On Sun, Feb 23, 2020 at 11:56:33PM +0100, Toke Høiland-Jørgensen wrote: > This series adds MAC authentication support to the Babel protocol as specified > in by the IETF Babel working group in draft-babel-hmac-10:
Hi Some more comments / questions: 1/4: BIRD_CHECK_GETRANDOM_SYSCALL - direct syscall case seems unnecessary, as we can fallback to /dev/urandom anyways. BIRD_CHECK_GETRANDOM - just use generic AC_CHECK_FUNCS / AC_SEARCH_LIBS ? I think that random_bytes() should not fail. 2/4: blake2 - We definitely need unit tests here. Ideally there should exist some reference data / hash pairs for blake2. See mac_test.c There are '#if defined(NATIVE_LITTLE_ENDIAN)' in the code, does anybody define these? 3/4: What is point of separating babel_parse_state and babel_read_state? Why export packet/TLV structures from packets.c? General pattern in BIRD (including Babel) is that wire format details is hidden in packets.c and more abstract structures are exported outside (e.g. union babel_msg). Seems to me that it would make sense to have low-level auth code (TLV read/write code, packet signing/verifying) directly in packets.c, while high-level code (challenge response mechanism) in babel.c. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
