irmd: Initial Flow Allocation Protocol Header

This adds the initial version for the flow allocation protocol header
between IRMd instances. This is a step towards flow authentication.

The header supports secure and authenticated flow allocation,
supporting certificate-based authentication and ephemeral key
exchange for end-to-end encryption.

 id:          128-bit identifier for the entity.
 timestamp:   64-bit timestamp (replay protection).
 certificate: Certificate for authentication.
 public key:  ECDHE public key for key exchange.
 data:        Application data.
 signature:   Signature for integrity/authenticity.

Authentication and encryption require OpenSSL to be installed.

The IRMd compares the allocation request delay with the MPL of the
Layer over which the flow allocation was sent. MPL is now reported by
the Layer in ms instead of seconds.

Time functions revised for consistency and adds some tests.

The TPM can now print thread running times in Debug builds
(TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads
(TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input
should call tpm_wait_work() to avoid trigger a process abort.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

1 files changed, 88 insertions, 0 deletions

diff --git a/src/irmd/oap.h b/src/irmd/oap.h
new file mode 100644
index 00000000..460a89de
--- /dev/null
+++ b/src/irmd/oap.h
@@ -0,0 +1,88 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * Ouroboros flow allocation protocol header
+ *
+ *    Dimitri Staessens <dimitri@ouroboros.rocks>
+ *    Sander Vrijders   <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_OAP_H
+#define OUROBOROS_IRMD_OAP_H
+
+#include <ouroboros/utils.h>
+
+#define OAP_ID_SIZE      (16)
+#define OAP_HDR_MIN_SIZE (OAP_ID_SIZE + sizeof(uint64_t) + 4 * sizeof(uint16_t))
+
+
+/*
+ *  0                   1                   2                   3
+ *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +---------------------------------------------------------------+
+ * |                                                               |
+ * |                        id (128 bits)                          |
+ * |                                                               |
+ * |                                                               |
+ * +---------------------------------------------------------------+
+ * |                      timestamp (64 bits)                      |
+ * |                                                               |
+ * +---------------------------------------------------------------+
+ * |      crt_len  (16 bits)     |                                 |
+ * +-----------+-----------------+                                 |
+ * |                        certificate                            |
+ * |                                                               |
+ * +---------------------------------------------------------------+
+ * |      eph_len  (16 bits)     |                                 |
+ * +-----------+-----------------+                                 |
+ * |                   public key for ECDHE                        |
+ * |                                                               |
+ * +---------------------------------------------------------------+
+ * |     data_len (16 bits)      |                                 |
+ * +-----------+-----------------+                                 |
+ * |               piggy backed application data                   |
+ * |                                                               |
+ * +---------------------------------------------------------------+
+ * |     sig_len  (16 bits)      |                                 |
+ * +-----------+-----------------+                                 |
+ * |                         signature                             |
+ * |                                                               |
+ * +---------------------------------------------------------------+
+ */
+
+struct oap_hdr {
+        uint64_t timestamp;
+        buffer_t id;
+        buffer_t crt;
+        buffer_t eph;
+        buffer_t data;
+        buffer_t sig;
+        buffer_t hdr;
+};
+
+int  oap_hdr_init(buffer_t         id,
+                  void *           pkp,
+                  void *           pubcrt,
+                  buffer_t         ephkey,
+                  buffer_t         data,
+                  struct oap_hdr * oap_hdr);
+
+void oap_hdr_fini(struct oap_hdr * oap_hdr);
+
+int  oap_hdr_decode(buffer_t         hdr,
+                    struct oap_hdr * oap_hdr);
+
+#endif /* OUROBOROS_IRMD_OAP_H */