summaryrefslogtreecommitdiffstats
path: root/lib/keychain.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--lib/keychain.c1256
1 files changed, 1256 insertions, 0 deletions
diff --git a/lib/keychain.c b/lib/keychain.c
new file mode 100644
index 0000000..640746b
--- /dev/null
+++ b/lib/keychain.c
@@ -0,0 +1,1256 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* key-chain for authentication.
+ * Copyright (C) 2000 Kunihiro Ishiguro
+ */
+
+#include "config.h"
+#include <zebra.h>
+
+#include "command.h"
+#include "memory.h"
+#include "linklist.h"
+#include "keychain.h"
+
+DEFINE_MTYPE_STATIC(LIB, KEY, "Key");
+DEFINE_MTYPE_STATIC(LIB, KEYCHAIN, "Key chain");
+
+DEFINE_QOBJ_TYPE(keychain);
+DEFINE_QOBJ_TYPE(key);
+
+/* Master list of key chain. */
+static struct list *keychain_list;
+
+static struct keychain *keychain_new(void)
+{
+ struct keychain *keychain;
+ keychain = XCALLOC(MTYPE_KEYCHAIN, sizeof(struct keychain));
+ QOBJ_REG(keychain, keychain);
+ return keychain;
+}
+
+static void keychain_free(struct keychain *keychain)
+{
+ QOBJ_UNREG(keychain);
+ XFREE(MTYPE_KEYCHAIN, keychain);
+}
+
+static struct key *key_new(void)
+{
+ struct key *key = XCALLOC(MTYPE_KEY, sizeof(struct key));
+ QOBJ_REG(key, key);
+ return key;
+}
+
+static void key_free(struct key *key)
+{
+ QOBJ_UNREG(key);
+ XFREE(MTYPE_KEY, key);
+}
+
+struct keychain *keychain_lookup(const char *name)
+{
+ struct listnode *node;
+ struct keychain *keychain;
+
+ if (name == NULL)
+ return NULL;
+
+ for (ALL_LIST_ELEMENTS_RO(keychain_list, node, keychain)) {
+ if (strcmp(keychain->name, name) == 0)
+ return keychain;
+ }
+ return NULL;
+}
+
+static int key_cmp_func(void *arg1, void *arg2)
+{
+ const struct key *k1 = arg1;
+ const struct key *k2 = arg2;
+
+ if (k1->index > k2->index)
+ return 1;
+ if (k1->index < k2->index)
+ return -1;
+ return 0;
+}
+
+static void key_delete_func(struct key *key)
+{
+ if (key->string)
+ free(key->string);
+ key_free(key);
+}
+
+static struct keychain *keychain_get(const char *name)
+{
+ struct keychain *keychain;
+
+ keychain = keychain_lookup(name);
+
+ if (keychain)
+ return keychain;
+
+ keychain = keychain_new();
+ keychain->name = XSTRDUP(MTYPE_KEYCHAIN, name);
+ keychain->key = list_new();
+ keychain->key->cmp = (int (*)(void *, void *))key_cmp_func;
+ keychain->key->del = (void (*)(void *))key_delete_func;
+ listnode_add(keychain_list, keychain);
+
+ return keychain;
+}
+
+static void keychain_delete(struct keychain *keychain)
+{
+ XFREE(MTYPE_KEYCHAIN, keychain->name);
+
+ list_delete(&keychain->key);
+ listnode_delete(keychain_list, keychain);
+ keychain_free(keychain);
+}
+
+static struct key *key_lookup(const struct keychain *keychain, uint32_t index)
+{
+ struct listnode *node;
+ struct key *key;
+
+ for (ALL_LIST_ELEMENTS_RO(keychain->key, node, key)) {
+ if (key->index == index)
+ return key;
+ }
+ return NULL;
+}
+
+struct key *key_lookup_for_accept(const struct keychain *keychain,
+ uint32_t index)
+{
+ struct listnode *node;
+ struct key *key;
+ time_t now;
+
+ now = time(NULL);
+
+ for (ALL_LIST_ELEMENTS_RO(keychain->key, node, key)) {
+ if (key->index >= index) {
+ if (key->accept.start == 0)
+ return key;
+
+ if (key->accept.start <= now)
+ if (key->accept.end >= now
+ || key->accept.end == -1)
+ return key;
+ }
+ }
+ return NULL;
+}
+
+struct key *key_match_for_accept(const struct keychain *keychain,
+ const char *auth_str)
+{
+ struct listnode *node;
+ struct key *key;
+ time_t now;
+
+ now = time(NULL);
+
+ for (ALL_LIST_ELEMENTS_RO(keychain->key, node, key)) {
+ if (key->accept.start == 0
+ || (key->accept.start <= now
+ && (key->accept.end >= now || key->accept.end == -1)))
+ if (key->string && (strncmp(key->string, auth_str, 16) == 0))
+ return key;
+ }
+ return NULL;
+}
+
+struct key *key_lookup_for_send(const struct keychain *keychain)
+{
+ struct listnode *node;
+ struct key *key;
+ time_t now;
+
+ now = time(NULL);
+
+ for (ALL_LIST_ELEMENTS_RO(keychain->key, node, key)) {
