Ouroboros main repository http://133.ip-51-38-114.eu/cgit/ouroboros/atom?h=0.22.0 2025-11-07T07:36:20+00:00 2025-11-07T07:36:20+00:00 Thijs Paelman thijs@ouroboros.rocks 2025-11-04T12:35:52+00:00 urn:sha1:535fba02cd27020f9c64dcbe4e97584a145816d4 When BUILD_TESTING=ON, then the default 'all' target will now build also the tests. This behaviour could be controlled by an extra variable (see https://stackoverflow.com/a/42235335), but this increases complexity without many benefits. Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-09-10T06:21:58+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-09-02T16:23:41+00:00 urn:sha1:8de42096eb6e90d3ea9f5eacb95dc94222e5000b This removes the flow encryption option (cypher_s) from the qosspec. The configuration file is configured in the security options (default /etc/ouroboros/security/). For this poc, encryption can be disabled client or server side by putting an enc.cfg file. If that file is present in the client folder, the client will require encryption. If that file is present on the server side, the server will require encryption and reject non-encrypted flows. Encryption is now configured outside of any application control. Example: /etc/ouroboros/security/client/oping/enc.cfg exists: irmd(II): Encryption enabled for oping. irmd(DB): File /etc/ouroboros/security/client/oping/crt.pem does not exist. irmd(II): No security info for oping. irmd(DB): Generated ephemeral keys for 87474. irmd/oap(PP): OAP_HDR [caf203681d997941 @ 2025-09-02 17:08:05 (UTC) ] --> irmd/oap(PP): Certificate: <none> irmd/oap(PP): Ephemeral Public Key: [91 bytes] irmd/oap(PP): Data: <none> irmd/oap(PP): Signature: <none> Example: /etc/ouroboros/security/client/oping/enc.cfg does not exist: irmd(II): Allocating flow for 87506 to oping. irmd(DB): File /etc/ouroboros/security/client/oping/enc.cfg does not exist. irmd(DB): File /etc/ouroboros/security/client/oping/crt.pem does not exist. irmd(II): No security info for oping. irmd/oap(PP): OAP_HDR [e84bb9d7c3d9c002 @ 2025-09-02 17:08:30 (UTC) ] --> irmd/oap(PP): Certificate: <none> irmd/oap(PP): Ephemeral Public Key: <none> irmd/oap(PP): Data: <none> irmd/oap(PP): Signature: <none> Example: /etc/ouroboros/security/server/oping/enc.cfg exists: irmd(II): Flow request arrived for oping. irmd(DB): IPCP 88112 accepting flow 7 for oping. irmd(II): Encryption enabled for oping. irmd(DB): File /etc/ouroboros/security/server/oping/crt.pem does not exist. irmd(II): No security info for oping. irmd/oap(PP): OAP_HDR [3c717b3f31dff8df @ 2025-09-02 17:13:06 (UTC) ] <-- irmd/oap(PP): Certificate: <none> irmd/oap(PP): Ephemeral Public Key: <none> irmd/oap(PP): Data: <none> irmd/oap(PP): Signature: <none> irmd(WW): Encryption required but no key provided. The server side will pass the ECRYPT to the client: $ oping -l Ouroboros ping server started. Failed to accept flow: -1008 $ oping -n oping -c 1 Failed to allocate flow: -1008. Encryption on flows can now be changed at runtime without needing to touch/reconfigure/restart the process. Note: The ECRYPT result is passed on via the flow allocator responses through the IPCP (discovered/fixed some endianness issues), but the reason for rejecting the flow can be considered N+1 information... We may move that information up into the OAP header at some point. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-08-23T08:13:36+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-18T19:49:47+00:00 urn:sha1:047f4ed6c188de4e874895a6818c09f2460322bd Fixes some printf formatting, which was failing the build on raspbian. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> 2025-08-23T08:13:33+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-16T08:54:14+00:00 urn:sha1:575adac4acacf7d02395df0322ff5f03b7b82aaf The IPCP states were not entirely correct causing some operations to be serviced during shutdown. This caused some use-after-free in the pff. States in the IPCP are now correctly set. IRMd states updated to the same strategy. The IRMd registry tracks if the IPCP was ENROLLED or BOOTSTRAPPED, the IPCP just goes to OPERATIONAL. IPCP state diagram:: NULL -> init() -> INIT -> start() -> BOOT -> bootstrap/enroll() -> OPERATIONAL -> shutdown() -> SHUTDOWN -> stop_components() -> BOOT -> stop() -> INIT -> fini() -> NULL Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> 2025-08-18T18:57:23+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-13T07:03:20+00:00 urn:sha1:e35302ca0ab64edd21b9d8e40d3aa74a3a4f4f7e This adds initial implementation of peer authentication as part of flow allocation. If credentials are not provided, this will be accepted and logged as info that the flow is not authenticated. Certificates and keys are passed as .pem files. The key file should not be encrypted, else the IRMd will open a prompt for the password. The default location for these .pem files is in /etc/ouroboros/security. It is strongly recommended to make this directory only accessible to root. ├── security │ ├── cacert │ │ └── ca.root.o7s.crt.pem │ ├── client │ │ ├── <name> │ │ | ├── crt.pem │ │ | └── key.pem │ │ └── <name> | | ├──... | | │ ├── server │ │ ├── <name> │ │ | ├── crt.pem │ │ | └── key.pem │ │ └── <name> | | ├── ... | | │ └── untrusted │ └── sign.root.o7s.crt.pem Trusted root CA certificates go in the /cacert directory, untrusted certificates for signature verification go in the /untrusted directory. The IRMd will load these certificates at boot. The IRMd will look for certificates in the /client and /server directories. For each name a subdirectory can be added and the credentials in that directory are used to sign the OAP header for flows at flow_alloc() on the client side and flow_accept() on the server side. These defaults can be changed at build time using the following variables (in alphabetical order): OUROBOROS_CA_CRT_DIR /etc/ouroboros/security/cacert OUROBOROS_CLI_CRT_DIR /etc/ouroboros/security/client OUROBOROS_SECURITY_DIR /etc/ouroboros/security OUROBOROS_SRV_CRT_DIR /etc/ouroboros/security/server OUROBOROS_UNTRUSTED_DIR /etc/ouroboros/security/untrusted The directories for the names can also be configured at IRMd boot using the configuraton file and at runtime when a name is created using the "irm name create" CLI tool. The user needs to have permissions to access the keyfile and certificate when specifying the paths with the "irm name create" CLI tool. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> 2025-08-15T09:47:58+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-12T20:01:43+00:00 urn:sha1:23603e2d74298d0fd4df9858003ad3b7798f0254 This makes the IRMd a bit simpler, and we only need to do the lookup to resolve the name for a hash on the server side only once. The logging is also symmetric now: irmd(II): Allocating flow for 93317 to unicast.1. irmd(II): Flow request arrived for unicast.1. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> 2025-08-11T08:06:59+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-09T11:57:56+00:00 urn:sha1:10f70a0ab27c8b80b1dcb501147d64a851e7ad06 Until we have a more elaborate strategy for figuring out in which Layer a service is reachable, the IRMd queries the IPCPs for names. It currently does this in the order they are stored in the registry, and the idea was to do this ordered by IPCP type. That order got messed up when the registry was rewritten. This is now fixed, with a test. The default query timeout is also lowered from 20s to 200ms. It's better to let the IRMd fail and retry the flow allocation than spend 20s waiting for the link-state routing to converge on a layer that doesn't hold the name. This does wonders for tests using Rumba... Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-08-01T06:08:26+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-07-25T18:23:19+00:00 urn:sha1:0357545e0305d4179acbc5dee7f9385b2823074d The static analyzer is complaining about a leak of strdup in reg_list_names. The reg_lists_ipcps function has identical logic and does not trigger it. Both tests succeed with address sanitizer. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-07-25T14:24:46+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-07-23T17:15:24+00:00 urn:sha1:408c977f7be09db3b8aa98224989aec731eb0b5a This is how the ProtoBufCBinary data type is defined, so it will allow easier conversion until we get rid of it. But it makes sense, as the size_t will always be aligned. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-07-23T13:07:52+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-07-17T19:30:51+00:00 urn:sha1:3af9d041343a4799247aa4d61fb91b706bd6c58f This adds the initial version for the flow allocation protocol header between IRMd instances. This is a step towards flow authentication. The header supports secure and authenticated flow allocation, supporting certificate-based authentication and ephemeral key exchange for end-to-end encryption. id: 128-bit identifier for the entity. timestamp: 64-bit timestamp (replay protection). certificate: Certificate for authentication. public key: ECDHE public key for key exchange. data: Application data. signature: Signature for integrity/authenticity. Authentication and encryption require OpenSSL to be installed. The IRMd compares the allocation request delay with the MPL of the Layer over which the flow allocation was sent. MPL is now reported by the Layer in ms instead of seconds. Time functions revised for consistency and adds some tests. The TPM can now print thread running times in Debug builds (TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads (TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input should call tpm_wait_work() to avoid trigger a process abort. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>