1 /* key-chain for authentication.
2 * Copyright (C) 2000 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2, or (at your
9 * option) any later version.
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
29 DEFINE_MTYPE_STATIC(LIB
, KEY
, "Key");
30 DEFINE_MTYPE_STATIC(LIB
, KEYCHAIN
, "Key chain");
32 DEFINE_QOBJ_TYPE(keychain
);
33 DEFINE_QOBJ_TYPE(key
);
35 /* Master list of key chain. */
36 static struct list
*keychain_list
;
38 static struct keychain
*keychain_new(void)
40 struct keychain
*keychain
;
41 keychain
= XCALLOC(MTYPE_KEYCHAIN
, sizeof(struct keychain
));
42 QOBJ_REG(keychain
, keychain
);
46 static void keychain_free(struct keychain
*keychain
)
49 XFREE(MTYPE_KEYCHAIN
, keychain
);
52 static struct key
*key_new(void)
54 struct key
*key
= XCALLOC(MTYPE_KEY
, sizeof(struct key
));
59 static void key_free(struct key
*key
)
62 XFREE(MTYPE_KEY
, key
);
65 struct keychain
*keychain_lookup(const char *name
)
67 struct listnode
*node
;
68 struct keychain
*keychain
;
73 for (ALL_LIST_ELEMENTS_RO(keychain_list
, node
, keychain
)) {
74 if (strcmp(keychain
->name
, name
) == 0)
80 static int key_cmp_func(void *arg1
, void *arg2
)
82 const struct key
*k1
= arg1
;
83 const struct key
*k2
= arg2
;
85 if (k1
->index
> k2
->index
)
87 if (k1
->index
< k2
->index
)
92 static void key_delete_func(struct key
*key
)
99 static struct keychain
*keychain_get(const char *name
)
101 struct keychain
*keychain
;
103 keychain
= keychain_lookup(name
);
108 keychain
= keychain_new();
109 keychain
->name
= XSTRDUP(MTYPE_KEYCHAIN
, name
);
110 keychain
->key
= list_new();
111 keychain
->key
->cmp
= (int (*)(void *, void *))key_cmp_func
;
112 keychain
->key
->del
= (void (*)(void *))key_delete_func
;
113 listnode_add(keychain_list
, keychain
);
118 static void keychain_delete(struct keychain
*keychain
)
120 XFREE(MTYPE_KEYCHAIN
, keychain
->name
);
122 list_delete(&keychain
->key
);
123 listnode_delete(keychain_list
, keychain
);
124 keychain_free(keychain
);
127 static struct key
*key_lookup(const struct keychain
*keychain
, uint32_t index
)
129 struct listnode
*node
;
132 for (ALL_LIST_ELEMENTS_RO(keychain
->key
, node
, key
)) {
133 if (key
->index
== index
)
139 struct key
*key_lookup_for_accept(const struct keychain
*keychain
,
142 struct listnode
*node
;
148 for (ALL_LIST_ELEMENTS_RO(keychain
->key
, node
, key
)) {
149 if (key
->index
>= index
) {
150 if (key
->accept
.start
== 0)
153 if (key
->accept
.start
<= now
)
154 if (key
->accept
.end
>= now
155 || key
->accept
.end
== -1)
162 struct key
*key_match_for_accept(const struct keychain
*keychain
,
163 const char *auth_str
)
165 struct listnode
*node
;
171 for (ALL_LIST_ELEMENTS_RO(keychain
->key
, node
, key
)) {
172 if (key
->accept
.start
== 0
173 || (key
->accept
.start
<= now
174 && (key
->accept
.end
>= now
|| key
->accept
.end
== -1)))
175 if (key
->string
&& (strncmp(key
->string
, auth_str
, 16) == 0))
181 struct key
*key_lookup_for_send(const struct keychain
*keychain
)
183 struct listnode
*node
;
189 for (ALL_LIST_ELEMENTS_RO(keychain
->key
, node
, key
)) {
190 if (key
->send
.start
== 0)
193 if (key
->send
.start
<= now
)
194 if (key
->send
.end
>= now
|| key
->send
.end
== -1)
200 static struct key
*key_get(const struct keychain
*keychain
, uint32_t index
)
204 key
= key_lookup(keychain
, index
);
211 key
->hash_algo
= KEYCHAIN_ALGO_NULL
;
212 listnode_add_sort(keychain
->key
, key
);
217 static void key_delete(struct keychain
*keychain
, struct key
*key
)
219 listnode_delete(keychain
->key
, key
);
221 XFREE(MTYPE_KEY
, key
->string
);
225 DEFUN_NOSH (key_chain
,
228 "Authentication key management\n"
229 "Key-chain management\n"
233 struct keychain
