* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include "config.h"
#include <zebra.h>
#include "command.h"
key = key_new();
key->index = index;
+ key->hash_algo = KEYCHAIN_ALGO_NULL;
listnode_add_sort(keychain->key, key);
return key;
return CMD_SUCCESS;
}
+const struct keychain_algo_info algo_info[] = {
+ {KEYCHAIN_ALGO_NULL, "null", 0, 0, "NULL"},
+ {KEYCHAIN_ALGO_MD5, "md5", KEYCHAIN_MD5_HASH_SIZE,
+ KEYCHAIN_ALGO_MD5_INTERNAL_BLK_SIZE, "MD5"},
+ {KEYCHAIN_ALGO_HMAC_SHA1, "hmac-sha-1", KEYCHAIN_HMAC_SHA1_HASH_SIZE,
+ KEYCHAIN_ALGO_SHA1_INTERNAL_BLK_SIZE, "HMAC-SHA-1"},
+ {KEYCHAIN_ALGO_HMAC_SHA256, "hmac-sha-256",
+ KEYCHAIN_HMAC_SHA256_HASH_SIZE, KEYCHAIN_ALGO_SHA256_INTERNAL_BLK_SIZE,
+ "HMAC-SHA-256"},
+ {KEYCHAIN_ALGO_HMAC_SHA384, "hmac-sha-384",
+ KEYCHAIN_HMAC_SHA384_HASH_SIZE, KEYCHAIN_ALGO_SHA384_INTERNAL_BLK_SIZE,
+ "HMAC-SHA-384"},
+ {KEYCHAIN_ALGO_HMAC_SHA512, "hmac-sha-512",
+ KEYCHAIN_HMAC_SHA512_HASH_SIZE, KEYCHAIN_ALGO_SHA512_INTERNAL_BLK_SIZE,
+ "HMAC-SHA-512"},
+ {KEYCHAIN_ALGO_MAX, "max", KEYCHAIN_MAX_HASH_SIZE,
+ KEYCHAIN_ALGO_MAX_INTERNAL_BLK_SIZE, "Not defined"}
+};
+
+uint32_t keychain_get_block_size(enum keychain_hash_algo key)
+{
+ return algo_info[key].block;
+}
+
+uint32_t keychain_get_hash_len(enum keychain_hash_algo key)
+{
+ return algo_info[key].length;
+}
+
+const char *keychain_get_description(enum keychain_hash_algo key)
+{
+ return algo_info[key].desc;
+}
+
+struct keychain_algo_info
+keychain_get_hash_algo_info(enum keychain_hash_algo key)
+{
+ return algo_info[key];
+}
+
+enum keychain_hash_algo keychain_get_algo_id_by_name(const char *name)
+{
+#ifdef CRYPTO_INTERNAL
+ if (!strncmp(name, "hmac-sha-2", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA256;
+ else if (!strncmp(name, "m", 1))
+ return KEYCHAIN_ALGO_MD5;
+ else
+ return KEYCHAIN_ALGO_NULL;
+#else
+ if (!strncmp(name, "m", 1))
+ return KEYCHAIN_ALGO_MD5;
+ else if (!strncmp(name, "hmac-sha-1", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA1;
+ else if (!strncmp(name, "hmac-sha-2", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA256;
+ else if (!strncmp(name, "hmac-sha-3", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA384;
+ else if (!strncmp(name, "hmac-sha-5", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA512;
+ else
+ return KEYCHAIN_ALGO_NULL;
+#endif
+}
+
+const char *keychain_get_algo_name_by_id(enum keychain_hash_algo key)
+{
+ return algo_info[key].name;
+}
+
+DEFUN(cryptographic_algorithm, cryptographic_algorithm_cmd,
+ "cryptographic-algorithm "
+ "<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>",
+ "Cryptographic-algorithm\n"
+ "Use MD5 algorithm\n"
+ "Use HMAC-SHA-1 algorithm\n"
+ "Use HMAC-SHA-256 algorithm\n"
+ "Use HMAC-SHA-384 algorithm\n"
+ "Use HMAC-SHA-512 algorithm\n")
+{
+ int algo_idx = 1;
+ uint8_t hash_algo = KEYCHAIN_ALGO_NULL;
+
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+ hash_algo = keychain_get_algo_id_by_name(argv[algo_idx]->arg);
+#ifndef CRYPTO_OPENSSL
+ if (hash_algo == KEYCHAIN_ALGO_NULL) {
+ vty_out(vty,
+ "Hash algorithm not supported, compile with --with-crypto=openssl\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+#endif /* CRYPTO_OPENSSL */
+ key->hash_algo = hash_algo;
+ return CMD_SUCCESS;
+}
+
+DEFUN(no_cryptographic_algorithm, no_cryptographic_algorithm_cmd,
+ "no cryptographic-algorithm "
+ "[<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>]",
+ NO_STR
+ "Cryptographic-algorithm\n"
