lib: Add post-quantum cryptography support

This adds initial support for runtime-configurable encryption and
post-quantum Key Encapsulation Mechanisms (KEMs) and authentication
(ML-DSA).

Supported key exchange algorithms:

  ECDH: prime256v1, secp384r1, secp521r1, X25519, X448
  Finite Field DH: ffdhe2048, ffdhe3072, ffdhe4096
  ML-KEM (FIPS 203): ML-KEM-512, ML-KEM-768, ML-KEM-1024
  Hybrid KEMs: X25519MLKEM768, X448MLKEM1024

Supported ciphers:
  AEAD: aes-128-gcm, aes-192-gcm, aes-256-gcm, chacha20-poly1305
  CTR: aes-128-ctr, aes-192-ctr, aes-256-ctr

Supported HKDFs:
  sha256, sha384, sha512, sha3-256, sha3-384, sha3-512,
  blake2b512, blake2s256

Supported Digests for DSA:
  sha256, sha384, sha512, sha3-256, sha3-384, sha3-512,
  blake2b512, blake2s256

PQC support requires OpenSSL 3.4.0+ and is detected automatically via
CMake. A DISABLE_PQC option allows building without PQC even when
available.

KEMs differ from traditional DH in that they require asymmetric roles:
one party encapsulates to the other's public key. This creates a
coordination problem during simultaneous reconnection attempts. The
kem_mode configuration parameter resolves this by pre-assigning roles:

  kem_mode=server  # Server encapsulates (1-RTT, full forward secrecy)
  kem_mode=client  # Client encapsulates (0-RTT, cached server key)

The enc.conf file format supports:

  kex=<algorithm>      # Key exchange algorithm
  cipher=<algorithm>   # Symmetric cipher
  kdf=<KDF>            # Key derivation function
  digest=<digest>      # Digest for DSA
  kem_mode=<mode>      # Server (default) or client
  none                 # Disable encryption

The OAP protocol is extended to negotiate algorithms and exchange KEX
data. All KEX messages are signed using existing authentication
infrastructure for integrity and replay protection.

Tests are split into base and _pqc variants to handle conditional PQC
compilation (kex_test.c/kex_test_pqc.c, oap_test.c/oap_test_pqc.c).

Bumped minimum required OpenSSL version for encryption to 3.0
(required for HKDF API). 1.1.1 is long time EOL.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

5 files changed, 40 insertions, 6 deletions

diff --git a/cmake/dependencies/openssl.cmake b/cmake/dependencies/openssl.cmake
index 604d5d99..19edfa2b 100644
--- a/cmake/dependencies/openssl.cmake
+++ b/cmake/dependencies/openssl.cmake
@@ -1,21 +1,36 @@
 find_package(OpenSSL QUIET)
 if (OPENSSL_FOUND)
   set(HAVE_OPENSSL_RNG TRUE)
-  if (OPENSSL_VERSION VERSION_LESS "1.1.0")
-    message(STATUS "Install version >= \"1.1.0\" to enable OpenSSL support "
+  if (OPENSSL_VERSION VERSION_LESS "3.0.0")
+    message(STATUS "Install version >= 3.0.0 to enable OpenSSL support "
                    "(found version \"${OPENSSL_VERSION}\")")
   else ()
     set(DISABLE_OPENSSL FALSE CACHE BOOL "Disable OpenSSL support")
     if (NOT DISABLE_OPENSSL)
       message(STATUS "OpenSSL support enabled")
       set(HAVE_OPENSSL TRUE CACHE INTERNAL "")
+      set(IRMD_SECMEM_MAX 1048576 CACHE STRING "IRMd secure heap size")
+      set(PROC_SECMEM_MAX 1048576 CACHE STRING "Process secure heap size")
+      set(SECMEM_GUARD 32 CACHE STRING "Secure heap min size")
+      set(DISABLE_PQC FALSE CACHE BOOL "Disable post-quantum cryptography support")
+      if (OPENSSL_VERSION VERSION_GREATER_EQUAL "3.4.0")
+        if (NOT DISABLE_PQC)
+          set(HAVE_OPENSSL_PQC TRUE CACHE INTERNAL "")
+          message(STATUS "OpenSSL PQC support enabled")
+        else()
+          message(STATUS "OpenSSL PQC support disabled by user")
+          unset(HAVE_OPENSSL_PQC CACHE)
+        endif()
+      else()
+        message(STATUS "Install OpenSSL >= 3.4.0 for PQC support")
+      endif()
     else()
       message(STATUS "OpenSSL support disabled")
       unset(HAVE_OPENSSL CACHE)
     endif()
   endif ()
 else()
-  message(STATUS "Install openSSL version >= \"1.1.0\" to enable OpenSSL support")
+  message(STATUS "Install OpenSSL version >= 3.0.0 to enable OpenSSL support")
   unset(HAVE_OPENSSL_RNG)
   unset(HAVE_OPENSSL CACHE)
   set(OPENSSL_INCLUDE_DIR "")
diff --git a/cmake/ipcp/eth.cmake b/cmake/ipcp/eth.cmake
index 0d37bf9b..c14a1d6e 100644
--- a/cmake/ipcp/eth.cmake
+++ b/cmake/ipcp/eth.cmake
@@ -9,8 +9,10 @@ set(IPCP_ETH_WR_THR 1 CACHE STRING
   "Number of writer threads in Ethernet IPCP")
 set(IPCP_ETH_QDISC_BYPASS false CACHE BOOL
   "Bypass the Qdisc in the kernel when using raw sockets")
-set(IPCP_ETH_LO_MTU 1500 CACHE STRING
+set(IPCP_ETH_LO_MTU 9000 CACHE STRING
   "Restrict Ethernet MTU over loopback interfaces")
+set(IPCP_ETH_MGMT_FRAME_SIZE 9000 CACHE STRING
+  "Management frame buffer size for Ethernet IPCPs")
 set(IPCP_ETH_MPL 100 CACHE STRING
   "Default maximum packet lifetime for the Ethernet IPCPs, in ms")
 
