initial curve support

Author: jhawk28

conn.go

@@ -169,7 +169,7 @@ func (c *Conn) SendCmd(name string, body []byte) error {
 	if err != nil {
 		return err
 	}
-	return c.send(true, buf, 0)
+	return c.send(true, buf, 0, false)
 }
 
 // SendMsg sends a ZMTP message over the wire.
@@ -184,10 +184,12 @@ func (c *Conn) SendMsg(msg Msg) error {
 	nframes := len(msg.Frames)
 	for i, frame := range msg.Frames {
 		var flag byte
+		var more bool
 		if i < nframes-1 {
 			flag ^= hasMoreBitFlag
+			more = true
 		}
-		err := c.send(false, frame, flag)
+		err := c.send(false, frame, flag, more)
 		if err != nil {
 			return fmt.Errorf("zmq4: error sending frame %d/%d: %w", i+1, nframes, err)
 		}
@@ -286,8 +288,18 @@ func (c *Conn) sendMulti(msg Msg) error {
 	nframes := len(msg.Frames)
 	for i, frame := range msg.Frames {
 		var flag byte
+		var more bool
 		if i < nframes-1 {
 			flag ^= hasMoreBitFlag
+			more = true
+		}
+
+		if c.sec.Type() == CurveSecurity {
+			var secBuf bytes.Buffer
+			if _, err := c.sec.Encrypt(&secBuf, frame, more); err != nil {
+				return err
+			}
+			frame = secBuf.Bytes()
 		}
 
 		size := len(frame)
@@ -308,16 +320,7 @@ func (c *Conn) sendMulti(msg Msg) error {
 			hdr[1] = uint8(size)
 		}
 
-		switch c.sec.Type() {
-		case NullSecurity:
-			buffers = append(buffers, hdr[:hsz], frame)
-		default:
-			var secBuf bytes.Buffer
-			if _, err := c.sec.Encrypt(&secBuf, frame); err != nil {
-				return err
-			}
-			buffers = append(buffers, hdr[:hsz], secBuf.Bytes())
-		}
+		buffers = append(buffers, hdr[:hsz], frame)
 	}
 
 	if _, err := buffers.WriteTo(c.rw); err != nil {
@@ -328,7 +331,18 @@ func (c *Conn) sendMulti(msg Msg) error {
 	return nil
 }
 
-func (c *Conn) send(isCommand bool, body []byte, flag byte) error {
+func (c *Conn) send(isCommand bool, body []byte, flag byte, more bool) error {
+
+	// commands should not be encrypted.
+	if !isCommand && c.sec.Type() == CurveSecurity {
+		var secBuf bytes.Buffer
+		if _, err := c.sec.Encrypt(&secBuf, body, more); err != nil {
+			c.checkIO(err)
+			return err
+		}
+		body = secBuf.Bytes()
+	}
+
 	// Long flag
 	size := len(body)
 	isLong := size > 255
@@ -358,7 +372,7 @@ func (c *Conn) send(isCommand bool, body []byte, flag byte) error {
 		return err
 	}
 
-	if _, err := c.sec.Encrypt(c.rw, body); err != nil {
+	if _, err := c.rw.Write(body); err != nil {
 		c.checkIO(err)
 		return err
 	}
@@ -428,7 +442,12 @@ func (c *Conn) read() Msg {
 		}
 
 		buf := new(bytes.Buffer)
-		if _, msg.err = c.sec.Decrypt(buf, body); msg.err != nil {
+		if isCmd {
+			_, msg.err = buf.Write(body)
+			if msg.err != nil {
+				return msg
+			}
+		} else if _, msg.err = c.sec.Decrypt(buf, body); msg.err != nil {
 			return msg
 		}
 		msg.Frames = append(msg.Frames, buf.Bytes())

go.mod

@@ -1,10 +1,15 @@
 module github.com/go-zeromq/zmq4
 
-go 1.21
+go 1.23.0
+
+toolchain go1.24.2
 
 require (
 	github.com/go-zeromq/goczmq/v4 v4.2.2
 	go.uber.org/goleak v1.3.0
-	golang.org/x/sync v0.7.0
-	golang.org/x/text v0.15.0
+	golang.org/x/crypto v0.38.0
+	golang.org/x/sync v0.14.0
+	golang.org/x/text v0.25.0
 )
+
+require golang.org/x/sys v0.33.0 // indirect

go.sum

@@ -8,9 +8,21 @@ github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PK
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
+golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
+golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
+golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

security.go

@@ -23,7 +23,7 @@ type Security interface {
 	Handshake(conn *Conn, server bool) error
 
 	// Encrypt writes the encrypted form of data to w.
-	Encrypt(w io.Writer, data []byte) (int, error)
+	Encrypt(w io.Writer, data []byte, more bool) (int, error)
 
 	// Decrypt writes the decrypted form of data to w.
 	Decrypt(w io.Writer, data []byte) (int, error)
@@ -91,7 +91,7 @@ func (nullSecurity) Handshake(conn *Conn, server bool) error {
 }
 
 // Encrypt writes the encrypted form of data to w.
-func (nullSecurity) Encrypt(w io.Writer, data []byte) (int, error) {
+func (nullSecurity) Encrypt(w io.Writer, data []byte, more bool) (int, error) {
 	return w.Write(data)
 }