curve_server.hpp
@@ -115,6 +115,7 @@ namespace zmq

        void send_zap_request (const uint8_t *key);
        int receive_and_process_zap_reply ();
+        mutex_t sync;
    };

 }