Dear all, I've just merged the hmac branch into master, that implements MAC authentication for Babel (RFC 8967). Many, many thanks to Antonin Décimo, who did a lot of the work needed to clean up the code for inclusion in babeld.
Here's an example configuration: key id k type hmac-sha256 value aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa interface wlan0 key k The "key" statement defines a key called "k". The interface statement "key" option requests that packets be signed with key "k", and that all incoming packets be verified with the key. I've checked interoperability with Bird for key type "hmac-sha256". I wasn't able to confirm interoperability for key type "blake2s", I still need to understand what's the problem. There's one major feature I haven't merged yet, it's support for key rotation: only one key is supported, and you cannot change keys at runtime. Antonin did implement these features, but I find his implementation confusing, so I'll wait until grokking comes. While the protocol has been proved correct, we make no claims beyond the ones in RFC 8967 Section 1.2; please make sure that you understand the protocol's limitations. What is more, while we have tried to be careful, this code is experimental and might have bugs. In addition, we only secure the Babel control traffic: ARP, ND, ICMP and of course user traffic need to be secured by other means. Please test, and send complaints and patches. -- Juliusz _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
