Loading lib/mac.h +4 −0 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ #define ALG_SHA256 0x04 #define ALG_SHA384 0x05 #define ALG_SHA512 0x06 #define ALG_HMAC 0x10 #define ALG_HMAC_MD5 0x11 #define ALG_HMAC_SHA1 0x12 #define ALG_HMAC_SHA224 0x13 Loading @@ -34,6 +35,9 @@ #define HASH_STORAGE sizeof(struct sha512_context) #define MAC_STORAGE sizeof(struct hmac_context) /* This value is used by several IETF protocols for padding */ #define HMAC_MAGIC htonl(0x878FE1F3) /* Generic context used by hash functions */ struct hash_context { Loading lib/string.h +10 −0 Original line number Diff line number Diff line Loading @@ -39,6 +39,16 @@ xstrdup(const char *c) return z; } static inline void memset32(void *D, u32 val, uint n) { u32 *dst = D; uint i; for (i = 0; i < n; i++) dst[i] = val; } #define ROUTER_ID_64_LENGTH 23 #endif nest/password.c +15 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ #include "nest/bird.h" #include "nest/password.h" #include "lib/string.h" #include "lib/mac.h" struct password_item *last_password_item = NULL; Loading Loading @@ -66,3 +67,17 @@ password_find_by_value(list *l, char *pass, uint size) return NULL; } uint max_mac_length(list *l) { struct password_item *pi; uint val = 0; if (!l) return 0; WALK_LIST(pi, *l) val = MAX(val, mac_type_length(pi->alg)); return val; } nest/password.h +2 −0 Original line number Diff line number Diff line Loading @@ -34,4 +34,6 @@ static inline int password_verify(struct password_item *p1, char *p2, uint size) return !memcmp(buf, p2, size); } uint max_mac_length(list *l); #endif proto/rip/config.Y +18 −4 Original line number Diff line number Diff line Loading @@ -98,15 +98,29 @@ rip_iface_start: rip_iface_finish: { /* Default mode is broadcast for RIPv1, multicast for RIPv2 and RIPng */ if (!RIP_IFACE->mode) RIP_IFACE->mode = (rip_cfg_is_v2() && (RIP_IFACE->version == RIP_V1)) ? RIP_IM_BROADCAST : RIP_IM_MULTICAST; RIP_IFACE->passwords = get_passwords(); if (!RIP_IFACE->auth_type != !RIP_IFACE->passwords) log(L_WARN "Authentication and password options should be used together"); /* Default mode is broadcast for RIPv1, multicast for RIPv2 and RIPng */ if (!RIP_IFACE->mode) RIP_IFACE->mode = (rip_cfg_is_v2() && (RIP_IFACE->version == RIP_V1)) ? RIP_IM_BROADCAST : RIP_IM_MULTICAST; if (RIP_IFACE->passwords) { struct password_item *pass; WALK_LIST(pass, *RIP_IFACE->passwords) { if (pass->alg && (RIP_IFACE->auth_type != RIP_AUTH_CRYPTO)) cf_error("Password algorithm option requires cryptographic authentication"); /* Set default crypto algorithm (MD5) */ if (!pass->alg && (RIP_IFACE->auth_type == RIP_AUTH_CRYPTO)) pass->alg = ALG_MD5; } } RIP_CFG->min_timeout_time = MIN_(RIP_CFG->min_timeout_time, RIP_IFACE->timeout_time); RIP_CFG->max_garbage_time = MAX_(RIP_CFG->max_garbage_time, RIP_IFACE->garbage_time); Loading Loading
lib/mac.h +4 −0 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ #define ALG_SHA256 0x04 #define ALG_SHA384 0x05 #define ALG_SHA512 0x06 #define ALG_HMAC 0x10 #define ALG_HMAC_MD5 0x11 #define ALG_HMAC_SHA1 0x12 #define ALG_HMAC_SHA224 0x13 Loading @@ -34,6 +35,9 @@ #define HASH_STORAGE sizeof(struct sha512_context) #define MAC_STORAGE sizeof(struct hmac_context) /* This value is used by several IETF protocols for padding */ #define HMAC_MAGIC htonl(0x878FE1F3) /* Generic context used by hash functions */ struct hash_context { Loading
lib/string.h +10 −0 Original line number Diff line number Diff line Loading @@ -39,6 +39,16 @@ xstrdup(const char *c) return z; } static inline void memset32(void *D, u32 val, uint n) { u32 *dst = D; uint i; for (i = 0; i < n; i++) dst[i] = val; } #define ROUTER_ID_64_LENGTH 23 #endif
nest/password.c +15 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ #include "nest/bird.h" #include "nest/password.h" #include "lib/string.h" #include "lib/mac.h" struct password_item *last_password_item = NULL; Loading Loading @@ -66,3 +67,17 @@ password_find_by_value(list *l, char *pass, uint size) return NULL; } uint max_mac_length(list *l) { struct password_item *pi; uint val = 0; if (!l) return 0; WALK_LIST(pi, *l) val = MAX(val, mac_type_length(pi->alg)); return val; }
nest/password.h +2 −0 Original line number Diff line number Diff line Loading @@ -34,4 +34,6 @@ static inline int password_verify(struct password_item *p1, char *p2, uint size) return !memcmp(buf, p2, size); } uint max_mac_length(list *l); #endif
proto/rip/config.Y +18 −4 Original line number Diff line number Diff line Loading @@ -98,15 +98,29 @@ rip_iface_start: rip_iface_finish: { /* Default mode is broadcast for RIPv1, multicast for RIPv2 and RIPng */ if (!RIP_IFACE->mode) RIP_IFACE->mode = (rip_cfg_is_v2() && (RIP_IFACE->version == RIP_V1)) ? RIP_IM_BROADCAST : RIP_IM_MULTICAST; RIP_IFACE->passwords = get_passwords(); if (!RIP_IFACE->auth_type != !RIP_IFACE->passwords) log(L_WARN "Authentication and password options should be used together"); /* Default mode is broadcast for RIPv1, multicast for RIPv2 and RIPng */ if (!RIP_IFACE->mode) RIP_IFACE->mode = (rip_cfg_is_v2() && (RIP_IFACE->version == RIP_V1)) ? RIP_IM_BROADCAST : RIP_IM_MULTICAST; if (RIP_IFACE->passwords) { struct password_item *pass; WALK_LIST(pass, *RIP_IFACE->passwords) { if (pass->alg && (RIP_IFACE->auth_type != RIP_AUTH_CRYPTO)) cf_error("Password algorithm option requires cryptographic authentication"); /* Set default crypto algorithm (MD5) */ if (!pass->alg && (RIP_IFACE->auth_type == RIP_AUTH_CRYPTO)) pass->alg = ALG_MD5; } } RIP_CFG->min_timeout_time = MIN_(RIP_CFG->min_timeout_time, RIP_IFACE->timeout_time); RIP_CFG->max_garbage_time = MAX_(RIP_CFG->max_garbage_time, RIP_IFACE->garbage_time); Loading
