diff options
| author | Dimitri Staessens <dmarc-noreply@freelists.org> | 2025-07-13 07:42:58 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2025-07-16 08:34:17 +0200 |
| commit | 2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1 (patch) | |
| tree | c303098450a9a361d3d16738a78cbfdc452326f6 /src/lib/crypt.c | |
| parent | 589e273a446cdcec7e9c5e3a85256b7b8554e4f0 (diff) | |
| download | ouroboros-2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1.tar.gz ouroboros-2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1.zip | |
irmd: Initial Flow Allocation Protocol Header
This adds the initial version for the flow allocation protocol header
between IRMd instances. This is a step towards flow authentication.
The header supports secure and authenticated flow allocation,
supporting certificate-based authentication and ephemeral key
exchange for end-to-end encryption.
id: 128-bit identifier for the entity.
timestamp: 64-bit timestamp (replay protection).
certificate: Certificate for authentication.
public key: ECDHE public key for key exchange.
data: Application data.
signature: Signature for integrity/authenticity.
Authentication and encryption require OpenSSL to be installed.
The IRMd compares the allocation request delay with the MPL of the
Layer over which the flow allocation was sent. MPL is now reported by
the Layer in ms instead of seconds.
Time functions revised for consistency and adds some tests.
The TPM can now print thread running times in Debug builds
(TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads
(TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input
should call tpm_wait_work() to avoid trigger a process abort.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib/crypt.c')
| -rw-r--r-- | src/lib/crypt.c | 45 |
1 files changed, 42 insertions, 3 deletions
diff --git a/src/lib/crypt.c b/src/lib/crypt.c index 756fcccc..e8c4d5ab 100644 --- a/src/lib/crypt.c +++ b/src/lib/crypt.c @@ -60,10 +60,13 @@ int crypt_dh_pkp_create(void ** pkp, void crypt_dh_pkp_destroy(void * pkp) { + if (pkp == NULL) + return; #ifdef HAVE_OPENSSL openssl_ecdh_pkp_destroy(pkp); #else (void) pkp; + return; #endif } @@ -179,7 +182,7 @@ int crypt_load_privkey_file(const char * path, } int crypt_load_privkey_str(const char * str, - void ** key) + void ** key) { *key = NULL; @@ -232,6 +235,8 @@ void crypt_free_key(void * key) int crypt_load_crt_file(const char * path, void ** crt) { + assert(crt != NULL); + *crt = NULL; #ifdef HAVE_OPENSSL @@ -246,6 +251,8 @@ int crypt_load_crt_file(const char * path, int crypt_load_crt_str(const char * str, void ** crt) { + assert(crt != NULL); + *crt = NULL; #ifdef HAVE_OPENSSL @@ -257,6 +264,21 @@ int crypt_load_crt_str(const char * str, #endif } +int crypt_load_crt_der(const buffer_t buf, + void ** crt) +{ + assert(crt != NULL); +#ifdef HAVE_OPENSSL + return openssl_load_crt_der(buf, crt); +#else + *crt = NULL; + + (void) buf; + + return 0; +#endif +} + int crypt_get_pubkey_crt(void * crt, void ** pk) { @@ -283,8 +305,8 @@ void crypt_free_crt(void * crt) #endif } -int crypt_crt_str(void * crt, - char * buf) +int crypt_crt_str(const void * crt, + char * buf) { #ifdef HAVE_OPENSSL return openssl_crt_str(crt, buf); @@ -296,6 +318,23 @@ int crypt_crt_str(void * crt, #endif } +int crypt_crt_der(const void * crt, + buffer_t * buf) +{ + assert(crt != NULL); + assert(buf != NULL); + +#ifdef HAVE_OPENSSL + return openssl_crt_der(crt, buf); +#else + (void) crt; + + clrbuf(*buf); + + return 0; +#endif +} + int crypt_check_crt_name(void * crt, const char * name) { |