diff options
author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2019-08-02 19:12:34 +0200 |
---|---|---|
committer | Sander Vrijders <sander@ouroboros.rocks> | 2019-08-03 12:10:57 +0200 |
commit | 9e8d603d14561095fb8d08871319a315d3bf6763 (patch) | |
tree | 7a87c212fcd642a8696145b4246a4fc4cf964e10 /src/ipcpd/eth/eth.c | |
parent | 8a37ffbf8c0776a38f2de18a63e885383960ee68 (diff) | |
download | ouroboros-9e8d603d14561095fb8d08871319a315d3bf6763.tar.gz ouroboros-9e8d603d14561095fb8d08871319a315d3bf6763.zip |
lib: Add per-message encryption with OpenSSL
This adds a per-message symmetric encryption using the OpenSSL
library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange
is performed to derive a shared secret, which is then hashed using
SHA3-256 to be used as a key for symmetric AES-256 encryption. Each
message on an encrypted flow adds a small crypto header that includes
a random 128-bit Initialization Vector (IV). If the server does not
have OpenSSL enabled, the flow allocation will fail with an -ECRYPT
error.
Future optimizations are to piggyback the public keys on the flow
allocation message, and to enable per-flow encryption that maintains
the context of the encryption over multiple packets and doesn't
require sending IVs.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/ipcpd/eth/eth.c')
-rw-r--r-- | src/ipcpd/eth/eth.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/ipcpd/eth/eth.c b/src/ipcpd/eth/eth.c index 1a332272..dccfd190 100644 --- a/src/ipcpd/eth/eth.c +++ b/src/ipcpd/eth/eth.c @@ -162,6 +162,7 @@ struct mgmt_msg { uint32_t ber; uint32_t max_gap; uint32_t delay; + uint16_t cypher_s; uint8_t in_order; #if defined (BUILD_ETH_DIX) uint8_t code; @@ -485,6 +486,7 @@ static int eth_ipcp_alloc(const uint8_t * dst_addr, msg->ber = hton32(qs.ber); msg->in_order = qs.in_order; msg->max_gap = hton32(qs.max_gap); + msg->cypher_s = hton16(qs.cypher_s); memcpy(msg + 1, hash, ipcp_dir_hash_len()); @@ -731,6 +733,7 @@ static int eth_ipcp_mgmt_frame(const uint8_t * buf, qs.ber = ntoh32(msg->ber); qs.in_order = msg->in_order; qs.max_gap = ntoh32(msg->max_gap); + qs.cypher_s = hton32(msg->cypher_s); if (shim_data_reg_has(eth_data.shim_data, buf + sizeof(*msg))) { |