Commit f8ed793f authored by Pieter Hintjens's avatar Pieter Hintjens

Problem: tweetnacl sources are a mess

- they have no copyright / license statement
- they are in some randomish directory structure
- they are a mix of postable and non-portable files
- they do not conform to conditional compile environment

Overall, it makes it rather more work than needed, in build scripts.

Solution: clean up tweetnacl sauce.

- merged code into single tweetnacl.c and .h
- standard copyright header, DJB to AUTHORS
- moved into src/ along with all other source files
- all system and conditional compilation hidden in these files
- thus, they can be compiled and packaged in all cases
- ZMQ_USE_TWEETNACL is set when we're using built-in tweetnacl
- HAVE_LIBSODIUM is set when we're using external libsodium
parent e65367ea
...@@ -36,6 +36,7 @@ Christian Kamm ...@@ -36,6 +36,7 @@ Christian Kamm
Chuck Remes Chuck Remes
Conrad D. Steenberg Conrad D. Steenberg
Constantin Rack Constantin Rack
Daniel J. Bernstein
Dhammika Pathirana Dhammika Pathirana
Dhruva Krishnamurthy Dhruva Krishnamurthy
Dirk O. Kaar Dirk O. Kaar
......
...@@ -26,13 +26,14 @@ elseif (WITH_SODIUM) ...@@ -26,13 +26,14 @@ elseif (WITH_SODIUM)
find_package (Sodium) find_package (Sodium)
if (SODIUM_FOUND) if (SODIUM_FOUND)
message (STATUS "Using libsodium for CURVE security") message (STATUS "Using libsodium for CURVE security")
add_definitions (-DZMQ_HAVE_CURVE -DHAVE_LIBSODIUM)
include_directories (${SODIUM_INCLUDE_DIRS}) include_directories (${SODIUM_INCLUDE_DIRS})
# On Solaris, libsodium depends on libssp # On Solaris, libsodium depends on libssp
if (${CMAKE_SYSTEM_NAME} matches "SunOS") if (${CMAKE_SYSTEM_NAME} matches "SunOS")
target_link_libraries (libzmq ssp) target_link_libraries (libzmq ssp)
endif () endif ()
set (HAVE_LIBSODIUM 1)
set (ZMQ_HAVE_CURVE 1)
else () else ()
message (FATAL_ERROR message (FATAL_ERROR
"libsodium is not installed. Install it, then run CMake again") "libsodium is not installed. Install it, then run CMake again")
...@@ -40,17 +41,9 @@ elseif (WITH_SODIUM) ...@@ -40,17 +41,9 @@ elseif (WITH_SODIUM)
else () else ()
message (STATUS "Using tweetnacl for CURVE security") message (STATUS "Using tweetnacl for CURVE security")
add_definitions (-DZMQ_HAVE_CURVE -DHAVE_TWEETNACL) list (APPEND sources ${CMAKE_CURRENT_SOURCE_DIR}/src/tweetnacl.c)
include_directories (tweetnacl/contrib/randombytes tweetnacl/src) set (ZMQ_USE_TWEETNACL 1)
list (APPEND sources ${CMAKE_CURRENT_SOURCE_DIR}/tweetnacl/src/tweetnacl.c) set (ZMQ_HAVE_CURVE 1)
# TODO: this should be a single coherent source file
if (WIN32)
list (APPEND sources
${CMAKE_CURRENT_SOURCE_DIR}/tweetnacl/contrib/randombytes/winrandom.c)
else ()
list (APPEND sources
${CMAKE_CURRENT_SOURCE_DIR}/tweetnacl/contrib/randombytes/devurandom.c)
endif ()
endif () endif ()
set (POLLER "" CACHE STRING "Choose polling system. valid values are set (POLLER "" CACHE STRING "Choose polling system. valid values are
...@@ -565,8 +558,6 @@ if (NOT ZMQ_BUILD_FRAMEWORK) ...@@ -565,8 +558,6 @@ if (NOT ZMQ_BUILD_FRAMEWORK)
install (FILES ${CMAKE_CURRENT_BINARY_DIR}/libzmq.pc DESTINATION lib/pkgconfig) install (FILES ${CMAKE_CURRENT_BINARY_DIR}/libzmq.pc DESTINATION lib/pkgconfig)
endif () endif ()
if (MSVC) if (MSVC)
if (CMAKE_CL_64) if (CMAKE_CL_64)
set (nsis-template ${CMAKE_CURRENT_SOURCE_DIR}/builds/cmake/NSIS.template64.in) set (nsis-template ${CMAKE_CURRENT_SOURCE_DIR}/builds/cmake/NSIS.template64.in)
......
