lib: add keychain northbound support

Signed-off-by: Christian Hopps <chopps@labn.net>

eigrpd/eigrp_main.c

@@ -132,6 +132,8 @@ static const struct frr_yang_module_info *const eigrpd_yang_modules[] = {
 	&frr_interface_info,
 	&frr_route_map_info,
 	&frr_vrf_info,
+	&ietf_key_chain_info,
+	&ietf_key_chain_deviation_info,
 };
 
 /* clang-format off */

lib/keychain.h

@@ -6,6 +6,8 @@
 #ifndef _ZEBRA_KEYCHAIN_H
 #define _ZEBRA_KEYCHAIN_H
 
+#include "memory.h"
+#include "northbound.h"
 #include "qobj.h"
 
 #ifdef __cplusplus
@@ -44,6 +46,10 @@ struct keychain_algo_info {
 	const char *desc;
 };
 
+extern const struct frr_yang_module_info ietf_key_chain_info;
+extern const struct frr_yang_module_info ietf_key_chain_cli_info;
+extern const struct frr_yang_module_info ietf_key_chain_deviation_info;
+
 extern const struct keychain_algo_info algo_info[];
 uint16_t keychain_get_block_size(enum keychain_hash_algo key);
 uint16_t keychain_get_hash_len(enum keychain_hash_algo key);
@@ -55,6 +61,8 @@ const char *keychain_get_algo_name_by_id(enum keychain_hash_algo key);
 
 struct keychain {
 	char *name;
+	char *desc;
+	time_t last_touch;
 
 	struct list *key;
 
@@ -81,13 +89,43 @@ struct key {
 };
 DECLARE_QOBJ_TYPE(key);
 
+DECLARE_MTYPE(KEY);
+DECLARE_MTYPE(KEYCHAIN);
+DECLARE_MTYPE(KEYCHAIN_DESC);
+
+/* keychain implementation */
+extern struct list *keychain_list;
+struct keychain *keychain_lookup(const char *name);
+struct keychain *keychain_get(const char *name);
+void keychain_delete(struct keychain *keychain);
+struct key *key_lookup(const struct keychain *keychain, uint32_t index);
+struct key *key_get(const struct keychain *keychain, uint32_t index);
+void key_delete(struct keychain *keychain, struct key *key);
+
+void keychain_cli_init(void);
+extern void key_chains_key_chain_cli_write(struct vty *vty, const struct lyd_node *dnode, bool show_defaults);
+extern void key_chains_key_chain_cli_write_end(struct vty *vty, const struct lyd_node *dnode);
+extern void key_chains_key_chain_description_cli_write(struct vty *vty, const struct lyd_node *dnode, bool show_defaults);
+void key_chains_key_chain_key_cli_write(struct vty *vty, const struct lyd_node *dnode, bool show_defaults);
+extern void key_chains_key_chain_key_cli_write_end(struct vty *vty, const struct lyd_node *dnode);
+extern void key_chains_key_chain_key_lifetime_send_accept_lifetime_start_date_time_cli_write(struct vty *vty, const struct lyd_node *dnode, bool show_defaults);
+extern void key_chains_key_chain_key_lifetime_send_lifetime_start_date_time_cli_write(struct vty *vty, const struct lyd_node *dnode, bool show_defaults);
+extern void key_chains_key_chain_key_lifetime_accept_lifetime_start_date_time_cli_write(struct vty *vty, const struct lyd_node *dnode, bool show_defaults);
+extern void key_chains_key_chain_key_crypto_algorithm_cli_write(struct vty *vty, const struct lyd_node *dnode, bool show_defaults);
+extern void key_chains_key_chain_key_key_string_keystring_cli_write(struct vty *vty, const struct lyd_node *dnode, bool show_defaults);
+
+/* keychain users */
 extern void keychain_init(void);
+extern void keychain_init_new(bool in_backend);
 extern void keychain_terminate(void);
 extern struct keychain *keychain_lookup(const char *);
 extern struct key *key_lookup_for_accept(const struct keychain *, uint32_t);
 extern struct key *key_match_for_accept(const struct keychain *, const char *);
 extern struct key *key_lookup_for_send(const struct keychain *);
 const char *keychain_algo_str(enum keychain_hash_algo hash_algo);
+
+
+
 #ifdef __cplusplus
 }
 #endif

lib/subdir.am

@@ -53,6 +53,8 @@ lib_libfrr_la_SOURCES = \
 	lib/jhash.c \
 	lib/json.c \
 	lib/keychain.c \
+	lib/keychain_cli.c \
+	lib/keychain_nb.c \
 	lib/ldp_sync.c \
 	lib/lib_errors.c \
 	lib/lib_vty.c \
@@ -148,7 +150,9 @@ nodist_lib_libfrr_la_SOURCES = \
 	yang/frr-vrf.yang.c \
 	yang/frr-routing.yang.c \
 	yang/frr-nexthop.yang.c \
+	yang/ietf/frr-deviations-ietf-key-chain.yang.c \
 	yang/ietf/ietf-routing-types.yang.c \
+	yang/ietf/ietf-key-chain.yang.c \
 	yang/ietf/ietf-interfaces.yang.c \
 	yang/ietf/ietf-bgp-types.yang.c \
 	yang/frr-module-translator.yang.c \
@@ -181,6 +185,7 @@ clippy_scan += \
 	lib/if.c \
 	lib/filter_cli.c \
 	lib/if_rmap.c \
+	lib/keychain_cli.c \
 	lib/log_vty.c \
 	lib/mgmt_be_client.c \
 	lib/mgmt_fe_client.c \

lib/yang_wrappers.c

@@ -1026,30 +1026,50 @@ void yang_dnode_get_mac(struct ethaddr *mac, const struct lyd_node *dnode,
 	(void)prefix_str2mac(canon, mac);
 }
 
-struct yang_data *yang_data_new_date_and_time(const char *xpath, time_t time)
+struct yang_data *yang_data_new_date_and_time(const char *xpath, time_t time, bool is_monotime)
 {
-	struct tm tm;
-	char timebuf[MONOTIME_STRLEN];
-	struct timeval _time, time_real;
-	char *ts_dot;
-	uint16_t buflen;
+	struct yang_data *yd;
+	char *times = NULL;
 
-	_time.tv_sec = time;
-	_time.tv_usec = 0;
-	monotime_to_realtime(&_time, &time_real);
+	if (is_monotime) {
+		struct timeval _time = { time, 0 };
+		struct timeval time_real;
 
-	gmtime_r(&time_real.tv_sec, &tm);
+		monotime_to_realtime(&_time, &time_real);
+		time = time_real.tv_sec;
+	}
 
-	/* rfc-3339 format */
-	strftime(timebuf, sizeof(timebuf), "%Y-%m-%dT%H:%M:%S", &tm);
-	buflen = strlen(timebuf);
-	ts_dot = timebuf + buflen;
+	(void)ly_time_time2str(time, NULL, &times);
+	yd = yang_data_new(xpath, times);
+	free(times);
 
-	/* microseconds and appends Z */
-	snprintfrr(ts_dot, sizeof(timebuf) - buflen, ".%06luZ",
-		   (unsigned long)time_real.tv_usec);
+	return yd;
+}
 
-	return yang_data_new(xpath, timebuf);
+struct timespec yang_dnode_get_date_and_timespec(const struct lyd_node *dnode,
+						 const char *xpath_fmt, ...)
+{
+	const char *canon = YANG_DNODE_XPATH_GET_CANON(dnode, xpath_fmt);
+	struct timespec ts;
+	LY_ERR err;
+
+	err = ly_time_str2ts(canon, &ts);
+	assert(!err);
+
+	return ts;
+}
+
+time_t yang_dnode_get_date_and_time(const struct lyd_node *dnode,
+				    const char *xpath_fmt, ...)
+{
+	const char *canon = YANG_DNODE_XPATH_GET_CANON(dnode, xpath_fmt);
+	time_t time;
+	LY_ERR err;
+
+	err = ly_time_str2time(canon, &time, NULL);
+	assert(!err);
+
+	return time;
 }
 
 float yang_dnode_get_bandwidth_ieee_float32(const struct lyd_node *dnode,

lib/yang_wrappers.h

@@ -7,6 +7,7 @@
 #ifndef _FRR_NORTHBOUND_WRAPPERS_H_
 #define _FRR_NORTHBOUND_WRAPPERS_H_
 
+#include <libyang/libyang.h>
 #include "prefix.h"
 
 #ifdef __cplusplus
@@ -200,7 +201,14 @@ extern void yang_dnode_get_mac(struct ethaddr *mac, const struct lyd_node *dnode
 
 /*data-and-time */
 extern struct yang_data *yang_data_new_date_and_time(const char *xpath,
-						     time_t time);
+						     time_t time,
+						     bool is_monotime);
+struct timespec yang_dnode_get_date_and_timespec(const struct lyd_node *dnode,
+						 const char *xpath_fmt, ...)
+	PRINTFRR(2, 3);
+time_t yang_dnode_get_date_and_time(const struct lyd_node *dnode,
+				    const char *xpath_fmt, ...)
+	PRINTFRR(2, 3);
 
 /* rt-types:bandwidth-ieee-float32 */
 extern float yang_dnode_get_bandwidth_ieee_float32(const struct lyd_node *dnode,

mgmtd/mgmt_be_adapter.c

@@ -90,10 +90,12 @@ static const char *const ripd_config_xpaths[] = {
 	"/frr-ripd:ripd",
 	"/frr-route-map:lib",
 	"/frr-vrf:lib",
+	"/ietf-key-chain:key-chains",
 	NULL,
 };
 static const char *const ripd_oper_xpaths[] = {
 	"/frr-ripd:ripd",
+	"/ietf-key-chain:key-chains",
 	NULL,
 };
 #endif

mgmtd/mgmt_main.c

@@ -10,6 +10,7 @@
 #include "lib/version.h"
 #include "routemap.h"
 #include "filter.h"
+#include "keychain.h"
 #include "libfrr.h"
 #include "frr_pthread.h"
 #include "mgmtd/mgmt.h"
@@ -185,6 +186,8 @@ static const struct frr_yang_module_info *const mgmt_yang_modules[] = {
 
 	&frr_zebra_cli_info,
 	&zebra_route_map_info,
+	&ietf_key_chain_cli_info,
+	&ietf_key_chain_deviation_info,
 
 #ifdef HAVE_RIPD
 	&frr_ripd_cli_info,
@@ -199,20 +202,20 @@ static const struct frr_yang_module_info *const mgmt_yang_modules[] = {
 
 /* clang-format off */
 FRR_DAEMON_INFO(mgmtd, MGMTD,
-	.vty_port = MGMTD_VTY_PORT,
-	.proghelp = "FRR Management Daemon.",
+		.vty_port = MGMTD_VTY_PORT,
+		.proghelp = "FRR Management Daemon.",
 
-	.signals = mgmt_signals,
-	.n_signals = array_size(mgmt_signals),
+		.signals = mgmt_signals,
+		.n_signals = array_size(mgmt_signals),
 
-	.privs = &mgmt_privs,
+		.privs = &mgmt_privs,
 
-	.yang_modules = mgmt_yang_modules,
-	.n_yang_modules = array_size(mgmt_yang_modules),
+		.yang_modules = mgmt_yang_modules,
+		.n_yang_modules = array_size(mgmt_yang_modules),
 
-	/* avoid libfrr trying to read our config file for us */
-	.flags = FRR_MANUAL_VTY_START | FRR_NO_SPLIT_CONFIG,
-);
+		/* avoid libfrr trying to read our config file for us */
+		.flags = FRR_MANUAL_VTY_START | FRR_NO_SPLIT_CONFIG,
+	);
 /* clang-format on */
 
 #define DEPRECATED_OPTIONS ""

mgmtd/mgmt_vty.c

@@ -12,6 +12,7 @@
 #include "command.h"
 #include "filter.h"
 #include "json.h"
+#include "keychain.h"
 #include "network.h"
 #include "northbound_cli.h"
 #include "routemap.h"
@@ -600,6 +601,7 @@ void mgmt_vty_init(void)
 	filter_cli_init();
 	route_map_cli_init();
 	affinity_map_init();
+	keychain_cli_init();
 
 	/*
 	 * Initialize command handling from VTYSH connection.

ospf6d/ospf6_main.c

@@ -169,6 +169,8 @@ static const struct frr_yang_module_info *const ospf6d_yang_modules[] = {
 	&frr_vrf_info,
 	&frr_ospf_route_map_info,
 	&frr_ospf6_route_map_info,
+	&ietf_key_chain_info,
+	&ietf_key_chain_deviation_info,
 };
 
