ouroboros/src/lib, branch 0.16.0

build: Update copyright to 2020

2020-01-02T14:07:36+00:00

Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Clean up fail path in constructors

2019-10-28T18:48:49+00:00

The node construction path is revised using gotos to avoid repetition. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add check that flow_id is valid

2019-10-06T07:11:20+00:00

In fset_add, the flow_id was passed to the shm_flow_set without checking if it was actually valid. Signed-off-by: Sander Vrijders Signed-off-by: Dimitri Staessens

build: Allow older OpenSSL versions for random

2019-10-05T11:52:26+00:00

Ubuntu 16 comes with older versions of OpenSSL, glibc and libgcrypt. Ouroboros will now fall back to OpenSSL even if the version is <= 1.1.0. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Check OpenSSL version >= 1.1.0

2019-09-29T10:59:35+00:00

The cryptographic functions require at least OpenSSL 1.1.0. The build will now check for this version and disable OpenSSL support when this requirement is not met. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix swapped ECDH crypt calls

2019-08-09T17:44:06+00:00

The client and server side were swapped. This wasn't a big issue, but now we are sure that the flow allocation response for the server has arrived at the client (packet reordering could cause the server key to arrive before the flow is allocated at the client). Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix free in key derivation

2019-08-09T17:43:27+00:00

The wrong pointer was being free'd in case of a derivation error. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add per-message encryption with OpenSSL

2019-08-03T10:10:57+00:00

This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

irmd, lib: Improve libgcrypt init

2019-07-29T17:58:20+00:00

The proper initialization of libgrypt requires a call to gcry_check_version. The library initialization should first run a check if the application (or some other library) hasn't already initialized libgcrypt before attempting to initialize libgcrypt. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Refactor normal to unicast

2019-07-29T17:36:45+00:00

This completes the renaming of the normal IPCP to the unicast IPCP in the sources, to get everything consistent with the documentation. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders