diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2019-08-02 19:12:34 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2019-08-03 12:10:57 +0200 |
| commit | 9e8d603d14561095fb8d08871319a315d3bf6763 (patch) | |
| tree | 7a87c212fcd642a8696145b4246a4fc4cf964e10 /include/ouroboros/qos.h | |
| parent | 8a37ffbf8c0776a38f2de18a63e885383960ee68 (diff) | |
| download | ouroboros-9e8d603d14561095fb8d08871319a315d3bf6763.tar.gz ouroboros-9e8d603d14561095fb8d08871319a315d3bf6763.zip | |
lib: Add per-message encryption with OpenSSL
This adds a per-message symmetric encryption using the OpenSSL
library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange
is performed to derive a shared secret, which is then hashed using
SHA3-256 to be used as a key for symmetric AES-256 encryption. Each
message on an encrypted flow adds a small crypto header that includes
a random 128-bit Initialization Vector (IV). If the server does not
have OpenSSL enabled, the flow allocation will fail with an -ECRYPT
error.
Future optimizations are to piggyback the public keys on the flow
allocation message, and to enable per-flow encryption that maintains
the context of the encryption over multiple packets and doesn't
require sending IVs.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'include/ouroboros/qos.h')
| -rw-r--r-- | include/ouroboros/qos.h | 74 |
1 files changed, 68 insertions, 6 deletions
diff --git a/include/ouroboros/qos.h b/include/ouroboros/qos.h index 0e4518f4..f5becaa6 100644 --- a/include/ouroboros/qos.h +++ b/include/ouroboros/qos.h @@ -34,6 +34,7 @@ typedef struct qos_spec { uint32_t ber; /* Bit error rate, errors per billion bits */ uint8_t in_order; /* In-order delivery, enables FRCT */ uint32_t max_gap; /* In ms */ + uint32_t cypher_s; /* Cypher strength, 0 = no encryption */ } qosspec_t; static const qosspec_t qos_raw = { @@ -43,7 +44,8 @@ static const qosspec_t qos_raw = { .loss = 1, .ber = 1, .in_order = 0, - .max_gap = UINT32_MAX + .max_gap = UINT32_MAX, + .cypher_s = 0 }; static const qosspec_t qos_raw_no_errors = { @@ -53,7 +55,19 @@ static const qosspec_t qos_raw_no_errors = { .loss = 1, .ber = 0, .in_order = 0, - .max_gap = UINT32_MAX + .max_gap = UINT32_MAX, + .cypher_s = 0 +}; + +static const qosspec_t qos_raw_crypt = { + .delay = UINT32_MAX, + .bandwidth = 0, + .availability = 0, + .loss = 1, + .ber = 0, + .in_order = 0, + .max_gap = UINT32_MAX, + .cypher_s = 256 }; static const qosspec_t qos_best_effort = { @@ -63,7 +77,19 @@ static const qosspec_t qos_best_effort = { .loss = 1, .ber = 0, .in_order = 1, - .max_gap = UINT32_MAX + .max_gap = UINT32_MAX, + .cypher_s = 0 +}; + +static const qosspec_t qos_best_effort_crypt = { + .delay = UINT32_MAX, + .bandwidth = 0, + .availability = 0, + .loss = 1, + .ber = 0, + .in_order = 1, + .max_gap = UINT32_MAX, + .cypher_s = 256 }; static const qosspec_t qos_video = { @@ -73,7 +99,19 @@ static const qosspec_t qos_video = { .loss = 1, .ber = 0, .in_order = 1, - .max_gap = 100 + .max_gap = 100, + .cypher_s = 0 +}; + +static const qosspec_t qos_video_crypt = { + .delay = 100, + .bandwidth = UINT64_MAX, + .availability = 3, + .loss = 1, + .ber = 0, + .in_order = 1, + .max_gap = 100, + .cypher_s = 256 }; static const qosspec_t qos_voice = { @@ -83,7 +121,19 @@ static const qosspec_t qos_voice = { .loss = 1, .ber = 0, .in_order = 1, - .max_gap = 50 + .max_gap = 50, + .cypher_s = 0 +}; + +static const qosspec_t qos_voice_crypt = { + .delay = 50, + .bandwidth = 100000, + .availability = 5, + .loss = 1, + .ber = 0, + .in_order = 1, + .max_gap = 50, + .cypher_s = 256 }; static const qosspec_t qos_data = { @@ -93,7 +143,19 @@ static const qosspec_t qos_data = { .loss = 0, .ber = 0, .in_order = 1, - .max_gap = 2000 + .max_gap = 2000, + .cypher_s = 0 +}; + +static const qosspec_t qos_data_crypt = { + .delay = 1000, + .bandwidth = 0, + .availability = 0, + .loss = 0, + .ber = 0, + .in_order = 1, + .max_gap = 2000, + .cypher_s = 256 }; #endif /* OUROBOROS_QOS_H */ |