 /* actual paths filled in main() */
@@ -182,19 +184,19 @@ static char *state_paths[] = {
 
 /* clang-format off */
 FRR_DAEMON_INFO(ospf6d, OSPF6,
-	.vty_port = OSPF6_VTY_PORT,
-	.proghelp = "Implementation of the OSPFv3 routing protocol.",
+		.vty_port = OSPF6_VTY_PORT,
+		.proghelp = "Implementation of the OSPFv3 routing protocol.",
 
-	.signals = ospf6_signals,
-	.n_signals = array_size(ospf6_signals),
+		.signals = ospf6_signals,
+		.n_signals = array_size(ospf6_signals),
 
-	.privs = &ospf6d_privs,
+		.privs = &ospf6d_privs,
 
-	.yang_modules = ospf6d_yang_modules,
-	.n_yang_modules = array_size(ospf6d_yang_modules),
+		.yang_modules = ospf6d_yang_modules,
+		.n_yang_modules = array_size(ospf6d_yang_modules),
 
-	.state_paths = state_paths,
-);
+		.state_paths = state_paths,
+	);
 /* clang-format on */
 
 /* Max wait time for config to load before accepting hellos */

ospfd/ospf_main.c

@@ -134,6 +134,8 @@ static const struct frr_yang_module_info *const ospfd_yang_modules[] = {
 	&frr_route_map_info,
 	&frr_vrf_info,
 	&frr_ospf_route_map_info,
+	&ietf_key_chain_info,
+	&ietf_key_chain_deviation_info,
 };
 
 /* actual paths filled in main() */

python/xref2vtysh.py

@@ -36,7 +36,7 @@ daemon_flags = {
     "lib/filter.c": "VTYSH_ACL_SHOW",
     "lib/filter_cli.c": "VTYSH_ACL_CONFIG",
     "lib/if.c": "VTYSH_INTERFACE",
-    "lib/keychain.c": "VTYSH_KEYS",
+    "lib/keychain_cli.c": "VTYSH_KEYS",
     "lib/mgmt_be_client.c": "VTYSH_MGMT_BACKEND",
     "lib/mgmt_fe_client.c": "VTYSH_MGMT_FRONTEND",
     "lib/lib_vty.c": "VTYSH_ALL",

ripd/rip_main.c

@@ -131,6 +131,8 @@ static const struct frr_yang_module_info *const ripd_yang_modules[] = {
 	&frr_ripd_info,
 	&frr_route_map_info,
 	&frr_vrf_info,
+	&ietf_key_chain_info,
+	&ietf_key_chain_deviation_info,
 };
 
 /* clang-format off */
@@ -189,7 +191,7 @@ int main(int argc, char **argv)
 
 	/* Library initialization. */
 	rip_error_init();
-	keychain_init();
+	keychain_init_new(true);
 	rip_vrf_init();
 
 	/* RIP related initialization. */

vtysh/vtysh.h

@@ -75,7 +75,7 @@ extern struct event_loop *master;
 		VTYSH_VRRPD | VTYSH_MGMTD
 #define VTYSH_INTERFACE VTYSH_INTERFACE_SUBSET | VTYSH_BGPD
 #define VTYSH_VRF	VTYSH_INTERFACE_SUBSET | VTYSH_BGPD
-#define VTYSH_KEYS VTYSH_RIPD | VTYSH_EIGRPD | VTYSH_OSPF6D | VTYSH_OSPFD
+#define VTYSH_KEYS VTYSH_MGMTD | VTYSH_EIGRPD | VTYSH_OSPF6D | VTYSH_OSPFD
 /* Daemons who can process nexthop-group configs */
 #define VTYSH_NH_GROUP    VTYSH_PBRD|VTYSH_SHARPD
 #define VTYSH_SR          VTYSH_ZEBRA|VTYSH_PATHD

zebra/zebra_nb_state.c

@@ -548,7 +548,7 @@ struct yang_data *lib_vrf_zebra_ribs_rib_route_route_entry_uptime_get_elem(
 {
 	struct route_entry *re = (struct route_entry *)args->list_entry;
 
-	return yang_data_new_date_and_time(args->xpath, re->uptime);
+	return yang_data_new_date_and_time(args->xpath, re->uptime, true);
 }
 
 /*