+ if (key->send.start == 0)
+ return key;
+
+ if (key->send.start <= now)
+ if (key->send.end >= now || key->send.end == -1)
+ return key;
+ }
+ return NULL;
+}
+
+static struct key *key_get(const struct keychain *keychain, uint32_t index)
+{
+ struct key *key;
+
+ key = key_lookup(keychain, index);
+
+ if (key)
+ return key;
+
+ key = key_new();
+ key->index = index;
+ key->hash_algo = KEYCHAIN_ALGO_NULL;
+ listnode_add_sort(keychain->key, key);
+
+ return key;
+}
+
+static void key_delete(struct keychain *keychain, struct key *key)
+{
+ listnode_delete(keychain->key, key);
+
+ XFREE(MTYPE_KEY, key->string);
+ key_free(key);
+}
+
+DEFUN_NOSH (key_chain,
+ key_chain_cmd,
+ "key chain WORD",
+ "Authentication key management\n"
+ "Key-chain management\n"
+ "Key-chain name\n")
+{
+ int idx_word = 2;
+ struct keychain *keychain;
+
+ keychain = keychain_get(argv[idx_word]->arg);
+ VTY_PUSH_CONTEXT(KEYCHAIN_NODE, keychain);
+
+ return CMD_SUCCESS;
+}
+
+DEFUN (no_key_chain,
+ no_key_chain_cmd,
+ "no key chain WORD",
+ NO_STR
+ "Authentication key management\n"
+ "Key-chain management\n"
+ "Key-chain name\n")
+{
+ int idx_word = 3;
+ struct keychain *keychain;
+
+ keychain = keychain_lookup(argv[idx_word]->arg);
+
+ if (!keychain) {
+ vty_out(vty, "Can't find keychain %s\n", argv[idx_word]->arg);
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+
+ keychain_delete(keychain);
+
+ return CMD_SUCCESS;
+}
+
+DEFUN_NOSH (key,
+ key_cmd,
+ "key (0-2147483647)",
+ "Configure a key\n"
+ "Key identifier number\n")
+{
+ int idx_number = 1;
+ VTY_DECLVAR_CONTEXT(keychain, keychain);
+ struct key *key;
+ uint32_t index;
+
+ index = strtoul(argv[idx_number]->arg, NULL, 10);
+ key = key_get(keychain, index);
+ VTY_PUSH_CONTEXT_SUB(KEYCHAIN_KEY_NODE, key);
+
+ return CMD_SUCCESS;
+}
+
+DEFUN (no_key,
+ no_key_cmd,
+ "no key (0-2147483647)",
+ NO_STR
+ "Delete a key\n"
+ "Key identifier number\n")
+{
+ int idx_number = 2;
+ VTY_DECLVAR_CONTEXT(keychain, keychain);
+ struct key *key;
+ uint32_t index;
+
+ index = strtoul(argv[idx_number]->arg, NULL, 10);
+ key = key_lookup(keychain, index);
+ if (!key) {
+ vty_out(vty, "Can't find key %d\n", index);
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+
+ key_delete(keychain, key);
+
+ vty->node = KEYCHAIN_NODE;
+
+ return CMD_SUCCESS;
+}
+
+DEFUN (key_string,
+ key_string_cmd,
+ "key-string LINE",
+ "Set key string\n"
+ "The key\n")
+{
+ int idx_line = 1;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ if (key->string)
+ XFREE(MTYPE_KEY, key->string);
+ key->string = XSTRDUP(MTYPE_KEY, argv[idx_line]->arg);
+
+ return CMD_SUCCESS;
+}
+
+DEFUN (no_key_string,
+ no_key_string_cmd,
+ "no key-string [LINE]",
+ NO_STR
+ "Unset key string\n"
+ "The key\n")
+{
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ if (key->string) {
+ XFREE(MTYPE_KEY, key->string);
+ key->string = NULL;
+ }
+
+ return CMD_SUCCESS;
+}
+
+const struct keychain_algo_info algo_info[] = {
+ {KEYCHAIN_ALGO_NULL, "null", 0, 0, "NULL"},
+ {KEYCHAIN_ALGO_MD5, "md5", KEYCHAIN_MD5_HASH_SIZE,
+ KEYCHAIN_ALGO_MD5_INTERNAL_BLK_SIZE, "MD5"},
+ {KEYCHAIN_ALGO_HMAC_SHA1, "hmac-sha-1", KEYCHAIN_HMAC_SHA1_HASH_SIZE,
+ KEYCHAIN_ALGO_SHA1_INTERNAL_BLK_SIZE, "HMAC-SHA-1"},
+ {KEYCHAIN_ALGO_HMAC_SHA256, "hmac-sha-256",
+ KEYCHAIN_HMAC_SHA256_HASH_SIZE, KEYCHAIN_ALGO_SHA256_INTERNAL_BLK_SIZE,
+ "HMAC-SHA-256"},
+ {KEYCHAIN_ALGO_HMAC_SHA384, "hmac-sha-384",
+ KEYCHAIN_HMAC_SHA384_HASH_SIZE, KEYCHAIN_ALGO_SHA384_INTERNAL_BLK_SIZE,
+ "HMAC-SHA-384"},
+ {KEYCHAIN_ALGO_HMAC_SHA512, "hmac-sha-512",
+ KEYCHAIN_HMAC_SHA512_HASH_SIZE, KEYCHAIN_ALGO_SHA512_INTERNAL_BLK_SIZE,
+ "HMAC-SHA-512"},
+ {KEYCHAIN_ALGO_MAX, "max", KEYCHAIN_MAX_HASH_SIZE,
+ KEYCHAIN_ALGO_MAX_INTERNAL_BLK_SIZE, "Not defined"}
+};
+
+uint16_t keychain_get_block_size(enum keychain_hash_algo key)
+{
+ return algo_info[key].block;
+}
+
+uint16_t keychain_get_hash_len(enum keychain_hash_algo key)
+{
+ return algo_info[key].length;
+}
+
+const char *keychain_get_description(enum keychain_hash_algo key)