...@@ -192,6 +192,8 @@ src_libzmq_la_SOURCES = \ ...@@ -192,6 +192,8 @@ src_libzmq_la_SOURCES = \
src/tipc_listener.hpp \ src/tipc_listener.hpp \
src/trie.cpp \ src/trie.cpp \
src/trie.hpp \ src/trie.hpp \
src/tweetnacl.c \
src/tweetnacl.h \
src/udp_address.cpp \ src/udp_address.cpp \
src/udp_address.hpp \ src/udp_address.hpp \
src/udp_engine.cpp \ src/udp_engine.cpp \
...@@ -269,15 +271,6 @@ src_libzmq_la_CPPFLAGS = ...@@ -269,15 +271,6 @@ src_libzmq_la_CPPFLAGS =
src_libzmq_la_CXXFLAGS = @LIBZMQ_EXTRA_CXXFLAGS@ src_libzmq_la_CXXFLAGS = @LIBZMQ_EXTRA_CXXFLAGS@
src_libzmq_la_LIBADD = src_libzmq_la_LIBADD =
if USE_TWEETNACL
src_libzmq_la_SOURCES += \
tweetnacl/src/tweetnacl.c \
tweetnacl/contrib/randombytes/devurandom.c
src_libzmq_la_CXXFLAGS += \
-I$(top_builddir)/tweetnacl/contrib/randombytes \
-I$(top_builddir)/tweetnacl/src
endif
if USE_LIBSODIUM if USE_LIBSODIUM
src_libzmq_la_CPPFLAGS += ${sodium_CFLAGS} src_libzmq_la_CPPFLAGS += ${sodium_CFLAGS}
src_libzmq_la_LIBADD += ${sodium_LIBS} src_libzmq_la_LIBADD += ${sodium_LIBS}
...@@ -753,7 +746,6 @@ EXTRA_DIST = \ ...@@ -753,7 +746,6 @@ EXTRA_DIST = \
MAINTAINERS \ MAINTAINERS \
src/libzmq.pc.cmake.in \ src/libzmq.pc.cmake.in \
src/libzmq.vers \ src/libzmq.vers \
tweetnacl \
tools/curve_keygen.cpp tools/curve_keygen.cpp
MAINTAINERCLEANFILES = \ MAINTAINERCLEANFILES = \
......
...@@ -9,7 +9,6 @@ ...@@ -9,7 +9,6 @@
#cmakedefine ZMQ_FORCE_MUTEXES #cmakedefine ZMQ_FORCE_MUTEXES
#cmakedefine HAVE_FORK #cmakedefine HAVE_FORK
#cmakedefine HAVE_CLOCK_GETTIME #cmakedefine HAVE_CLOCK_GETTIME
#cmakedefine HAVE_GETHRTIME #cmakedefine HAVE_GETHRTIME
...@@ -31,6 +30,9 @@ ...@@ -31,6 +30,9 @@
#cmakedefine ZMQ_HAVE_OPENPGM #cmakedefine ZMQ_HAVE_OPENPGM
#cmakedefine ZMQ_MAKE_VALGRIND_HAPPY #cmakedefine ZMQ_MAKE_VALGRIND_HAPPY
#cmakedefine ZMQ_HAVE_CURVE
#cmakedefine HAVE_TWEETNACL
#cmakedefine HAVE_LIBSODIUM
#ifdef _AIX #ifdef _AIX
#define ZMQ_HAVE_AIX #define ZMQ_HAVE_AIX
......
...@@ -456,7 +456,7 @@ elif test "x$with_libsodium" == "xyes"; then ...@@ -456,7 +456,7 @@ elif test "x$with_libsodium" == "xyes"; then
else else
AC_MSG_NOTICE([Using tweetnacl for CURVE security]) AC_MSG_NOTICE([Using tweetnacl for CURVE security])
AC_DEFINE(ZMQ_HAVE_CURVE, [1], [Using curve encryption]) AC_DEFINE(ZMQ_HAVE_CURVE, [1], [Using curve encryption])
AC_DEFINE(HAVE_TWEETNACL, [1], [Using tweetnacl for curve encryption]) AC_DEFINE(ZMQ_USE_TWEETNACL, [1], [Using tweetnacl for curve encryption])
curve_library="tweetnacl" curve_library="tweetnacl"
libzmq_pedantic="no" # Disable pedantic warnings libzmq_pedantic="no" # Disable pedantic warnings
fi fi
......