diff --git a/cmake/irmd.cmake b/cmake/irmd.cmake
index d4b4808c..f02f37d6 100644
--- a/cmake/irmd.cmake
+++ b/cmake/irmd.cmake
@@ -31,6 +31,8 @@ set(CONNECT_TIMEOUT 20000 CACHE STRING
   "Timeout to connect an IPCP to another IPCP (ms)")
 set(FLOW_ALLOC_TIMEOUT 20000 CACHE STRING
   "Timeout for a flow allocation response (ms)")
+set(OAP_REPLAY_TIMER 20 CACHE STRING
+  "OAP replay protection window (s)")
 set(IRMD_MIN_THREADS 8 CACHE STRING
   "Minimum number of worker threads in the IRMd")
 set(IRMD_ADD_THREADS 8 CACHE STRING
@@ -55,8 +57,12 @@ if (LIBTOML_LIBRARIES)
     set(INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}")
     configure_file("${CMAKE_SOURCE_DIR}/irmd.conf.in"
       "${CMAKE_BINARY_DIR}/${OUROBOROS_CONFIG_FILE}.example" @ONLY)
+    configure_file("${CMAKE_SOURCE_DIR}/enc.conf.in"
+      "${CMAKE_BINARY_DIR}/enc.conf.example" @ONLY)
     install(FILES "${CMAKE_BINARY_DIR}/${OUROBOROS_CONFIG_FILE}.example"
       DESTINATION "${OUROBOROS_CONFIG_DIR}")
+    install(FILES "${CMAKE_BINARY_DIR}/enc.conf.example"
+      DESTINATION "${OUROBOROS_CONFIG_DIR}")
     install(CODE "
       if (NOT EXISTS \"${OUROBOROS_CONFIG_DIR}/${OUROBOROS_CONFIG_FILE}\")
         file(WRITE \"${OUROBOROS_CONFIG_DIR}/${OUROBOROS_CONFIG_FILE}\" \"\")
@@ -81,7 +87,11 @@ set(IRMD_SOURCES
   "${IRMD_SOURCE_DIR}/ipcp.c"
   "${IRMD_SOURCE_DIR}/configfile.c"
   "${IRMD_SOURCE_DIR}/main.c"
-  "${IRMD_SOURCE_DIR}/oap.c"
+  "${IRMD_SOURCE_DIR}/oap/io.c"
+  "${IRMD_SOURCE_DIR}/oap/hdr.c"
+  "${IRMD_SOURCE_DIR}/oap/auth.c"
+  "${IRMD_SOURCE_DIR}/oap/srv.c"
+  "${IRMD_SOURCE_DIR}/oap/cli.c"
   "${IRMD_SOURCE_DIR}/reg/flow.c"
   "${IRMD_SOURCE_DIR}/reg/ipcp.c"
   "${IRMD_SOURCE_DIR}/reg/proc.c"
diff --git a/cmake/tests.cmake b/cmake/tests.cmake
index 4c16171c..456ad120 100644
--- a/cmake/tests.cmake
+++ b/cmake/tests.cmake
@@ -1,4 +1,5 @@
 include(CTest) # Sets BUILD_TESTING by default to on.
+include(utils/TestUtils)
 
 include(utils/DisableTestLogging)
 
@@ -16,7 +17,7 @@ if (BUILD_TESTS)
 
   # Add test subdirectories
   add_subdirectory(src/lib/tests)
-  add_subdirectory(src/irmd/tests)
+  add_subdirectory(src/irmd/oap/tests)
   add_subdirectory(src/ipcpd/unicast/pff/tests)
   add_subdirectory(src/ipcpd/unicast/routing/tests)
   add_subdirectory(src/ipcpd/unicast/dir/tests)
diff --git a/cmake/utils/TestUtils.cmake b/cmake/utils/TestUtils.cmake
new file mode 100644
index 00000000..e40bdda1
--- /dev/null
+++ b/cmake/utils/TestUtils.cmake
@@ -0,0 +1,6 @@
+# Compute test name prefix from directory structure
+function(compute_test_prefix)
+  file(RELATIVE_PATH _prefix "${CMAKE_SOURCE_DIR}/src" "${CMAKE_CURRENT_SOURCE_DIR}")
+  string(REGEX REPLACE "/tests$" "" _prefix "${_prefix}")
+  set(TEST_PREFIX "${_prefix}" PARENT_SCOPE)
+endfunction(compute_test_prefix)