diff options
author | Dimitri Staessens <[email protected]> | 2019-08-02 19:12:34 +0200 |
---|---|---|
committer | Sander Vrijders <[email protected]> | 2019-08-03 12:10:57 +0200 |
commit | 9e8d603d14561095fb8d08871319a315d3bf6763 (patch) | |
tree | 7a87c212fcd642a8696145b4246a4fc4cf964e10 /include/ouroboros/sockets.h.in | |
parent | 8a37ffbf8c0776a38f2de18a63e885383960ee68 (diff) | |
download | ouroboros-9e8d603d14561095fb8d08871319a315d3bf6763.tar.gz ouroboros-9e8d603d14561095fb8d08871319a315d3bf6763.zip |
lib: Add per-message encryption with OpenSSL
This adds a per-message symmetric encryption using the OpenSSL
library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange
is performed to derive a shared secret, which is then hashed using
SHA3-256 to be used as a key for symmetric AES-256 encryption. Each
message on an encrypted flow adds a small crypto header that includes
a random 128-bit Initialization Vector (IV). If the server does not
have OpenSSL enabled, the flow allocation will fail with an -ECRYPT
error.
Future optimizations are to piggyback the public keys on the flow
allocation message, and to enable per-flow encryption that maintains
the context of the encryption over multiple packets and doesn't
require sending IVs.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
Diffstat (limited to 'include/ouroboros/sockets.h.in')
-rw-r--r-- | include/ouroboros/sockets.h.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/ouroboros/sockets.h.in b/include/ouroboros/sockets.h.in index 1e9dc9ca..4f03ca46 100644 --- a/include/ouroboros/sockets.h.in +++ b/include/ouroboros/sockets.h.in @@ -60,8 +60,8 @@ irm_msg_t * send_recv_irm_msg(irm_msg_t * msg); /* qos message conversion needed in different components */ -qosspec_msg_t spec_to_msg(qosspec_t * qs); +qosspec_msg_t spec_to_msg(const qosspec_t * qs); -qosspec_t msg_to_spec(qosspec_msg_t * msg); +qosspec_t msg_to_spec(const qosspec_msg_t * msg); #endif |