From 9e8d603d14561095fb8d08871319a315d3bf6763 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Fri, 2 Aug 2019 19:12:34 +0200 Subject: lib: Add per-message encryption with OpenSSL This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/lib/sockets.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/lib/sockets.c') diff --git a/src/lib/sockets.c b/src/lib/sockets.c index b08bae8e..347e9244 100644 --- a/src/lib/sockets.c +++ b/src/lib/sockets.c @@ -166,7 +166,7 @@ char * ipcp_sock_path(pid_t pid) return full_name; } -qosspec_msg_t spec_to_msg(qosspec_t * qs) +qosspec_msg_t spec_to_msg(const qosspec_t * qs) { qosspec_t spec; qosspec_msg_t msg = QOSSPEC_MSG__INIT; @@ -180,11 +180,12 @@ qosspec_msg_t spec_to_msg(qosspec_t * qs) msg.ber = spec.ber; msg.in_order = spec.in_order; msg.max_gap = spec.max_gap; + msg.cypher_s = spec.cypher_s; return msg; } -qosspec_t msg_to_spec(qosspec_msg_t * msg) +qosspec_t msg_to_spec(const qosspec_msg_t * msg) { qosspec_t spec; @@ -197,6 +198,7 @@ qosspec_t msg_to_spec(qosspec_msg_t * msg) spec.ber = msg->ber; spec.in_order = msg->in_order; spec.max_gap = msg->max_gap; + spec.cypher_s = msg->cypher_s; return spec; } -- cgit v1.2.3