Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
P
Proto Kms
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Deploy
Package registry
Container registry
Model registry
Operate
Terraform modules
Analyze
Contributor analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
danet
Proto Kms
Commits
0f790f2a
Commit
0f790f2a
authored
1 year ago
by
Malte Bauch
Browse files
Options
Downloads
Patches
Plain Diff
Add crypto algo aes
parent
79a9c592
Branches
Branches containing commit
No related tags found
1 merge request
!14
Add a proof of concept for routing
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
kms/crypto.go
+63
-0
63 additions, 0 deletions
kms/crypto.go
kms/kmsintercom.go
+11
-8
11 additions, 8 deletions
kms/kmsintercom.go
kms/kmspeers.go
+14
-8
14 additions, 8 deletions
kms/kmspeers.go
with
88 additions
and
16 deletions
kms/crypto.go
0 → 100644
+
63
−
0
View file @
0f790f2a
package
kms
import
(
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"errors"
"io"
)
type
CryptoAlgorithm
interface
{
Encrypt
(
plaintext
[]
byte
,
key
[]
byte
)
([]
byte
,
error
)
Decrypt
(
ciphertext
[]
byte
,
key
[]
byte
)
([]
byte
,
error
)
}
// AES.
type
AES
struct
{
}
func
NewAES
()
*
AES
{
return
&
AES
{}
}
// Implementation is from:
// https://astaxie.gitbooks.io/build-web-application-with-golang/content/en/09.6.html
func
(
a
*
AES
)
Encrypt
(
plaintext
[]
byte
,
key
[]
byte
)
([]
byte
,
error
)
{
c
,
err
:=
aes
.
NewCipher
(
key
)
if
err
!=
nil
{
return
nil
,
err
}
gcm
,
err
:=
cipher
.
NewGCM
(
c
)
if
err
!=
nil
{
return
nil
,
err
}
nonce
:=
make
([]
byte
,
gcm
.
NonceSize
())
if
_
,
err
=
io
.
ReadFull
(
rand
.
Reader
,
nonce
);
err
!=
nil
{
return
nil
,
err
}
return
gcm
.
Seal
(
nonce
,
nonce
,
plaintext
,
nil
),
nil
}
func
(
a
*
AES
)
Decrypt
(
ciphertext
[]
byte
,
key
[]
byte
)
([]
byte
,
error
)
{
c
,
err
:=
aes
.
NewCipher
(
key
)
if
err
!=
nil
{
return
nil
,
err
}
gcm
,
err
:=
cipher
.
NewGCM
(
c
)
if
err
!=
nil
{
return
nil
,
err
}
nonceSize
:=
gcm
.
NonceSize
()
if
len
(
ciphertext
)
<
nonceSize
{
return
nil
,
errors
.
New
(
"ciphertext is too short"
)
}
nonce
,
ciphertext
:=
ciphertext
[
:
nonceSize
],
ciphertext
[
nonceSize
:
]
return
gcm
.
Open
(
nil
,
nonce
,
ciphertext
,
nil
)
}
This diff is collapsed.
Click to expand it.
kms/kmsintercom.go
+
11
−
8
View file @
0f790f2a
...
@@ -6,7 +6,6 @@ import (
...
@@ -6,7 +6,6 @@ import (
"flag"
"flag"
"fmt"
"fmt"
"net"
"net"
"strings"
"time"
"time"
"github.com/google/uuid"
"github.com/google/uuid"
...
@@ -89,7 +88,6 @@ func (s *kmsTalkerServer) InterComTransportKeyNegotiation(ctx context.Context, i
...
@@ -89,7 +88,6 @@ func (s *kmsTalkerServer) InterComTransportKeyNegotiation(ctx context.Context, i
// return nil, status.Errorf(codes.Internal, "A transport key for pathID: %s has already been negotiated.", in.PathID)
// return nil, status.Errorf(codes.Internal, "A transport key for pathID: %s has already been negotiated.", in.PathID)
//}
//}
// NOTE: QuantumElement will be changed to use one keyStore
quantumElementRemoteKeyStore
:=
route
.
Previous
.
servingQLE
.
keyStorePeer
quantumElementRemoteKeyStore
:=
route
.
Previous
.
servingQLE
.
keyStorePeer
key
,
ok
:=
quantumElementRemoteKeyStore
.
keyStore
[
keyID
]
key
,
ok
:=
quantumElementRemoteKeyStore
.
keyStore
[
keyID
]
...
@@ -118,18 +116,23 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
...
@@ -118,18 +116,23 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
return
nil
,
status
.
Errorf
(
codes
.
Internal
,
"There is no route for the given pathID: %s ."
,
in
.
PathId
)
return
nil
,
status
.
Errorf
(
codes
.
Internal
,
"There is no route for the given pathID: %s ."
,
in
.
PathId
)
}
}
// TODO: decrypt payload with key
payloadAsByte
,
err
:=
base64
.
StdEncoding
.
DecodeString
(
in
.
Payload
)
decryptKeyAsString
:=
base64
.
StdEncoding
.
EncodeToString
(
decryptKey
.
key
)
if
err
!=
nil
{
log
.
Infof
(
"The eKMS: %s uses decryptKeyAsString: %s"
,
s
.
eKMS
.
kmsName
,
decryptKeyAsString
)
return
nil
,
status
.
Errorf
(
codes
.
Internal
,
"%s"
,
err
)
decryptedPayload
:=
strings
.
Replace
(
in
.
Payload
,
fmt
.
Sprintf
(
"...%s"
,
decryptKeyAsString
),
""
,
1
)
}
decryptedPayload
,
err
:=
route
.
Previous
.
et
.
Decrypt
(
payloadAsByte
,
decryptKey
.
key
)
if
err
!=
nil
{
return
nil
,
status
.
