forked from openhab/openhab-addons
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add initial support for KNX data secure [WIP], openhab#8872
* add config options for keyring file(s) and password(s) * add initial support for reading secure traffic * add tests for security functions Signed-off-by: Holger Friedrich <[email protected]>
- Loading branch information
1 parent
67f7de1
commit 5bd39be
Showing
10 changed files
with
227 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
98 changes: 98 additions & 0 deletions
98
....binding.knx/src/test/java/org/openhab/binding/knx/internal/security/KNXSecurityTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
/** | ||
* Copyright (c) 2010-2021 Contributors to the openHAB project | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License 2.0 which is available at | ||
* http://www.eclipse.org/legal/epl-2.0 | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
*/ | ||
package org.openhab.binding.knx.internal.security; | ||
|
||
import static org.junit.jupiter.api.Assertions.*; | ||
|
||
import java.net.URL; | ||
import java.util.Map; | ||
|
||
import javax.validation.constraints.NotNull; | ||
|
||
import org.eclipse.jdt.annotation.NonNullByDefault; | ||
import org.junit.jupiter.api.Test; | ||
|
||
import tuwien.auto.calimero.GroupAddress; | ||
import tuwien.auto.calimero.IndividualAddress; | ||
import tuwien.auto.calimero.secure.Keyring; | ||
import tuwien.auto.calimero.secure.Security; | ||
|
||
/** | ||
* | ||
* @author Holger Friedrich - initial contribution | ||
* | ||
* Test KNX security features provided by calimero library. | ||
* | ||
*/ | ||
@NonNullByDefault | ||
public class KNXSecurityTest { | ||
|
||
private void testCalimeroKeyringFile(@NotNull String keyring, @NotNull String password) { | ||
assertNotEquals("", keyring); | ||
final URL testFileUrl = getClass().getClassLoader().getResource(keyring); | ||
assertNotNull(testFileUrl, "keyring file cannot be opened, \"" + keyring + "\""); | ||
final String testFile = testFileUrl.toString(); | ||
|
||
Keyring keys = Keyring.load(testFile); | ||
assertTrue(keys.verifySignature(password.toCharArray())); | ||
|
||
// System.out.println(keys.devices().toString()); | ||
// System.out.println(keys.groups().toString()); | ||
// System.out.println(keys.interfaces().toString()); | ||
|
||
assertEquals(2, keys.devices().size()); | ||
assertEquals(3, keys.groups().size()); | ||
assertEquals(1, keys.interfaces().size()); | ||
|
||
IndividualAddress pa = new IndividualAddress(1, 2, 72); | ||
Keyring.Device dev = keys.devices().get(pa); | ||
// not a proper check this for dummy test file, needs real device to be included | ||
// assertNotEquals(0, dev.sequenceNumber()); | ||
assertEquals(0, dev.sequenceNumber()); | ||
|
||
GroupAddress ga = new GroupAddress(8, 0, 0); | ||
byte[] key800enc = keys.groups().get(ga); | ||
assertNotEquals(0, key800enc.length); | ||
byte[] key800dec = keys.decryptKey(key800enc, password.toCharArray()); | ||
assertEquals(16, key800dec.length); | ||
|
||
// Calimero uses _one_ static map to store all keys: "defaultInstallation". | ||
// For the test, use separate instances to allow testing different input files. | ||
Security secInstance = Security.newSecurity(); | ||
secInstance.useKeyring(keys, password.toCharArray()); | ||
