From: Toke Høiland-Jørgensen
In preparation for adding authentication checks, refactor the TLV walking
code so it can be reused for a separate pass of the packet for
authentication checks.
Signed-off-by: Toke Høiland-Jørgensen
---
proto/babel/packets.c | 171
From: Toke Høiland-Jørgensen
This implements support for MAC authentication in the Babel protocol, as
specified by RFC8967. The implementation seeks to follow the RFC as close
as possible, with the only deliberate deviation being the addition of
support for all the HMAC algorithms already
From: Toke Høiland-Jørgensen
The Babel MAC authentication RFC recommends implementing Blake2s as one of
the supported algorithms. In order to achieve do this, add the blake2b and
blake2s hash functions for MAC authentication. The hashing function
implementations are the reference implementations
From: Toke Høiland-Jørgensen
The new standards track version of the Babel protocol was finally published
as an RFC. This has been the version of the protocol implemented by Bird
all along, but now that it has an RFC number we can update all the
references to the standard in the docs and code.
From: Toke Høiland-Jørgensen
This adds a new field to the MAC algorithm description which is a pointer
that will allow an algorithm to validate a key before it is used. Add this
validate to the Blake algorithms, validating that the key length is exactly
equal to their respective output sizes.
From: Toke Høiland-Jørgensen
This adds support for specifying a password in raw hexadecimal bytes form,
via the 'key' keyword. The result is the same whether a password is
specified as a quoted string or a hex-encoded byte string, this just makes
it more convenient to input high-entropy byte
This series adds MAC authentication support to the Babel protocol as specified
in in RFC8967:
https://www.rfc-editor.org/rfc/rfc8967
I have performed basic interoperability testing between this implementation and
the current babeld HMAC implementation[1]. The two implementations were able to
From: Toke Høiland-Jørgensen
The Babel authentication code added by a subsequent commit needs a way to
get random bytes for generating nonces.
This patch adds a wrapper function in sysdep to get random bytes, and the
required checks in configure.ac to select how to do it. The configure
script
On Fri, Jan 15, 2021 at 12:01:47PM +0100, Vincent Bernat wrote:
> I was also confused by the debug code in iface.c:
>
> if (i->flags & IF_ADMIN_UP)
> debug(" LINK-UP");
>
> I think it should be ADMIN-UP and the if for IF_LINK_UP should be added.
Yes. this seems like a remnant from the
❦ 15 janvier 2021 05:39 +01, Ondrej Zajicek:
>> It is more complex that I would have expected. First, in-kernel, the
>> next-hop only has RTNH_F_LINKDOWN, not RTNH_F_DEAD. This later flag is
>> added when sending the flags over netlink only.
>>
>> Second, there is no async notification when a
10 matches
Mail list logo