[PATCH v4 0/8] Add MAC authentication support to the Babel protocol

Tue Mar 2 23:15:24 CET 2021

Toke Høiland-Jørgensen <toke at toke.dk> writes:

> This series adds MAC authentication support to the Babel protocol as specified
> in in RFC8967:
>
> https://www.rfc-editor.org/rfc/rfc8967
>
> I have performed basic interoperability testing between this implementation and
> the current babeld HMAC implementation[1]. The two implementations were able to
> successfully exchange authenticated messages with both HMAC-256 and Blake2s-256
> keys.
>
> Given the above, and the fact that the RFC was finally published at the the
> IETF, I believe this series is ready for merging (subject to review, of course).
> For those wanting to test the code, a version of Bird with this series applied
> is available on Github[2] for easy consumption.
>
> [1] https://github.com/jech/babeld/pull/52
> [2] https://github.com/tohojo/bird/tree/babel-mac-04
>
> Changelog:
>
> v4:
> - Update RFC references to the published RFC numbers (for both MAC and Babel
>   itself).
> - Rework WALK_TLVS macro to not cast initial argument, and not use goto for
>   framing errors.
> - Change MAC validation logic to just let algorithms specify min/max len and
>   enforce full key size length even for the smaller-output variants of Blake2.
>
> v3:
> - Add variants with smaller digest sizes for blake2s and blake2b.
> - Rebase on current master
>
> v2:
> - Don't reinvent AC_CHECK_FUNCS() for configure
> - Make sure random_bytes() never fails (without taking the whole daemon with it)
> - Use existing endianness defines in blake2s code
> - Just leave MAC-related code in babel.c/packets.c instead of adding a new file
> - Add blake2s test vectors (new patch 3)
> - Support supplying mac keys as raw hexadecimal bytes and allow algorithms to
>   validate keys on configure (new patches 4-5)
>
> v1:
> - Add wrapper function to bird sysdep code to pick a suitable source of random
>   bytes
> - Import reference Blake2 implementations into lib/
> - Rename function names and data structures to use an auth_ prefix instead of hmac_
> - Perform a separate authentication pass before parsing the packet, and move the
>   authentication-related code to its own source file
> - Enforce key length recommendation from the specification
> - Add a 'permissive' configuration mode where outgoing packets are signed but
>   incoming packets are accepted even though they fail authentication
> - Add user documentation for the authentication configuration, and function
>   docstrings to the main authentication functions
> - Fix a bunch of nits and code style issues

Ping? Anyone had a chance to take a look at this? :)

-Toke