Hi, I've finally gotten my act together, and reworked Clara's and Weronika's implementation of Babel-HMAC. You can get the code by doing
git clone -b hmac --recurse-submodules https://github.com/jech/babeld While this code is almost completely untested, it is meant to eventually implement the protocol described in https://tools.ietf.org/html/draft-ietf-babel-hmac Known issues: - no interop testing has been done yet; - we create a neighbour entry too early, which makes us vulnerable to DoS; - we compute HMAC for each TLV, rather than just once for the whole packet, which, again, makes us vulnerable to DoS; - we don't timeout neighbours properly, which makes us vulnerable to delayed packets; - we only support sending one HMAC (receiving multiple HMACs should work, but for obvious reasons it's untested); - we don't support key rotation. You can test this code by saying something like: babeld -C 'key id test type sha256 value ebf49e6fbc6414aa567e30891846e96963cdda73289b9cd245d67ff9d281abc0' -C 'interface eth0 hmac test' The "key" stanza defines a key of type sha256, with the value given as a 32 byte-long hex key. The "interface" stanza enables the key on the interface eth0. In addition to "type sha256", we support "type blake2s", which requires a 16 byte-long key. -- Juliusz _______________________________________________ Babel-users mailing list Babel-users@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users