routed md5 authentication

Wed, 20 Feb 2002 03:07:03 -0800 

Hello!

I was trying to make routed (4.5 stable) and cisco 3640 (12.1(5)T) RIPv2 work
together. I discovered that MD5 authentications are not compatible. In
particular routed skips 4 bytes (family and type fields of auth data record)
of packet while computing hash for packet. This seems to be wrong according
to rfc 2082. I made a patch to fix this problem.
Could someone please revise it and commit if it's ok.

BTW: Is it correct that first RIP request is always sent without
authentication?

p.s. Please CC to my email when reply, cause I'm not on the list.

1. For include/protocols/routed.h (additional constant)

--- protocols/routed.h.org      Wed Feb 20 14:08:07 2002
+++ protocols/routed.h  Wed Feb 20 13:03:49 2002
@@ -98,7 +98,8 @@
                int8_t  md5_auth_len;   /* 16 */
                u_int32_t md5_seqno;    /* sequence number */
                u_int32_t rsvd[2];      /* must be 0 */
-#define            RIP_AUTH_MD5_LEN RIP_AUTH_PW_LEN
+#define            RIP_AUTH_HDR_LEN 4
+#define            RIP_AUTH_MD5_LEN 16
            } a_md5;
        } au;
 };

2. For sources of routed

diff -u routed.org/input.c routed/input.c
--- routed.org/input.c  Wed Feb 20 10:48:56 2002
+++ routed/input.c      Wed Feb 20 11:15:21 2002
@@ -967,7 +967,7 @@
                         */
                        if (TRACEPACKETS) {
                                if (NA->au.a_md5.md5_auth_len
-                                   != RIP_AUTH_MD5_LEN)
+                                   != RIP_AUTH_HDR_LEN + RIP_AUTH_MD5_LEN)
                                        msglim(use_authp, from,
                                               "unknown MD5 RIPv2 auth len %#x"
                                               " instead of %#x from %s",
@@ -989,7 +989,7 @@
                        }

                        MD5Init(&md5_ctx);
-                       MD5Update(&md5_ctx, (u_char *)rip, len);
+                       MD5Update(&md5_ctx, (u_char *)rip, len+RIP_AUTH_HDR_LEN);
                        MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
                        MD5Final(hash, &md5_ctx);
                        if (!memcmp(hash, na2->au.au_pw, sizeof(hash)))
--- routed.org/output.c Wed Feb 20 10:47:48 2002
+++ routed/output.c     Wed Feb 20 10:50:01 2002
@@ -303,7 +303,7 @@
        na2->a_type = htons(1);
        na->au.a_md5.md5_pkt_len = htons(len);
        MD5Init(&md5_ctx);
-       MD5Update(&md5_ctx, (u_char *)wb->buf, len);
+       MD5Update(&md5_ctx, (u_char *)wb->buf, len + RIP_AUTH_HDR_LEN);
        MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
        MD5Final(na2->au.au_pw, &md5_ctx);
        wb->n++;

-- 
Oleg Sharoiko.
Software and Network Engineer
Computer Center of Rostov State University.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Reply via email to