*keychain
;
235 keychain
= keychain_get(argv
[idx_word
]->arg
);
236 VTY_PUSH_CONTEXT(KEYCHAIN_NODE
, keychain
);
245 "Authentication key management\n"
246 "Key-chain management\n"
250 struct keychain
*keychain
;
252 keychain
= keychain_lookup(argv
[idx_word
]->arg
);
255 vty_out(vty
, "Can't find keychain %s\n", argv
[idx_word
]->arg
);
256 return CMD_WARNING_CONFIG_FAILED
;
259 keychain_delete(keychain
);
266 "key (0-2147483647)",
268 "Key identifier number\n")
271 VTY_DECLVAR_CONTEXT(keychain
, keychain
);
275 index
= strtoul(argv
[idx_number
]->arg
, NULL
, 10);
276 key
= key_get(keychain
, index
);
277 VTY_PUSH_CONTEXT_SUB(KEYCHAIN_KEY_NODE
, key
);
284 "no key (0-2147483647)",
287 "Key identifier number\n")
290 VTY_DECLVAR_CONTEXT(keychain
, keychain
);
294 index
= strtoul(argv
[idx_number
]->arg
, NULL
, 10);
295 key
= key_lookup(keychain
, index
);
297 vty_out(vty
, "Can't find key %d\n", index
);
298 return CMD_WARNING_CONFIG_FAILED
;
301 key_delete(keychain
, key
);
303 vty
->node
= KEYCHAIN_NODE
;
315 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
318 XFREE(MTYPE_KEY
, key
->string
);
319 key
->string
= XSTRDUP(MTYPE_KEY
, argv
[idx_line
]->arg
);
324 DEFUN (no_key_string
,
326 "no key-string [LINE]",
331 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
334 XFREE(MTYPE_KEY
, key
->string
);
341 const struct keychain_algo_info algo_info
[] = {
342 {KEYCHAIN_ALGO_NULL
, "null", 0, 0, "NULL"},
343 {KEYCHAIN_ALGO_MD5
, "md5", KEYCHAIN_MD5_HASH_SIZE
,
344 KEYCHAIN_ALGO_MD5_INTERNAL_BLK_SIZE
, "MD5"},
345 {KEYCHAIN_ALGO_HMAC_SHA1
, "hmac-sha-1", KEYCHAIN_HMAC_SHA1_HASH_SIZE
,
346 KEYCHAIN_ALGO_SHA1_INTERNAL_BLK_SIZE
, "HMAC-SHA-1"},
347 {KEYCHAIN_ALGO_HMAC_SHA256
, "hmac-sha-256",
348 KEYCHAIN_HMAC_SHA256_HASH_SIZE
, KEYCHAIN_ALGO_SHA256_INTERNAL_BLK_SIZE
,
350 {KEYCHAIN_ALGO_HMAC_SHA384
, "hmac-sha-384",
351 KEYCHAIN_HMAC_SHA384_HASH_SIZE
, KEYCHAIN_ALGO_SHA384_INTERNAL_BLK_SIZE
,
353 {KEYCHAIN_ALGO_HMAC_SHA512
, "hmac-sha-512",
354 KEYCHAIN_HMAC_SHA512_HASH_SIZE
, KEYCHAIN_ALGO_SHA512_INTERNAL_BLK_SIZE
,
356 {KEYCHAIN_ALGO_MAX
, "max", KEYCHAIN_MAX_HASH_SIZE
,
357 KEYCHAIN_ALGO_MAX_INTERNAL_BLK_SIZE
, "Not defined"}
360 uint16_t keychain_get_block_size(enum keychain_hash_algo key
)
362 return algo_info
[key
].block
;
365 uint16_t keychain_get_hash_len(enum keychain_hash_algo key
)
367 return algo_info
[key
].length
;
370 const char *keychain_get_description(enum keychain_hash_algo key
)
372 return algo_info
[key
].desc
;
375 struct keychain_algo_info
376 keychain_get_hash_algo_info(enum keychain_hash_algo key
)
378 return algo_info
[key
];
381 enum keychain_hash_algo
keychain_get_algo_id_by_name(const char *name
)
383 #ifdef CRYPTO_INTERNAL
384 if (!strncmp(name
, "hmac-sha-2", 10))
385 return KEYCHAIN_ALGO_HMAC_SHA256
;
386 else if (!strncmp(name
, "m", 1))
387 return KEYCHAIN_ALGO_MD5
;
389 return KEYCHAIN_ALGO_NULL
;
391 if (!strncmp(name
, "m", 1))
392 return KEYCHAIN_ALGO_MD5
;
393 else if (!strncmp(name
, "hmac-sha-1", 10))
394 return KEYCHAIN_ALGO_HMAC_SHA1
;
395 else if (!strncmp(name
, "hmac-sha-2", 10))
396 return KEYCHAIN_ALGO_HMAC_SHA256
;
397 else if (!strncmp(name
, "hmac-sha-3", 10))
398 return KEYCHAIN_ALGO_HMAC_SHA384
;
399 else if (!strncmp(name
, "hmac-sha-5", 10))
400 return KEYCHAIN_ALGO_HMAC_SHA512
;
402 return KEYCHAIN_ALGO_NULL
;
406 const char *keychain_get_algo_name_by_id(enum keychain_hash_algo key
)
408 return algo_info
[key
].name
;
411 DEFUN(cryptographic_algorithm
, cryptographic_algorithm_cmd
,
412 "cryptographic-algorithm "
413 "<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>",
414 "Cryptographic-algorithm\n"
415 "Use MD5 algorithm\n"
416 "Use HMAC-SHA-1 algorithm\n"
417 "Use HMAC-SHA-256 algorithm\n"
418 "Use HMAC-SHA-384 algorithm\n"
419 "Use HMAC-SHA-512 algorithm\n")
422 uint8_t hash_algo
= KEYCHAIN_ALGO_NULL
;
424 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
425 hash_algo
= keychain_get_algo_id_by_name(argv
[algo_idx
]->arg
);
426 #ifndef CRYPTO_OPENSSL
427 if (hash_algo
== KEYCHAIN_ALGO_NULL
) {
429 "Hash algorithm not supported, compile with --with-crypto=openssl\n");
430 return CMD_WARNING_CONFIG_FAILED
;
432 #endif /* CRYPTO_OPENSSL */
433 key
->hash_algo
= hash_algo
;
437 DEFUN(no_cryptographic_algorithm
, no_cryptographic_algorithm_cmd
,
438 "no cryptographic-algorithm "
439 "[<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>]",
441 "Cryptographic-algorithm\n"
442 "Use MD5 algorithm\n"
443 "Use HMAC-SHA-1 algorithm\n"
444 "Use HMAC-SHA-256 algorithm\n"
445 "Use HMAC-SHA-384 algorithm\n"
446 "Use HMAC-SHA-512 algorithm\n")
449 uint8_t hash_algo
= KEYCHAIN_ALGO_NULL
;
451 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
452 if (argc
> algo_idx
) {
453 hash_algo
= keychain_get_algo_id_by_name(argv
[algo_idx
]->arg
);
454 if (hash_algo
== KEYCHAIN_ALGO_NULL
) {
456 "Hash algorithm not supported, try compiling with --with-crypto=openssl\n");
457 return CMD_WARNING_CONFIG_FAILED
;
461 if ((hash_algo
!= KEYCHAIN_ALGO_NULL
) && (hash_algo
!= key
->hash_algo
))
464 key
->hash_algo
= KEYCHAIN_ALGO_NULL
;
468 /* Convert HH:MM:SS MON DAY YEAR to time_t value. -1 is returned when
469 given string is malformed. */
470 static time_t key_str2time(const char *time_str
, const char *day_str
,
471 const char *month_str
, const char *year_str
)
477 unsigned int sec
, min
, hour
;
478 unsigned int day
, month
, year
;
480 const char *month_name
[] = {
481 "January", "February", "March", "April", "May",
482 "June", "July", "August", "September", "October",
483 "November", "December", NULL
};
485 #define _GET_LONG_RANGE(V, STR, MMCOND) \
487 unsigned long tmpl; \
488 char *endptr = NULL; \
489 tmpl = strtoul((STR), &endptr, 10); \
490 if (*endptr != '\0' || tmpl == ULONG_MAX) \
496 #define GET_LONG_RANGE(V, STR, MIN, MAX) \
497 _GET_LONG_RANGE(V, STR, tmpl<(MIN) || tmpl>(MAX))
498 #define GET_LONG_RANGE0(V, STR, MAX) _GET_LONG_RANGE(V, STR, tmpl > (MAX))
500 /* Check hour field of time_str. */
501 colon
= strchr(time_str
, ':');
506 /* Hour must be between 0 and 23. */
507 GET_LONG_RANGE0(hour
, time_str
, 23);
509 /* Check min field of time_str. */
510 time_str
= colon
+ 1;
511 colon
= strchr(time_str
, ':');
512 if (*time_str
== '\0' || colon
== NULL
)
516 /* Min must be between 0 and 59. */
517 GET_LONG_RANGE0(min
, time_str
, 59);
519 /* Check sec field of time_str. */
520 time_str
= colon
+ 1;
521 if (*time_str
== '\0')
524 /* Sec must be between 0 and 59. */
525 GET_LONG_RANGE0(sec
, time_str
, 59);
527 /* Check day_str. Day must be <1-31>. */
528 GET_LONG_RANGE(day
, day_str
, 1, 31);
530 /* Check month_str. Month must match month_name. */
532 if (strlen(month_str
) >= 3)
533 for (i
= 0; month_name
[i
]; i
++)
534 if (strncmp(month_str
, month_name
[i
], strlen(month_str
))
542 /* Check year_str. Year must be <1993-2035>. */
543 GET_LONG_RANGE(year
, year_str
, 1993, 2035);
545 memset(&tm
, 0, sizeof(struct tm
));
551 tm
.tm_year
= year
- 1900;
556 #undef GET_LONG_RANGE
559 static int key_lifetime_set(struct vty
*vty
, struct key_range
*krange
,
560 const char *stime_str
, const char *sday_str
,
561 const char *smonth_str
, const char *syear_str
,
562 const char *etime_str
, const char *eday_str
,
563 const char *emonth_str
, const char *eyear_str
)
568 time_start
= key_str2time(stime_str
, sday_str
, smonth_str
, syear_str
);
569 if (time_start
