irmd: Initial Flow Allocation Protocol Headerbe

This adds the initial version for the flow allocation protocol header
between IRMd instances. This is a step towards flow authentication.

The header supports secure and authenticated flow allocation,
supporting certificate-based authentication and ephemeral key
exchange for end-to-end encryption.

 id:          128-bit identifier for the entity.
 timestamp:   64-bit timestamp (replay protection).
 certificate: Certificate for authentication.
 public key:  ECDHE public key for key exchange.
 data:        Application data.
 signature:   Signature for integrity/authenticity.

Authentication and encryption require OpenSSL to be installed.

The IRMd compares the allocation request delay with the MPL of the
Layer over which the flow allocation was sent. MPL is now reported by
the Layer in ms instead of seconds.

Time functions revised for consistency and adds some tests.

The TPM can now print thread running times in Debug builds
(TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads
(TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input
should call tpm_wait_work() to avoid trigger a process abort.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

6 files changed, 26 insertions, 9 deletions

diff --git a/include/ouroboros/crypt.h b/include/ouroboros/crypt.h
index b510a3b2..a1339330 100644
--- a/include/ouroboros/crypt.h
+++ b/include/ouroboros/crypt.h
@@ -61,6 +61,9 @@ int                crypt_load_crt_file(const char * path,
 int                crypt_load_crt_str(const char * str,
                                       void **      crt);
 
+int                crypt_load_crt_der(buffer_t buf,
+                                      void **  crt);
+
 int                crypt_get_pubkey_crt(void *  crt,
                                         void ** pk);
 
@@ -80,8 +83,11 @@ int                crypt_cmp_key(const void * key1,
 
 void               crypt_free_key(void * key);
 
-int                crypt_crt_str(void * crt,
-                                 char * buf);
+int                crypt_crt_str(const void * crt,
+                                 char *       buf);
+
+int                crypt_crt_der(const void * crt,
+                                 buffer_t *   buf);
 
 int                crypt_check_crt_name(void *       crt,
                                         const char * name);
diff --git a/include/ouroboros/endian.h b/include/ouroboros/endian.h
index addb2ed3..6c3493d9 100644
--- a/include/ouroboros/endian.h
+++ b/include/ouroboros/endian.h
@@ -66,8 +66,8 @@
 #endif
 
 #define hton64(x) htobe64(x)
-#define hton32(x) htobe32(x)
 #define ntoh64(x) betoh64(x)
+#define hton32(x) htobe32(x)
 #define ntoh32(x) betoh32(x)
 #define hton16(x) htobe16(x)
 #define ntoh16(x) betoh16(x)
diff --git a/include/ouroboros/hash.h b/include/ouroboros/hash.h
index 6b0087ce..3d5734f5 100644
--- a/include/ouroboros/hash.h
+++ b/include/ouroboros/hash.h
@@ -52,6 +52,10 @@ enum hash_algo {
 #define HASH_VAL128(hash128)                              \
         HASH_VAL64(hash128), HASH_VAL64(hash128 + 8)
 
+#define HASH_FMT192 HASH_FMT128 HASH_FMT64
+#define HASH_VAL192(hash192)                              \
+        HASH_VAL128(hash192), HASH_VAL64(hash192 + 16)
+
 #define HASH_FMT224 HASH_FMT128 HASH_FMT64 HASH_FMT32
 #define HASH_VAL224(hash224)                              \
         HASH_VAL128(hash224), HASH_VAL64(hash224 + 16),   \
diff --git a/include/ouroboros/time.h b/include/ouroboros/time.h
index b274c35b..470c99a0 100644
--- a/include/ouroboros/time.h
+++ b/include/ouroboros/time.h
@@ -36,29 +36,33 @@
 
 #include <time.h>
 #include <sys/time.h>
+#include <sys/types.h>
 
 #define TIMESPEC_INIT_S(s)   {(s), 0}
 #define TIMESPEC_INIT_MS(ms) {(ms) / 1000, ((ms) % 1000) * MILLION}
 #define TIMESPEC_INIT_US(us) {(us) / MILLION, ((us) % MILLION) * 1000}
 #define TIMESPEC_INIT_NS(ns) {(ns) / BILLION, ((ns) % BILLION)}
 
+#define TS_TO_UINT64(ts)                                                \
+        ((uint64_t)(ts).tv_sec * BILLION + (uint64_t)(ts).tv_nsec)
+
 #define TIMEVAL_INIT_S(s)   {(s), 0}
 #define TIMEVAL_INIT_MS(ms) {(ms) / 1000, ((ms) % 1000) * 1000}
 #define TIMEVAL_INIT_US(us) {(us) / MILLION, ((us) % MILLION)}
 
 /* functions for timespecs */
-#define ts_diff_ns(t0, tx) (((tx)->tv_sec - (t0)->tv_sec) * BILLION     \
+#define ts_diff_ns(tx, t0) (((tx)->tv_sec - (t0)->tv_sec) * BILLION     \
                             + ((tx)->tv_nsec - (t0)->tv_nsec))
-#define ts_diff_us(t0, tx) (((tx)->tv_sec - (t0)->tv_sec) * MILLION     \
+#define ts_diff_us(tx, t0) (((tx)->tv_sec - (t0)->tv_sec) * MILLION     \
                             + ((tx)->tv_nsec - (t0)->tv_nsec) / 1000L)
-#define ts_diff_ms(t0, tx) (((tx)->tv_sec - (t0)->tv_sec) * 1000L       \
+#define ts_diff_ms(tx, t0) (((tx)->tv_sec - (t0)->tv_sec) * 1000L       \
                             + ((tx)->tv_nsec - (t0)->tv_nsec) / MILLION)
 
 /* functions for timevals are the same */
-#define tv_diff_us(t0, tx) (((tx)->tv_sec - (t0)->tv_sec) * MILLION     \
+#define tv_diff_us(tx, t0) (((tx)->tv_sec - (t0)->tv_sec) * MILLION     \
+                            + ((tx)->tv_usec - (t0)->tv_usec))
+#define tv_diff_ms(tx, t0) (((tx)->tv_sec - (t0)->tv_sec) * 1000L       \
                             + ((tx)->tv_usec - (t0)->tv_usec) / 1000L)
-#define tv_diff_ms(t0, tx) (((tx)->tv_sec - (t0)->tv_sec) * 1000L       \
-                            + ((tx)->tv_usec - (t0)->tv_usec) / MILLION)
 
 /* functions for timespecs */
 
diff --git a/include/ouroboros/tpm.h b/include/ouroboros/tpm.h
index 7188dc91..3fb49b88 100644
--- a/include/ouroboros/tpm.h
+++ b/include/ouroboros/tpm.h
@@ -40,6 +40,8 @@ void         tpm_stop(struct tpm * tpm);
 
 void         tpm_begin_work(struct tpm * tpm);
 
+void         tpm_wait_work(struct tpm * tpm);
+
 void         tpm_end_work(struct tpm * tpm);
 
 #endif /* OUROBOROS_LIB_TPM_H */
diff --git a/include/ouroboros/utils.h b/include/ouroboros/utils.h
index 7f625c90..9c48b039 100644
--- a/include/ouroboros/utils.h
+++ b/include/ouroboros/utils.h
@@ -33,6 +33,7 @@
 #define ABS(a)   ((a) > 0 ? (a) : -(a))
 #define clrbuf(buf) do { memset(&(buf), 0, sizeof(buf)); } while (0);
 #define freebuf(buf) do { free((buf).data); clrbuf(buf); } while (0);
+#define BUF_INIT { NULL, 0 }
 
 typedef struct {
         uint8_t * data;