Skip to content
Snippets Groups Projects
Commit 0f790f2a authored by Malte Bauch's avatar Malte Bauch
Browse files

Add crypto algo aes

parent 79a9c592
Branches
No related tags found
1 merge request!14Add a proof of concept for routing
package kms
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"errors"
"io"
)
type CryptoAlgorithm interface {
Encrypt(plaintext []byte, key []byte) ([]byte, error)
Decrypt(ciphertext []byte, key []byte) ([]byte, error)
}
// AES.
type AES struct {
}
func NewAES() *AES {
return &AES{}
}
// Implementation is from:
// https://astaxie.gitbooks.io/build-web-application-with-golang/content/en/09.6.html
func (a *AES) Encrypt(plaintext []byte, key []byte) ([]byte, error) {
c, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(c)
if err != nil {
return nil, err
}
nonce := make([]byte, gcm.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
return nil, err
}
return gcm.Seal(nonce, nonce, plaintext, nil), nil
}
func (a *AES) Decrypt(ciphertext []byte, key []byte) ([]byte, error) {
c, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(c)
if err != nil {
return nil, err
}
nonceSize := gcm.NonceSize()
if len(ciphertext) < nonceSize {
return nil, errors.New("ciphertext is too short")
}
nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
return gcm.Open(nil, nonce, ciphertext, nil)
}
...@@ -6,7 +6,6 @@ import ( ...@@ -6,7 +6,6 @@ import (
"flag" "flag"
"fmt" "fmt"
"net" "net"
"strings"
"time" "time"
"github.com/google/uuid" "github.com/google/uuid"
...@@ -89,7 +88,6 @@ func (s *kmsTalkerServer) InterComTransportKeyNegotiation(ctx context.Context, i ...@@ -89,7 +88,6 @@ func (s *kmsTalkerServer) InterComTransportKeyNegotiation(ctx context.Context, i
// return nil, status.Errorf(codes.Internal, "A transport key for pathID: %s has already been negotiated.", in.PathID) // return nil, status.Errorf(codes.Internal, "A transport key for pathID: %s has already been negotiated.", in.PathID)
//} //}
// NOTE: QuantumElement will be changed to use one keyStore
quantumElementRemoteKeyStore := route.Previous.servingQLE.keyStorePeer quantumElementRemoteKeyStore := route.Previous.servingQLE.keyStorePeer
key, ok := quantumElementRemoteKeyStore.keyStore[keyID] key, ok := quantumElementRemoteKeyStore.keyStore[keyID]
...@@ -118,18 +116,23 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin ...@@ -118,18 +116,23 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
return nil, status.Errorf(codes.Internal, "There is no route for the given pathID: %s .", in.PathId) return nil, status.Errorf(codes.Internal, "There is no route for the given pathID: %s .", in.PathId)
} }
// TODO: decrypt payload with key payloadAsByte, err := base64.StdEncoding.DecodeString(in.Payload)
decryptKeyAsString := base64.StdEncoding.EncodeToString(decryptKey.key) if err != nil {
log.Infof("The eKMS: %s uses decryptKeyAsString: %s", s.eKMS.kmsName, decryptKeyAsString) return nil, status.Errorf(codes.Internal, "%s", err)
decryptedPayload := strings.Replace(in.Payload, fmt.Sprintf("...%s", decryptKeyAsString), "", 1) }
decryptedPayload, err := route.Previous.et.Decrypt(payloadAsByte, decryptKey.key)
if err != nil {
return nil, status.Errorf(codes.Internal, "%s", err)
}
log.Infof("The eKMS: %s received the Payload: %s", s.eKMS.kmsName, decryptedPayload) log.Infof("The eKMS: %s received the Payload: %s", s.eKMS.kmsName, decryptedPayload)
if route.Next != nil { if route.Next != nil {
log.Info("SEEEENDING: ", s.eKMS.kmsName) log.Info("SEEEENDING: ", s.eKMS.kmsName)
go route.Next.SendPayload([]byte(decryptedPayload), pathId) go route.Next.SendPayload(decryptedPayload, pathId)
} else { } else {
fmt.Println("THE DECRYPTED PAYLOAD: ", decryptedPayload) fmt.Println("THE DECRYPTED PAYLOAD: ", string(decryptedPayload))
} }
return &pb.KeyForwardingResponse{Timestamp: time.Now().Unix()}, nil return &pb.KeyForwardingResponse{Timestamp: time.Now().Unix()}, nil
......
...@@ -38,9 +38,10 @@ type kmsPeer struct { ...@@ -38,9 +38,10 @@ type kmsPeer struct {
servingQLE *QuantumElement servingQLE *QuantumElement
tcpSocket net.TCPAddr // the IP address and TCP port (aka socket) of the kms peer tcpSocket net.TCPAddr // the IP address and TCP port (aka socket) of the kms peer
tcpSocketStr string // string rep. of tcpSocket tcpSocketStr string // string rep. of tcpSocket
name string // the name of the kms peer et CryptoAlgorithm
id uuid.UUID // uuid of the peer name string // the name of the kms peer
quit chan bool // cancel the peer goroutine id uuid.UUID // uuid of the peer
quit chan bool // cancel the peer goroutine
} }
func NewKmsPeer(servQLE *QuantumElement, tcpSocketStr string, in chan string) (peer *kmsPeer, err error) { func NewKmsPeer(servQLE *QuantumElement, tcpSocketStr string, in chan string) (peer *kmsPeer, err error) {
...@@ -56,6 +57,7 @@ func NewKmsPeer(servQLE *QuantumElement, tcpSocketStr string, in chan string) (p ...@@ -56,6 +57,7 @@ func NewKmsPeer(servQLE *QuantumElement, tcpSocketStr string, in chan string) (p
peerStatus: KmsPeerUnknown, peerStatus: KmsPeerUnknown,
servingQLE: servQLE, servingQLE: servQLE,
tcpSocketStr: tcpSocketStr, tcpSocketStr: tcpSocketStr,
et: NewAES(),
id: uuid.New(), id: uuid.New(),
quit: make(chan bool), quit: make(chan bool),
}, nil }, nil
...@@ -234,17 +236,21 @@ func (ph *kmsPeer) SendPayload(payload []byte, pathId uuid.UUID) error { ...@@ -234,17 +236,21 @@ func (ph *kmsPeer) SendPayload(payload []byte, pathId uuid.UUID) error {
// TODO: would be better to update the index counter here (to keep it // TODO: would be better to update the index counter here (to keep it
// synchronized). // synchronized).
// TODO: encrypt payload with key encryptedPayload, err := ph.et.Encrypt(payload, key.key)
keyAsString := base64.StdEncoding.EncodeToString(key.key) if err != nil {
encryptedPayload := func() string { return fmt.Sprintf("%s...%s", string(payload), keyAsString) } return err
log.Infof("Sent encrypted Payload: %s", encryptedPayload()) }
encryptedPayloadAsString := base64.StdEncoding.EncodeToString(encryptedPayload)
log.Infof("Sent encrypted Payload: %s", encryptedPayloadAsString)
ctx2, cancel2 := context.WithTimeout(context.Background(), time.Second) ctx2, cancel2 := context.WithTimeout(context.Background(), time.Second)
defer cancel2() defer cancel2()
_, err = ph.peerClient.KeyForwarding(ctx2, &pbIC.KeyForwardingRequest{ _, err = ph.peerClient.KeyForwarding(ctx2, &pbIC.KeyForwardingRequest{
Timestamp: time.Now().Unix(), Timestamp: time.Now().Unix(),
PathId: pathId.String(), PathId: pathId.String(),
Payload: encryptedPayload(), Payload: encryptedPayloadAsString,
}) })
if err != nil { if err != nil {
return err return err
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment