Ouroboros main repository http://www.ouroboros.rocks/cgit/ouroboros/atom?h=master 2026-02-18T06:54:56+00:00 2026-02-18T06:54:56+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-15T09:21:02+00:00 urn:sha1:0d72b59c2964208ea34ce2322978344d7ff1a223 Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-18T06:53:35+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-17T21:37:39+00:00 urn:sha1:040bdfb18684d809cb5edacf9867d3378b7e093b This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5. SLH-DSA was already working, but now added explicit authentication tests for it with a full certificate chain (root CA, intermediate CA, server) to show full support. Rename PQC test files and cert headers to use algorithm-specific names (ml_kem, ml_dsa, slh_dsa) and move cert headers to include/test/certs/. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-01-26T06:47:15+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-01-23T11:46:57+00:00 urn:sha1:2745cce83b1f011b7b69fc2f5dbf50a90ffde0ad The hardcoded certificates were re-introduced in ea52d5275, breaking the build. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-01-23T07:24:42+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-01-18T15:48:37+00:00 urn:sha1:ea52d52754d58edac81bfb10fc4c59fcc8b59935 The openssl_crt_str function was using BIO_get_mem_data() but this is not guaranteed to be NULL-terminated, causing buffer overruns. This was the root cause of ASan tests with certificates running for minutes and eventually getting killed on the CI/CD pipeline: Start 1: lib/auth_test 1/26 Test #1: lib/auth_test ......................***Skipped 312.75 sec Start 16: irmd/oap/oap_test 16/26 Test #16: irmd/oap/oap_test ..................***Skipped 345.87 sec Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-01-19T07:29:29+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-01-07T15:44:34+00:00 urn:sha1:60b04305d70614580b4f883c0a147507edef3779 This adds initial support for runtime-configurable encryption and post-quantum Key Encapsulation Mechanisms (KEMs) and authentication (ML-DSA). Supported key exchange algorithms: ECDH: prime256v1, secp384r1, secp521r1, X25519, X448 Finite Field DH: ffdhe2048, ffdhe3072, ffdhe4096 ML-KEM (FIPS 203): ML-KEM-512, ML-KEM-768, ML-KEM-1024 Hybrid KEMs: X25519MLKEM768, X448MLKEM1024 Supported ciphers: AEAD: aes-128-gcm, aes-192-gcm, aes-256-gcm, chacha20-poly1305 CTR: aes-128-ctr, aes-192-ctr, aes-256-ctr Supported HKDFs: sha256, sha384, sha512, sha3-256, sha3-384, sha3-512, blake2b512, blake2s256 Supported Digests for DSA: sha256, sha384, sha512, sha3-256, sha3-384, sha3-512, blake2b512, blake2s256 PQC support requires OpenSSL 3.4.0+ and is detected automatically via CMake. A DISABLE_PQC option allows building without PQC even when available. KEMs differ from traditional DH in that they require asymmetric roles: one party encapsulates to the other's public key. This creates a coordination problem during simultaneous reconnection attempts. The kem_mode configuration parameter resolves this by pre-assigning roles: kem_mode=server # Server encapsulates (1-RTT, full forward secrecy) kem_mode=client # Client encapsulates (0-RTT, cached server key) The enc.conf file format supports: kex=<algorithm> # Key exchange algorithm cipher=<algorithm> # Symmetric cipher kdf=<KDF> # Key derivation function digest=<digest> # Digest for DSA kem_mode=<mode> # Server (default) or client none # Disable encryption The OAP protocol is extended to negotiate algorithms and exchange KEX data. All KEX messages are signed using existing authentication infrastructure for integrity and replay protection. Tests are split into base and _pqc variants to handle conditional PQC compilation (kex_test.c/kex_test_pqc.c, oap_test.c/oap_test_pqc.c). Bumped minimum required OpenSSL version for encryption to 3.0 (required for HKDF API). 1.1.1 is long time EOL. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-11-21T07:17:59+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-11-10T08:43:30+00:00 urn:sha1:7dd1cd18373a6c64ecea8caf231e10a00764f705 The string buffer in auth_test was one byte too short. The log line for the thread id in the tpm thread debug output needs type conversion. The build fails because of this on OS X. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-08-18T18:57:23+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-13T07:03:20+00:00 urn:sha1:e35302ca0ab64edd21b9d8e40d3aa74a3a4f4f7e This adds initial implementation of peer authentication as part of flow allocation. If credentials are not provided, this will be accepted and logged as info that the flow is not authenticated. Certificates and keys are passed as .pem files. The key file should not be encrypted, else the IRMd will open a prompt for the password. The default location for these .pem files is in /etc/ouroboros/security. It is strongly recommended to make this directory only accessible to root. ├── security │ ├── cacert │ │ └── ca.root.o7s.crt.pem │ ├── client │ │ ├── <name> │ │ | ├── crt.pem │ │ | └── key.pem │ │ └── <name> | | ├──... | | │ ├── server │ │ ├── <name> │ │ | ├── crt.pem │ │ | └── key.pem │ │ └── <name> | | ├── ... | | │ └── untrusted │ └── sign.root.o7s.crt.pem Trusted root CA certificates go in the /cacert directory, untrusted certificates for signature verification go in the /untrusted directory. The IRMd will load these certificates at boot. The IRMd will look for certificates in the /client and /server directories. For each name a subdirectory can be added and the credentials in that directory are used to sign the OAP header for flows at flow_alloc() on the client side and flow_accept() on the server side. These defaults can be changed at build time using the following variables (in alphabetical order): OUROBOROS_CA_CRT_DIR /etc/ouroboros/security/cacert OUROBOROS_CLI_CRT_DIR /etc/ouroboros/security/client OUROBOROS_SECURITY_DIR /etc/ouroboros/security OUROBOROS_SRV_CRT_DIR /etc/ouroboros/security/server OUROBOROS_UNTRUSTED_DIR /etc/ouroboros/security/untrusted The directories for the names can also be configured at IRMd boot using the configuraton file and at runtime when a name is created using the "irm name create" CLI tool. The user needs to have permissions to access the keyfile and certificate when specifying the paths with the "irm name create" CLI tool. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> 2025-08-15T09:47:59+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-12T20:51:00+00:00 urn:sha1:0f26a0d42b4fc9fb06ab3138b36db2bcc69d2cbd Fixes memory leaks in the tests that had escaped detection. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> 2025-08-11T08:00:44+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-08T18:52:29+00:00 urn:sha1:a618ec0d2df347bb05787b5a6c109674698e5de9 Signed the server certificate using SHA3 during last update, which is bugged on older versions of libssl. Using ecdsa-with-SHA256 again. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-08-06T08:34:18+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-03T19:33:17+00:00 urn:sha1:7933d742221fd44cc6eb0c82ff4a1a9795927de6 The test had a root certificate that expired today. All test certificates updated, now valid until 2045. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>