...@@ -48,8 +48,8 @@ ...@@ -48,8 +48,8 @@
#include "err.hpp" #include "err.hpp"
#include "msg.hpp" #include "msg.hpp"
#if defined (HAVE_TWEETNACL) #if defined (ZMQ_USE_TWEETNACL)
# include "randombytes.h" # include "tweetnacl.h"
#elif defined (HAVE_LIBSODIUM) #elif defined (HAVE_LIBSODIUM)
# include "sodium.h" # include "sodium.h"
#endif #endif
......
...@@ -53,7 +53,7 @@ zmq::curve_client_t::curve_client_t (const options_t &options_) : ...@@ -53,7 +53,7 @@ zmq::curve_client_t::curve_client_t (const options_t &options_) :
memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES); memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES);
memcpy (server_key, options_.curve_server_key, crypto_box_PUBLICKEYBYTES); memcpy (server_key, options_.curve_server_key, crypto_box_PUBLICKEYBYTES);
scoped_lock_t lock (sync); scoped_lock_t lock (sync);
#if defined(HAVE_TWEETNACL) #if defined (ZMQ_USE_TWEETNACL)
// allow opening of /dev/urandom // allow opening of /dev/urandom
unsigned char tmpbytes[4]; unsigned char tmpbytes[4];
randombytes(tmpbytes, 4); randombytes(tmpbytes, 4);
......
...@@ -35,9 +35,8 @@ ...@@ -35,9 +35,8 @@
#include "platform.hpp" #include "platform.hpp"
#include "mutex.hpp" #include "mutex.hpp"
#if defined (HAVE_TWEETNACL) #if defined (ZMQ_USE_TWEETNACL)
# include "tweetnacl_base.h" # include "tweetnacl.h"
# include "randombytes.h"
#elif defined (HAVE_LIBSODIUM) #elif defined (HAVE_LIBSODIUM)
# include "sodium.h" # include "sodium.h"
#endif #endif
...@@ -47,7 +46,7 @@ ...@@ -47,7 +46,7 @@
|| crypto_box_SECRETKEYBYTES != 32 \ || crypto_box_SECRETKEYBYTES != 32 \
|| crypto_box_ZEROBYTES != 32 \ || crypto_box_ZEROBYTES != 32 \
|| crypto_box_BOXZEROBYTES != 16 || crypto_box_BOXZEROBYTES != 16
# error "libsodium not built properly" # error "CURVE library not built properly"
#endif #endif
#include "mechanism.hpp" #include "mechanism.hpp"
......
...@@ -56,10 +56,10 @@ zmq::curve_server_t::curve_server_t (session_base_t *session_, ...@@ -56,10 +56,10 @@ zmq::curve_server_t::curve_server_t (session_base_t *session_,
// Fetch our secret key from socket options // Fetch our secret key from socket options
memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES); memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES);
scoped_lock_t lock (sync); scoped_lock_t lock (sync);
#if defined(HAVE_TWEETNACL) #if defined (ZMQ_USE_TWEETNACL)
// allow opening of /dev/urandom // allow opening of /dev/urandom
unsigned char tmpbytes[4]; unsigned char tmpbytes[4];
randombytes(tmpbytes, 4); randombytes (tmpbytes, 4);
#else #else
rc = sodium_init (); rc = sodium_init ();
zmq_assert (rc != -1); zmq_assert (rc != -1);
......
...@@ -34,9 +34,8 @@ ...@@ -34,9 +34,8 @@
#include "platform.hpp" #include "platform.hpp"
#if defined (HAVE_TWEETNACL) #if defined (ZMQ_USE_TWEETNACL)
# include "tweetnacl_base.h" # include "tweetnacl.h"
# include "randombytes.h"
#elif defined (HAVE_LIBSODIUM) #elif defined (HAVE_LIBSODIUM)
# include "sodium.h" # include "sodium.h"
#endif #endif
...@@ -49,7 +48,7 @@ ...@@ -49,7 +48,7 @@
|| crypto_secretbox_NONCEBYTES != 24 \ || crypto_secretbox_NONCEBYTES != 24 \
|| crypto_secretbox_ZEROBYTES != 32 \ || crypto_secretbox_ZEROBYTES != 32 \
|| crypto_secretbox_BOXZEROBYTES != 16 || crypto_secretbox_BOXZEROBYTES != 16
# error "libsodium not built properly" # error "CURVE library not built properly"
#endif #endif
#include "mechanism.hpp" #include "mechanism.hpp"
......
