Nest: Allow specifying security keys as hex bytes as well as strings

Add support for specifying a password in hexadecimal format, The result is the same whether a password is specified as a quoted string or a hex-encoded byte string, this just makes it more convenient to input high-entropy byte strings as MAC keys.
author: Toke Høiland-Jørgensen <toke@toke.dk> 2021-04-14 21:39:43 +0200
committer: Ondrej Zajicek (work) <santiago@crfreenet.org> 2021-06-06 16:28:18 +0200
commit: 35f88b305ab6a0e27b5ff1b445f63f544986e14e (patch)
tree: 76051c919ed62297191e1b18eab1525429b43068 /conf/cf-lex.l
parent: f1a824190c22f8159ad0f9378c2dd23e521eaf61 (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/conf/cf-lex.l b/conf/cf-lex.l
index 05288b1a..704a1750 100644
--- a/conf/cf-lex.l
+++ b/conf/cf-lex.l
@@ -255,6 +255,37 @@ WHITE [ \t]
   return IP4;
 }
 
+{XIGIT}{2}(:{XIGIT}{2}|{XIGIT}{2}){15,} {
+  char *s = yytext;
+  size_t len = 0, i;
+  struct bytestring *bytes;
+  byte *b;
+
+  while (*s) {
+    len++;
+    s += 2;
+    if (*s == ':')
+      s++;
+  }
+  bytes = cfg_allocz(sizeof(*bytes) + len);
+
+  bytes->length = len;
+  b = &bytes->data[0];
+  s = yytext;
+  errno = 0;
+  for (i = 0; i < len; i++) {
+    *b = bstrtobyte16(s);
+    if (errno == ERANGE)
+      cf_error("Invalid hex string");
+    b++;
+    s += 2;
+    if (*s == ':')
+      s++;
+  }
+  cf_lval.bs = bytes;
+  return BYTESTRING;
+}
+
 ({XIGIT}*::|({XIGIT}*:){3,})({XIGIT}*|{DIGIT}+\.{DIGIT}+\.{DIGIT}+\.{DIGIT}+) {
   if (!ip6_pton(yytext, &cf_lval.ip6))
     cf_error("Invalid IPv6 address %s", yytext);
author	Toke Høiland-Jørgensen <toke@toke.dk>	2021-04-14 21:39:43 +0200
committer	Ondrej Zajicek (work) <santiago@crfreenet.org>	2021-06-06 16:28:18 +0200
commit	35f88b305ab6a0e27b5ff1b445f63f544986e14e (patch)
tree	76051c919ed62297191e1b18eab1525429b43068 /conf/cf-lex.l
parent	f1a824190c22f8159ad0f9378c2dd23e521eaf61 (diff)