diff options
author | Toke Høiland-Jørgensen <toke@toke.dk> | 2021-04-14 21:39:43 +0200 |
---|---|---|
committer | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2021-06-06 16:28:18 +0200 |
commit | 35f88b305ab6a0e27b5ff1b445f63f544986e14e (patch) | |
tree | 76051c919ed62297191e1b18eab1525429b43068 /conf | |
parent | f1a824190c22f8159ad0f9378c2dd23e521eaf61 (diff) |
Nest: Allow specifying security keys as hex bytes as well as strings
Add support for specifying a password in hexadecimal format, The result
is the same whether a password is specified as a quoted string or a
hex-encoded byte string, this just makes it more convenient to input
high-entropy byte strings as MAC keys.
Diffstat (limited to 'conf')
-rw-r--r-- | conf/cf-lex.l | 31 | ||||
-rw-r--r-- | conf/conf.h | 5 | ||||
-rw-r--r-- | conf/confbase.Y | 2 |
3 files changed, 38 insertions, 0 deletions
diff --git a/conf/cf-lex.l b/conf/cf-lex.l index 05288b1a..704a1750 100644 --- a/conf/cf-lex.l +++ b/conf/cf-lex.l @@ -255,6 +255,37 @@ WHITE [ \t] return IP4; } +{XIGIT}{2}(:{XIGIT}{2}|{XIGIT}{2}){15,} { + char *s = yytext; + size_t len = 0, i; + struct bytestring *bytes; + byte *b; + + while (*s) { + len++; + s += 2; + if (*s == ':') + s++; + } + bytes = cfg_allocz(sizeof(*bytes) + len); + + bytes->length = len; + b = &bytes->data[0]; + s = yytext; + errno = 0; + for (i = 0; i < len; i++) { + *b = bstrtobyte16(s); + if (errno == ERANGE) + cf_error("Invalid hex string"); + b++; + s += 2; + if (*s == ':') + s++; + } + cf_lval.bs = bytes; + return BYTESTRING; +} + ({XIGIT}*::|({XIGIT}*:){3,})({XIGIT}*|{DIGIT}+\.{DIGIT}+\.{DIGIT}+\.{DIGIT}+) { if (!ip6_pton(yytext, &cf_lval.ip6)) cf_error("Invalid IPv6 address %s", yytext); diff --git a/conf/conf.h b/conf/conf.h index 860d267a..3bc37959 100644 --- a/conf/conf.h +++ b/conf/conf.h @@ -136,6 +136,11 @@ struct sym_scope { int active; /* Currently entered */ }; +struct bytestring { + size_t length; + byte data[]; +}; + #define SYM_MAX_LEN 64 /* Remember to update cf_symbol_class_name() */ diff --git a/conf/confbase.Y b/conf/confbase.Y index d98f0fee..6985783b 100644 --- a/conf/confbase.Y +++ b/conf/confbase.Y @@ -92,6 +92,7 @@ CF_DECLS struct channel_limit cl; struct timeformat *tf; mpls_label_stack *mls; + struct bytestring *bs; } %token END CLI_MARKER INVALID_TOKEN ELSECOL DDOT @@ -103,6 +104,7 @@ CF_DECLS %token <i64> VPN_RD %token <s> CF_SYM_KNOWN CF_SYM_UNDEFINED %token <t> TEXT +%token <bs> BYTESTRING %type <iface> ipa_scope %type <i> expr bool pxlen4 |