ouroboros/src/lib/tests, branch master

build: Update copyright to 2026

2026-02-18T06:54:56+00:00

Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add SLH-DSA tests and per-algorithm PQC gating

2026-02-18T06:53:35+00:00

This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5. SLH-DSA was already working, but now added explicit authentication tests for it with a full certificate chain (root CA, intermediate CA, server) to show full support. Rename PQC test files and cert headers to use algorithm-specific names (ml_kem, ml_dsa, slh_dsa) and move cert headers to include/test/certs/. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Refactor CMake back to in-tree CMakeLists

2026-02-13T08:22:29+00:00

This moves the build definitions back to src/ subdirectories (CMakeLists.txt per component). Configuration and dependencies are kept out of tree. Configuration options are bundled into cmake/config/ modules. Dependencies are grouped by component (system/, crypt/, eth/, coverage/, etc.). It now consistently uses target-based commands (target_include_directories, target_link_libraries) instead of global include_directories(). Proper PRIVATE/PUBLIC visibility for executable link libraries. CONFIG_OUROBOROS_DEBUG now properly set based on being a valid debug config (not just checking the string name). It also adds OuroborosTargets export for find_package() support and CMake package config files (OuroborosConfig.cmake) for easier integration with CMake projects. The build logic now follows more idiomatic CMake practices with configuration separated from target definitions. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix OpenSSL includes and explicit_bzero on OSX

2026-02-13T08:22:06+00:00

The include headers and NIDs are different on macOS X. It also doesn't have explicit_bzero. The crypt.h includes are now guarded to work on OS X (trying to avoid the includes by defining the OpenSSL mac header guard led to a whole list of other issues). The explicit zero'ing of buffers temporarily holding secrets has now been abstracted in a crypt_secure_clear() function defaulting to OpenSSL_cleanse, explicit_bzero (if present) or a best-effort option using a volatile pointer. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix crypt test and secure memory initialization

2026-01-30T06:56:37+00:00

The crypt_test had a HAVE_OPENSSL guard missing and was trying to execute tests that required OpenSSL without it being installed. The SECMEM values need to be set by CMake without OpenSSL installed. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Replace rdrbuff with a proper slab allocator

2026-01-26T06:50:33+00:00

This is a first step towards the Secure Shared Memory (SSM) infrastructure for Ouroboros, which will allow proper resource separation for non-privileged processes. This replaces the rdrbuff (random-deletion ring buffer) PoC allocator with a sharded slab allocator for the packet buffer pool to avoid the head-of-line blocking behaviour of the rdrb and reduce lock contention in multi-process scenarios. Each size class contains multiple independent shards, allowing parallel allocations without blocking. - Configurable shard count per size class (default: 4, set via SSM_POOL_SHARDS in CMake). The configured number of blocks are spread over the number of shards. As an example: SSM_POOL_512_BLOCKS = 768 blocks total These 768 blocks are shared among 4 shards (not 768 × 4 = 3072 blocks) - Lazy block distribution: all blocks initially reside in shard 0 and naturally migrate to process-local shards upon first allocation and subsequent free operations - Fallback with work stealing: processes attempt allocation from their local shard (pid % SSM_POOL_SHARDS) first, then steal from other shards if local is exhausted, eliminating fragmentation while maintaining low contention - Round-robin condvar signaling: blocking allocations cycle through all shard condition variables to ensure fairness - Blocks freed to allocator's shard: uses allocator_pid to determine target shard, enabling natural load balancing as process allocation patterns stabilize over time Maintains existing robust mutex semantics including EOWNERDEAD handling for dead process recovery. Internal structures exposed in ssm.h for testing purposes. Adds some tests (pool_test, pool_sharding_test.c. etc) verifying lazy distribution, migration, fallback stealing, and multiprocess behavior. Updates the ring buffer (rbuff) to use relaxed/acquire/release ordering on atomic indices. The ring buffer requires the (robust) mutex to ensure cross-structure synchronization between pool buffer writes and ring buffer index publication. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Speed up key rotation tests

2026-01-26T06:47:51+00:00

The tests were not correct as the library was compiled with the default 1 << 20 epoch. Added a parametere to the sk configuration that specifies the epoch size. Set to 1 << KEY_ROTATION_BIT in dev.c, but lowered to 7 in unit tests. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix authentication test

2026-01-26T06:47:15+00:00

The hardcoded certificates were re-introduced in ea52d5275, breaking the build. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add automatic key rotation for encryption

2026-01-23T07:30:11+00:00

Implement forward-secret key rotation using HKDF key derivation. The operation is based on QUIC RFC 9001 and wireguard. Keys rotate every 2^KEY_ROTATION_BIT packets, with the current phase (P) signaled via controlling a bit in the IV (bit 7, first bit on the wire). Default 20 (1M packets). The wire format, after the DT header is: [ P | random IV ][ encrypted blob ][ AEAD tag ] Works with and without retransmission, and the FRCT header is fully contained in the encrypted blob if used. The receiver detects phase changes and rotates accordingly, keeping the previous key valid during a grace period. This handles packet reordering in unreliable flows: the 3/4 period protection window prevents premature rotation when late packets arrive, while the 1/2 period grace window ensures the old key remains available for decryption. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fix getting text certificates

2026-01-23T07:24:42+00:00

The openssl_crt_str function was using BIO_get_mem_data() but this is not guaranteed to be NULL-terminated, causing buffer overruns. This was the root cause of ASan tests with certificates running for minutes and eventually getting killed on the CI/CD pipeline: Start 1: lib/auth_test 1/26 Test #1: lib/auth_test ......................***Skipped 312.75 sec Start 16: irmd/oap/oap_test 16/26 Test #16: irmd/oap/oap_test ..................***Skipped 345.87 sec Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders