From 7645a98e4c92a20d45a8a1417db498db1b075080 Mon Sep 17 00:00:00 2001 From: Tibor Král Date: Fri, 18 Jan 2019 16:54:28 +0100 Subject: Update IPSec writers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix data_len fields in api messages - Add enum for authentication types Change-Id: I266bb096488b41d4e97b6fa4c5a557b71925be77 Signed-off-by: Tibor Král --- .../java/io/fd/hc2vpp/ipsec/dto/AuthMethod.java | 32 ++++++++++++++++++++++ .../hc2vpp/ipsec/write/Ikev2PolicyCustomizer.java | 8 ++++-- .../ipsec/write/Ikev2PolicyIdentityCustomizer.java | 1 + .../ipsec/write/IpsecSadEntryCustomizer.java | 3 ++ .../ipsec/write/Ikev2PolicyCustomizerTest.java | 7 +++-- .../write/Ikev2PolicyIdentityCustomizerTest.java | 4 +++ .../ipsec/write/IpsecSadEntryCustomizerTest.java | 3 ++ 7 files changed, 54 insertions(+), 4 deletions(-) create mode 100644 ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/dto/AuthMethod.java diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/dto/AuthMethod.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/dto/AuthMethod.java new file mode 100644 index 000000000..9131d14e0 --- /dev/null +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/dto/AuthMethod.java @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2019 PANTHEON.tech. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.ipsec.dto; + +public enum AuthMethod { + RSA_SIG((byte) 1), + SHARED_KEY_MIC((byte) 2); + + private final byte value; + + AuthMethod(final byte method) { + this.value = method; + } + + public byte getValue() { + return value; + } +} diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizer.java index 300ea6b8e..6cb37329c 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizer.java @@ -20,6 +20,7 @@ import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; import io.fd.hc2vpp.common.translate.util.FutureJVppCustomizer; import io.fd.hc2vpp.common.translate.util.Ipv4Translator; import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; +import io.fd.hc2vpp.ipsec.dto.AuthMethod; import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer; import io.fd.honeycomb.translate.write.WriteContext; import io.fd.honeycomb.translate.write.WriteFailedException; @@ -137,7 +138,9 @@ public class Ikev2PolicyCustomizer extends FutureJVppCustomizer Ikev2ProfileSetAuth request = new Ikev2ProfileSetAuth(); request.name = name.getBytes(); request.data = fileName.getBytes(); - request.authMethod = BYTE_TRUE; + request.dataLen = request.data.length; + request.isHex = BYTE_FALSE; + request.authMethod = AuthMethod.RSA_SIG.getValue(); getReplyForWrite(getFutureJVpp().ikev2ProfileSetAuth(request).toCompletableFuture(), id); } @@ -145,11 +148,12 @@ public class Ikev2PolicyCustomizer extends FutureJVppCustomizer final IkeGeneralPolicyProfileGrouping.PreSharedKey preSharedKey, final InstanceIdentifier id) throws WriteFailedException { final Ikev2ProfileSetAuth request = new Ikev2ProfileSetAuth(); - request.authMethod = BYTE_FALSE; + request.authMethod = AuthMethod.SHARED_KEY_MIC.getValue(); if (preSharedKey.getHexString() != null) { request.isHex = BYTE_TRUE; } request.data = preSharedKey.stringValue().getBytes(); + request.dataLen = request.data.length; request.name = name.getBytes(); getReplyForWrite(getFutureJVpp().ikev2ProfileSetAuth(request).toCompletableFuture(), id); } diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyIdentityCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyIdentityCustomizer.java index 4c11f1633..f6b100c54 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyIdentityCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyIdentityCustomizer.java @@ -93,6 +93,7 @@ public class Ikev2PolicyIdentityCustomizer extends FutureJVppCustomizer request.idType = 5; request.data = ipv6AddressNoZoneToArray(((Ipv6Address) identityData).getIpv6Address()); } + request.dataLen = request.data.length; } @Override diff --git a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java index d7bbee32d..c29137d26 100644 --- a/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java +++ b/ipsec/ipsec-impl/src/main/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizer.java @@ -153,6 +153,7 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer return; } targetEntry.integrityKey = integKey.getBytes(); + targetEntry.integrityKeyLength = (byte) integKey.getBytes().length; } } @@ -174,6 +175,7 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer return; } targetEntry.integrityKey = integKey.getBytes(); + targetEntry.integrityKeyLength = (byte) integKey.getBytes().length; } } @@ -199,6 +201,7 @@ public class IpsecSadEntryCustomizer extends FutureJVppCustomizer return; } targetEntry.cryptoKey = cryptoKey.getBytes(); + targetEntry.cryptoKeyLength = (byte) cryptoKey.getBytes().length; } } diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizerTest.java index 0c7b65f1b..e2062e56c 100644 --- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizerTest.java +++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyCustomizerTest.java @@ -25,6 +25,7 @@ import io.fd.hc2vpp.common.test.write.WriterCustomizerTest; import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; import io.fd.hc2vpp.common.translate.util.Ipv4Translator; import io.fd.hc2vpp.common.translate.util.Ipv6Translator; +import io.fd.hc2vpp.ipsec.dto.AuthMethod; import io.fd.hc2vpp.ipsec.helpers.SchemaContextTestHelper; import io.fd.honeycomb.test.tools.HoneycombTestRunner; import io.fd.honeycomb.test.tools.annotations.InjectTestData; @@ -149,16 +150,18 @@ public class Ikev2PolicyCustomizerTest extends WriterCustomizerTest implements S if (auth != null) { request.name = policy.getName().getBytes(); if (auth.isPresharedKey() != null && policy.getPreSharedKey() != null) { - request.authMethod = ByteDataTranslator.BYTE_FALSE; + request.authMethod = AuthMethod.SHARED_KEY_MIC.getValue(); if (policy.getPreSharedKey().getHexString() != null) { request.isHex = ByteDataTranslator.BYTE_TRUE; } request.data = policy.getPreSharedKey().stringValue().getBytes(); + request.dataLen = request.data.length; } else if (auth.isRsaSignature() != null) { IpsecIkev2PolicyAugmentation aug = policy.augmentation(IpsecIkev2PolicyAugmentation.class); if (aug != null && aug.getCertificate() != null) { request.data = aug.getCertificate().getBytes(); - request.authMethod = ByteDataTranslator.BYTE_TRUE; + request.dataLen = request.data.length; + request.authMethod = AuthMethod.RSA_SIG.getValue(); } } } diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyIdentityCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyIdentityCustomizerTest.java index bb8f0d762..3f57acdbb 100644 --- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyIdentityCustomizerTest.java +++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/Ikev2PolicyIdentityCustomizerTest.java @@ -69,6 +69,7 @@ public class Ikev2PolicyIdentityCustomizerTest extends WriterCustomizerTest impl request.idType = (byte) 1; request.isLocal = BYTE_TRUE; request.data = ipv4AddressNoZoneToArray(IPV4_TYPE_DATA); + request.dataLen = request.data.length; verify(api).ikev2ProfileSetId(request); } @@ -82,6 +83,7 @@ public class Ikev2PolicyIdentityCustomizerTest extends WriterCustomizerTest impl request.idType = (byte) 2; request.isLocal = BYTE_FALSE; request.data = FQDN_TYPE_DATA.getBytes(); + request.dataLen = request.data.length; verify(api).ikev2ProfileSetId(request); } @@ -95,6 +97,7 @@ public class Ikev2PolicyIdentityCustomizerTest extends WriterCustomizerTest impl request.idType = (byte) 5; request.isLocal = BYTE_FALSE; request.data = ipv6AddressNoZoneToArray(new Ipv6Address(IPV6_TYPE_DATA)); + request.dataLen = request.data.length; verify(api).ikev2ProfileSetId(request); } @@ -109,6 +112,7 @@ public class Ikev2PolicyIdentityCustomizerTest extends WriterCustomizerTest impl request.idType = (byte) 3; request.isLocal = BYTE_TRUE; request.data = RFC822_TYPE_DATA.getBytes(); + request.dataLen = request.data.length; verify(api).ikev2ProfileSetId(request); } diff --git a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java index 912f50f27..e477467db 100644 --- a/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java +++ b/ipsec/ipsec-impl/src/test/java/io/fd/hc2vpp/ipsec/write/IpsecSadEntryCustomizerTest.java @@ -94,7 +94,9 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements request.isTunnel = BYTE_TRUE; request.isTunnelIpv6 = BYTE_FALSE; request.integrityKey = INTEG_KEY.getBytes(); + request.integrityKeyLength = (byte) request.integrityKey.length; request.cryptoKey = CRYPTO_KEY.getBytes(); + request.cryptoKeyLength = (byte) request.cryptoKey.length; request.useAntiReplay = 0; request.tunnelSrcAddress = ipv4AddressNoZoneToArray(TNL_SRC_ADDR); request.tunnelDstAddress = ipv4AddressNoZoneToArray(TNL_DST_ADDR); @@ -158,6 +160,7 @@ public class IpsecSadEntryCustomizerTest extends WriterCustomizerTest implements request.isTunnelIpv6 = BYTE_TRUE; request.integrityAlgorithm = 1; request.integrityKey = INTEG_KEY.getBytes(); + request.integrityKeyLength = (byte) request.integrityKey.length; request.useAntiReplay = BYTE_TRUE; request.tunnelSrcAddress = ipv6AddressNoZoneToArray(Ipv6Address.getDefaultInstance("2001::11")); request.tunnelDstAddress = ipv6AddressNoZoneToArray(Ipv6Address.getDefaultInstance("2001::12")); -- cgit 1.2.3-korg