diff --git a/nest/config.Y b/nest/config.Y index 3e76581a..878224fe 100644 --- a/nest/config.Y +++ b/nest/config.Y @@ -13,6 +13,7 @@ CF_HDR #include "nest/password.h" #include "nest/cmds.h" #include "lib/lists.h" +#include "lib/mac.h" CF_DEFINES @@ -57,6 +58,7 @@ CF_KEYWORDS(ROUTER, ID, PROTOCOL, TEMPLATE, PREFERENCE, DISABLED, DEBUG, ALL, OF CF_KEYWORDS(INTERFACE, IMPORT, EXPORT, FILTER, NONE, TABLE, STATES, ROUTES, FILTERS) CF_KEYWORDS(RECEIVE, LIMIT, ACTION, WARN, BLOCK, RESTART, DISABLE, KEEP, FILTERED) CF_KEYWORDS(PASSWORD, FROM, PASSIVE, TO, ID, EVENTS, PACKETS, PROTOCOLS, INTERFACES) +CF_KEYWORDS(ALGORITHM, KEYED, HMAC, MD5, SHA1, SHA256, SHA384, SHA512) CF_KEYWORDS(PRIMARY, STATS, COUNT, FOR, COMMANDS, PREEXPORT, NOEXPORT, GENERATE, ROA) CF_KEYWORDS(LISTEN, BGP, V6ONLY, DUAL, ADDRESS, PORT, PASSWORDS, DESCRIPTION, SORTED) CF_KEYWORDS(RELOAD, IN, OUT, MRTDUMP, MESSAGES, RESTRICT, MEMORY, IGP_METRIC, CLASS, DSCP) @@ -77,7 +79,7 @@ CF_ENUM(T_ENUM_ROA, ROA_, UNKNOWN, VALID, INVALID) %type roa_args %type roa_table_arg %type sym_args -%type proto_start echo_mask echo_size debug_mask debug_list debug_flag mrtdump_mask mrtdump_list mrtdump_flag export_mode roa_mode limit_action tab_sorted tos +%type proto_start echo_mask echo_size debug_mask debug_list debug_flag mrtdump_mask mrtdump_list mrtdump_flag export_mode roa_mode limit_action tab_sorted tos password_algorithm %type proto_patt proto_patt2 %type limit_spec @@ -416,11 +418,13 @@ password_item_begin: } this_p_item = cfg_alloc(sizeof (struct password_item)); this_p_item->password = $2; + this_p_item->length = strlen($2); this_p_item->genfrom = 0; this_p_item->gento = TIME_INFINITY; this_p_item->accfrom = 0; this_p_item->accto = TIME_INFINITY; this_p_item->id = password_id++; + this_p_item->alg = ALG_UNDEFINED; add_tail(this_p_list, &this_p_item->n); } ; @@ -431,10 +435,24 @@ password_item_params: | GENERATE TO datetime ';' password_item_params { this_p_item->gento = $3; } | ACCEPT FROM datetime ';' password_item_params { this_p_item->accfrom = $3; } | ACCEPT TO datetime ';' password_item_params { this_p_item->accto = $3; } + | FROM datetime ';' password_item_params { this_p_item->genfrom = this_p_item->accfrom = $2; } + | TO datetime ';' password_item_params { this_p_item->gento = this_p_item->accto = $2; } | ID expr ';' password_item_params { this_p_item->id = $2; if ($2 <= 0) cf_error("Password ID has to be greated than zero."); } + | ALGORITHM password_algorithm ';' password_item_params { this_p_item->alg = $2; } ; - +password_algorithm: + KEYED MD5 { $$ = ALG_MD5; } + | KEYED SHA1 { $$ = ALG_SHA1; } + | KEYED SHA256 { $$ = ALG_SHA256; } + | KEYED SHA384 { $$ = ALG_SHA384; } + | KEYED SHA512 { $$ = ALG_SHA512; } + | HMAC MD5 { $$ = ALG_HMAC_MD5; } + | HMAC SHA1 { $$ = ALG_HMAC_SHA1; } + | HMAC SHA256 { $$ = ALG_HMAC_SHA256; } + | HMAC SHA384 { $$ = ALG_HMAC_SHA384; } + | HMAC SHA512 { $$ = ALG_HMAC_SHA512; } + ; /* Core commands */ CF_CLI_HELP(SHOW, ..., [[Show status information]]) diff --git a/nest/password.h b/nest/password.h index a45261e6..7392389b 100644 --- a/nest/password.h +++ b/nest/password.h @@ -9,12 +9,15 @@ #ifndef PASSWORD_H #define PASSWORD_H + #include "lib/timer.h" struct password_item { node n; - char *password; - int id; + char *password; /* Key data, null terminated */ + uint length; /* Key length, without null */ + uint id; /* Key ID */ + uint alg; /* MAC algorithm */ bird_clock_t accfrom, accto, genfrom, gento; }; diff --git a/proto/rip/config.Y b/proto/rip/config.Y index 083d2e91..e15599e0 100644 --- a/proto/rip/config.Y +++ b/proto/rip/config.Y @@ -147,7 +147,7 @@ rip_auth: NONE { $$ = RIP_AUTH_NONE; } | PLAINTEXT { $$ = RIP_AUTH_PLAIN; } | CRYPTOGRAPHIC { $$ = RIP_AUTH_CRYPTO; } - | MD5 { $$ = RIP_AUTH_CRYPTO; } + | MD5 { $$ = RIP_AUTH_CRYPTO; } /* For backward compatibility */ ; rip_iface_opts: