From 3af9d041343a4799247aa4d61fb91b706bd6c58f Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Thu, 17 Jul 2025 21:30:51 +0200
Subject: irmd: Initial Flow Allocation Protocol Header

This adds the initial version for the flow allocation protocol header
between IRMd instances. This is a step towards flow authentication.

The header supports secure and authenticated flow allocation,
supporting certificate-based authentication and ephemeral key
exchange for end-to-end encryption.

 id:          128-bit identifier for the entity.
 timestamp:   64-bit timestamp (replay protection).
 certificate: Certificate for authentication.
 public key:  ECDHE public key for key exchange.
 data:        Application data.
 signature:   Signature for integrity/authenticity.

Authentication and encryption require OpenSSL to be installed.

The IRMd compares the allocation request delay with the MPL of the
Layer over which the flow allocation was sent. MPL is now reported by
the Layer in ms instead of seconds.

Time functions revised for consistency and adds some tests.

The TPM can now print thread running times in Debug builds
(TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads
(TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input
should call tpm_wait_work() to avoid trigger a process abort.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/lib/crypt/openssl.h | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/lib/crypt/openssl.h')

diff --git a/src/lib/crypt/openssl.h b/src/lib/crypt/openssl.h
index 5d6f50dd..d4ee73b9 100644
--- a/src/lib/crypt/openssl.h
+++ b/src/lib/crypt/openssl.h
@@ -57,6 +57,9 @@ int     openssl_load_crt_file(const char * path,
 int     openssl_load_crt_str(const char * str,
                              void **      crt);
 
+int     openssl_load_crt_der(buffer_t buf,
+                             void **  crt);
+
 int     openssl_get_pubkey_crt(void *  crt,
                                void ** pk);
 
@@ -82,8 +85,11 @@ void    openssl_free_key(void * key);
 int     openssl_check_crt_name(void *       crt,
                                const char * name);
 
-int     openssl_crt_str(void * crt,
-                        char * str);
+int     openssl_crt_str(const void * crt,
+                        char *       str);
+
+int     openssl_crt_der(const void * crt,
+                        buffer_t *   buf);
 
 void *  openssl_auth_create_store(void);
 
-- 
cgit v1.2.3