< 0) {
570 vty_out(vty
, "Malformed time value\n");
571 return CMD_WARNING_CONFIG_FAILED
;
573 time_end
= key_str2time(etime_str
, eday_str
, emonth_str
, eyear_str
);
576 vty_out(vty
, "Malformed time value\n");
577 return CMD_WARNING_CONFIG_FAILED
;
580 if (time_end
<= time_start
) {
581 vty_out(vty
, "Expire time is not later than start time\n");
582 return CMD_WARNING_CONFIG_FAILED
;
585 krange
->start
= time_start
;
586 krange
->end
= time_end
;
591 static int key_lifetime_duration_set(struct vty
*vty
, struct key_range
*krange
,
592 const char *stime_str
,
593 const char *sday_str
,
594 const char *smonth_str
,
595 const char *syear_str
,
596 const char *duration_str
)
601 time_start
= key_str2time(stime_str
, sday_str
, smonth_str
, syear_str
);
602 if (time_start
< 0) {
603 vty_out(vty
, "Malformed time value\n");
604 return CMD_WARNING_CONFIG_FAILED
;
606 krange
->start
= time_start
;
608 duration
= strtoul(duration_str
, NULL
, 10);
609 krange
->duration
= 1;
610 krange
->end
= time_start
+ duration
;
615 static int key_lifetime_infinite_set(struct vty
*vty
, struct key_range
*krange
,
616 const char *stime_str
,
617 const char *sday_str
,
618 const char *smonth_str
,
619 const char *syear_str
)
623 time_start
= key_str2time(stime_str
, sday_str
, smonth_str
, syear_str
);
624 if (time_start
< 0) {
625 vty_out(vty
, "Malformed time value\n");
626 return CMD_WARNING_CONFIG_FAILED
;
628 krange
->start
= time_start
;
635 DEFUN (accept_lifetime_day_month_day_month
,
636 accept_lifetime_day_month_day_month_cmd
,
637 "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)",
638 "Set accept lifetime of the key\n"
640 "Day of th month to start\n"
641 "Month of the year to start\n"
644 "Day of th month to expire\n"
645 "Month of the year to expire\n"
651 int idx_number_2
= 4;
652 int idx_hhmmss_2
= 5;
653 int idx_number_3
= 6;
655 int idx_number_4
= 8;
656 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
658 return key_lifetime_set(
659 vty
, &key
->accept
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
660 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
661 argv
[idx_hhmmss_2
]->arg
, argv
[idx_number_3
]->arg
,
662 argv
[idx_month_2
]->arg
, argv
[idx_number_4
]->arg
);
665 DEFUN (accept_lifetime_day_month_month_day
,
666 accept_lifetime_day_month_month_day_cmd
,
667 "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)",
668 "Set accept lifetime of the key\n"
670 "Day of th month to start\n"
671 "Month of the year to start\n"
674 "Month of the year to expire\n"
675 "Day of th month to expire\n"
681 int idx_number_2
= 4;
682 int idx_hhmmss_2
= 5;
684 int idx_number_3
= 7;
685 int idx_number_4
= 8;
686 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
688 return key_lifetime_set(
689 vty
, &key
->accept
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
690 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
691 argv
[idx_hhmmss_2
]->arg
, argv
[idx_number_3
]->arg
,
692 argv
[idx_month_2
]->arg
, argv
[idx_number_4
]->arg
);
695 DEFUN (accept_lifetime_month_day_day_month
,
696 accept_lifetime_month_day_day_month_cmd
,
697 "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)",
698 "Set accept lifetime of the key\n"
700 "Month of the year to start\n"
701 "Day of th month to start\n"
704 "Day of th month to expire\n"
705 "Month of the year to expire\n"
711 int idx_number_2
= 4;
712 int idx_hhmmss_2
= 5;
713 int idx_number_3
= 6;
715 int idx_number_4
= 8;
716 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
718 return key_lifetime_set(
719 vty
, &key
->accept
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
720 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
