// -*- c-basic-offset: 4; tab-width: 8; indent-tabs-mode: t -*-// Copyright (c) 2001-2008 XORP, Inc.//// Permission is hereby granted, free of charge, to any person obtaining a// copy of this software and associated documentation files (the "Software")// to deal in the Software without restriction, subject to the conditions// listed in the XORP LICENSE file. These conditions include: you must// preserve this copyright notice, and you cannot mention the copyright// holders in advertising related to the Software without their permission.// The Software is provided WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED. This// notice is a summary of the XORP LICENSE file; the license in that file is// legally binding.// $XORP: xorp/rip/auth.hh,v 1.25 2008/07/23 05:11:34 pavlin Exp $#ifndef __RIP_AUTH_HH__#define __RIP_AUTH_HH__#include <list>#include <map>#include <vector>#include "packets.hh"class EventLoop;/** * @short Base clase for RIPv2 authentication mechanisms. * * The AuthHandlerBase class defines the interfaces for RIPv2 * authentication handlers.  Handlers are responsible for * authenticating inbound datagrams and adding authentication data to * outbound datagrams. * * Error during authentication set an error buffer that clients may * query using the error() method. */class AuthHandlerBase {public:    /**     * Virtual destructor.     */    virtual ~AuthHandlerBase();    /**     * Get the effective name of the authentication scheme.     */    virtual const char* effective_name() const = 0;    /**     * Reset the authentication state.     */    virtual void reset() = 0;    /**     * Get number of routing entries used by authentication scheme at the     * head of the RIP packet.     *     * @return the number of routing entries used by the authentication scheme     * at the head of the RIP packet: 0 for unauthenticated packets, 1     * otherwise.     */    virtual uint32_t head_entries() const = 0;    /**     * Get maximum number of non-authentication scheme use routing entries     * in a RIP packet.     */    virtual uint32_t max_routing_entries() const = 0;    /**     * Inbound authentication method.     *     * @param packet pointer to first byte of RIP packet.     * @param packet_bytes number of bytes in RIP packet.     * @param entries_ptr output variable set to point to first     *        entry in packet.  Set to NULL if there are no entries, or     *        on authentication failure.     * @param n_entries number of entries in the packet.     * @param src_addr the source address of the packet.     * @param new_peer true if this is a new peer.     *     * @return true if packet passes authentication checks, false otherwise.     */    virtual bool authenticate_inbound(const uint8_t*	packet,				      size_t		packet_bytes,				      const uint8_t*&	entries_ptr,				      uint32_t&		n_entries,				      const IPv4&	src_addr,				      bool		new_peer) = 0;    /**     * Outbound authentication method.     *     * Create a list of authenticated packets (one for each valid     * authentication key). Note that the original packet is also modified     * and authenticated with the first valid key.     *     * @param packet the RIP packet to authenticate.     * @param auth_packets a return-by-reference list with the     * authenticated RIP packets (one for each valid authentication key).     * @param n_routes the return-by-reference number of routes in the packet.     * @return true if packet was successfully authenticated, false when     * no valid keys are present.     */    virtual bool authenticate_outbound(RipPacket<IPv4>&		packet,				       list<RipPacket<IPv4> *>& auth_packets,				       size_t&			n_routes) = 0;    /**     * Get textual description of last error.     */    const string& error() const;protected:    /**     * Reset textual description of last error.     */    void reset_error();    /**     * Set textual description of latest error.     */    void set_error(const string& err);private:    string _err;};/** * @short RIPv2 Authentication handler when no authentication scheme is * employed. */class NullAuthHandler : public AuthHandlerBase {public:    /**     * Get the effective name of the authentication scheme.     */    const char* effective_name() const;    /**     * Get the method-specific name of the authentication scheme.     *     * @return the method-specific name of the authentication scheme.     */    static const char* auth_type_name();    /**     * Reset the authentication state.     */    void reset();    /**     * Get number of routing entries used by authentication scheme at the     * head of the RIP packet.     *     * @return the number of routing entries used by the authentication scheme     * at the head of the RIP packet: 0 for unauthenticated packets, 1     * otherwise.     */    uint32_t head_entries() const;    /**     * Get maximum number of non-authentication scheme use routing entries     * in a RIP packet.     */    uint32_t max_routing_entries() const;    /**     * Inbound authentication method.     *     * @param packet pointer to first byte of RIP packet.     * @param packet_bytes number of bytes in RIP packet.     * @param entries_ptr output variable set to point to first     *        entry in packet.  Set to NULL if there are no entries, or     *        on authentication failure.     * @param n_entries number of entries in the packet.     * @param src_addr the source address of the packet.     * @param new_peer true if this is a new peer.     *     * @return true if packet passes authentication checks, false otherwise.     */    bool authenticate_inbound(const uint8_t*			packet,			      size_t				packet_bytes,			      const uint8_t*&			entries_ptr,			      uint32_t&				n_entries,			      const IPv4&			src_addr,			      bool				new_peer);    /**     * Outbound authentication method.     *     * Create a list of authenticated packets (one for each valid     * authentication key). Note that the original packet is also modified     * and authenticated with the first valid key.     *     * @param packet the RIP packet to authenticate.     * @param auth_packets a return-by-reference list with the     * authenticated RIP packets (one for each valid authentication key).     * @param n_routes the return-by-reference number of routes in the packet.     * @return true if packet was successfully authenticated, false when     * no valid keys are present.     */    bool authenticate_outbound(RipPacket<IPv4>&		packet,			       list<RipPacket<IPv4> *>&	auth_packets,			       size_t&			n_routes);};/** * @short RIPv2 Authentication handler for plaintext scheme. */class PlaintextAuthHandler : public AuthHandlerBase {public:    /**     * Get the effective name of the authentication scheme.     */    const char* effective_name() const;    /**     * Get the method-specific name of the authentication scheme.     *     * @return the method-specific name of the authentication scheme.     */    static const char* auth_type_name();    /**     * Reset the authentication state.     */    void reset();    /**     * Get number of routing entries used by authentication scheme at the     * head of the RIP packet.     *     * @return the number of routing entries used by the authentication scheme     * at the head of the RIP packet: 0 for unauthenticated packets, 1     * otherwise.     */    uint32_t head_entries() const;    /**     * Get maximum number of non-authentication scheme use routing entries     * in a RIP packet.     */    uint32_t max_routing_entries() const;    /**     * Inbound authentication method.     *     * @param packet pointer to first byte of RIP packet.     * @param packet_bytes number of bytes in RIP packet.     * @param entries_ptr output variable set to point to first     *        entry in packet.  Set to NULL if there are no entries, or     *        on authentication failure.     * @param n_entries number of entries in the packet.     * @param src_addr the source address of the packet.     * @param new_peer true if this is a new peer.     *     * @return true if packet passes authentication checks, false otherwise.     */    bool authenticate_inbound(const uint8_t*			packet,			      size_t				packet_bytes,			      const uint8_t*&			entries_ptr,			      uint32_t&				n_entries,			      const IPv4&			src_addr,			      bool				new_peer);    /**     * Outbound authentication method.     *     * Create a list of authenticated packets (one for each valid     * authentication key). Note that the original packet is also modified     * and authenticated with the first valid key.     *     * @param packet the RIP packet to authenticate.     * @param auth_packets a return-by-reference list with the     * authenticated RIP packets (one for each valid authentication key).     * @param n_routes the return-by-reference number of routes in the packet.     * @return true if packet was successfully authenticated, false when     * no valid keys are present.     */    bool authenticate_outbound(RipPacket<IPv4>&		packet,			       list<RipPacket<IPv4> *>&	auth_packets,			       size_t&			n_routes);    /**     * Get the authentication key.     *     * @return the authentication key.     */    const string& key() const;    /**     * Set the authentication key.     *     * @param plaintext_key the plain-text key.     */    void set_key(const string& plaintext_key);protected:    string	_key;};