Merge pull request #683 from hintjens/master

Updated libzmq CURVE to track RFC 27

src/curve_client.cpp

@@ -297,34 +297,38 @@ int zmq::curve_client_t::process_welcome (msg_t *msg_)
 int zmq::curve_client_t::produce_initiate (msg_t *msg_)
 {
     uint8_t vouch_nonce [crypto_box_NONCEBYTES];
-    uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 32];
-    uint8_t vouch_box [crypto_box_BOXZEROBYTES + 48];
+    uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 64];
+    uint8_t vouch_box [crypto_box_BOXZEROBYTES + 80];
 
-    //  Create vouch = Box [C'](C->S)
+    //  Create vouch = Box [C',S](C->S')
     memset (vouch_plaintext, 0, crypto_box_ZEROBYTES);
     memcpy (vouch_plaintext + crypto_box_ZEROBYTES, cn_public, 32);
+    memcpy (vouch_plaintext + crypto_box_ZEROBYTES + 32, server_key, 32);
 
     memcpy (vouch_nonce, "VOUCH---", 8);
     randombytes (vouch_nonce + 8, 16);
 
     int rc = crypto_box (vouch_box, vouch_plaintext,
                          sizeof vouch_plaintext,
-                         vouch_nonce, server_key, secret_key);
+                         vouch_nonce, cn_server, secret_key);
     zmq_assert (rc == 0);
 
+    //  Assume here that metadata is limited to 256 bytes
     uint8_t initiate_nonce [crypto_box_NONCEBYTES];
-    uint8_t initiate_plaintext [crypto_box_ZEROBYTES + 96 + 256];
-    uint8_t initiate_box [crypto_box_BOXZEROBYTES + 112 + 256];
+    uint8_t initiate_plaintext [crypto_box_ZEROBYTES + 128 + 256];
+    uint8_t initiate_box [crypto_box_BOXZEROBYTES + 144 + 256];
 
     //  Create Box [C + vouch + metadata](C'->S')
     memset (initiate_plaintext, 0, crypto_box_ZEROBYTES);
-    memcpy (initiate_plaintext + crypto_box_ZEROBYTES, public_key, 32);
+    memcpy (initiate_plaintext + crypto_box_ZEROBYTES, 
+            public_key, 32);
     memcpy (initiate_plaintext + crypto_box_ZEROBYTES + 32,
             vouch_nonce + 8, 16);
     memcpy (initiate_plaintext + crypto_box_ZEROBYTES + 48,
-            vouch_box + crypto_box_BOXZEROBYTES, 48);
+            vouch_box + crypto_box_BOXZEROBYTES, 80);
 
-    uint8_t *ptr = initiate_plaintext + crypto_box_ZEROBYTES + 96;
+    //  Metadata starts after vouch
+    uint8_t *ptr = initiate_plaintext + crypto_box_ZEROBYTES + 128;
 
     //  Add socket type property
     const char *socket_type = socket_type_string (options.type);
@@ -335,7 +339,7 @@ int zmq::curve_client_t::produce_initiate (msg_t *msg_)
     ||  options.type == ZMQ_DEALER
     ||  options.type == ZMQ_ROUTER)
         ptr += add_property (ptr, "Identity",
-            options.identity, options.identity_size);
+                             options.identity, options.identity_size);
 
     const size_t mlen = ptr - initiate_plaintext;
 
@@ -359,7 +363,6 @@ int zmq::curve_client_t::produce_initiate (msg_t *msg_)
     //  Box [C + vouch + metadata](C'->S')
     memcpy (initiate + 113, initiate_box + crypto_box_BOXZEROBYTES,
             mlen - crypto_box_BOXZEROBYTES);
-
     cn_nonce++;
 
     return 0;

src/curve_server.cpp

@@ -338,7 +338,7 @@ int zmq::curve_server_t::produce_welcome (msg_t *msg_)
 
 int zmq::curve_server_t::process_initiate (msg_t *msg_)
 {
-    if (msg_->size () < 225) {
+    if (msg_->size () < 257) {
         errno = EPROTO;
         return -1;
     }
@@ -369,10 +369,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
     }
 
     //  Check cookie plain text is as expected [C' + s']
-    if (memcmp (cookie_plaintext + crypto_secretbox_ZEROBYTES,
-                cn_client, 32)
-    ||  memcmp (cookie_plaintext + crypto_secretbox_ZEROBYTES + 32,
-                cn_secret, 32)) {
+    if (memcmp (cookie_plaintext + crypto_secretbox_ZEROBYTES, cn_client, 32)
+    ||  memcmp (cookie_plaintext + crypto_secretbox_ZEROBYTES + 32, cn_secret, 32)) {
         errno = EAGAIN;
         return -1;
     }
@@ -380,8 +378,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
     const size_t clen = (msg_->size () - 113) + crypto_box_BOXZEROBYTES;
 
     uint8_t initiate_nonce [crypto_box_NONCEBYTES];
-    uint8_t initiate_plaintext [crypto_box_ZEROBYTES + 96 + 256];
-    uint8_t initiate_box [crypto_box_BOXZEROBYTES + 112 + 256];
+    uint8_t initiate_plaintext [crypto_box_ZEROBYTES + 128 + 256];
+    uint8_t initiate_box [crypto_box_BOXZEROBYTES + 144 + 256];
 
     //  Open Box [C + vouch + metadata](C'->S')
     memset (initiate_box, 0, crypto_box_BOXZEROBYTES);
@@ -401,13 +399,13 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
     const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
 
     uint8_t vouch_nonce [crypto_box_NONCEBYTES];
-    uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 32];
-    uint8_t vouch_box [crypto_box_BOXZEROBYTES + 48];
+    uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 64];
+    uint8_t vouch_box [crypto_box_BOXZEROBYTES + 80];
 
-    //  Open Box [C'](C->S) and check contents
+    //  Open Box Box [C',S](C->S') and check contents
     memset (vouch_box, 0, crypto_box_BOXZEROBYTES);
     memcpy (vouch_box + crypto_box_BOXZEROBYTES,
-            initiate_plaintext + crypto_box_ZEROBYTES + 48, 48);
+            initiate_plaintext + crypto_box_ZEROBYTES + 48, 80);
 
     memcpy (vouch_nonce, "VOUCH---", 8);
     memcpy (vouch_nonce + 8,
@@ -415,7 +413,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
 
     rc = crypto_box_open (vouch_plaintext, vouch_box,
                           sizeof vouch_box,
-                          vouch_nonce, client_key, secret_key);
+                          vouch_nonce, client_key, cn_secret);
     if (rc != 0) {
         errno = EPROTO;
         return -1;
@@ -443,8 +441,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
         }
     }
 
-    return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 96,
-                           clen - crypto_box_ZEROBYTES - 96);
+    return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
+                           clen - crypto_box_ZEROBYTES - 128);
 }
 
 int zmq::curve_server_t::produce_ready (msg_t *msg_)