diff --git a/goKMS/kms/akms/client/client.go b/goKMS/kms/akms/client/client.go
index 7f2d88b3c7292918af07332c3c73b8b78806c686..6a1a075761dbf0bbed68da123d31398447fe8dda 100644
--- a/goKMS/kms/akms/client/client.go
+++ b/goKMS/kms/akms/client/client.go
@@ -5,6 +5,7 @@ import (
"encoding/json"
"net/http"
+ "code.fbi.h-da.de/danet/quant/goKMS/kms/crypto"
"github.com/sirupsen/logrus"
)
@@ -19,17 +20,12 @@ func NewCkmsAkmsClient(url string) *CkmsAkmsClient {
}
type PushKSAKeyRequest struct {
- RequestID string `json:"request_ID"`
- ProcessID string `json:"process_ID"`
- KSAKeys []KSAKey `json:"ksa_keys"`
+ RequestID string `json:"request_ID"`
+ ProcessID string `json:"process_ID"`
+ KSAKeys []crypto.KSAKey `json:"ksa_keys"`
}
-type KSAKey struct {
- KeyID string `json:"key_ID"`
- Key string `json:"key"`
-}
-
-func (c *CkmsAkmsClient) SendKSAKeysToRequestingInstances(requestID string, processID string, ksaKeys []KSAKey) error {
+func (c *CkmsAkmsClient) SendKSAKeysToRequestingInstances(requestID string, processID string, ksaKeys []crypto.KSAKey) error {
pushRequest := PushKSAKeyRequest{
RequestID: requestID,
ProcessID: processID,
diff --git a/goKMS/kms/crypto/utils.go b/goKMS/kms/crypto/utils.go
index 5487f423f639e9415c3a2e7fd8ed66cc8b4a46c9..2f4bab0accb02b6c0b69c753712931cefa3b2748 100644
--- a/goKMS/kms/crypto/utils.go
+++ b/goKMS/kms/crypto/utils.go
@@ -18,6 +18,14 @@ type Key struct {
KeyAsBase64 string
}
+// KSAKey is a stuct that represents a the object delivered to a requesting instance.
+type KSAKey struct {
+ // KeyID is the id of the key.
+ KeyID string `json:"key_ID"`
+ // Key is the key value as Base64.
+ Key string `json:"key"`
+}
+
// Random256BitKey generates a random 256 bit key and returns it as a Key
// struct.
func Random256BitKey() (*Key, error) {
diff --git a/goKMS/etsi/etsi14/client/restclient.go b/goKMS/kms/etsi/etsi14/client/client.go
similarity index 100%
rename from goKMS/etsi/etsi14/client/restclient.go
rename to goKMS/kms/etsi/etsi14/client/client.go
diff --git a/goKMS/etsi/etsi14/etsi14Server/server.go b/goKMS/kms/etsi/etsi14/server/server.go
similarity index 86%
rename from goKMS/etsi/etsi14/etsi14Server/server.go
rename to goKMS/kms/etsi/etsi14/server/server.go
index 94b7750317a25c22c960172c49b1f6a37d821ebb..cfdfd836a07120aea042cefa6bab61276089f7cc 100644
--- a/goKMS/etsi/etsi14/etsi14Server/server.go
+++ b/goKMS/kms/etsi/etsi14/server/server.go
@@ -12,8 +12,7 @@ import (
"time"
restserver "code.fbi.h-da.de/danet/quant/etsi014/go/rest/etsi/server/go"
- "code.fbi.h-da.de/danet/quant/goKMS/kms"
- "code.fbi.h-da.de/danet/quant/goKMS/kms/akms/client"
+ "code.fbi.h-da.de/danet/quant/goKMS/kms/crypto"
"github.com/google/uuid"
"github.com/sirupsen/logrus"
)
@@ -23,33 +22,33 @@ const etsi014RequestID = "etsi014"
type ETSI14RESTService struct {
serviceAddress string
remoteCKMSID uuid.UUID
- kms *kms.KMS
keyStoreMutex sync.RWMutex
keyStore map[string]string
- KeyStoreChannel chan []client.KSAKey
+ KeyStoreChannel chan []crypto.KSAKey
httpServer *http.Server
+ forwardingFunc func(uuid.UUID, int64, string) ([]crypto.KSAKey, error)
}
-func NewETSI14RESTService(serviceAddress string, remoteCKMSID uuid.UUID, kms *kms.KMS) *ETSI14RESTService {
+func NewETSI14RESTService(serviceAddress string, remoteCKMSID uuid.UUID, forwardingFunc func(uuid.UUID, int64, string) ([]crypto.KSAKey, error)) *ETSI14RESTService {
return &ETSI14RESTService{
serviceAddress: serviceAddress,
remoteCKMSID: remoteCKMSID,
- kms: kms,
keyStore: make(map[string]string, 0),
- KeyStoreChannel: make(chan []client.KSAKey, 10),
+ KeyStoreChannel: make(chan []crypto.KSAKey, 10),
+ forwardingFunc: forwardingFunc,
}
}
// Run initiates all the necessities and starts the etsi14 server.
