No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Non-TCP Applications of Keychain

Non-TCP Applications of Keychain

Non-TCP applications such as RIP and ISIS can initialize or de-initialize with the Keychain module through the exposed initialization application programming interface (API) provided with Keychain.

When an application needs to send packets, it performs the process shown in the following figure.

Figure 6-1 Process to send packets in Non-TCP application
  1. Through the Keychain API, the application queries Keychain for the active send key-id. When it receives the active key-id, the application constructs the packet data for which a MAC needs to be calculated. Then it sends the packet data to Keychain.
  2. Keychain generates a MAC for the packet data and sends the calculated MAC to the application.
  3. The application formulates a packet with authentication information and sends it out.

When an application receives a packet, it performs the process shown in the following figure.

Figure 6-2 Process to receive packets in Non-TCP application
  • The application extracts the packet authentication information.

  • The application sends the authentication information (Keychain name, packet data, key-id, algorithm type, MAC) to Keychain.

  • Keychain re-calculates a MAC and compares the generated MAC with the received MAC. If the MACs match, Keychain returns a success message to the application. Otherwise, Keychain returns a failure message.

  • The application accepts or rejects the packet based on the Keychain validation.

When an application that does not carry the key-id in the packet, such as ISIS, receives a packet, it performs the following process:

  • The application extracts the authentication information and sends the information (Keychain name, packet data, algorithm type, MAC) to Keychain for validation.
  • Keychain re-calculates the MAC for each active receive key-id and compares them with the MAC received in the packet. If the MACs match, then Success is returned to the application; otherwise, failure is returned to the application.
  • The application accepts or rejects the packet based on the Keychain validation.
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12889

Downloads: 31

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next