+{
+ return algo_info[key].desc;
+}
+
+struct keychain_algo_info
+keychain_get_hash_algo_info(enum keychain_hash_algo key)
+{
+ return algo_info[key];
+}
+
+enum keychain_hash_algo keychain_get_algo_id_by_name(const char *name)
+{
+#ifdef CRYPTO_INTERNAL
+ if (!strncmp(name, "hmac-sha-2", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA256;
+ else if (!strncmp(name, "m", 1))
+ return KEYCHAIN_ALGO_MD5;
+ else
+ return KEYCHAIN_ALGO_NULL;
+#else
+ if (!strncmp(name, "m", 1))
+ return KEYCHAIN_ALGO_MD5;
+ else if (!strncmp(name, "hmac-sha-1", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA1;
+ else if (!strncmp(name, "hmac-sha-2", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA256;
+ else if (!strncmp(name, "hmac-sha-3", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA384;
+ else if (!strncmp(name, "hmac-sha-5", 10))
+ return KEYCHAIN_ALGO_HMAC_SHA512;
+ else
+ return KEYCHAIN_ALGO_NULL;
+#endif
+}
+
+const char *keychain_get_algo_name_by_id(enum keychain_hash_algo key)
+{
+ return algo_info[key].name;
+}
+
+DEFUN(cryptographic_algorithm, cryptographic_algorithm_cmd,
+ "cryptographic-algorithm "
+ "<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>",
+ "Cryptographic-algorithm\n"
+ "Use MD5 algorithm\n"
+ "Use HMAC-SHA-1 algorithm\n"
+ "Use HMAC-SHA-256 algorithm\n"
+ "Use HMAC-SHA-384 algorithm\n"
+ "Use HMAC-SHA-512 algorithm\n")
+{
+ int algo_idx = 1;
+ uint8_t hash_algo = KEYCHAIN_ALGO_NULL;
+
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+ hash_algo = keychain_get_algo_id_by_name(argv[algo_idx]->arg);
+#ifndef CRYPTO_OPENSSL
+ if (hash_algo == KEYCHAIN_ALGO_NULL) {
+ vty_out(vty,
+ "Hash algorithm not supported, compile with --with-crypto=openssl\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+#endif /* CRYPTO_OPENSSL */
+ key->hash_algo = hash_algo;
+ return CMD_SUCCESS;
+}
+
+DEFUN(no_cryptographic_algorithm, no_cryptographic_algorithm_cmd,
+ "no cryptographic-algorithm "
+ "[<md5|hmac-sha-1|hmac-sha-256|hmac-sha-384|hmac-sha-512>]",
+ NO_STR
+ "Cryptographic-algorithm\n"
+ "Use MD5 algorithm\n"
+ "Use HMAC-SHA-1 algorithm\n"
+ "Use HMAC-SHA-256 algorithm\n"
+ "Use HMAC-SHA-384 algorithm\n"
+ "Use HMAC-SHA-512 algorithm\n")
+{
+ int algo_idx = 2;
+ uint8_t hash_algo = KEYCHAIN_ALGO_NULL;
+
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+ if (argc > algo_idx) {
+ hash_algo = keychain_get_algo_id_by_name(argv[algo_idx]->arg);
+ if (hash_algo == KEYCHAIN_ALGO_NULL) {
+ vty_out(vty,
+ "Hash algorithm not supported, try compiling with --with-crypto=openssl\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+ }
+
+ if ((hash_algo != KEYCHAIN_ALGO_NULL) && (hash_algo != key->hash_algo))
+ return CMD_SUCCESS;
+
+ key->hash_algo = KEYCHAIN_ALGO_NULL;
+ return CMD_SUCCESS;
+}
+
+/* Convert HH:MM:SS MON DAY YEAR to time_t value. -1 is returned when
+ given string is malformed. */
+static time_t key_str2time(const char *time_str, const char *day_str,
+ const char *month_str, const char *year_str)
+{
+ int i = 0;
+ char *colon;
+ struct tm tm;
+ time_t time;
+ unsigned int sec, min, hour;
+ unsigned int day, month, year;
+
+ const char *month_name[] = {
+ "January", "February", "March", "April", "May",
+ "June", "July", "August", "September", "October",
+ "November", "December", NULL};
+
+#define _GET_LONG_RANGE(V, STR, MMCOND) \
+ { \
+ unsigned long tmpl; \
+ char *endptr = NULL; \
+ tmpl = strtoul((STR), &endptr, 10); \
+ if (*endptr != '\0' || tmpl == ULONG_MAX) \
+ return -1; \
+ if (MMCOND) \
+ return -1; \
+ (V) = tmpl; \
+ }
+#define GET_LONG_RANGE(V, STR, MIN, MAX) \
+ _GET_LONG_RANGE(V, STR, tmpl<(MIN) || tmpl>(MAX))
+#define GET_LONG_RANGE0(V, STR, MAX) _GET_LONG_RANGE(V, STR, tmpl > (MAX))
+
+ /* Check hour field of time_str. */
+ colon = strchr(time_str, ':');
+ if (colon == NULL)
+ return -1;
+ *colon = '\0';
+
+ /* Hour must be between 0 and 23. */
+ GET_LONG_RANGE0(hour, time_str, 23);
+
+ /* Check min field of time_str. */
+ time_str = colon + 1;
+ colon = strchr(time_str, ':');
+ if (*time_str == '\0' || colon == NULL)
+ return -1;
+ *colon = '\0';
+
+ /* Min must be between 0 and 59. */
+ GET_LONG_RANGE0(min, time_str, 59);
+
+ /* Check sec field of time_str. */
+ time_str = colon + 1;
+ if (*time_str == '\0')
+ return -1;
+
+ /* Sec must be between 0 and 59. */
+ GET_LONG_RANGE0(sec, time_str, 59);
+
+ /* Check day_str. Day must be <1-31>. */
+ GET_LONG_RANGE(day, day_str, 1, 31);
+
+ /* Check month_str. Month must match month_name. */
+ month = 0;
+ if (strlen(month_str) >= 3)
+ for (i = 0; month_name[i]; i++)
+ if (strncmp(month_str, month_name[i], strlen(month_str))
+ == 0) {
+ month = i;
+ break;
+ }
+ if (!month_name[i])
+ return -1;
+
+ /* Check year_str. Year must be <1993-2035>. */
+ GET_LONG_RANGE(year, year_str, 1993, 2035);
+
+ memset(&tm, 0, sizeof(tm));
+ tm.tm_sec = sec;
+ tm.tm_min = min;
+ tm.tm_hour = hour;
+ tm.tm_mon = month;
+ tm.tm_mday = day;
+ tm.tm_year = year - 1900;
+
+ time = mktime(&tm);
+
+ return time;
+#undef GET_LONG_RANGE
+}
+
+static int key_lifetime_set(struct vty *vty, struct key_range *krange,
+ const char *stime_str, const char *sday_str,
+ const char *smonth_str, const char *syear_str,
+ const char *etime_str, const char *eday_str,
+ const char *emonth_str, const char *eyear_str)
+{
+ time_t time_start;
+ time_t time_end;
+
+ time_start = key_str2time(stime_str, sday_str, smonth_str, syear_str);
+ if (time_start < 0) {
+ vty_out(vty, "Malformed time value\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+ time_end = key_str2time(etime_str, eday_str, emonth_str, eyear_str);
+
+ if (time_end < 0) {
+ vty_out(vty, "Malformed time value\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+
+ if (time_end <= time_start) {
+ vty_out(vty, "Expire time is not later than start time\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+
+ krange->start = time_start;
+ krange->end = time_end;
+
+ return CMD_SUCCESS;
+}
+
+static int key_lifetime_duration_set(struct vty *vty, struct key_range *krange,
+ const char *stime_str,
+ const char *sday_str,
+ const char *smonth_str,
+ const char *syear_str,
+ const char *duration_str)
+{
+ time_t time_start;
+ uint32_t duration;
+
+ time_start = key_str2time(stime_str, sday_str, smonth_str, syear_str);
+ if (time_start < 0) {
+ vty_out(vty, "Malformed time value\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+ krange->start = time_start;
+
+ duration = strtoul(duration_str, NULL, 10);
+ krange->duration = 1;
+ krange->end = time_start + duration;
+
+ return CMD_SUCCESS;
+}
+
+static int key_lifetime_infinite_set(struct vty *vty, struct key_range *krange,
+ const char *stime_str,
+ const char *sday_str,
+ const char *smonth_str,
+ const char *syear_str)
+{
+ time_t time_start;
+
+ time_start = key_str2time(stime_str, sday_str, smonth_str, syear_str);
+ if (time_start < 0) {
+ vty_out(vty, "Malformed time value\n");
+ return CMD_WARNING_CONFIG_FAILED;
+ }
+ krange->start = time_start;
+
+ krange->end = -1;
+
+ return CMD_SUCCESS;
+}
+
+DEFUN (accept_lifetime_day_month_day_month,
+ accept_lifetime_day_month_day_month_cmd,
+ "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)",
+ "Set accept lifetime of the key\n"
+ "Time to start\n"
+ "Day of th month to start\n"
+ "Month of the year to start\n"
+ "Year to start\n"
+ "Time to expire\n"
+ "Day of th month to expire\n"
+ "Month of the year to expire\n"
+ "Year to expire\n")
+{
+ int idx_hhmmss = 1;
+ int idx_number = 2;
+ int idx_month = 3;
+ int idx_number_2 = 4;
+ int idx_hhmmss_2 = 5;
+ int idx_number_3 = 6;
+ int idx_month_2 = 7;
+ int idx_number_4 = 8;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_set(
+ vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg,
+ argv[idx_month_2]->arg, argv[idx_number_4]->arg);
+}
+
+DEFUN (accept_lifetime_day_month_month_day,
+ accept_lifetime_day_month_month_day_cmd,
+ "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)",
+ "Set accept lifetime of the key\n"
+ "Time to start\n"
+ "Day of th month to start\n"
+ "Month of the year to start\n"
+ "Year to start\n"
+ "Time to expire\n"
+ "Month of the year to expire\n"
+ "Day of th month to expire\n"
+ "Year to expire\n")
+{
+ int idx_hhmmss = 1;
+ int idx_number = 2;
+ int idx_month = 3;
+ int idx_number_2 = 4;
+ int idx_hhmmss_2 = 5;
+ int idx_month_2 = 6;
+ int idx_number_3 = 7;
+ int idx_number_4 = 8;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_set(
+ vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg,
+ argv[idx_month_2]->arg, argv[idx_number_4]->arg);
+}
+
+DEFUN (accept_lifetime_month_day_day_month,
+ accept_lifetime_month_day_day_month_cmd,
+ "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)",
+ "Set accept lifetime of the key\n"
+ "Time to start\n"
+ "Month of the year to start\n"
+ "Day of th month to start\n"
+ "Year to start\n"
+ "Time to expire\n"
+ "Day of th month to expire\n"
+ "Month of the year to expire\n"
+ "Year to expire\n")
+{
+ int idx_hhmmss = 1;
+ int idx_month = 2;
+ int idx_number = 3;
+ int idx_number_2 = 4;
+ int idx_hhmmss_2 = 5;
+ int idx_number_3 = 6;
+ int idx_month_2 = 7;
+ int idx_number_4 = 8;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_set(
+ vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg,
+ argv[idx_month_2]->arg, argv[idx_number_4]->arg);
+}
+
+DEFUN (accept_lifetime_month_day_month_day,
+ accept_lifetime_month_day_month_day_cmd,
+ "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)",
+ "Set accept lifetime of the key\n"
+ "Time to start\n"
+ "Month of the year to start\n"
+ "Day of th month to start\n"
+ "Year to start\n"
+ "Time to expire\n"
+ "Month of the year to expire\n"
+ "Day of th month to expire\n"
+ "Year to expire\n")
+{
+ int idx_hhmmss = 1;
+ int idx_month = 2;
+ int idx_number = 3;
+ int idx_number_2 = 4;
+ int idx_hhmmss_2 = 5;
+ int idx_month_2 = 6;
+ int idx_number_3 = 7;
+ int idx_number_4 = 8;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_set(
+ vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg,
+ argv[idx_month_2]->arg, argv[idx_number_4]->arg);
+}
+
+DEFUN (accept_lifetime_infinite_day_month,
+ accept_lifetime_infinite_day_month_cmd,
+ "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) infinite",
+ "Set accept lifetime of the key\n"
+ "Time to start\n"
+ "Day of th month to start\n"
+ "Month of the year to start\n"
+ "Year to start\n"
+ "Never expires\n")
+{
+ int idx_hhmmss = 1;
+ int idx_number = 2;
+ int idx_month = 3;
+ int idx_number_2 = 4;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_infinite_set(
+ vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg);
+}
+
+DEFUN (accept_lifetime_infinite_month_day,
+ accept_lifetime_infinite_month_day_cmd,
+ "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) infinite",
+ "Set accept lifetime of the key\n"
+ "Time to start\n"
+ "Month of the year to start\n"
+ "Day of th month to start\n"
+ "Year to start\n"
+ "Never expires\n")
+{
+ int idx_hhmmss = 1;
+ int idx_month = 2;
+ int idx_number = 3;
+ int idx_number_2 = 4;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_infinite_set(
+ vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg);
+}
+
+DEFUN (accept_lifetime_duration_day_month,
+ accept_lifetime_duration_day_month_cmd,
+ "accept-lifetime HH:MM:SS (1-31) MONTH (1993-2035) duration (1-2147483646)",
+ "Set accept lifetime of the key\n"
+ "Time to start\n"
+ "Day of th month to start\n"
+ "Month of the year to start\n"
+ "Year to start\n"
+ "Duration of the key\n"
+ "Duration seconds\n")
+{
+ int idx_hhmmss = 1;
+ int idx_number = 2;
+ int idx_month = 3;
+ int idx_number_2 = 4;
+ int idx_number_3 = 6;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_duration_set(
+ vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_number_3]->arg);
+}
+
+DEFUN (accept_lifetime_duration_month_day,
+ accept_lifetime_duration_month_day_cmd,
+ "accept-lifetime HH:MM:SS MONTH (1-31) (1993-2035) duration (1-2147483646)",
+ "Set accept lifetime of the key\n"
+ "Time to start\n"
+ "Month of the year to start\n"
+ "Day of th month to start\n"
+ "Year to start\n"
+ "Duration of the key\n"
+ "Duration seconds\n")
+{
+ int idx_hhmmss = 1;
+ int idx_month = 2;
+ int idx_number = 3;
+ int idx_number_2 = 4;
+ int idx_number_3 = 6;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_duration_set(
+ vty, &key->accept, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_number_3]->arg);
+}
+
+DEFUN (no_accept_lifetime,
+ no_accept_lifetime_cmd,
+ "no accept-lifetime",
+ NO_STR
+ "Unset accept-lifetime\n")
+{
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ if (key->accept.start)
+ key->accept.start = 0;
+ if (key->accept.end)
+ key->accept.end = 0;
+ if (key->accept.duration)
+ key->accept.duration = 0;
+
+ return CMD_SUCCESS;
+}
+
+DEFUN (send_lifetime_day_month_day_month,
+ send_lifetime_day_month_day_month_cmd,
+ "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)",
+ "Set send lifetime of the key\n"
+ "Time to start\n"
+ "Day of th month to start\n"
+ "Month of the year to start\n"
+ "Year to start\n"
+ "Time to expire\n"
+ "Day of th month to expire\n"
+ "Month of the year to expire\n"
+ "Year to expire\n")
+{
+ int idx_hhmmss = 1;
+ int idx_number = 2;
+ int idx_month = 3;
+ int idx_number_2 = 4;
+ int idx_hhmmss_2 = 5;
+ int idx_number_3 = 6;
+ int idx_month_2 = 7;
+ int idx_number_4 = 8;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_set(
+ vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg,
+ argv[idx_month_2]->arg, argv[idx_number_4]->arg);
+}
+
+DEFUN (send_lifetime_day_month_month_day,
+ send_lifetime_day_month_month_day_cmd,
+ "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)",
+ "Set send lifetime of the key\n"
+ "Time to start\n"
+ "Day of th month to start\n"
+ "Month of the year to start\n"
+ "Year to start\n"
+ "Time to expire\n"
+ "Month of the year to expire\n"
+ "Day of th month to expire\n"
+ "Year to expire\n")
+{
+ int idx_hhmmss = 1;
+ int idx_number = 2;
+ int idx_month = 3;
+ int idx_number_2 = 4;
+ int idx_hhmmss_2 = 5;
+ int idx_month_2 = 6;
+ int idx_number_3 = 7;
+ int idx_number_4 = 8;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_set(
+ vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg,
+ argv[idx_month_2]->arg, argv[idx_number_4]->arg);
+}
+
+DEFUN (send_lifetime_month_day_day_month,
+ send_lifetime_month_day_day_month_cmd,
+ "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS (1-31) MONTH (1993-2035)",
+ "Set send lifetime of the key\n"
+ "Time to start\n"
+ "Month of the year to start\n"
+ "Day of th month to start\n"
+ "Year to start\n"
+ "Time to expire\n"
+ "Day of th month to expire\n"
+ "Month of the year to expire\n"
+ "Year to expire\n")
+{
+ int idx_hhmmss = 1;
+ int idx_month = 2;
+ int idx_number = 3;
+ int idx_number_2 = 4;
+ int idx_hhmmss_2 = 5;
+ int idx_number_3 = 6;
+ int idx_month_2 = 7;
+ int idx_number_4 = 8;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_set(
+ vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg,
+ argv[idx_month_2]->arg, argv[idx_number_4]->arg);
+}
+
+DEFUN (send_lifetime_month_day_month_day,
+ send_lifetime_month_day_month_day_cmd,
+ "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) HH:MM:SS MONTH (1-31) (1993-2035)",
+ "Set send lifetime of the key\n"
+ "Time to start\n"
+ "Month of the year to start\n"
+ "Day of th month to start\n"
+ "Year to start\n"
+ "Time to expire\n"
+ "Month of the year to expire\n"
+ "Day of th month to expire\n"
+ "Year to expire\n")
+{
+ int idx_hhmmss = 1;
+ int idx_month = 2;
+ int idx_number = 3;
+ int idx_number_2 = 4;
+ int idx_hhmmss_2 = 5;
+ int idx_month_2 = 6;
+ int idx_number_3 = 7;
+ int idx_number_4 = 8;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_set(
+ vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_hhmmss_2]->arg, argv[idx_number_3]->arg,
+ argv[idx_month_2]->arg, argv[idx_number_4]->arg);
+}
+
+DEFUN (send_lifetime_infinite_day_month,
+ send_lifetime_infinite_day_month_cmd,
+ "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) infinite",
+ "Set send lifetime of the key\n"
+ "Time to start\n"
+ "Day of th month to start\n"
+ "Month of the year to start\n"
+ "Year to start\n"
+ "Never expires\n")
+{
+ int idx_hhmmss = 1;
+ int idx_number = 2;
+ int idx_month = 3;
+ int idx_number_2 = 4;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_infinite_set(
+ vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg);
+}
+
+DEFUN (send_lifetime_infinite_month_day,
+ send_lifetime_infinite_month_day_cmd,
+ "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) infinite",
+ "Set send lifetime of the key\n"
+ "Time to start\n"
+ "Month of the year to start\n"
+ "Day of th month to start\n"
+ "Year to start\n"
+ "Never expires\n")
+{
+ int idx_hhmmss = 1;
+ int idx_month = 2;
+ int idx_number = 3;
+ int idx_number_2 = 4;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_infinite_set(
+ vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg);
+}
+
+DEFUN (send_lifetime_duration_day_month,
+ send_lifetime_duration_day_month_cmd,
+ "send-lifetime HH:MM:SS (1-31) MONTH (1993-2035) duration (1-2147483646)",
+ "Set send lifetime of the key\n"
+ "Time to start\n"
+ "Day of th month to start\n"
+ "Month of the year to start\n"
+ "Year to start\n"
+ "Duration of the key\n"
+ "Duration seconds\n")
+{
+ int idx_hhmmss = 1;
+ int idx_number = 2;
+ int idx_month = 3;
+ int idx_number_2 = 4;
+ int idx_number_3 = 6;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_duration_set(
+ vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_number_3]->arg);
+}
+
+DEFUN (send_lifetime_duration_month_day,
+ send_lifetime_duration_month_day_cmd,
+ "send-lifetime HH:MM:SS MONTH (1-31) (1993-2035) duration (1-2147483646)",
+ "Set send lifetime of the key\n"
+ "Time to start\n"
+ "Month of the year to start\n"
+ "Day of th month to start\n"
+ "Year to start\n"
+ "Duration of the key\n"
+ "Duration seconds\n")
+{
+ int idx_hhmmss = 1;
+ int idx_month = 2;
+ int idx_number = 3;
+ int idx_number_2 = 4;
+ int idx_number_3 = 6;
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ return key_lifetime_duration_set(
+ vty, &key->send, argv[idx_hhmmss]->arg, argv[idx_number]->arg,
+ argv[idx_month]->arg, argv[idx_number_2]->arg,
+ argv[idx_number_3]->arg);
+}
+
+DEFUN (no_send_lifetime,
+ no_send_lifetime_cmd,
+ "no send-lifetime",
+ NO_STR
+ "Unset send-lifetime\n")
+{
+ VTY_DECLVAR_CONTEXT_SUB(key, key);
+
+ if (key->send.start)
+ key->send.start = 0;
+ if (key->send.end)
+ key->send.end = 0;
+ if (key->send.duration)
+ key->send.duration = 0;
+
+ return CMD_SUCCESS;
+}
+
+static int keychain_config_write(struct vty *vty);
+static struct cmd_node keychain_node = {
+ .name = "keychain",
+ .node = KEYCHAIN_NODE,
+ .parent_node = CONFIG_NODE,
+ .prompt = "%s(config-keychain)# ",
+ .config_write = keychain_config_write,
+};
+
+static struct cmd_node keychain_key_node = {
+ .name = "keychain key",
+ .node = KEYCHAIN_KEY_NODE,
+ .parent_node = KEYCHAIN_NODE,
+ .prompt = "%s(config-keychain-key)# ",
+};
+
+static int keychain_strftime(char *buf, int bufsiz, time_t *time)
+{
+ struct tm tm;
+ size_t len;
+
+ localtime_r(time, &tm);
+
+ len = strftime(buf, bufsiz, "%T %b %d %Y", &tm);
+
+ return len;
+}
+
+static int keychain_config_write(struct vty *vty)
+{
+ struct keychain *keychain;
+ struct key *key;
+ struct listnode *node;
+ struct listnode *knode;
+ char buf[BUFSIZ];
+
+ for (ALL_LIST_ELEMENTS_RO(keychain_list, node, keychain)) {
+ vty_out(vty, "key chain %s\n", keychain->name);
+
+ for (ALL_LIST_ELEMENTS_RO(keychain->key, knode, key)) {
+ vty_out(vty, " key %d\n", key->index);
+
+ if (key->string)
+ vty_out(vty, " key-string %s\n", key->string);
+
+ if (key->hash_algo != KEYCHAIN_ALGO_NULL)
+ vty_out(vty, " cryptographic-algorithm %s\n",
+ keychain_get_algo_name_by_id(
+ key->hash_algo));
+
+ if (key->accept.start) {
+ keychain_strftime(buf, BUFSIZ,
+ &key->accept.start);
+ vty_out(vty, " accept-lifetime %s", buf);
+
+ if (key->accept.end == -1)
+ vty_out(vty, " infinite");
+ else if (key->accept.duration)
+ vty_out(vty, " duration %ld",
+ (long)(key->accept.end
+ - key->accept.start));
+ else {
+ keychain_strftime(buf, BUFSIZ,
+ &key->accept.end);
+ vty_out(vty, " %s", buf);
+ }
+ vty_out(vty, "\n");
+ }
+
+ if (key->send.start) {
+ keychain_strftime(buf, BUFSIZ,
+ &key->send.start);
+ vty_out(vty, " send-lifetime %s", buf);
+
+ if (key->send.end == -1)
+ vty_out(vty, " infinite");
+ else if (key->send.duration)
+ vty_out(vty, " duration %ld",
+ (long)(key->send.end
+ - key->send.start));
+ else {
+ keychain_strftime(buf, BUFSIZ,
+ &key->send.end);
+ vty_out(vty, " %s", buf);
+ }
+ vty_out(vty, "\n");
+ }
+
+ vty_out(vty, " exit\n");
+ }
+ vty_out(vty, "exit\n");
+ vty_out(vty, "!\n");
+ }
+
+ return 0;
+}
+
+
+static void keychain_active_config(vector comps, struct cmd_token *token)
+{
+ struct keychain *keychain;
+ struct listnode *node;
+
+ for (ALL_LIST_ELEMENTS_RO(keychain_list, node, keychain))
+ vector_set(comps, XSTRDUP(MTYPE_COMPLETION, keychain->name));
+}
+
+static const struct cmd_variable_handler keychain_var_handlers[] = {
+ {.varname = "key_chain", .completions = keychain_active_config},
+ {.tokenname = "KEYCHAIN_NAME", .completions = keychain_active_config},
+ {.tokenname = "KCHAIN_NAME", .completions = keychain_active_config},
+ {.completions = NULL}
+};
+
+void keychain_init(void)
+{
+ keychain_list = list_new();
+
+ /* Register handler for keychain auto config support */
+ cmd_variable_handler_register(keychain_var_handlers);
+ install_node(&keychain_node);
+ install_node(&keychain_key_node);
+
+ install_default(KEYCHAIN_NODE);
+ install_default(KEYCHAIN_KEY_NODE);
+
+ install_element(CONFIG_NODE, &key_chain_cmd);
+ install_element(CONFIG_NODE, &no_key_chain_cmd);
+ install_element(KEYCHAIN_NODE, &key_cmd);
+ install_element(KEYCHAIN_NODE, &no_key_cmd);
+
+ install_element(KEYCHAIN_NODE, &key_chain_cmd);
+ install_element(KEYCHAIN_NODE, &no_key_chain_cmd);
+
+ install_element(KEYCHAIN_KEY_NODE, &key_string_cmd);
+ install_element(KEYCHAIN_KEY_NODE, &no_key_string_cmd);
+
+ install_element(KEYCHAIN_KEY_NODE, &key_chain_cmd);
+ install_element(KEYCHAIN_KEY_NODE, &no_key_chain_cmd);
+
+ install_element(KEYCHAIN_KEY_NODE, &key_cmd);
+ install_element(KEYCHAIN_KEY_NODE, &no_key_cmd);
+
+ install_element(KEYCHAIN_KEY_NODE,
+ &accept_lifetime_day_month_day_month_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &accept_lifetime_day_month_month_day_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &accept_lifetime_month_day_day_month_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &accept_lifetime_month_day_month_day_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &accept_lifetime_infinite_day_month_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &accept_lifetime_infinite_month_day_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &accept_lifetime_duration_day_month_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &accept_lifetime_duration_month_day_cmd);
+ install_element(KEYCHAIN_KEY_NODE, &no_accept_lifetime_cmd);
+
+ install_element(KEYCHAIN_KEY_NODE,
+ &send_lifetime_day_month_day_month_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &send_lifetime_day_month_month_day_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &send_lifetime_month_day_day_month_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &send_lifetime_month_day_month_day_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &send_lifetime_infinite_day_month_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &send_lifetime_infinite_month_day_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &send_lifetime_duration_day_month_cmd);
+ install_element(KEYCHAIN_KEY_NODE,
+ &send_lifetime_duration_month_day_cmd);
+ install_element(KEYCHAIN_KEY_NODE, &no_send_lifetime_cmd);
+ install_element(KEYCHAIN_KEY_NODE, &cryptographic_algorithm_cmd);
+ install_element(KEYCHAIN_KEY_NODE, &no_cryptographic_algorithm_cmd);
+}