721 argv
[idx_hhmmss_2
]->arg
, argv
[idx_number_3
]->arg
,
722 argv
[idx_month_2
]->arg
, argv
[idx_number_4
]->arg
);
725 DEFUN (accept_lifetime_month_day_month_day
,
726 accept_lifetime_month_day_month_day_cmd
,
727 "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)",
728 "Set accept lifetime of the key\n"
730 "Month of the year to start\n"
731 "Day of th month to start\n"
734 "Month of the year to expire\n"
735 "Day of th month to expire\n"
741 int idx_number_2
= 4;
742 int idx_hhmmss_2
= 5;
744 int idx_number_3
= 7;
745 int idx_number_4
= 8;
746 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
748 return key_lifetime_set(
749 vty
, &key
->accept
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
750 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
751 argv
[idx_hhmmss_2
]->arg
, argv
[idx_number_3
]->arg
,
752 argv
[idx_month_2
]->arg
, argv
[idx_number_4
]->arg
);
755 DEFUN (accept_lifetime_infinite_day_month
,
756 accept_lifetime_infinite_day_month_cmd
,
757 "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) infinite",
758 "Set accept lifetime of the key\n"
760 "Day of th month to start\n"
761 "Month of the year to start\n"
768 int idx_number_2
= 4;
769 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
771 return key_lifetime_infinite_set(
772 vty
, &key
->accept
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
773 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
);
776 DEFUN (accept_lifetime_infinite_month_day
,
777 accept_lifetime_infinite_month_day_cmd
,
778 "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) infinite",
779 "Set accept lifetime of the key\n"
781 "Month of the year to start\n"
782 "Day of th month to start\n"
789 int idx_number_2
= 4;
790 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
792 return key_lifetime_infinite_set(
793 vty
, &key
->accept
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
794 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
);
797 DEFUN (accept_lifetime_duration_day_month
,
798 accept_lifetime_duration_day_month_cmd
,
799 "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) duration (1-2147483646)",
800 "Set accept lifetime of the key\n"
802 "Day of th month to start\n"
803 "Month of the year to start\n"
805 "Duration of the key\n"
806 "Duration seconds\n")
811 int idx_number_2
= 4;
812 int idx_number_3
= 6;
813 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
815 return key_lifetime_duration_set(
816 vty
, &key
->accept
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
817 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
818 argv
[idx_number_3
]->arg
);
821 DEFUN (accept_lifetime_duration_month_day
,
822 accept_lifetime_duration_month_day_cmd
,
823 "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) duration (1-2147483646)",
824 "Set accept lifetime of the key\n"
826 "Month of the year to start\n"
827 "Day of th month to start\n"
829 "Duration of the key\n"
830 "Duration seconds\n")
835 int idx_number_2
= 4;
836 int idx_number_3
= 6;
837 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
839 return key_lifetime_duration_set(
840 vty
, &key
->accept
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
841 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
842 argv
[idx_number_3
]->arg
);
845 DEFUN (no_accept_lifetime
,
846 no_accept_lifetime_cmd
,
847 "no accept-lifetime",
849 "Unset accept-lifetime\n")
851 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
853 if (key
->accept
.start
)
854 key
->accept
.start
= 0;
857 if (key
->accept
.duration
)
858 key
->accept
.duration
= 0;
863 DEFUN (send_lifetime_day_month_day_month
,
864 send_lifetime_day_month_day_month_cmd
,
865 "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)",
866 "Set send lifetime of the key\n"
868 "Day of th month to start\n"
869 "Month of the year to start\n"
872 "Day of th month to expire\n"
873 "Month of the year to expire\n"
879 int idx_number_2
= 4;
880 int idx_hhmmss_2
= 5;
881 int idx_number_3
= 6;
883 int idx_number_4
= 8;
884 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
886 return key_lifetime_set(
887 vty
, &key
->send
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
888 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
889 argv
[idx_hhmmss_2
]->arg
, argv
[idx_number_3
]->arg
,
890 argv
[idx_month_2
]->arg
, argv
[idx_number_4
]->arg
);
893 DEFUN (send_lifetime_day_month_month_day
,
894 send_lifetime_day_month_month_day_cmd
,
895 "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)",
896 "Set send lifetime of the key\n"
898 "Day of th month to start\n"
899 "Month of the year to start\n"
902 "Month of the year to expire\n"
903 "Day of th month to expire\n"
909 int idx_number_2
= 4;
910 int idx_hhmmss_2
= 5;
912 int idx_number_3
= 7;
913 int idx_number_4
= 8;
914 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
916 return key_lifetime_set(
917 vty
, &key
->send
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
918 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
919 argv
[idx_hhmmss_2
]->arg
, argv
[idx_number_3
]->arg
,
920 argv
[idx_month_2
]->arg
, argv
[idx_number_4
]->arg
);
923 DEFUN (send_lifetime_month_day_day_month
,
924 send_lifetime_month_day_day_month_cmd
,
925 "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)",
926 "Set send lifetime of the key\n"
928 "Month of the year to start\n"
929 "Day of th month to start\n"
932 "Day of th month to expire\n"
933 "Month of the year to expire\n"
939 int idx_number_2
= 4;
940 int idx_hhmmss_2
= 5;
941 int idx_number_3
= 6;
943 int idx_number_4
= 8;
944 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
946 return key_lifetime_set(
947 vty
, &key
->send
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
948 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
949 argv
[idx_hhmmss_2
]->arg
, argv
[idx_number_3
]->arg
,
950 argv
[idx_month_2
]->arg
, argv
[idx_number_4
]->arg
);
953 DEFUN (send_lifetime_month_day_month_day
,
954 send_lifetime_month_day_month_day_cmd
,
955 "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)",
956 "Set send lifetime of the key\n"
958 "Month of the year to start\n"
959 "Day of th month to start\n"
962 "Month of the year to expire\n"
963 "Day of th month to expire\n"
969 int idx_number_2
= 4;
970 int idx_hhmmss_2
= 5;
972 int idx_number_3
= 7;
973 int idx_number_4
= 8;
974 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
976 return key_lifetime_set(
977 vty
, &key
->send
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
978 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
979 argv
[idx_hhmmss_2
]->arg
, argv
[idx_number_3
]->arg
,
980 argv
[idx_month_2
]->arg
, argv
[idx_number_4
]->arg
);
983 DEFUN (send_lifetime_infinite_day_month
,
984 send_lifetime_infinite_day_month_cmd
,
985 "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) infinite",
986 "Set send lifetime of the key\n"
988 "Day of th month to start\n"
989 "Month of the year to start\n"
996 int idx_number_2
= 4;
997 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
999 return key_lifetime_infinite_set(
1000 vty
, &key
->send
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
1001 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
);
1004 DEFUN (send_lifetime_infinite_month_day
,
1005 send_lifetime_infinite_month_day_cmd
,
1006 "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) infinite",
1007 "Set send lifetime of the key\n"
1009 "Month of the year to start\n"
1010 "Day of th month to start\n"
1017 int idx_number_2
= 4;
1018 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
1020 return key_lifetime_infinite_set(
1021 vty
, &key
->send
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
1022 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
);
1025 DEFUN (send_lifetime_duration_day_month
,
1026 send_lifetime_duration_day_month_cmd
,
1027 "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) duration (1-2147483646)",
1028 "Set send lifetime of the key\n"
1030 "Day of th month to start\n"
1031 "Month of the year to start\n"
1033 "Duration of the key\n"
1034 "Duration seconds\n")
1039 int idx_number_2
= 4;
1040 int idx_number_3
= 6;
1041 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
1043 return key_lifetime_duration_set(
1044 vty
, &key
->send
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
1045 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
1046 argv
[idx_number_3
]->arg
);
1049 DEFUN (send_lifetime_duration_month_day
,
1050 send_lifetime_duration_month_day_cmd
,
1051 "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) duration (1-2147483646)",
1052 "Set send lifetime of the key\n"
1054 "Month of the year to start\n"
1055 "Day of th month to start\n"
1057 "Duration of the key\n"
1058 "Duration seconds\n")
1063 int idx_number_2
= 4;
1064 int idx_number_3
= 6;
1065 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
1067 return key_lifetime_duration_set(
1068 vty
, &key
->send
, argv
[idx_hhmmss
]->arg
, argv
[idx_number
]->arg
,
1069 argv
[idx_month
]->arg
, argv
[idx_number_2
]->arg
,
1070 argv
[idx_number_3
]->arg
);
1073 DEFUN (no_send_lifetime
,
1074 no_send_lifetime_cmd
,
1077 "Unset send-lifetime\n")
1079 VTY_DECLVAR_CONTEXT_SUB(key
, key
);
1081 if (key
->send
.start
)
1082 key
->send
.start
= 0;
1085 if (key
->send
.duration
)
1086 key
->send
.duration
= 0;
1091 static int keychain_config_write(struct vty
*vty
);
1092 static struct cmd_node keychain_node
= {
1094 .node
= KEYCHAIN_NODE
,
1095 .parent_node
= CONFIG_NODE
,
1096 .prompt
= "%s(config-keychain)# ",
1097 .config_write
= keychain_config_write
,
1100 static struct cmd_node keychain_key_node
= {
1101 .name
= "keychain key",
1102 .node
= KEYCHAIN_KEY_NODE
,
1103 .parent_node
= KEYCHAIN_NODE
,
1104 .prompt
= "%s(config-keychain-key)# ",
1107 static int keychain_strftime(char *buf
, int bufsiz
, time_t *time
)
1112 localtime_r(time
, &tm
);
1114 len
= strftime(buf
, bufsiz
, "%T %b %d %Y", &tm
);
1119 static int keychain_config_write(struct vty
*vty
)
1121 struct keychain
*keychain
;
1123 struct listnode
*node
;
1124 struct listnode
*knode
;
1127 for (ALL_LIST_ELEMENTS_RO(keychain_list
, node
, keychain
)) {
1128 vty_out(vty
, "key chain %s\n", keychain
->name
);
1130 for (ALL_LIST_ELEMENTS_RO(keychain
->key
, knode
, key
)) {
1131 vty_out(vty
, " key %d\n", key
->index
);
1134 vty_out(vty
, " key-string %s\n", key
->string
);
1136 if (key
->hash_algo
!= KEYCHAIN_ALGO_NULL
)
1137 vty_out(vty
, " cryptographic-algorithm %s\n",
1138 keychain_get_algo_name_by_id(
1141 if (key
->accept
.start
) {
1142 keychain_strftime(buf
, BUFSIZ
,
1143 &key
->accept
.start
);
1144 vty_out(vty
, " accept-lifetime %s", buf
);
1146 if (key
->accept
.end
== -1)
1147 vty_out(vty
, " infinite");
1148 else if (key
->accept
.duration
)
1149 vty_out(vty
, " duration %ld",
1150 (long)(key
->accept
.end
1151 - key
->accept
.start
));
1153 keychain_strftime(buf
, BUFSIZ
,
1155 vty_out(vty
, " %s", buf
);
1160 if (key
->send
.start
) {
1161 keychain_strftime(buf
, BUFSIZ
,
1163 vty_out(vty
, " send-lifetime %s", buf
