irmd: Initial Flow Allocation Protocol Header

This adds the initial version for the flow allocation protocol header between IRMd instances. This is a step towards flow authentication. The header supports secure and authenticated flow allocation, supporting certificate-based authentication and ephemeral key exchange for end-to-end encryption. id: 128-bit identifier for the entity. timestamp: 64-bit timestamp (replay protection). certificate: Certificate for authentication. public key: ECDHE public key for key exchange. data: Application data. signature: Signature for integrity/authenticity. Authentication and encryption require OpenSSL to be installed. The IRMd compares the allocation request delay with the MPL of the Layer over which the flow allocation was sent. MPL is now reported by the Layer in ms instead of seconds. Time functions revised for consistency and adds some tests. The TPM can now print thread running times in Debug builds (TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads (TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input should call tpm_wait_work() to avoid trigger a process abort. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
author: Dimitri Staessens <dmarc-noreply@freelists.org> 2025-07-13 07:42:58 +0200
committer: Sander Vrijders <sander@ouroboros.rocks> 2025-07-16 08:34:17 +0200
commit: 2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1 (patch)
tree: c303098450a9a361d3d16738a78cbfdc452326f6 /src/lib/tpm.c
parent: 589e273a446cdcec7e9c5e3a85256b7b8554e4f0 (diff)
download: ouroboros-2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1.tar.gz
ouroboros-2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1.zip
1 files changed, 52 insertions, 6 deletions
diff --git a/src/lib/tpm.c b/src/lib/tpm.c
index 64777815..a7391bd7 100644
--- a/src/lib/tpm.c
+++ b/src/lib/tpm.c
@@ -31,16 +31,23 @@
 
 #include <assert.h>
 #include <pthread.h>
+#include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
-#define TPM_TIMEOUT 1000
+#define TPM_TIMEOUT      1000
 
 struct pthr_el {
         struct list_head next;
 
         bool             kill;
         bool             busy;
-
+        bool             wait;
+#ifdef CONFIG_OUROBOROS_DEBUG
+        struct timespec  start;
+        struct timespec  last;
+#endif
         pthread_t        thr;
 };
 
@@ -72,6 +79,10 @@ static void tpm_join(struct tpm * tpm)
 {
         struct list_head * p;
         struct list_head * h;
+#ifdef CONFIG_OUROBOROS_DEBUG
+        struct timespec now;
+        clock_gettime(CLOCK_REALTIME, &now);
+#endif
 
         list_for_each_safe(p, h, &tpm->pool) {
                 struct pthr_el * e = list_entry(p, struct pthr_el, next);
@@ -86,6 +97,21 @@ static void tpm_join(struct tpm * tpm)
 
         list_for_each_safe(p, h, &tpm->pool) {
                 struct pthr_el * e = list_entry(p, struct pthr_el, next);
+#ifdef CONFIG_OUROBOROS_DEBUG
+                time_t diff = ts_diff_ms(&now, &e->start) / 1000;
+                bool hung;
+                if (TPM_DEBUG_REPORT_INTERVAL > 0) {
+                        time_t ldiff = ts_diff_ms(&now, &e->last) / 1000;
+                        if(e->busy && ldiff > TPM_DEBUG_REPORT_INTERVAL) {
+                                e->last = now;
+                                printf("Thread %d:%lx running for %ld s.\n",
+                                       getpid(),e->thr, diff);
+                        }
+                }
+                hung = e->busy && !e->wait && diff > TPM_DEBUG_ABORT_TIMEOUT;
+                if (TPM_DEBUG_ABORT_TIMEOUT > 0 && hung)
+                        assert(false); /* coredump */
+#endif
                 if (e->kill) {
                         pthread_t thr = e->thr;
                         list_del(&e->next);
@@ -139,11 +165,9 @@ static int __tpm(struct tpm * tpm)
                         if (e == NULL)
                                 break;
 
-                        e->kill = false;
-                        e->busy = false;
+                        memset(e, 0, sizeof(*e));
 
-                        if (pthread_create(&e->thr, NULL,
-                                                tpm->func, tpm->o)) {
+                        if (pthread_create(&e->thr, NULL, tpm->func, tpm->o)) {
                                 free(e);
                                 break;
                         }
@@ -280,12 +304,21 @@ void tpm_begin_work(struct tpm * tpm)
 {
         struct pthr_el * e;
 
+#ifdef CONFIG_OUROBOROS_DEBUG
+        struct timespec now;
+        clock_gettime(CLOCK_REALTIME, &now);
+#endif
+
         pthread_mutex_lock(&tpm->mtx);
 
         e = tpm_pthr_el(tpm, pthread_self());
         if (e != NULL) {
                 e->busy = true;
                 ++tpm->wrk;
+#ifdef CONFIG_OUROBOROS_DEBUG
+                e->start = now;
+                e->last  = now;
+#endif
         }
 
         pthread_cond_signal(&tpm->cond);
@@ -293,6 +326,19 @@ void tpm_begin_work(struct tpm * tpm)
         pthread_mutex_unlock(&tpm->mtx);
 }
 
+void tpm_wait_work(struct tpm * tpm)
+{
+        struct pthr_el * e;
+
+        pthread_mutex_lock(&tpm->mtx);
+
+        e = tpm_pthr_el(tpm, pthread_self());
+        if (e != NULL)
+                e->wait = true;
+
+        pthread_mutex_unlock(&tpm->mtx);
+}
+
 void tpm_end_work(struct tpm * tpm)
 {
         struct pthr_el * e;
author	Dimitri Staessens <dmarc-noreply@freelists.org>	2025-07-13 07:42:58 +0200
committer	Sander Vrijders <sander@ouroboros.rocks>	2025-07-16 08:34:17 +0200
commit	2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1 (patch)
tree	c303098450a9a361d3d16738a78cbfdc452326f6 /src/lib/tpm.c
parent	589e273a446cdcec7e9c5e3a85256b7b8554e4f0 (diff)
download	ouroboros-2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1.tar.gz ouroboros-2e505c2dc7a7e849fe7a327f9cbdfc587477a3d1.zip