auth.hh

RIP 协议实现

// -*- c-basic-offset: 4; tab-width: 8; indent-tabs-mode: t -*-

// Copyright (c) 2001-2008 XORP, Inc.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the "Software")
// to deal in the Software without restriction, subject to the conditions
// listed in the XORP LICENSE file. These conditions include: you must
// preserve this copyright notice, and you cannot mention the copyright
// holders in advertising related to the Software without their permission.
// The Software is provided WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED. This
// notice is a summary of the XORP LICENSE file; the license in that file is
// legally binding.

// $XORP: xorp/rip/auth.hh,v 1.25 2008/07/23 05:11:34 pavlin Exp $

#ifndef __RIP_AUTH_HH__
#define __RIP_AUTH_HH__

#include <list>
#include <map>
#include <vector>
#include "packets.hh"

class EventLoop;

/**
 * @short Base clase for RIPv2 authentication mechanisms.
 *
 * The AuthHandlerBase class defines the interfaces for RIPv2
 * authentication handlers.  Handlers are responsible for
 * authenticating inbound datagrams and adding authentication data to
 * outbound datagrams.
 *
 * Error during authentication set an error buffer that clients may
 * query using the error() method.
 */
class AuthHandlerBase {
public:
    /**
     * Virtual destructor.
     */
    virtual ~AuthHandlerBase();

    /**
     * Get the effective name of the authentication scheme.
     */
    virtual const char* effective_name() const = 0;

    /**
     * Reset the authentication state.
     */
    virtual void reset() = 0;

    /**
     * Get number of routing entries used by authentication scheme at the
     * head of the RIP packet.
     *
     * @return the number of routing entries used by the authentication scheme
     * at the head of the RIP packet: 0 for unauthenticated packets, 1
     * otherwise.
     */
    virtual uint32_t head_entries() const = 0;

    /**
     * Get maximum number of non-authentication scheme use routing entries
     * in a RIP packet.
     */
    virtual uint32_t max_routing_entries() const = 0;

    /**
     * Inbound authentication method.
     *
     * @param packet pointer to first byte of RIP packet.
     * @param packet_bytes number of bytes in RIP packet.
     * @param entries_ptr output variable set to point to first
     *        entry in packet.  Set to NULL if there are no entries, or
     *        on authentication failure.
     * @param n_entries number of entries in the packet.
     * @param src_addr the source address of the packet.
     * @param new_peer true if this is a new peer.
     *
     * @return true if packet passes authentication checks, false otherwise.
     */
    virtual bool authenticate_inbound(const uint8_t*	packet,
				      size_t		packet_bytes,
				      const uint8_t*&	entries_ptr,
				      uint32_t&		n_entries,
				      const IPv4&	src_addr,
				      bool		new_peer) = 0;

    /**
     * Outbound authentication method.
     *
     * Create a list of authenticated packets (one for each valid
     * authentication key). Note that the original packet is also modified
     * and authenticated with the first valid key.
     *
     * @param packet the RIP packet to authenticate.
     * @param auth_packets a return-by-reference list with the
     * authenticated RIP packets (one for each valid authentication key).
     * @param n_routes the return-by-reference number of routes in the packet.
     * @return true if packet was successfully authenticated, false when
     * no valid keys are present.
     */
    virtual bool authenticate_outbound(RipPacket<IPv4>&		packet,
				       list<RipPacket<IPv4> *>& auth_packets,
				       size_t&			n_routes) = 0;

    /**
     * Get textual description of last error.
     */
    const string& error() const;

protected:
    /**
     * Reset textual description of last error.
     */
    void reset_error();

    /**
     * Set textual description of latest error.
     */
    void set_error(const string& err);

private:
    string _err;
};


/**
 * @short RIPv2 Authentication handler when no authentication scheme is
 * employed.
 */
class NullAuthHandler : public AuthHandlerBase {
public:
    /**
     * Get the effective name of the authentication scheme.
     */
    const char* effective_name() const;

    /**
     * Get the method-specific name of the authentication scheme.
     *
     * @return the method-specific name of the authentication scheme.
     */
    static const char* auth_type_name();

    /**
     * Reset the authentication state.
     */
    void reset();

