lib: Add per-message encryption with OpenSSL

This adds a per-message symmetric encryption using the OpenSSL
library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange
is performed to derive a shared secret, which is then hashed using
SHA3-256 to be used as a key for symmetric AES-256 encryption. Each
message on an encrypted flow adds a small crypto header that includes
a random 128-bit Initialization Vector (IV). If the server does not
have OpenSSL enabled, the flow allocation will fail with an -ECRYPT
error.

Future optimizations are to piggyback the public keys on the flow
allocation message, and to enable per-flow encryption that maintains
the context of the encryption over multiple packets and doesn't
require sending IVs.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

1 files changed, 4 insertions, 2 deletions

diff --git a/src/lib/sockets.c b/src/lib/sockets.c
index b08bae8e..347e9244 100644
--- a/src/lib/sockets.c
+++ b/src/lib/sockets.c
@@ -166,7 +166,7 @@ char * ipcp_sock_path(pid_t pid)
         return full_name;
 }
 
-qosspec_msg_t spec_to_msg(qosspec_t * qs)
+qosspec_msg_t spec_to_msg(const qosspec_t * qs)
 {
         qosspec_t     spec;
         qosspec_msg_t msg = QOSSPEC_MSG__INIT;
@@ -180,11 +180,12 @@ qosspec_msg_t spec_to_msg(qosspec_t * qs)
         msg.ber          = spec.ber;
         msg.in_order     = spec.in_order;
         msg.max_gap      = spec.max_gap;
+        msg.cypher_s     = spec.cypher_s;
 
         return msg;
 }
 
-qosspec_t msg_to_spec(qosspec_msg_t * msg)
+qosspec_t msg_to_spec(const qosspec_msg_t * msg)
 {
         qosspec_t     spec;
 
@@ -197,6 +198,7 @@ qosspec_t msg_to_spec(qosspec_msg_t * msg)
         spec.ber          = msg->ber;
         spec.in_order     = msg->in_order;
         spec.max_gap      = msg->max_gap;
+        spec.cypher_s     = msg->cypher_s;
 
         return spec;
 }