commit 31e16f57b10ebb5c0f98d8dbf779774df342ed03
author Samuel Jero <samuel.jero@ll.mit.edu> Fri Sep 21 10:34:28 2018 -0400
committer Thomas Vachuska <tom@opennetworking.org> Wed Oct 17 15:59:31 2018 +0000
tree a7ba8ab671228eb24f9e3ec6218bd9ac80f72131
parent e8b28db08622accdb1d1ff503a7084f067d60fc8

Secure LLDP-based Topology Detection

Current LLDP/BDDP-based Topology Detection is vulnerable to the
creation of fake links via forged, modified, or replayed LLDP packets.
This patch fixes this vulnerability by authenticating LLDP/BDDP packets
using a Message Authentication Code and adding a timestamp to prevent
replay. We use HMAC with SHA-256 has our Messge Authentication Code and
derive the key from the config/cluster.json file via the
ClusterMetadata class.

Change-Id: I01dd6edc5cffd6dfe274bcdb97189f2661a6c4f1

core/net/src/main/java/org/onosproject/cluster/impl/ConfigFileBasedClusterMetadataProvider.java

diff --git a/core/net/src/main/java/org/onosproject/cluster/impl/ConfigFileBasedClusterMetadataProvider.java b/core/net/src/main/java/org/onosproject/cluster/impl/ConfigFileBasedClusterMetadataProvider.java
index d5ef232..de7a3e1 100644
--- a/core/net/src/main/java/org/onosproject/cluster/impl/ConfigFileBasedClusterMetadataProvider.java
+++ b/core/net/src/main/java/org/onosproject/cluster/impl/ConfigFileBasedClusterMetadataProvider.java
@@ -119,6 +119,7 @@
                 .stream()
                 .map(this::toPrototype)
                 .collect(Collectors.toSet()));
+        prototype.setClusterSecret(metadata.getClusterSecret());
         return prototype;
     }
 
@@ -274,7 +275,8 @@
                     metadata.getStorage()
                         .stream()
                         .map(node -> new DefaultControllerNode(getNodeId(node), getNodeHost(node), getNodePort(node)))
-                        .collect(Collectors.toSet())),
+                        .collect(Collectors.toSet()),
+                    metadata.getClusterSecret()),
                 version);
         } catch (IOException e) {
             throw new IllegalArgumentException(e);
@@ -307,6 +309,7 @@
         private NodePrototype node;
         private Set<NodePrototype> controller = Sets.newHashSet();
         private Set<NodePrototype> storage = Sets.newHashSet();
+        private String clusterSecret;
 
         public String getName() {
             return name;
@@ -339,6 +342,14 @@
         public void setStorage(Set<NodePrototype> storage) {
             this.storage = storage;
         }
+
+        public void setClusterSecret(String clusterSecret) {
+            this.clusterSecret = clusterSecret;
+        }
+
+        public String getClusterSecret() {
+            return clusterSecret;
+        }
     }
 
     private static class NodePrototype {
@@ -379,4 +390,4 @@
             this.port = port;
         }
     }
-}
\ No newline at end of file
+}