    /**
     * Get number of routing entries used by authentication scheme at the
     * head of the RIP packet.
     *
     * @return the number of routing entries used by the authentication scheme
     * at the head of the RIP packet: 0 for unauthenticated packets, 1
     * otherwise.
     */
    uint32_t head_entries() const;

    /**
     * Get maximum number of non-authentication scheme use routing entries
     * in a RIP packet.
     */
    uint32_t max_routing_entries() const;

    /**
     * Inbound authentication method.
     *
     * @param packet pointer to first byte of RIP packet.
     * @param packet_bytes number of bytes in RIP packet.
     * @param entries_ptr output variable set to point to first
     *        entry in packet.  Set to NULL if there are no entries, or
     *        on authentication failure.
     * @param n_entries number of entries in the packet.
     * @param src_addr the source address of the packet.
     * @param new_peer true if this is a new peer.
     *
     * @return true if packet passes authentication checks, false otherwise.
     */
    bool authenticate_inbound(const uint8_t*			packet,
			      size_t				packet_bytes,
			      const uint8_t*&			entries_ptr,
			      uint32_t&				n_entries,
			      const IPv4&			src_addr,
			      bool				new_peer);

    /**
     * Outbound authentication method.
     *
     * Create a list of authenticated packets (one for each valid
     * authentication key). Note that the original packet is also modified
     * and authenticated with the first valid key.
     *
     * @param packet the RIP packet to authenticate.
     * @param auth_packets a return-by-reference list with the
     * authenticated RIP packets (one for each valid authentication key).
     * @param n_routes the return-by-reference number of routes in the packet.
     * @return true if packet was successfully authenticated, false when
     * no valid keys are present.
     */
    bool authenticate_outbound(RipPacket<IPv4>&		packet,
			       list<RipPacket<IPv4> *>&	auth_packets,
			       size_t&			n_routes);
};

/**
 * @short RIPv2 Authentication handler for plaintext scheme.
 */
class PlaintextAuthHandler : public AuthHandlerBase {
public:
    /**
     * Get the effective name of the authentication scheme.
     */
    const char* effective_name() const;

    /**
     * Get the method-specific name of the authentication scheme.
     *
     * @return the method-specific name of the authentication scheme.
     */
    static const char* auth_type_name();

    /**
     * Reset the authentication state.
     */
    void reset();

    /**
     * Get number of routing entries used by authentication scheme at the
     * head of the RIP packet.
     *
     * @return the number of routing entries used by the authentication scheme
     * at the head of the RIP packet: 0 for unauthenticated packets, 1
     * otherwise.
     */
    uint32_t head_entries() const;

    /**
     * Get maximum number of non-authentication scheme use routing entries
     * in a RIP packet.
     */
    uint32_t max_routing_entries() const;

    /**
     * Inbound authentication method.
     *
     * @param packet pointer to first byte of RIP packet.
     * @param packet_bytes number of bytes in RIP packet.
     * @param entries_ptr output variable set to point to first
     *        entry in packet.  Set to NULL if there are no entries, or
     *        on authentication failure.
     * @param n_entries number of entries in the packet.
     * @param src_addr the source address of the packet.
     * @param new_peer true if this is a new peer.
     *
     * @return true if packet passes authentication checks, false otherwise.
     */
    bool authenticate_inbound(const uint8_t*			packet,
			      size_t				packet_bytes,
			      const uint8_t*&			entries_ptr,
			      uint32_t&				n_entries,
			      const IPv4&			src_addr,
			      bool				new_peer);

    /**
     * Outbound authentication method.
     *
     * Create a list of authenticated packets (one for each valid
     * authentication key). Note that the original packet is also modified
     * and authenticated with the first valid key.
     *
     * @param packet the RIP packet to authenticate.
     * @param auth_packets a return-by-reference list with the
     * authenticated RIP packets (one for each valid authentication key).
     * @param n_routes the return-by-reference number of routes in the packet.
     * @return true if packet was successfully authenticated, false when
     * no valid keys are present.
     */
    bool authenticate_outbound(RipPacket<IPv4>&		packet,
			       list<RipPacket<IPv4> *>&	auth_packets,
			       size_t&			n_routes);

    /**
     * Get the authentication key.
     *
     * @return the authentication key.
     */
    const string& key() const;

    /**
     * Set the authentication key.
     *
     * @param plaintext_key the plain-text key.
     */
    void set_key(const string& plaintext_key);

protected:
    string	_key;
};