);
1165 if (key
->send
.end
== -1)
1166 vty_out(vty
, " infinite");
1167 else if (key
->send
.duration
)
1168 vty_out(vty
, " duration %ld",
1169 (long)(key
->send
.end
1170 - key
->send
.start
));
1172 keychain_strftime(buf
, BUFSIZ
,
1174 vty_out(vty
, " %s", buf
);
1179 vty_out(vty
, " exit\n");
1181 vty_out(vty
, "exit\n");
1182 vty_out(vty
, "!\n");
1189 static void keychain_active_config(vector comps
, struct cmd_token
*token
)
1191 struct keychain
*keychain
;
1192 struct listnode
*node
;
1194 for (ALL_LIST_ELEMENTS_RO(keychain_list
, node
, keychain
))
1195 vector_set(comps
, XSTRDUP(MTYPE_COMPLETION
, keychain
->name
));
1198 static const struct cmd_variable_handler keychain_var_handlers
[] = {
1199 {.varname
= "key_chain", .completions
= keychain_active_config
},
1200 {.tokenname
= "KEYCHAIN_NAME", .completions
= keychain_active_config
},
1201 {.tokenname
= "KCHAIN_NAME", .completions
= keychain_active_config
},
1202 {.completions
= NULL
}
1205 void keychain_init(void)
1207 keychain_list
= list_new();
1209 /* Register handler for keychain auto config support */
1210 cmd_variable_handler_register(keychain_var_handlers
);
1211 install_node(&keychain_node
);
1212 install_node(&keychain_key_node
);
1214 install_default(KEYCHAIN_NODE
);
1215 install_default(KEYCHAIN_KEY_NODE
);
1217 install_element(CONFIG_NODE
, &key_chain_cmd
);
1218 install_element(CONFIG_NODE
, &no_key_chain_cmd
);
1219 install_element(KEYCHAIN_NODE
, &key_cmd
);
1220 install_element(KEYCHAIN_NODE
, &no_key_cmd
);
1222 install_element(KEYCHAIN_NODE
, &key_chain_cmd
);
1223 install_element(KEYCHAIN_NODE
, &no_key_chain_cmd
);
1225 install_element(KEYCHAIN_KEY_NODE
, &key_string_cmd
);
1226 install_element(KEYCHAIN_KEY_NODE
, &no_key_string_cmd
);
1228 install_element(KEYCHAIN_KEY_NODE
, &key_chain_cmd
);
1229 install_element(KEYCHAIN_KEY_NODE
, &no_key_chain_cmd
);
1231 install_element(KEYCHAIN_KEY_NODE
, &key_cmd
);
1232 install_element(KEYCHAIN_KEY_NODE
, &no_key_cmd
);
1234 install_element(KEYCHAIN_KEY_NODE
,
1235 &accept_lifetime_day_month_day_month_cmd
);
1236 install_element(KEYCHAIN_KEY_NODE
,
1237 &accept_lifetime_day_month_month_day_cmd
);
1238 install_element(KEYCHAIN_KEY_NODE
,
1239 &accept_lifetime_month_day_day_month_cmd
);
1240 install_element(KEYCHAIN_KEY_NODE
,
1241 &accept_lifetime_month_day_month_day_cmd
);
1242 install_element(KEYCHAIN_KEY_NODE
,
1243 &accept_lifetime_infinite_day_month_cmd
);
1244 install_element(KEYCHAIN_KEY_NODE
,
1245 &accept_lifetime_infinite_month_day_cmd
);
1246 install_element(KEYCHAIN_KEY_NODE
,
1247 &accept_lifetime_duration_day_month_cmd
);
1248 install_element(KEYCHAIN_KEY_NODE
,
1249 &accept_lifetime_duration_month_day_cmd
);
1250 install_element(KEYCHAIN_KEY_NODE
, &no_accept_lifetime_cmd
);
1252 install_element(KEYCHAIN_KEY_NODE
,
1253 &send_lifetime_day_month_day_month_cmd
);
1254 install_element(KEYCHAIN_KEY_NODE
,
1255 &send_lifetime_day_month_month_day_cmd
);
1256 install_element(KEYCHAIN_KEY_NODE
,
1257 &send_lifetime_month_day_day_month_cmd
);
1258 install_element(KEYCHAIN_KEY_NODE
,
1259 &send_lifetime_month_day_month_day_cmd
);
1260 install_element(KEYCHAIN_KEY_NODE
,
1261 &send_lifetime_infinite_day_month_cmd
);
1262 install_element(KEYCHAIN_KEY_NODE
,
1263 &send_lifetime_infinite_month_day_cmd
);
1264 install_element(KEYCHAIN_KEY_NODE
,
1265 &send_lifetime_duration_day_month_cmd
);
1266 install_element(KEYCHAIN_KEY_NODE
,
1267 &send_lifetime_duration_month_day_cmd
);
1268 install_element(KEYCHAIN_KEY_NODE
, &no_send_lifetime_cmd
);
1269 install_element(KEYCHAIN_KEY_NODE
, &cryptographic_algorithm_cmd
);
1270 install_element(KEYCHAIN_KEY_NODE
, &no_cryptographic_algorithm_cmd
);