Ouroboros main repository https://ouroboros.rocks/cgit/ouroboros/atom?h=0.16.0 2020-01-02T14:07:36+00:00 2020-01-02T14:07:36+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2020-01-01T08:48:07+00:00 urn:sha1:435a91165a3c1f8ca715b22ee2c2361d9bd853dd Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2019-08-03T10:10:57+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2019-08-02T17:12:34+00:00 urn:sha1:9e8d603d14561095fb8d08871319a315d3bf6763 This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2019-07-29T17:36:45+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2019-07-25T10:50:46+00:00 urn:sha1:dae15c284248d49079ad5f8a3d8ff30e217f419e This completes the renaming of the normal IPCP to the unicast IPCP in the sources, to get everything consistent with the documentation. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>