summaryrefslogtreecommitdiff
path: root/proto/babel/config.Y
diff options
context:
space:
mode:
Diffstat (limited to 'proto/babel/config.Y')
-rw-r--r--proto/babel/config.Y42
1 files changed, 41 insertions, 1 deletions
diff --git a/proto/babel/config.Y b/proto/babel/config.Y
index 2f3b637b..5e0710b5 100644
--- a/proto/babel/config.Y
+++ b/proto/babel/config.Y
@@ -25,7 +25,7 @@ CF_DECLS
CF_KEYWORDS(BABEL, INTERFACE, METRIC, RXCOST, HELLO, UPDATE, INTERVAL, PORT,
TYPE, WIRED, WIRELESS, RX, TX, BUFFER, PRIORITY, LENGTH, CHECK, LINK,
NEXT, HOP, IPV4, IPV6, BABEL_METRIC, SHOW, INTERFACES, NEIGHBORS,
- ENTRIES, RANDOMIZE, ROUTER, ID)
+ ENTRIES, RANDOMIZE, ROUTER, ID, AUTHENTICATION, NONE, MAC, PERMISSIVE)
CF_GRAMMAR
@@ -59,6 +59,8 @@ babel_iface_start:
this_ipatt = cfg_allocz(sizeof(struct babel_iface_config));
add_tail(&BABEL_CFG->iface_list, NODE this_ipatt);
init_list(&this_ipatt->ipn_list);
+ reset_passwords();
+
BABEL_IFACE->port = BABEL_PORT;
BABEL_IFACE->type = BABEL_IFACE_TYPE_WIRED;
BABEL_IFACE->limit = BABEL_HELLO_LIMIT;
@@ -91,6 +93,40 @@ babel_iface_finish:
BABEL_IFACE->ihu_interval = MIN_(BABEL_IFACE->hello_interval*BABEL_IHU_INTERVAL_FACTOR, BABEL_MAX_INTERVAL);
BABEL_CFG->hold_time = MAX_(BABEL_CFG->hold_time, BABEL_IFACE->update_interval*BABEL_HOLD_TIME_FACTOR);
+
+ BABEL_IFACE->passwords = get_passwords();
+
+ if (!BABEL_IFACE->auth_type != !BABEL_IFACE->passwords)
+ cf_error("Authentication and password options should be used together");
+
+ if (BABEL_IFACE->passwords)
+ {
+ struct password_item *pass;
+ uint len = 0, i = 0;
+ WALK_LIST(pass, *BABEL_IFACE->passwords)
+ {
+ /* Set default crypto algorithm (HMAC-SHA256) */
+ if (!pass->alg)
+ pass->alg = ALG_HMAC_SHA256;
+
+ if (pass->alg & ALG_HMAC) {
+ if (pass->length < mac_type_length(pass->alg) ||
+ pass->length > mac_type_block_size(pass->alg))
+ cf_error("key length %d is not between output size %d and block size %d for algorithm %s",
+ pass->length, mac_type_length(pass->alg),
+ mac_type_block_size(pass->alg), mac_type_name(pass->alg));
+ } else if (!(pass->alg == ALG_BLAKE2S_128 || pass->alg == ALG_BLAKE2S_256 ||
+ pass->alg == ALG_BLAKE2B_256 || pass->alg == ALG_BLAKE2B_512)) {
+ cf_error("Only HMAC and Blake algorithms are supported");
+ }
+
+ len += mac_type_length(pass->alg);
+ i++;
+ }
+ BABEL_IFACE->mac_num_keys = i;
+ BABEL_IFACE->mac_total_len = len;
+ }
+
};
@@ -109,6 +145,10 @@ babel_iface_item:
| CHECK LINK bool { BABEL_IFACE->check_link = $3; }
| NEXT HOP IPV4 ipa { BABEL_IFACE->next_hop_ip4 = $4; if (!ipa_is_ip4($4)) cf_error("Must be an IPv4 address"); }
| NEXT HOP IPV6 ipa { BABEL_IFACE->next_hop_ip6 = $4; if (!ipa_is_ip6($4)) cf_error("Must be an IPv6 address"); }
+ | AUTHENTICATION NONE { BABEL_IFACE->auth_type = BABEL_AUTH_NONE; }
+ | AUTHENTICATION MAC { BABEL_IFACE->auth_type = BABEL_AUTH_MAC; }
+ | AUTHENTICATION MAC PERMISSIVE { BABEL_IFACE->auth_type = BABEL_AUTH_MAC; BABEL_IFACE->auth_permissive = 1; }
+ | password_list { }
;
babel_iface_opts: