BFD: SHA1 authentication

Add authentication support to BFD feature. Out of three existing authentication types, implement SHA1 (sole RFC requirement). Simple password is insecure and MD5 is discouraged by the RFC, so ignore those. Add/change APIs to allow configuring BFD authentication keys and their usage with BFD sessions. Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415 Signed-off-by: Klement Sekera <ksekera@cisco.com>
author: Klement Sekera <ksekera@cisco.com> 2017-01-09 07:43:48 +0100
committer: Damjan Marion <dmarion.lists@gmail.com> 2017-02-02 12:04:30 +0000
commit: b17dd9607ee8ecba5ae3ef69c7b4915b57de292a (patch)
tree: aa8d22ac4a9ea3adc2f96c4d754273af505950d5 /src/vnet/bfd/bfd_protocol.c
parent: 402ed3128512efc091a560729ce1e772a86e9f74 (diff)
1 files changed, 106 insertions, 21 deletions
diff --git a/src/vnet/bfd/bfd_protocol.c b/src/vnet/bfd/bfd_protocol.c
index ede9536f3cf..180fc6df8fd 100644
--- a/src/vnet/bfd/bfd_protocol.c
+++ b/src/vnet/bfd/bfd_protocol.c
@@ -1,74 +1,159 @@
+/*
+ * Copyright (c) 2011-2016 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 #include <vnet/bfd/bfd_protocol.h>
 
-u8 bfd_pkt_get_version (const bfd_pkt_t *pkt)
+u8
+bfd_pkt_get_version (const bfd_pkt_t * pkt)
 {
   return pkt->head.vers_diag >> 5;
 }
 
-void bfd_pkt_set_version (bfd_pkt_t *pkt, int version)
+void
+bfd_pkt_set_version (bfd_pkt_t * pkt, int version)
 {
   pkt->head.vers_diag =
-      (version << 5) | (pkt->head.vers_diag & ((1 << 5) - 1));
+    (version << 5) | (pkt->head.vers_diag & ((1 << 5) - 1));
 }
 
-u8 bfd_pkt_get_diag_code (const bfd_pkt_t *pkt)
+u8
+bfd_pkt_get_diag_code (const bfd_pkt_t * pkt)
 {
   return pkt->head.vers_diag & ((1 << 5) - 1);
 }
 
-void bfd_pkt_set_diag_code (bfd_pkt_t *pkt, int value)
+void
+bfd_pkt_set_diag_code (bfd_pkt_t * pkt, int value)
 {
   pkt->head.vers_diag =
-      (pkt->head.vers_diag & ~((1 << 5) - 1)) | (value & ((1 << 5) - 1));
+    (pkt->head.vers_diag & ~((1 << 5) - 1)) | (value & ((1 << 5) - 1));
 }
 
-u8 bfd_pkt_get_state (const bfd_pkt_t *pkt)
+u8
+bfd_pkt_get_state (const bfd_pkt_t * pkt)
 {
   return pkt->head.sta_flags >> 6;
 }
 
-void bfd_pkt_set_state (bfd_pkt_t *pkt, int value)
+void
+bfd_pkt_set_state (bfd_pkt_t * pkt, int value)
 {
   pkt->head.sta_flags = (value << 6) | (pkt->head.sta_flags & ((1 << 6) - 1));
 }
 
-u8 bfd_pkt_get_poll (const bfd_pkt_t *pkt)
+u8
+bfd_pkt_get_poll (const bfd_pkt_t * pkt)
 {
   return (pkt->head.sta_flags >> 5) & 1;
 }
 
-void bfd_pkt_set_final (bfd_pkt_t *pkt) { pkt->head.sta_flags |= 1 << 5; }
+void
+bfd_pkt_set_poll (bfd_pkt_t * pkt)
+{
+  pkt->head.sta_flags |= 1 << 5;
+}
 
-u8 bfd_pkt_get_final (const bfd_pkt_t *pkt)
+u8
+bfd_pkt_get_final (const bfd_pkt_t * pkt)
 {
   return (pkt->head.sta_flags >> 4) & 1;
 }
 
-void bfd_pkt_set_poll (bfd_pkt_t *pkt);
-u8 bfd_pkt_get_control_plane_independent (const bfd_pkt_t *pkt)
+void
+bfd_pkt_set_final (bfd_pkt_t * pkt)
+{
+  pkt->head.sta_flags |= 1 << 4;
+}
+
+u8
+bfd_pkt_get_control_plane_independent (const bfd_pkt_t * pkt)
 {
   return (pkt->head.sta_flags >> 3) & 1;
 }
 
-void bfd_pkt_set_control_plane_independent (bfd_pkt_t *pkt);
+void
+bfd_pkt_set_control_plane_independent (bfd_pkt_t * pkt)
+{
+  pkt->head.sta_flags |= 1 << 3;
+}
 
-u8 bfd_pkt_get_auth_present (const bfd_pkt_t *pkt)
+u8
+bfd_pkt_get_auth_present (const bfd_pkt_t * pkt)
 {
   return (pkt->head.sta_flags >> 2) & 1;
 }
 
-void bfd_pkt_set_auth_present (bfd_pkt_t *pkt);
+void
+bfd_pkt_set_auth_present (bfd_pkt_t * pkt)
+{
+  pkt->head.sta_flags |= 1 << 2;
+}
 
-u8 bfd_pkt_get_demand (const bfd_pkt_t *pkt)
+u8
+bfd_pkt_get_demand (const bfd_pkt_t * pkt)
 {
   return (pkt->head.sta_flags >> 1) & 1;
 }
 
-void bfd_pkt_set_demand (bfd_pkt_t *pkt) { pkt->head.sta_flags |= 1 << 1; }
+void
+bfd_pkt_set_demand (bfd_pkt_t * pkt)
+{
+  pkt->head.sta_flags |= 1 << 1;
+}
+
+u8
+bfd_pkt_get_multipoint (const bfd_pkt_t * pkt)
+{
+  return (pkt->head.sta_flags >> 0) & 1;
+}
+
+void
+bfd_pkt_set_multipoint (bfd_pkt_t * pkt)
+{
+  pkt->head.sta_flags |= 1 << 0;
+}
+
+u32
+bfd_max_len_for_auth_type (bfd_auth_type_e auth_type)
+{
+#define F(t, l, n, s) \
+  if (auth_type == t) \
+    {                 \
+      return l;       \
+    }
+  foreach_bfd_auth_type (F);
+#undef F
+  return 0;
+}
 
-u8 bfd_pkt_get_multipoint (const bfd_pkt_t *pkt)
+const char *
+bfd_auth_type_str (bfd_auth_type_e auth_type)
 {
-  return pkt->head.sta_flags & 1;
+#define F(t, l, n, s) \
+  if (auth_type == t) \
+    {                 \
+      return s;       \
+    }
+  foreach_bfd_auth_type (F);
+#undef F
+  return "UNKNOWN";
 }
 
-void bfd_pkt_set_multipoint (bfd_pkt_t *pkt);
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
author	Klement Sekera <ksekera@cisco.com>	2017-01-09 07:43:48 +0100
committer	Damjan Marion <dmarion.lists@gmail.com>	2017-02-02 12:04:30 +0000
commit	b17dd9607ee8ecba5ae3ef69c7b4915b57de292a (patch)
tree	aa8d22ac4a9ea3adc2f96c4d754273af505950d5 /src/vnet/bfd/bfd_protocol.c
parent	402ed3128512efc091a560729ce1e772a86e9f74 (diff)