irmd: Initial Flow Allocation Protocol Header

This adds the initial version for the flow allocation protocol header
between IRMd instances. This is a step towards flow authentication.

The header supports secure and authenticated flow allocation,
supporting certificate-based authentication and ephemeral key
exchange for end-to-end encryption.

 id:          128-bit identifier for the entity.
 timestamp:   64-bit timestamp (replay protection).
 certificate: Certificate for authentication.
 public key:  ECDHE public key for key exchange.
 data:        Application data.
 signature:   Signature for integrity/authenticity.

Authentication and encryption require OpenSSL to be installed.

The IRMd compares the allocation request delay with the MPL of the
Layer over which the flow allocation was sent. MPL is now reported by
the Layer in ms instead of seconds.

Time functions revised for consistency and adds some tests.

The TPM can now print thread running times in Debug builds
(TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads
(TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input
should call tpm_wait_work() to avoid trigger a process abort.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

3 files changed, 9 insertions, 44 deletions

diff --git a/src/irmd/reg/reg.c b/src/irmd/reg/reg.c
index d95a4722..339e7fa0 100644
--- a/src/irmd/reg/reg.c
+++ b/src/irmd/reg/reg.c
@@ -1771,8 +1771,7 @@ int reg_respond_alloc(struct flow_info * info,
         return -1;
 }
 
-int reg_prepare_flow_accept(struct flow_info * info,
-                            buffer_t *         pbuf)
+int reg_prepare_flow_accept(struct flow_info * info)
 {
         struct reg_flow * flow;
         int               ret;
@@ -1790,8 +1789,6 @@ int reg_prepare_flow_accept(struct flow_info * info,
 
         ret = reg_flow_update(flow, info);
 
-        reg_flow_set_data(flow, pbuf);
-
         pthread_mutex_unlock(&reg.mtx);
 
         return ret;
@@ -1915,7 +1912,6 @@ int reg_respond_accept(struct flow_info * info,
                        buffer_t *         pbuf)
 {
         struct reg_flow * flow;
-        buffer_t          temp;
 
         assert(info != NULL);
         assert(info->state == FLOW_ALLOCATED);
@@ -1933,11 +1929,8 @@ int reg_respond_accept(struct flow_info * info,
 
         info->n_pid = flow->info.n_pid;
 
-        if (info->qs.cypher_s > 0) {
-                reg_flow_get_data(flow, &temp);
-                reg_flow_set_data(flow, pbuf);
-                *pbuf = temp;
-        }
+        reg_flow_set_data(flow, pbuf);
+        clrbuf(pbuf);
 
         if (reg_flow_update(flow, info) < 0) {
                 log_err("Failed to create flow structs.");
diff --git a/src/irmd/reg/reg.h b/src/irmd/reg/reg.h
index 17dfcc32..f1899d65 100644
--- a/src/irmd/reg/reg.h
+++ b/src/irmd/reg/reg.h
@@ -119,8 +119,7 @@ int   reg_wait_flow_allocated(struct flow_info *      info,
 int   reg_respond_alloc(struct flow_info * info,
                         buffer_t *         pbuf);
 
-int   reg_prepare_flow_accept(struct flow_info * info,
-                              buffer_t *         pbuf);
+int   reg_prepare_flow_accept(struct flow_info * info);
 
 int   reg_wait_flow_accepted(struct flow_info *      info,
                              buffer_t *              pbuf,
diff --git a/src/irmd/reg/tests/reg_test.c b/src/irmd/reg/tests/reg_test.c
index 80fc64d6..b69cf476 100644
--- a/src/irmd/reg/tests/reg_test.c
+++ b/src/irmd/reg/tests/reg_test.c
@@ -115,7 +115,6 @@ static int test_reg_allocate_flow_timeout(void)
 {
         struct timespec abstime;
         struct timespec timeo = TIMESPEC_INIT_MS(1);
-        buffer_t        pbuf;
         buffer_t        rbuf = {NULL, 0};
 
         struct flow_info info = {
@@ -125,14 +124,6 @@ static int test_reg_allocate_flow_timeout(void)
 