Errorf
(
codes
.
Internal
,
"%s"
,
err
)
}
log
.
Infof
(
"The eKMS: %s received the Payload: %s"
,
s
.
eKMS
.
kmsName
,
decryptedPayload
)
log
.
Infof
(
"The eKMS: %s received the Payload: %s"
,
s
.
eKMS
.
kmsName
,
decryptedPayload
)
if
route
.
Next
!=
nil
{
if
route
.
Next
!=
nil
{
log
.
Info
(
"SEEEENDING: "
,
s
.
eKMS
.
kmsName
)
log
.
Info
(
"SEEEENDING: "
,
s
.
eKMS
.
kmsName
)
go
route
.
Next
.
SendPayload
(
[]
byte
(
decryptedPayload
)
,
pathId
)
go
route
.
Next
.
SendPayload
(
decryptedPayload
,
pathId
)
}
else
{
}
else
{
fmt
.
Println
(
"THE DECRYPTED PAYLOAD: "
,
decryptedPayload
)
fmt
.
Println
(
"THE DECRYPTED PAYLOAD: "
,
string
(
decryptedPayload
)
)
}
}
return
&
pb
.
KeyForwardingResponse
{
Timestamp
:
time
.
Now
()
.
Unix
()},
nil
return
&
pb
.
KeyForwardingResponse
{
Timestamp
:
time
.
Now
()
.
Unix
()},
nil
...
...
This diff is collapsed.
Click to expand it.
kms/kmspeers.go
+
14
−
8
View file @
0f790f2a
...
@@ -38,9 +38,10 @@ type kmsPeer struct {
...
@@ -38,9 +38,10 @@ type kmsPeer struct {
servingQLE
*
QuantumElement
servingQLE
*
QuantumElement
tcpSocket
net
.
TCPAddr
// the IP address and TCP port (aka socket) of the kms peer
tcpSocket
net
.
TCPAddr
// the IP address and TCP port (aka socket) of the kms peer
tcpSocketStr
string
// string rep. of tcpSocket
tcpSocketStr
string
// string rep. of tcpSocket
name
string
// the name of the kms peer
et
CryptoAlgorithm
id
uuid
.
UUID
// uuid of the peer
name
string
// the name of the kms peer
quit
chan
bool
// cancel the peer goroutine
id
uuid
.
UUID
// uuid of the peer
quit
chan
bool
// cancel the peer goroutine
}
}
func
NewKmsPeer
(
servQLE
*
QuantumElement
,
tcpSocketStr
string
,
in
chan
string
)
(
peer
*
kmsPeer
,
err
error
)
{
func
NewKmsPeer
(
servQLE
*
QuantumElement
,
tcpSocketStr
string
,
in
chan
string
)
(
peer
*
kmsPeer
,
err
error
)
{
...
@@ -56,6 +57,7 @@ func NewKmsPeer(servQLE *QuantumElement, tcpSocketStr string, in chan string) (p
...
@@ -56,6 +57,7 @@ func NewKmsPeer(servQLE *QuantumElement, tcpSocketStr string, in chan string) (p
peerStatus
:
KmsPeerUnknown
,
peerStatus
:
KmsPeerUnknown
,
servingQLE
:
servQLE
,
servingQLE
:
servQLE
,
tcpSocketStr
:
tcpSocketStr
,
tcpSocketStr
:
tcpSocketStr
,
et
:
NewAES
(),
id
:
uuid
.
New
(),
id
:
uuid
.
New
(),
quit
:
make
(
chan
bool
),
quit
:
make
(
chan
bool
),
},
nil
},
nil
...
@@ -234,17 +236,21 @@ func (ph *kmsPeer) SendPayload(payload []byte, pathId uuid.UUID) error {
...
@@ -234,17 +236,21 @@ func (ph *kmsPeer) SendPayload(payload []byte, pathId uuid.UUID) error {
// TODO: would be better to update the index counter here (to keep it
// TODO: would be better to update the index counter here (to keep it
// synchronized).
// synchronized).
// TODO: encrypt payload with key
encryptedPayload
,
err
:=
ph
.
et
.
Encrypt
(
payload
,
key
.
key
)
keyAsString
:=
base64
.
StdEncoding
.
EncodeToString
(
key
.
key
)
if
err
!=
nil
{
encryptedPayload
:=
func
()
string
{
return
fmt
.
Sprintf
(
"%s...%s"
,
string
(
payload
),
keyAsString
)
}
return
err
log
.
Infof
(
"Sent encrypted Payload: %s"
,
encryptedPayload
())
}
encryptedPayloadAsString
:=
base64
.
StdEncoding
.
EncodeToString
(
encryptedPayload
)
log
.
Infof
(
"Sent encrypted Payload: %s"
,
encryptedPayloadAsString
)
ctx2
,
cancel2
:=
context
.
WithTimeout
(
context
.
Background
(),
time
.
Second
)
ctx2
,
cancel2
:=
context
.
WithTimeout
(
context
.
Background
(),
time
.
Second
)
defer
cancel2
()
defer
cancel2
()
_
,
err
=
ph
.
peerClient
.
KeyForwarding
(
ctx2
,
&
pbIC
.
KeyForwardingRequest
{
_
,
err
=
ph
.
peerClient
.
KeyForwarding
(
ctx2
,
&
pbIC
.
KeyForwardingRequest
{
Timestamp
:
time
.
Now
()
.
Unix
(),
Timestamp
:
time
.
Now
()
.
Unix
(),
PathId
:
pathId
.
String
(),
PathId
:
pathId
.
String
(),
Payload
:
encryptedPayload
()
,
Payload
:
encryptedPayload
AsString
,
})
})
if
err
!=
nil
{
if
err
!=
nil
{
return
err
return
err
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment