Toke Høiland-Jørgensen <[email protected]> writes: > This series adds MAC authentication support to the Babel protocol as specified > in in RFC8967: > > https://www.rfc-editor.org/rfc/rfc8967 > > I have performed basic interoperability testing between this implementation > and > the current babeld HMAC implementation[1]. The two implementations were able > to > successfully exchange authenticated messages with both HMAC-256 and > Blake2s-256 > keys. > > Given the above, and the fact that the RFC was finally published at the the > IETF, I believe this series is ready for merging (subject to review, of > course). > For those wanting to test the code, a version of Bird with this series applied > is available on Github[2] for easy consumption. > > [1] https://github.com/jech/babeld/pull/52 > [2] https://github.com/tohojo/bird/tree/babel-mac-04 > > Changelog: > > v4: > - Update RFC references to the published RFC numbers (for both MAC and Babel > itself). > - Rework WALK_TLVS macro to not cast initial argument, and not use goto for > framing errors. > - Change MAC validation logic to just let algorithms specify min/max len and > enforce full key size length even for the smaller-output variants of Blake2. > > v3: > - Add variants with smaller digest sizes for blake2s and blake2b. > - Rebase on current master > > v2: > - Don't reinvent AC_CHECK_FUNCS() for configure > - Make sure random_bytes() never fails (without taking the whole daemon with > it) > - Use existing endianness defines in blake2s code > - Just leave MAC-related code in babel.c/packets.c instead of adding a new > file > - Add blake2s test vectors (new patch 3) > - Support supplying mac keys as raw hexadecimal bytes and allow algorithms to > validate keys on configure (new patches 4-5) > > v1: > - Add wrapper function to bird sysdep code to pick a suitable source of random > bytes > - Import reference Blake2 implementations into lib/ > - Rename function names and data structures to use an auth_ prefix instead of > hmac_ > - Perform a separate authentication pass before parsing the packet, and move > the > authentication-related code to its own source file > - Enforce key length recommendation from the specification > - Add a 'permissive' configuration mode where outgoing packets are signed but > incoming packets are accepted even though they fail authentication > - Add user documentation for the authentication configuration, and function > docstrings to the main authentication functions > - Fix a bunch of nits and code style issues
Ping? Anyone had a chance to take a look at this? :) -Toke
