lib: Move encryption control from QoS to name

This removes the flow encryption option (cypher_s) from the qosspec.

The configuration file is configured in the security options (default
/etc/ouroboros/security/). For this poc, encryption can be disabled
client or server side by putting an enc.cfg file. If that file is
present in the client folder, the client will require encryption. If
that file is present on the server side, the server will require
encryption and reject non-encrypted flows.

Encryption is now configured outside of any application control.

Example: /etc/ouroboros/security/client/oping/enc.cfg exists:

irmd(II): Encryption enabled for oping.
irmd(DB): File /etc/ouroboros/security/client/oping/crt.pem does not exist.
irmd(II): No security info for oping.
irmd(DB): Generated ephemeral keys for 87474.
irmd/oap(PP): OAP_HDR [caf203681d997941 @ 2025-09-02 17:08:05 (UTC) ] -->
irmd/oap(PP):   Certificate: <none>
irmd/oap(PP):   Ephemeral Public Key: [91 bytes]
irmd/oap(PP):   Data: <none>
irmd/oap(PP):   Signature: <none>

Example: /etc/ouroboros/security/client/oping/enc.cfg does not exist:

irmd(II): Allocating flow for 87506 to oping.
irmd(DB): File /etc/ouroboros/security/client/oping/enc.cfg does not exist.
irmd(DB): File /etc/ouroboros/security/client/oping/crt.pem does not exist.
irmd(II): No security info for oping.
irmd/oap(PP): OAP_HDR [e84bb9d7c3d9c002 @ 2025-09-02 17:08:30 (UTC) ] -->
irmd/oap(PP):   Certificate: <none>
irmd/oap(PP):   Ephemeral Public Key: <none>
irmd/oap(PP):   Data: <none>
irmd/oap(PP):   Signature: <none>

Example: /etc/ouroboros/security/server/oping/enc.cfg exists:

irmd(II): Flow request arrived for oping.
irmd(DB): IPCP 88112 accepting flow 7 for oping.
irmd(II): Encryption enabled for oping.
irmd(DB): File /etc/ouroboros/security/server/oping/crt.pem does not exist.
irmd(II): No security info for oping.
irmd/oap(PP): OAP_HDR [3c717b3f31dff8df @ 2025-09-02 17:13:06 (UTC) ] <--
irmd/oap(PP):   Certificate: <none>
irmd/oap(PP):   Ephemeral Public Key: <none>
irmd/oap(PP):   Data: <none>
irmd/oap(PP):   Signature: <none>
irmd(WW): Encryption required but no key provided.

The server side will pass the ECRYPT to the client:
$ oping -l
Ouroboros ping server started.
Failed to accept flow: -1008

$ oping -n oping -c 1
Failed to allocate flow: -1008.

Encryption on flows can now be changed at runtime without needing to
touch/reconfigure/restart the process.

Note: The ECRYPT result is passed on via the flow allocator responses
through the IPCP (discovered/fixed some endianness issues), but the
reason for rejecting the flow can be considered N+1 information... We
may move that information up into the OAP header at some point.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

6 files changed, 19 insertions, 33 deletions

diff --git a/src/lib/crypt.c b/src/lib/crypt.c
index b39a4a73..8b18140e 100644
--- a/src/lib/crypt.c
+++ b/src/lib/crypt.c
@@ -32,7 +32,6 @@
 #include <string.h>
 
 struct crypt_ctx {
-    uint16_t flags;
     void *   ctx;
     uint8_t  key[SYMMKEYSZ];
 };
@@ -91,14 +90,13 @@ int crypt_encrypt(struct crypt_ctx * ctx,
                   buffer_t           in,
                   buffer_t *         out)
 {
-        if (ctx->flags == 0) {
-                clrbuf(*out);
-                return 0;
-        }
+        assert(ctx != NULL);
+        assert(ctx->ctx != NULL);
 
 #ifdef HAVE_OPENSSL
         return openssl_encrypt(ctx->ctx, ctx->key, in, out);
 #else
+        (void) ctx;
         (void) in;
         (void) out;
 
@@ -110,14 +108,13 @@ int crypt_decrypt(struct crypt_ctx * ctx,
                   buffer_t           in,
                   buffer_t *         out)
 {
-        if (ctx->flags == 0) {
-                clrbuf(*out);
-                return 0;
-        }
+        assert(ctx != NULL);
+        assert(ctx->ctx != NULL);
 
 #ifdef HAVE_OPENSSL
         return openssl_decrypt(ctx->ctx, ctx->key, in, out);
 #else
+        (void) ctx;
         (void) in;
         (void) out;
 
@@ -125,8 +122,7 @@ int crypt_decrypt(struct crypt_ctx * ctx,
 #endif
 }
 
-struct crypt_ctx * crypt_create_ctx(uint16_t        flags,
-                                    const uint8_t * key)
+struct crypt_ctx * crypt_create_ctx(const uint8_t * key)
 {
         struct crypt_ctx * crypt;
 
@@ -136,7 +132,6 @@ struct crypt_ctx * crypt_create_ctx(uint16_t        flags,
 
         memset(crypt, 0, sizeof(*crypt));
 
-        crypt->flags = flags;
         if (key != NULL)
                 memcpy(crypt->key, key, SYMMKEYSZ);
 #ifdef HAVE_OPENSSL
diff --git a/src/lib/dev.c b/src/lib/dev.c
index 6c8fdbc1..c0cd11a3 100644
--- a/src/lib/dev.c
+++ b/src/lib/dev.c
@@ -544,8 +544,7 @@ static int flow_init(struct flow_info * info,
 
         if (sk!= NULL && sk->data != NULL) {
                 assert(sk->len == SYMMKEYSZ);
-                /* TODO: remove cypher_s from QoS */
-                flow->crypt = crypt_create_ctx(info->qs.cypher_s, sk->data);
+                flow->crypt = crypt_create_ctx(sk->data);
                 if (flow->crypt == NULL)
                         goto fail_crypt;
         }
@@ -886,8 +885,10 @@ int flow_alloc(const char *            dst,
                 return -ENOMEM;
 
         err = send_recv_msg(&msg);
-        if (err < 0)
+        if (err < 0) {
+                printf("send_recv_msg error %d\n", err);
                 return err;
+        }
 
         err = flow__irm_result_des(&msg, &flow, &sk);
         if (err < 0)
@@ -917,9 +918,6 @@ int flow_join(const char *            dst,
         if (qs != NULL)
                 qs->ber = 1;
 #endif
-        if (qs != NULL && qs->cypher_s > 0)
-                return -ENOTSUP; /* TODO: Encrypted broadcast */
-
         memset(&flow, 0, sizeof(flow));
 
         flow.n_pid = getpid();
@@ -1830,11 +1828,12 @@ int np1_flow_dealloc(int    flow_id,
         return fd;
 }
 
-int np1_flow_resp(int flow_id)
+int np1_flow_resp(int flow_id,
+                  int resp)
 {
         int fd;
 
-        if (flow_wait_assign(flow_id) != FLOW_ALLOCATED)
+        if (resp == 0 && flow_wait_assign(flow_id) != FLOW_ALLOCATED)
                 return -1;
 
         pthread_rwlock_rdlock(&ai.lock);
diff --git a/src/lib/pb/model.proto b/src/lib/pb/model.proto
index 56337b5b..7b06e434 100644
--- a/src/lib/pb/model.proto
+++ b/src/lib/pb/model.proto
@@ -30,8 +30,7 @@ message qosspec_msg {
         required uint32 ber          = 5; /* Bit error rate, ppb.     */
         required uint32 in_order     = 6; /* In-order delivery.       */
         required uint32 max_gap      = 7; /* In ms.                   */
-        required uint32 cypher_s     = 8; /* Crypto strength in bits. */
-        required uint32 timeout      = 9; /* Timeout in ms.           */
+        required uint32 timeout      = 8; /* Timeout in ms.           */
 }
 
 message flow_info_msg {
diff --git a/src/lib/protobuf.c b/src/lib/protobuf.c
index b5ec8778..6df4e810 100644
--- a/src/lib/protobuf.c
+++ b/src/lib/protobuf.c
@@ -751,7 +751,6 @@ qosspec_msg_t * qos_spec_s_to_msg(const struct qos_spec * s)
         msg->ber          = s->ber;
         msg->in_order     = s->in_order;
         msg->max_gap      = s->max_gap;
-        msg->cypher_s     = s->cypher_s;
         msg->timeout      = s->timeout;
 
         return msg;
@@ -770,7 +769,6 @@ struct qos_spec qos_spec_msg_to_s(const qosspec_msg_t * msg)
         s.ber          = msg->ber;
         s.in_order     = msg->in_order;
         s.max_gap      = msg->max_gap;
-        s.cypher_s     = msg->cypher_s;
         s.timeout      = msg->timeout;
 
         return s;
diff --git a/src/lib/serdes-irm.c b/src/lib/serdes-irm.c
index c4ba3053..3aea0617 100644
--- a/src/lib/serdes-irm.c
+++ b/src/lib/serdes-irm.c
@@ -166,12 +166,7 @@ int flow__irm_result_des(buffer_t *         buf,
 
         *flow = flow_info_msg_to_s(msg->flow_info);
 
-        if (flow->qs.cypher_s > 0 && sk != NULL) {
-                if (msg->symmkey.data == NULL || msg->symmkey.len == 0) {
-                        err = -ECRYPT;
-                        goto fail;
-                }
-
+        if (sk != NULL) {
                 sk->len  = msg->symmkey.len;
                 sk->data = msg->symmkey.data;
 
diff --git a/src/lib/tests/crypt_test.c b/src/lib/tests/crypt_test.c
index 7489d5b3..e7a09e8f 100644
--- a/src/lib/tests/crypt_test.c
+++ b/src/lib/tests/crypt_test.c
@@ -35,7 +35,7 @@ static int test_crypt_create_destroy(void)
 
         TEST_START();
 
-        ctx = crypt_create_ctx(0, NULL);
+        ctx = crypt_create_ctx(NULL);
         if (ctx == NULL) {
                 printf("Failed to initialize cryptography.\n");
                 goto fail;
@@ -60,7 +60,7 @@ static int test_crypt_create_destroy_with_key(void)
 
         memset(key, 0, sizeof(key));
 
-        ctx = crypt_create_ctx(1, key);
+        ctx = crypt_create_ctx(key);
         if (ctx == NULL) {
                 printf("Failed to initialize cryptography.\n");
                 goto fail;
@@ -181,7 +181,7 @@ int test_crypt_encrypt_decrypt(void)
                 goto fail_init;
         }
 
-        ctx = crypt_create_ctx(1, key);
+        ctx = crypt_create_ctx(key);
         if (ctx == NULL) {
                 printf("Failed to initialize cryptography.\n");
                 goto fail_init;