| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with
per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the
OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5.
SLH-DSA was already working, but now added explicit authentication
tests for it with a full certificate chain (root CA, intermediate CA,
server) to show full support.
Rename PQC test files and cert headers to use algorithm-specific names
(ml_kem, ml_dsa, slh_dsa) and move cert headers to
include/test/certs/.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The hardcoded certificates were re-introduced in ea52d5275, breaking
the build.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The openssl_crt_str function was using BIO_get_mem_data() but this is
not guaranteed to be NULL-terminated, causing buffer overruns. This
was the root cause of ASan tests with certificates running for
minutes and eventually getting killed on the CI/CD pipeline:
Start 1: lib/auth_test
1/26 Test #1: lib/auth_test ......................***Skipped 312.75 sec
Start 16: irmd/oap/oap_test
16/26 Test #16: irmd/oap/oap_test ..................***Skipped 345.87 sec
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds initial support for runtime-configurable encryption and
post-quantum Key Encapsulation Mechanisms (KEMs) and authentication
(ML-DSA).
Supported key exchange algorithms:
ECDH: prime256v1, secp384r1, secp521r1, X25519, X448
Finite Field DH: ffdhe2048, ffdhe3072, ffdhe4096
ML-KEM (FIPS 203): ML-KEM-512, ML-KEM-768, ML-KEM-1024
Hybrid KEMs: X25519MLKEM768, X448MLKEM1024
Supported ciphers:
AEAD: aes-128-gcm, aes-192-gcm, aes-256-gcm, chacha20-poly1305
CTR: aes-128-ctr, aes-192-ctr, aes-256-ctr
Supported HKDFs:
sha256, sha384, sha512, sha3-256, sha3-384, sha3-512,
blake2b512, blake2s256
Supported Digests for DSA:
sha256, sha384, sha512, sha3-256, sha3-384, sha3-512,
blake2b512, blake2s256
PQC support requires OpenSSL 3.4.0+ and is detected automatically via
CMake. A DISABLE_PQC option allows building without PQC even when
available.
KEMs differ from traditional DH in that they require asymmetric roles:
one party encapsulates to the other's public key. This creates a
coordination problem during simultaneous reconnection attempts. The
kem_mode configuration parameter resolves this by pre-assigning roles:
kem_mode=server # Server encapsulates (1-RTT, full forward secrecy)
kem_mode=client # Client encapsulates (0-RTT, cached server key)
The enc.conf file format supports:
kex=<algorithm> # Key exchange algorithm
cipher=<algorithm> # Symmetric cipher
kdf=<KDF> # Key derivation function
digest=<digest> # Digest for DSA
kem_mode=<mode> # Server (default) or client
none # Disable encryption
The OAP protocol is extended to negotiate algorithms and exchange KEX
data. All KEX messages are signed using existing authentication
infrastructure for integrity and replay protection.
Tests are split into base and _pqc variants to handle conditional PQC
compilation (kex_test.c/kex_test_pqc.c, oap_test.c/oap_test_pqc.c).
Bumped minimum required OpenSSL version for encryption to 3.0
(required for HKDF API). 1.1.1 is long time EOL.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
The string buffer in auth_test was one byte too short. The log line
for the thread id in the tpm thread debug output needs type
conversion. The build fails because of this on OS X.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds initial implementation of peer authentication as part of
flow allocation. If credentials are not provided, this will be
accepted and logged as info that the flow is not authenticated.
Certificates and keys are passed as .pem files. The key file should
not be encrypted, else the IRMd will open a prompt for the password.
The default location for these .pem files is in
/etc/ouroboros/security. It is strongly recommended to make this
directory only accessible to root.
├── security
│ ├── cacert
│ │ └── ca.root.o7s.crt.pem
│ ├── client
│ │ ├── <name>
│ │ | ├── crt.pem
│ │ | └── key.pem
│ │ └── <name>
| | ├──...
| |
│ ├── server
│ │ ├── <name>
│ │ | ├── crt.pem
│ │ | └── key.pem
│ │ └── <name>
| | ├── ...
| |
│ └── untrusted
│ └── sign.root.o7s.crt.pem
Trusted root CA certificates go in the /cacert directory, untrusted
certificates for signature verification go in the /untrusted
directory. The IRMd will load these certificates at boot. The IRMd
will look for certificates in the /client and /server directories. For
each name a subdirectory can be added and the credentials in that
directory are used to sign the OAP header for flows at flow_alloc() on
the client side and flow_accept() on the server side.
These defaults can be changed at build time using the following
variables (in alphabetical order):
OUROBOROS_CA_CRT_DIR /etc/ouroboros/security/cacert
OUROBOROS_CLI_CRT_DIR /etc/ouroboros/security/client
OUROBOROS_SECURITY_DIR /etc/ouroboros/security
OUROBOROS_SRV_CRT_DIR /etc/ouroboros/security/server
OUROBOROS_UNTRUSTED_DIR /etc/ouroboros/security/untrusted
The directories for the names can also be configured at IRMd boot
using the configuraton file and at runtime when a name is created
using the "irm name create" CLI tool. The user needs to have
permissions to access the keyfile and certificate when specifying the
paths with the "irm name create" CLI tool.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
| |
Fixes memory leaks in the tests that had escaped detection.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
Signed the server certificate using SHA3 during last update, which is
bugged on older versions of libssl. Using ecdsa-with-SHA256 again.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The test had a root certificate that expired today. All test
certificates updated, now valid until 2045.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the initial version for the flow allocation protocol header
between IRMd instances. This is a step towards flow authentication.
The header supports secure and authenticated flow allocation,
supporting certificate-based authentication and ephemeral key
exchange for end-to-end encryption.
id: 128-bit identifier for the entity.
timestamp: 64-bit timestamp (replay protection).
certificate: Certificate for authentication.
public key: ECDHE public key for key exchange.
data: Application data.
signature: Signature for integrity/authenticity.
Authentication and encryption require OpenSSL to be installed.
The IRMd compares the allocation request delay with the MPL of the
Layer over which the flow allocation was sent. MPL is now reported by
the Layer in ms instead of seconds.
Time functions revised for consistency and adds some tests.
The TPM can now print thread running times in Debug builds
(TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads
(TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input
should call tpm_wait_work() to avoid trigger a process abort.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
Older versions of openssl don't seem to like certificates signed with
ecdsa_with_SHA3-256.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
Adds functions needed for authentication using X509 certificates,
implemented using OpenSSL.
Refactors some library internals, and adds some unit tests for them.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