+ "Use MD5 algorithm\n"
+ "Use HMAC-SHA-1 algorithm\n"
+ "Use HMAC-SHA-256 algorithm\n"
+ "Use HMAC-SHA-384 algorithm\n"
+ "Use HMAC-SHA-512 algorithm\n")
+{
+ int algo_idx = 2;
+ uint8_t hash_algo = KEYCHAIN_ALGO_NULL;
+
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+ if (argc > algo_idx) {
+ hash_algo = keychain_get_algo_id_by_name(argv[algo_idx]->arg);
+ if (hash_algo == KEYCHAIN_ALGO_NULL) {
+ vty_out(vty,
+ "Hash algorithm not supported, try compiling with --with-crypto=openssl\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+ }
+
+ if ((hash_algo != KEYCHAIN_ALGO_NULL) && (hash_algo != key->hash_algo))
+ return CMD_SUCCESS;
+
+ key->hash_algo = KEYCHAIN_ALGO_NULL;
+ return CMD_SUCCESS;
+}
+
/* Convert HH:MM:SS MON DAY YEAR to time_t value. -1 is returned when
given string is malformed. */
static time_t key_str2time(const char *time_str, const char *day_str,
if (key->string)
vty_out(vty, " key-string %s\n", key->string);
+ if (key->hash_algo != KEYCHAIN_ALGO_NULL)
+ vty_out(vty, " cryptographic-algorithm %s\n",
+ keychain_get_algo_name_by_id(
+ key->hash_algo));
+
if (key->accept.start) {
keychain_strftime(buf, BUFSIZ,
&key->accept.start);
return 0;
}
+
static void keychain_active_config(vector comps, struct cmd_token *token)
{
struct keychain *keychain;
install_element(KEYCHAIN_KEY_NODE,
&send_lifetime_duration_month_day_cmd);
install_element(KEYCHAIN_KEY_NODE, &no_send_lifetime_cmd);
+ install_element(KEYCHAIN_KEY_NODE, &cryptographic_algorithm_cmd);
+ install_element(KEYCHAIN_KEY_NODE, &no_cryptographic_algorithm_cmd);
}
extern "C" {
#endif
+enum keychain_hash_algo {
+ KEYCHAIN_ALGO_NULL,
+ KEYCHAIN_ALGO_MD5,
+ KEYCHAIN_ALGO_HMAC_SHA1,
+ KEYCHAIN_ALGO_HMAC_SHA256,
+ KEYCHAIN_ALGO_HMAC_SHA384,
+ KEYCHAIN_ALGO_HMAC_SHA512,
+ KEYCHAIN_ALGO_MAX
+};
+
+#define KEYCHAIN_MD5_HASH_SIZE 16
+#define KEYCHAIN_HMAC_SHA1_HASH_SIZE 20
+#define KEYCHAIN_HMAC_SHA256_HASH_SIZE 32
+#define KEYCHAIN_HMAC_SHA384_HASH_SIZE 48
+#define KEYCHAIN_HMAC_SHA512_HASH_SIZE 64
+#define KEYCHAIN_MAX_HASH_SIZE 64
+
+#define KEYCHAIN_ALGO_MD5_INTERNAL_BLK_SIZE 16
+#define KEYCHAIN_ALGO_SHA1_INTERNAL_BLK_SIZE 64
+#define KEYCHAIN_ALGO_SHA256_INTERNAL_BLK_SIZE 64
+#define KEYCHAIN_ALGO_SHA384_INTERNAL_BLK_SIZE 128
+#define KEYCHAIN_ALGO_SHA512_INTERNAL_BLK_SIZE 128
+#define KEYCHAIN_ALGO_MAX_INTERNAL_BLK_SIZE 128
+
+struct keychain_algo_info {
+ enum keychain_hash_algo key;
+ const char *name;
+ uint32_t length;
+ uint32_t block;
+ const char *desc;
+};
+
+extern const struct keychain_algo_info algo_info[];
+uint32_t keychain_get_block_size(enum keychain_hash_algo key);
+uint32_t keychain_get_hash_len(enum keychain_hash_algo key);
+const char *keychain_get_description(enum keychain_hash_algo key);
+struct keychain_algo_info
+keychain_get_hash_algo_info(enum keychain_hash_algo key);
+enum keychain_hash_algo keychain_get_algo_id_by_name(const char *name);
+const char *keychain_get_algo_name_by_id(enum keychain_hash_algo key);
+
struct keychain {
char *name;
uint32_t index;
char *string;
-
+ enum keychain_hash_algo hash_algo;
struct key_range send;
struct key_range accept;
extern struct key *key_lookup_for_accept(const struct keychain *, uint32_t);
extern struct key *key_match_for_accept(const struct keychain *, const char *);
extern struct key *key_lookup_for_send(const struct keychain *);
-
+const char *keychain_algo_str(enum keychain_hash_algo hash_algo);
#ifdef __cplusplus
}
#endif