diff options
| author | Dimitri Staessens <dmarc-noreply@freelists.org> | 2025-07-13 07:42:58 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2025-07-16 08:34:17 +0200 |
| commit | 2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1 (patch) | |
| tree | c303098450a9a361d3d16738a78cbfdc452326f6 /src/lib/tests/auth_test.c | |
| parent | 589e273a446cdcec7e9c5e3a85256b7b8554e4f0 (diff) | |
| download | ouroboros-2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1.tar.gz ouroboros-2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1.zip | |
irmd: Initial Flow Allocation Protocol Header
This adds the initial version for the flow allocation protocol header
between IRMd instances. This is a step towards flow authentication.
The header supports secure and authenticated flow allocation,
supporting certificate-based authentication and ephemeral key
exchange for end-to-end encryption.
id: 128-bit identifier for the entity.
timestamp: 64-bit timestamp (replay protection).
certificate: Certificate for authentication.
public key: ECDHE public key for key exchange.
data: Application data.
signature: Signature for integrity/authenticity.
Authentication and encryption require OpenSSL to be installed.
The IRMd compares the allocation request delay with the MPL of the
Layer over which the flow allocation was sent. MPL is now reported by
the Layer in ms instead of seconds.
Time functions revised for consistency and adds some tests.
The TPM can now print thread running times in Debug builds
(TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads
(TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input
should call tpm_wait_work() to avoid trigger a process abort.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib/tests/auth_test.c')
| -rw-r--r-- | src/lib/tests/auth_test.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/tests/auth_test.c b/src/lib/tests/auth_test.c index c3d42b8f..271fdabf 100644 --- a/src/lib/tests/auth_test.c +++ b/src/lib/tests/auth_test.c @@ -36,7 +36,7 @@ * https://community.f5.com/kb/technicalarticles/ */ -/* Root certificate for CA ca.unittest.o7s */ +/* Root certificate for CA ca2.unittest.o7s */ static const char * root_ca_crt = \ "-----BEGIN CERTIFICATE-----\n" "MIICiTCCAi+gAwIBAgIUe4iFIymeUTgutBrdvcxFihOVHnowCgYIKoZIzj0EAwIw\n" @@ -55,7 +55,7 @@ static const char * root_ca_crt = \ "JSTSWB29kFFiM9ZdMV7M/tiZH9nSz1M8XhsTIGk=\n" "-----END CERTIFICATE-----\n"; -/* Certificate for intermediary im.unittest.o7s used for signing */ +/* Certificate for intermediary im2.unittest.o7s used for signing */ static const char * intermediate_ca_crt = \ "-----BEGIN CERTIFICATE-----\n" "MIIChTCCAiqgAwIBAgICEAIwCgYIKoZIzj0EAwIwgZExCzAJBgNVBAYTAkJFMQww\n" @@ -74,7 +74,7 @@ static const char * intermediate_ca_crt = \ "NnkLn+73oMj8w4pXGLNKAkX0z7yPJ4QhwA==\n" "-----END CERTIFICATE-----\n"; -/* Server server-1.unittest.o7s private-public key pair */ +/* Server server-2.unittest.o7s private-public key pair */ static const char * server_ec_pkp = \ "-----BEGIN EC PRIVATE KEY-----\n" "MHcCAQEEIC13y+5jdKe80HBJD7WITpQamcn3rrkTX1r0v+JwSk4NoAoGCCqGSM49\n" @@ -89,7 +89,7 @@ static const char * server_ec_pk = \ "uhDhqqrEcBO5+eob2xyqEaNknIV/86724zPptGRahWz0rzW2PvNppJdNBg==\n" "-----END PUBLIC KEY-----\n"; -/* Valid signed server certificate for server-1.unittest.o7s, SHA2 */ +/* Valid signed server certificate for server-2.unittest.o7s */ static const char * signed_server_crt = \ "-----BEGIN CERTIFICATE-----\n" "MIIDgjCCAyigAwIBAgICEAIwCgYIKoZIzj0EAwIwWzELMAkGA1UEBhMCQkUxDDAK\n" |