Map<GroupAddress, byte[]> groupKeys = secInstance.groupKeys(); | ||
assertEquals(3, groupKeys.size()); | ||
groupKeys.remove(ga); | ||
assertEquals(2, groupKeys.size()); | ||
// reload to add removed GA again | ||
secInstance.useKeyring(keys, password.toCharArray()); | ||
ga = new GroupAddress(1, 0, 0); | ||
groupKeys.put(ga, new byte[1]); | ||
assertEquals(4, groupKeys.size()); | ||
|
||
// now add to Security.defaultInstallation | ||
Security.defaultInstallation().useKeyring(keys, password.toCharArray()); | ||
} | ||
|
||
@Test | ||
public void testCalimero_keyring() { | ||
assertEquals(0, Security.defaultInstallation().groupKeys().size()); | ||
assertEquals(0, Security.defaultInstallation().deviceToolKeys().size()); | ||
|
||
testCalimeroKeyringFile("openhab5.knxkeys", "habopen"); | ||
testCalimeroKeyringFile("openhab6.knxkeys", "habopen"); | ||
|
||
assertNotEquals(0, Security.defaultInstallation().groupKeys().size()); | ||
assertNotEquals(0, Security.defaultInstallation().deviceToolKeys().size()); | ||
} | ||
} |
17 changes: 17 additions & 0 deletions
17
bundles/org.openhab.binding.knx/src/test/resources/openhab5.knxkeys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<Keyring Project="openHAB test" CreatedBy="ETS 5.7.4 (Build 1093)" Created="2020-10-31T06:35:17" Signature="YYyfHr5YuutGoK9bOPLcGg==" xmlns="http://knx.org/xml/keyring/1"> | ||
<Backbone MulticastAddress="224.0.23.12" Latency="2000" Key="480bQt90oCDjByEZwzxi8A==" /> | ||
<Interface Type="Backbone" IndividualAddress="1.0.128"> | ||
<Group Address="16384" Senders="1.2.72" /> | ||
<Group Address="17408" Senders="1.2.72" /> | ||
</Interface> | ||
<GroupAddresses> | ||
<Group Address="16384" Key="kIhS9Tv+cR0pNJoIIyhByg==" /> | ||
<Group Address="17408" Key="OSwUn/dq/Mn+phMCZuU5ww==" /> | ||
<Group Address="17409" Key="V0xUCUr4Ft6qqF6UffraMA==" /> | ||
</GroupAddresses> | ||
<Devices> | ||
<Device IndividualAddress="1.0.128" ToolKey="dY1PEXGT7EA8ZrPne2Msaw==" ManagementPassword="aRlmkq2B3UOoWiMen5eHkrDRuw8sSGLZTlIP/uqHmV8=" Authentication="PrC1PZ5yDQ+5TCfbwTkuc0Ci8f+bxt1Ej1LZVfv0yNA=" /> | ||
<Device IndividualAddress="1.2.72" ToolKey="7tKHLiig7Uxv1mOUc85mdA==" /> | ||
</Devices> | ||
</Keyring> |
17 changes: 17 additions & 0 deletions
17
bundles/org.openhab.binding.knx/src/test/resources/openhab6.knxkeys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<Keyring Project="openHAB test" CreatedBy="6.0.0" Created="2021-11-22T08:00:40" Signature="PuosqSdHUmHiGOELSvL13g==" xmlns="http://knx.org/xml/keyring/1"> | ||
<Backbone MulticastAddress="224.0.23.12" Latency="2000" Key="k9ss2OZ9vcjVjQs2glccKQ==" /> | ||
<Interface IndividualAddress="1.0.128" Type="Backbone"> | ||
<Group Address="16384" Senders="1.2.72" /> | ||
<Group Address="17408" Senders="1.2.72" /> | ||
</Interface> | ||
<GroupAddresses> | ||
<Group Address="16384" Key="yIY7WF/Gb7E0lTAKsUDIpA==" /> | ||
<Group Address="17408" Key="U3plS6TawMuiMXmmRv+yKw==" /> | ||
<Group Address="17409" Key="Wb4wZnY0XGmc2CGV3lzgNg==" /> | ||
</GroupAddresses> | ||
<Devices> | ||
<Device IndividualAddress="1.0.128" ToolKey="1h9EQZII1/oDyF9S1zjQZA==" ManagementPassword="Hg1lYsFViqfDamBaS7zX9hB/6YcC+/gSYLAjC522cXE=" Authentication="hFeR7Gnr0tMJN+AY/eSWKWLbOh3C7OjVELaL+Y52LEo=" /> | ||
<Device IndividualAddress="1.2.72" ToolKey="yybKPPqZffrhxWX7laF0sA==" /> | ||
</Devices> | ||
</Keyring> |