#if defined(HAVE_NACL_COMPABILTY) /*
/* NaCL Compabilty */ Copyright (c) 2016 Contributors as noted in the AUTHORS file
This file is part of libzmq, the ZeroMQ core engine in C++.
libzmq is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License (LGPL) as published
by the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
As a special exception, the Contributors give you permission to link
this library with independent modules to produce an executable,
regardless of the license terms of these independent modules, and to
copy and distribute the resulting executable under terms of your choice,
provided that you also meet, for each linked independent module, the
terms and conditions of the license of that module. An independent
module is a module which is not derived from or based on this library.
If you modify this library, you must extend this exception to your
version of the library.
libzmq is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "platform.hpp"
#if defined (ZMQ_USE_TWEETNACL)
#include "tweetnacl.h" #include "tweetnacl.h"
#else
/* direct tweetnacl usage */
#include "tweetnacl_base.h"
#endif
#define FOR(i,n) for (i = 0;i < n;++i) #define FOR(i,n) for (i = 0;i < n;++i)
#define sv static void #define sv static void
#ifndef TWEETNACL_BASE_H
typedef unsigned char u8;
typedef unsigned long u32;
typedef unsigned long long u64;
typedef long long i64;
typedef i64 gf[16];
#endif
extern void randombytes(u8 *,u64);
static const u8 static const u8
_0[16], _0[16],
_9[32] = {9}; _9[32] = {9};
...@@ -816,3 +833,102 @@ int crypto_sign_open(u8 *m,u64 *mlen,const u8 *sm,u64 n,const u8 *pk) ...@@ -816,3 +833,102 @@ int crypto_sign_open(u8 *m,u64 *mlen,const u8 *sm,u64 n,const u8 *pk)
*mlen = n; *mlen = n;
return 0; return 0;
} }
#ifdef ZMQ_HAVE_WINDOWS
#include <windows.h>
#include <WinCrypt.h>
#define NCP ((HCRYPTPROV) 0)
HCRYPTPROV hProvider = NCP;
void randombytes(unsigned char *x,unsigned long long xlen)
{
unsigned i;
BOOL ret;
if (hProvider == NCP) {
for (;;) {
ret = CryptAcquireContext(&hProvider, NULL, NULL,
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (ret != FALSE)
break;
Sleep (1);
}
}
while (xlen > 0) {
if (xlen < 1048576)
i = (unsigned) xlen;
else
i = 1048576;
ret = CryptGenRandom(hProvider, i, x);
if (ret == FALSE) {
Sleep(1);
continue;
}
x += i;
xlen -= i;
}
}
int randombytes_close(void)
{
int rc = -1;
if ((hProvider != NCP) && (CryptReleaseContext(hProvider, 0) != FALSE)) {
hProvider = NCP;
rc = 0;
}
return rc;
}
#else
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
static int fd = -1;
void randombytes (unsigned char *x,unsigned long long xlen)
{
int i;
if (fd == -1) {
for (;;) {
fd = open("/dev/urandom",O_RDONLY);
if (fd != -1) break;
sleep (1);
}
}
while (xlen > 0) {
if (xlen < 1048576)
i = xlen;
else
i = 1048576;
i = read(fd,x,i);
if (i < 1) {
sleep (1);
continue;
}
x += i;
xlen -= i;
}
}
int randombytes_close (void)
{
int rc = -1;
if (fd != -1 && close(fd) == 0) {
fd = -1;
rc = 0;
}
return rc;
}
#endif
#endif
#ifndef TWEETNACL_BASE_H /*
#define TWEETNACL_BASE_H Copyright (c) 2016 Contributors as noted in the AUTHORS file
/* the original file seems to be a compability layer for NaCL */ This file is part of libzmq, the ZeroMQ core engine in C++.