         TEST_START();
 
-        pbuf.data = (uint8_t *) strdup(TEST_DATA);;
-        if (pbuf.data == NULL) {
-                printf("Failed to strdup data.\n");
-                goto fail;
-        }
-
-        pbuf.len  = strlen((char *) pbuf.data) + 1;
-
         clock_gettime(PTHREAD_COND_CLOCK, &abstime);
 
         ts_add(&abstime, &timeo, &abstime);
@@ -147,7 +138,7 @@ static int test_reg_allocate_flow_timeout(void)
                 goto fail;
         }
 
-        if (reg_prepare_flow_accept(&info, &pbuf) < 0) {
+        if (reg_prepare_flow_accept(&info) < 0) {
                 printf("Failed to prepare flow for accept.\n");
                 goto fail;
         }
@@ -162,12 +153,6 @@ static int test_reg_allocate_flow_timeout(void)
                 goto fail;
         }
 
-        if (pbuf.data == NULL) {
-                printf("Flow data was updated on timeout.");
-                goto fail;
-        }
-
-        freebuf(pbuf);
         reg_destroy_flow(info.id);
 
         if (reg.n_flows != 0) {
@@ -220,13 +205,6 @@ static void * test_flow_respond_accept(void * o)
 
         reg_respond_accept(info, &pbuf);
 
-        if (info->qs.cypher_s == 0) {
-                freebuf(pbuf);
-        } else if (strcmp((char *) pbuf.data, TEST_DATA) != 0) {
-                printf("Data was not passed correctly.\n");
-                goto fail;
-        }
-
         return (void *) 0;
  fail:
         return (void *) -1;
@@ -237,7 +215,6 @@ static int test_reg_accept_flow_success(void)
         pthread_t       thr;
         struct timespec abstime;
         struct timespec timeo = TIMESPEC_INIT_S(1);
-        buffer_t        pbuf = {(uint8_t *) TEST_DATA, strlen(TEST_DATA)};
         buffer_t        rbuf  = {NULL, 0};
 
         struct flow_info info = {
@@ -267,7 +244,7 @@ static int test_reg_accept_flow_success(void)
                 goto fail;
         }
 
-        if (reg_prepare_flow_accept(&info, &pbuf) < 0) {
+        if (reg_prepare_flow_accept(&info) < 0) {
                 printf("Failed to prepare flow for accept.\n");
                 goto fail;
         }
@@ -332,7 +309,6 @@ static int test_reg_accept_flow_success_no_crypt(void)
         pthread_t       thr;
         struct timespec abstime;
         struct timespec timeo = TIMESPEC_INIT_S(1);
-        buffer_t        pbuf = {(uint8_t *) TEST_DATA, strlen(TEST_DATA)};
         buffer_t        rbuf  = {NULL, 0};
 
         struct flow_info info = {
@@ -362,7 +338,7 @@ static int test_reg_accept_flow_success_no_crypt(void)
                 goto fail;
         }
 
-        if (reg_prepare_flow_accept(&info, &pbuf) < 0) {
+        if (reg_prepare_flow_accept(&info) < 0) {
                 printf("Failed to prepare flow for accept.\n");
                 goto fail;
         }
@@ -389,10 +365,7 @@ static int test_reg_accept_flow_success_no_crypt(void)
                 goto fail;
         }
 
-        if (strcmp((char *) rbuf.data, TEST_DATA) != 0) {
-                printf("Data was updated.\n");
-                goto fail;
-        }
+        freebuf(rbuf);
 
         n_1_info.state = FLOW_DEALLOCATED;
 
@@ -1177,7 +1150,7 @@ static void * test_call_flow_accept(void * o)
         clock_gettime(PTHREAD_COND_CLOCK, &abstime);
         ts_add(&abstime, &timeo, &abstime);
 
-        reg_prepare_flow_accept(&info, &pbuf);
+        reg_prepare_flow_accept(&info);
 
         if (reg_wait_flow_accepted(&info, &pbuf, &abstime) != -ETIMEDOUT) {
                 printf("Wait allocated did not timeout.\n");