[PATCH 0/4] Add MAC authentication support to the Babel protocol
Ondrej Zajicek
santiago at crfreenet.org
Tue Mar 10 16:07:11 CET 2020
On Sun, Feb 23, 2020 at 11:56:33PM +0100, Toke Høiland-Jørgensen wrote:
> This series adds MAC authentication support to the Babel protocol as specified
> in by the IETF Babel working group in draft-babel-hmac-10:
Hi
Some more comments / questions:
1/4:
BIRD_CHECK_GETRANDOM_SYSCALL - direct syscall case seems unnecessary,
as we can fallback to /dev/urandom anyways.
BIRD_CHECK_GETRANDOM - just use generic AC_CHECK_FUNCS / AC_SEARCH_LIBS ?
I think that random_bytes() should not fail.
2/4:
blake2 - We definitely need unit tests here. Ideally there should exist some
reference data / hash pairs for blake2. See mac_test.c
There are '#if defined(NATIVE_LITTLE_ENDIAN)' in the code, does anybody define these?
3/4:
What is point of separating babel_parse_state and babel_read_state?
Why export packet/TLV structures from packets.c? General pattern in BIRD
(including Babel) is that wire format details is hidden in packets.c and more
abstract structures are exported outside (e.g. union babel_msg). Seems to me
that it would make sense to have low-level auth code (TLV read/write code,
packet signing/verifying) directly in packets.c, while high-level code
(challenge response mechanism) in babel.c.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list