Add LISP MAC SHA1 and SHA256 authentication mechanisms
Change-Id: Ib699e7b400c85d0c0c22e312de56b90e1c7dad7b
diff --git a/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/LispAuthenticationFactory.java b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/LispAuthenticationFactory.java
new file mode 100644
index 0000000..5866e3d
--- /dev/null
+++ b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/LispAuthenticationFactory.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2016-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.lisp.msg.authentication;
+
+/**
+ * A factory class that returns LISP authentication instance.
+ */
+public final class LispAuthenticationFactory {
+
+ /**
+ * Obtains a factory singleton instance.
+ *
+ * @return factory singleton instance
+ */
+ public static LispAuthenticationFactory getInstance() {
+ return SingletonHelper.INSTANCE;
+ }
+
+ /**
+ * Generates a new authentication data with given authentication key and
+ * authentication type.
+ *
+ * @param authType authentication key type
+ * @param authKey authentication key string
+ * @return authentication data
+ */
+ public byte[] createAuthenticationData(LispAuthenticationKeyEnum authType,
+ String authKey) {
+ LispMacAuthentication macAuth = new LispMacAuthentication(authType);
+ int authLength;
+ byte[] authData;
+ switch (authType) {
+ case SHA1:
+ case SHA256:
+ authLength = macAuth.getAuthenticationLength();
+ authData = macAuth.getAuthenticationData(authKey, new byte[authLength]);
+ break;
+ case NONE:
+ case UNKNOWN:
+ default:
+ authData = macAuth.getAuthenticationData();
+ break;
+ }
+ return authData;
+ }
+
+ /**
+ * Prevents object instantiation from external.
+ */
+ private LispAuthenticationFactory() {
+ }
+
+ private static class SingletonHelper {
+ private static final LispAuthenticationFactory INSTANCE =
+ new LispAuthenticationFactory();
+ }
+}
diff --git a/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/LispAuthenticationKeyEnum.java b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/LispAuthenticationKeyEnum.java
new file mode 100644
index 0000000..ecf6c8e
--- /dev/null
+++ b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/LispAuthenticationKeyEnum.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2016-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.lisp.msg.authentication;
+
+/**
+ * Authentication key enumeration class.
+ *
+ * By far, LISP also support two types of MAC authentication which are
+ * HMAC-SHA-1-96 and HMAC-SHA-256-128.
+ *
+ * https://tools.ietf.org/html/rfc6830#page-39
+ */
+public enum LispAuthenticationKeyEnum {
+
+ /** No authentication. */
+ NONE(0, null),
+
+ /** HMAC SHA1 encryption. */
+ SHA1(1, "HmacSHA1"),
+
+ /** HMAC SHA256 encryption. */
+ SHA256(2, "HmacSHA256"),
+
+ /** Unsupported authentication type. */
+ UNKNOWN(-1, "UNKNOWN");
+
+ private short keyId;
+ private String name;
+
+ LispAuthenticationKeyEnum(int keyId, String name) {
+ this.keyId = (short) keyId;
+ this.name = name;
+ }
+
+ /**
+ * Obtains authentication key identifier.
+ *
+ * @return authentication key identifier
+ */
+ public short getKeyId() {
+ return keyId;
+ }
+
+ /**
+ * Obtains authentication name.
+ *
+ * @return authentication name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Obtains LISP authentication key enum by providing key identifier.
+ *
+ * @param keyId LISP authentication key identifier
+ * @return LISP authentication key enum
+ */
+ public static LispAuthenticationKeyEnum valueOf(short keyId) {
+ for (LispAuthenticationKeyEnum val : values()) {
+ if (val.getKeyId() == keyId) {
+ return val;
+ }
+ }
+ return UNKNOWN;
+ }
+}
diff --git a/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/LispMacAuthentication.java b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/LispMacAuthentication.java
new file mode 100644
index 0000000..905fe46
--- /dev/null
+++ b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/LispMacAuthentication.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2016-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.lisp.msg.authentication;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import static org.onosproject.lisp.msg.authentication.LispAuthenticationKeyEnum.SHA1;
+import static org.onosproject.lisp.msg.authentication.LispAuthenticationKeyEnum.SHA256;
+
+/**
+ * LISP MAC authentication utility class.
+ */
+public class LispMacAuthentication {
+
+ private static final Logger log = LoggerFactory.getLogger(LispMacAuthentication.class);
+
+ private String algorithm;
+ private int authenticationLength;
+
+ public LispMacAuthentication(LispAuthenticationKeyEnum authType) {
+
+ if (authType == SHA1 || authType == SHA256) {
+ algorithm = authType.getName();
+ } else {
+ log.warn("Not support provided algorithm {}", authType.getName());
+ return;
+ }
+
+ try {
+ authenticationLength = Mac.getInstance(algorithm).getMacLength();
+ } catch (NoSuchAlgorithmException e) {
+ log.warn("Not support provided algorithm {}", algorithm);
+ }
+ }
+
+ /**
+ * Obtains dummy authentication data.
+ *
+ * @return dummy authentication data
+ */
+ public byte[] getAuthenticationData() {
+ return new byte[0];
+ }
+
+ /**
+ * Obtains authentication data with given key and algorithm.
+ *
+ * @param key authentication key (e.g., EID)
+ * @param data array of byte buffer for place holder
+ * @return authentication data
+ */
+ public byte[] getAuthenticationData(String key, byte[] data) {
+ try {
+ SecretKeySpec signKey = new SecretKeySpec(key.getBytes(), algorithm);
+ Mac mac = Mac.getInstance(algorithm);
+ mac.init(signKey);
+
+ return mac.doFinal(data);
+ } catch (NoSuchAlgorithmException e) {
+ log.warn("Not support provided algorithm {}", algorithm);
+ } catch (InvalidKeyException e) {
+ log.warn("Provided key {} is invalid", key);
+ }
+ return null;
+ }
+
+ /**
+ * Obtains authentication data length.
+ *
+ * @return authentication data length
+ */
+ public int getAuthenticationLength() {
+ return authenticationLength;
+ }
+
+ /**
+ * Obtains authentication algorithm.
+ *
+ * @return authentication algorithm
+ */
+ public String getAlgorithm() {
+ return algorithm;
+ }
+}
diff --git a/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/package-info.java b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/package-info.java
new file mode 100644
index 0000000..fd82389
--- /dev/null
+++ b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/authentication/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * LISP MAC authentication package.
+ */
+package org.onosproject.lisp.msg.authentication;
\ No newline at end of file
diff --git a/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/protocols/DefaultLispMapNotify.java b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/protocols/DefaultLispMapNotify.java
index 8f8934c..79317f8 100644
--- a/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/protocols/DefaultLispMapNotify.java
+++ b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/protocols/DefaultLispMapNotify.java
@@ -276,21 +276,14 @@
// keyId
byteBuf.writeShort(message.getKeyId());
- // authentication data length in octet
- byteBuf.writeShort(message.getAuthDataLength());
-
- // authentication data
- byte[] data = message.getAuthenticationData();
- byte[] clone;
- if (data != null) {
- clone = data.clone();
- Arrays.fill(clone, (byte) UNUSED_ZERO);
+ // authentication data and its length
+ if (message.getAuthenticationData() == null) {
+ byteBuf.writeShort((short) 0);
+ } else {
+ byteBuf.writeShort(message.getAuthenticationData().length);
+ byteBuf.writeBytes(message.getAuthenticationData());
}
- byteBuf.writeBytes(data);
-
- // TODO: need to implement MAC authentication mechanism
-
// serialize map records
MapRecordWriter writer = new MapRecordWriter();
List<LispMapRecord> records = message.getMapRecords();
diff --git a/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/protocols/DefaultLispMapRegister.java b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/protocols/DefaultLispMapRegister.java
index 2d1ff43..b45d1e6 100644
--- a/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/protocols/DefaultLispMapRegister.java
+++ b/protocols/lisp/msg/src/main/java/org/onosproject/lisp/msg/protocols/DefaultLispMapRegister.java
@@ -340,21 +340,14 @@
// keyId
byteBuf.writeShort(message.getKeyId());
- // authentication data length in octet
- byteBuf.writeShort(message.getAuthDataLength());
-
- // authentication data
- byte[] data = message.getAuthenticationData();
- byte[] clone;
- if (data != null) {
- clone = data.clone();
- Arrays.fill(clone, (byte) UNUSED_ZERO);
+ // authentication data and its length
+ if (message.getAuthenticationData() == null) {
+ byteBuf.writeShort((short) 0);
+ } else {
+ byteBuf.writeShort(message.getAuthenticationData().length);
+ byteBuf.writeBytes(message.getAuthenticationData());
}
- byteBuf.writeBytes(data);
-
- // TODO: need to implement MAC authentication mechanism
-
// serialize map records
MapRecordWriter writer = new MapRecordWriter();
List<LispMapRecord> records = message.getMapRecords();
diff --git a/protocols/lisp/msg/src/test/java/org/onosproject/lisp/msg/authentication/LispAuthenticationTest.java b/protocols/lisp/msg/src/test/java/org/onosproject/lisp/msg/authentication/LispAuthenticationTest.java
new file mode 100644
index 0000000..a68d529
--- /dev/null
+++ b/protocols/lisp/msg/src/test/java/org/onosproject/lisp/msg/authentication/LispAuthenticationTest.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2016-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.lisp.msg.authentication;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
+import static org.onosproject.lisp.msg.authentication.LispAuthenticationKeyEnum.*;
+
+/**
+ * Test case for LISP authentication.
+ */
+public class LispAuthenticationTest {
+
+ private LispAuthenticationFactory factory;
+
+ @Before
+ public void setup() {
+ factory = LispAuthenticationFactory.getInstance();
+ }
+
+ @Test
+ public void testAuthData() {
+
+ String authKey = "testKey";
+ byte[] noneAuthData = factory.createAuthenticationData(NONE, authKey);
+ byte[] unknownAuthData = factory.createAuthenticationData(UNKNOWN, authKey);
+ byte[] sha1AuthData = factory.createAuthenticationData(SHA1, authKey);
+ byte[] sha256AuthData = factory.createAuthenticationData(SHA256, authKey);
+
+ assertThat(noneAuthData, is(new byte[0]));
+ assertThat(unknownAuthData, is(new byte[0]));
+ assertThat(sha1AuthData.length, is(20));
+ assertThat(sha256AuthData.length, is(32));
+ }
+}