lib: Add per-message encryption with OpenSSL

This adds a per-message symmetric encryption using the OpenSSL
library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange
is performed to derive a shared secret, which is then hashed using
SHA3-256 to be used as a key for symmetric AES-256 encryption. Each
message on an encrypted flow adds a small crypto header that includes
a random 128-bit Initialization Vector (IV). If the server does not
have OpenSSL enabled, the flow allocation will fail with an -ECRYPT
error.

Future optimizations are to piggyback the public keys on the flow
allocation message, and to enable per-flow encryption that maintains
the context of the encryption over multiple packets and doesn't
require sending IVs.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

1 files changed, 5 insertions, 4 deletions

diff --git a/include/ouroboros/errno.h b/include/ouroboros/errno.h
index 27b21e82..20049751 100644
--- a/include/ouroboros/errno.h
+++ b/include/ouroboros/errno.h
@@ -25,11 +25,12 @@
 
 #include <errno.h>
 
-#define ENOTALLOC    1000 /* Flow is not allocated */
-#define EIPCPTYPE    1001 /* Unknown IPCP type */
+#define ENOTALLOC    1000 /* Flow is not allocated           */
+#define EIPCPTYPE    1001 /* Unknown IPCP type               */
 #define EIRMD        1002 /* Failed to communicate with IRMD */
 #define EIPCP        1003 /* Failed to communicate with IPCP */
-#define EIPCPSTATE   1004 /* Target in wrong state */
-#define EFLOWDOWN    1005 /* Flow is down */
+#define EIPCPSTATE   1004 /* Target in wrong state           */
+#define EFLOWDOWN    1005 /* Flow is down                    */
+#define ECRYPT       1006 /* Encryption error                */
 
 #endif /* OUROBOROS_ERRNO_H */