Nest: Allow specifying security keys as hex bytes as well as strings

Add support for specifying a password in hexadecimal format, The result
is the same whether a password is specified as a quoted string or a
hex-encoded byte string, this just makes it more convenient to input
high-entropy byte strings as MAC keys.

1 files changed, 6 insertions, 1 deletions

diff --git a/doc/bird.sgml b/doc/bird.sgml
index bd1ed7ed..01725128 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -776,7 +776,7 @@ agreement").
 	protocol packets are processed in the local TX queues. This option is
 	Linux specific. Default value is 7 (highest priority, privileged traffic).
 
-	<tag><label id="proto-pass">password "<m/password/" [ { <m>password options</m> } ]</tag>
+	<tag><label id="proto-pass">password "<m/password/" | <m/hex_key/ [ { <m>password options</m> } ] </tag>
 	Specifies a password that can be used by the protocol as a shared secret
 	key. Password option can be used more times to specify more passwords.
 	If more passwords are specified, it is a protocol-dependent decision
@@ -784,6 +784,11 @@ agreement").
 	authentication is enabled, authentication can be enabled by separate,
 	protocol-dependent <cf/authentication/ option.
 
+        A password can also be specified as a hexadecimal key. <m/hex_key/ is a
+        sequence of hexadecimal digit pairs, optionally colon-separated. A key
+        specified this way must be at least 16 bytes (32 digits) long (although
+        specific algorithms can impose other restrictions).
+
 	This option is allowed in BFD, OSPF and RIP protocols. BGP has also
 	<cf/password/ option, but it is slightly different and described
 	separately.