/* This here is for direct tweetnacl usage */ libzmq is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License (LGPL) as published
by the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
As a special exception, the Contributors give you permission to link
this library with independent modules to produce an executable,
regardless of the license terms of these independent modules, and to
copy and distribute the resulting executable under terms of your choice,
provided that you also meet, for each linked independent module, the
terms and conditions of the license of that module. An independent
module is a module which is not derived from or based on this library.
If you modify this library, you must extend this exception to your
version of the library.
libzmq is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef TWEETNACL_H
#define TWEETNACL_H
#include "platform.hpp"
#if defined (ZMQ_USE_TWEETNACL)
#define crypto_box_SECRETKEYBYTES 32 #define crypto_box_SECRETKEYBYTES 32
#define crypto_box_BOXZEROBYTES 16 #define crypto_box_BOXZEROBYTES 16
...@@ -24,10 +52,11 @@ typedef i64 gf[16]; ...@@ -24,10 +52,11 @@ typedef i64 gf[16];
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
void randombytes (unsigned char *, unsigned long long);
int randombytes_close (void);
int crypto_box_keypair(u8 *y,u8 *x); int crypto_box_keypair(u8 *y,u8 *x);
int crypto_box_afternm(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k); int crypto_box_afternm(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k);
int crypto_box_open_afternm(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k); int crypto_box_open_afternm(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k);
int crypto_box(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *y,const u8 *x); int crypto_box(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *y,const u8 *x);
int crypto_box_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *y,const u8 *x); int crypto_box_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *y,const u8 *x);
...@@ -39,3 +68,5 @@ int crypto_secretbox_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k); ...@@ -39,3 +68,5 @@ int crypto_secretbox_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k);
#endif #endif
#endif #endif
#endif
...@@ -38,14 +38,13 @@ ...@@ -38,14 +38,13 @@
#include <assert.h> #include <assert.h>
#if !defined ZMQ_HAVE_WINDOWS #if !defined ZMQ_HAVE_WINDOWS
#include <unistd.h> # include <unistd.h>
#else #else
#include "windows.hpp" # include "windows.hpp"
#endif #endif
#if defined (HAVE_TWEETNACL) #if defined (ZMQ_USE_TWEETNACL)
# include "tweetnacl_base.h" # include "tweetnacl.h"
# include "randombytes.h"
#elif defined (HAVE_LIBSODIUM) #elif defined (HAVE_LIBSODIUM)
# include "sodium.h" # include "sodium.h"
#endif #endif
......
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
/* it's really stupid that there isn't a syscall for this */
static int fd = -1;
void randombytes(unsigned char *x,unsigned long long xlen)
{
int i;
if (fd == -1) {
for (;;) {
fd = open("/dev/urandom",O_RDONLY);
if (fd != -1) break;
sleep(1);
}
}
while (xlen > 0) {
if (xlen < 1048576) i = xlen; else i = 1048576;
i = read(fd,x,i);
if (i < 1) {
sleep(1);
continue;
}
x += i;
xlen -= i;
}
}
int randombytes_close(void)
{
int rc = -1;
if(fd != -1 && close(fd) == 0) {
fd = -1;
rc = 0;
}
return rc;
}
/*
randombytes/randombytes.h version 20080713
D. J. Bernstein
Public domain.
*/
#ifndef randombytes_H
#define randombytes_H
#ifdef __cplusplus
extern "C" {
#endif
extern void randombytes(unsigned char *,unsigned long long);
extern int randombytes_close(void);
#ifdef __cplusplus
}
#endif
#endif
#include <windows.h>
#include <WinCrypt.h>
#define NCP ((HCRYPTPROV) 0)
HCRYPTPROV hProvider = NCP;
void randombytes(unsigned char *x,unsigned long long xlen)
{
unsigned i;
BOOL ret;
if (hProvider == NCP) {
for(;;) {
ret = CryptAcquireContext(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (ret != FALSE) break;
Sleep(1);
}
}
while (xlen > 0) {
if (xlen < 1048576) i = (unsigned) xlen; else i = 1048576;
ret = CryptGenRandom(hProvider, i, x);
if (ret == FALSE) {
Sleep(1);
continue;
}
x += i;
xlen -= i;
}
}
int randombytes_close(void)
{
int rc = -1;
if((hProvider != NCP) && (CryptReleaseContext(hProvider, 0) != FALSE)) {
hProvider = NCP;
rc = 0;
}
return rc;
}
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment