commit e6b03b77766dce8009ad7b4a2392e14addf4ab0f
author Fritz Reichmann <fritz@reichmann.nl> Sat Oct 01 17:49:48 2011 +0400
committer Denis Ovsienko <infrastation@yandex.ru> Tue Feb 14 03:06:36 2012 +0400
tree a47466541c8f85e70b228ae4ab3da31af3391507
parent c25eaffdb2190149e768dc4ee4efc913c6d02992

isisd: implement MD5 circuit authentication

* Replace command "isis passwd" with "isis passwd {clear|md5}"
* Verify HMAC MD5 on ISIS Hello PDUs
* Add HMAC MD5 authentication to md5.h/md5.c from RFC2104

isisd/isis_circuit.c

diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
index e34d491..99e2bf6 100644
--- a/isisd/isis_circuit.c
+++ b/isisd/isis_circuit.c
@@ -830,6 +830,21 @@
 		    }
 		}
 	    }
+	  if (c->passwd.type==ISIS_PASSWD_TYPE_HMAC_MD5)
+	    {
+	      vty_out (vty, " isis password md5 %s%s", c->passwd.passwd,
+		       VTY_NEWLINE);
+	      write++;
+	    }
+	  else
+	    {
+	      if (c->passwd.type==ISIS_PASSWD_TYPE_CLEARTXT)
+		{
+		  vty_out (vty, " isis password clear %s%s", c->passwd.passwd,
+			   VTY_NEWLINE);
+		  write++;
+		}
+	    }
 
 	}
     }
@@ -1022,11 +1037,44 @@
   return CMD_SUCCESS;
 }
 
-DEFUN (isis_passwd,
-       isis_passwd_cmd,
-       "isis password WORD",
+DEFUN (isis_passwd_md5,
+       isis_passwd_md5_cmd,
+       "isis password md5 WORD",
        "IS-IS commands\n"
        "Configure the authentication password for interface\n"
+       "Authentication Type\n"
+       "Password\n")
+{
+  struct isis_circuit *circuit;
+  struct interface *ifp;
+  int len;
+
+  ifp = vty->index;
+  circuit = ifp->info;
+  if (circuit == NULL)
+    {
+      return CMD_WARNING;
+    }
+
+  len = strlen (argv[0]);
+  if (len > 254)
+    {
+      vty_out (vty, "Too long circuit password (>254)%s", VTY_NEWLINE);
+      return CMD_WARNING;
+    }
+  circuit->passwd.len = len;
+  circuit->passwd.type = ISIS_PASSWD_TYPE_HMAC_MD5;
+  strncpy ((char *)circuit->passwd.passwd, argv[0], 255);
+
+  return CMD_SUCCESS;
+}
+
+DEFUN (isis_passwd_clear,
+       isis_passwd_clear_cmd,
+       "isis password clear WORD",
+       "IS-IS commands\n"
+       "Configure the authentication password for interface\n"
+       "Authentication Type\n"
        "Password\n")
 {
   struct isis_circuit *circuit;
@@ -1075,7 +1123,6 @@
   return CMD_SUCCESS;
 }
 
-
 DEFUN (isis_priority,
        isis_priority_cmd,
        "isis priority <0-127>",
@@ -2086,7 +2133,8 @@
   install_element (INTERFACE_NODE, &isis_circuit_type_cmd);
   install_element (INTERFACE_NODE, &no_isis_circuit_type_cmd);
 
-  install_element (INTERFACE_NODE, &isis_passwd_cmd);
+  install_element (INTERFACE_NODE, &isis_passwd_clear_cmd);
+  install_element (INTERFACE_NODE, &isis_passwd_md5_cmd);
   install_element (INTERFACE_NODE, &no_isis_passwd_cmd);
 
   install_element (INTERFACE_NODE, &isis_priority_cmd);