-func Run(etsi14RESTService *ETSI14RESTService) {
+func (s *ETSI14RESTService) Run() {
logrus.Info("Starting ETSI14 server...")
- etsi14APIController := restserver.NewDefaultAPIController(etsi14RESTService)
+ etsi14APIController := restserver.NewDefaultAPIController(s)
router := restserver.NewRouter(etsi14APIController)
- etsi14RESTService.httpServer = &http.Server{
- Addr: etsi14RESTService.serviceAddress,
+ s.httpServer = &http.Server{
+ Addr: s.serviceAddress,
Handler: router,
ReadHeaderTimeout: 15 * time.Second,
ReadTimeout: 15 * time.Second,
@@ -57,7 +56,7 @@ func Run(etsi14RESTService *ETSI14RESTService) {
IdleTimeout: 30 * time.Second,
}
- go etsi14RESTService.startServer()
+ go s.startServer()
ctx, cancel := context.WithCancel(context.Background())
stopChannel := make(chan os.Signal, 1)
@@ -65,17 +64,17 @@ func Run(etsi14RESTService *ETSI14RESTService) {
defer func() {
logrus.Info("Shutting down ETSI14 server...")
- if err := etsi14RESTService.httpServer.Shutdown(ctx); err != nil {
+ if err := s.httpServer.Shutdown(ctx); err != nil {
logrus.Errorf("Error shutting down server: %v", err)
- _ = etsi14RESTService.httpServer.Close()
+ _ = s.httpServer.Close()
return
}
logrus.Info("Gracefully shutdown server completed.")
}()
- logrus.Infof("ETSI14 server running on: %s", etsi14RESTService.serviceAddress)
+ logrus.Infof("ETSI14 server running on: %s", s.serviceAddress)
- go etsi14RESTService.runKeyStoreChannel()
+ go s.runKeyStoreChannel()
<-stopChannel
@@ -206,7 +205,7 @@ func (s *ETSI14RESTService) GetStatus(ctx context.Context, slaveSAEID string) (r
// getKeyContainerFromKeyExchange starts the key exchange using the underlying QKD forwarding and returns the resulting KSA keys.
func (s *ETSI14RESTService) getKeyContainerFromKeyExchange(number int64) (*restserver.KeyContainer, error) {
- keys, err := s.kms.ExchangeKeyAfterETSI14GetKeyRequest(s.remoteCKMSID, number, etsi014RequestID) // Note: we should have a mapping mechanism here to support multiple endpoints in the future
+ keys, err := s.forwardingFunc(s.remoteCKMSID, number, etsi014RequestID) // Note: we should have a mapping mechanism here to support multiple endpoints in the future
if err != nil {
return nil, err
}
@@ -228,14 +227,14 @@ func (s *ETSI14RESTService) getKeyContainerFromKeyExchange(number int64) (*rests
}
// pushKeysToStoreAfterExchange pushes all the KSA keys received on server side to the local key store.
-func (s *ETSI14RESTService) pushKeysToStoreAfterExchange(keys []client.KSAKey) {
+func (s *ETSI14RESTService) pushKeysToStoreAfterExchange(keys []crypto.KSAKey) {
for _, key := range keys {
s.pushToKeyStore(key)
}
}
// pushToKeyStore pushes one KSA key to the local key store.
-func (s *ETSI14RESTService) pushToKeyStore(key client.KSAKey) {
+func (s *ETSI14RESTService) pushToKeyStore(key crypto.KSAKey) {
s.keyStoreMutex.Lock()
defer s.keyStoreMutex.Unlock()
diff --git a/goKMS/kms/kms.go b/goKMS/kms/kms.go
index 54517a50cadfd27be4b53d34fa8a3b51b6c13313..7907eec31a4da93cbc027f2d95771752f484a502 100644
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -21,9 +21,10 @@ import (
pbIC "code.fbi.h-da.de/danet/quant/goKMS/api/gen/proto/go/kmsintercom"
"code.fbi.h-da.de/danet/quant/goKMS/config"
- "code.fbi.h-da.de/danet/quant/goKMS/kms/akms/client"
- "code.fbi.h-da.de/danet/quant/goKMS/kms/akms/server"
+ akmsClient "code.fbi.h-da.de/danet/quant/goKMS/kms/akms/client"
+ akmsServer "code.fbi.h-da.de/danet/quant/goKMS/kms/akms/server"
"code.fbi.h-da.de/danet/quant/goKMS/kms/crypto"
+ etsi14Server "code.fbi.h-da.de/danet/quant/goKMS/kms/etsi/etsi14/server"
"code.fbi.h-da.de/danet/quant/goKMS/kms/event"
"code.fbi.h-da.de/danet/quant/goKMS/kms/peers"
"code.fbi.h-da.de/danet/quant/goKMS/kms/receiver"
@@ -78,11 +79,13 @@ type KMS struct {
pbIC.UnimplementedKmsTalkerServer
supportedKeyLengths map[BitKeyLength]bool
eventBus *event.EventBus
- CKMSAkmsClient *client.CkmsAkmsClient
- CKMSAkmsServer *server.AKMSReceiverServer
+ receiver *receiver.Receiver
+ // Akms things
+ ckmsAkmsClient *akmsClient.CkmsAkmsClient
+ ckmsAkmsServer *akmsServer.AKMSReceiverServer
// ETSI14 Server things
- KeyStoreChannel chan []client.KSAKey
- receiver *receiver.Receiver
+ etsi14Server *etsi14Server.ETSI14RESTService
+ keyStoreChannel chan []crypto.KSAKey
}
// Will keep information about the quantum elements that this EKMS is talking to
@@ -114,9 +117,9 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
log.SetReportCaller(false)
}
- var ckmsAkmsClient *client.CkmsAkmsClient
+ var ckmsAkmsClient *akmsClient.CkmsAkmsClient
if config.AkmsURL != "" {
- ckmsAkmsClient = client.NewCkmsAkmsClient(config.AkmsURL)
+ ckmsAkmsClient = akmsClient.NewCkmsAkmsClient(config.AkmsURL)
}
createdKMS := &KMS{
@@ -132,7 +135,7 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
KmsPeers: make(map[string]*peers.Peer),
supportedKeyLengths: make(map[BitKeyLength]bool),
eventBus: event.NewEventBus(),
- CKMSAkmsClient: ckmsAkmsClient,
+ ckmsAkmsClient: ckmsAkmsClient,
receiver: receiver,
}
@@ -149,9 +152,23 @@ func NewKMS(kmsUUID uuid.UUID, logOutput io.Writer, logLevel log.Level, logInJso
// Start the akmsCkmsReceiverServer
if config.AkmsCkmsServerPort != "" {
- createdKMS.CKMSAkmsServer = server.NewAKMSReceiver(config.AkmsCkmsServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey)
+ createdKMS.ckmsAkmsServer = akmsServer.NewAKMSReceiver(config.AkmsCkmsServerPort, createdKMS.eventBus, receiver, createdKMS.GenerateAndSendKSAKey)
log.Infof("Starting AKMS receiver server on port: %s", config.AkmsCkmsServerPort)
- go createdKMS.CKMSAkmsServer.Serve()
+ go createdKMS.ckmsAkmsServer.Serve()
+ }
+
+ // Setup ETSI14 Server if info is in config
+ if config.ETSI14Server != nil {
+ remoteCKMSID, err := uuid.Parse(config.ETSI14Server.RemoteCKMSID)
+ if err != nil {
+ log.Error(err)
+ }
+
+ createdKMS.etsi14Server = etsi14Server.NewETSI14RESTService(config.ETSI14Server.Address, remoteCKMSID, createdKMS.exchangeKeyAfterETSI14GetKeyRequest)
+ go createdKMS.etsi14Server.Run()
+ createdKMS.keyStoreChannel = createdKMS.etsi14Server.KeyStoreChannel
+ } else {
+ log.Info("No ETSI14 server running.")
}
return createdKMS
@@ -442,7 +459,7 @@ func (kms *KMS) GenerateAndSendKSAKey(remoteKMSId string, pathId uuid.UUID, requ
}
ksaKeys := make([]*pbIC.Key, number)
- akmsKSAKeys := make([]client.KSAKey, number)
+ akmsKSAKeys := make([]crypto.KSAKey, number)
cryptoAlgo := crypto.NewAES()
for i := 0; i < number; i++ {
ksaKey, akmsKSAKey, err := generateNewKSAKey(cryptoAlgo, platformKey.Value)
@@ -464,7 +481,7 @@ func (kms *KMS) GenerateAndSendKSAKey(remoteKMSId string, pathId uuid.UUID, requ
}
// Use the real processID when we know what it is
- err = kms.CKMSAkmsClient.SendKSAKeysToRequestingInstances(requestID, platformKey.ProcessId, akmsKSAKeys)
+ err = kms.ckmsAkmsClient.SendKSAKeysToRequestingInstances(requestID, platformKey.ProcessId, akmsKSAKeys)
if err != nil {
log.Error(err)
return err
@@ -555,7 +572,7 @@ func resolveHostnameToIPForQuantumModule(peer *config.Peer) error {
return nil
}
-func generateNewKSAKey(cryptoAlgo crypto.CryptoAlgorithm, platformKeyValue []byte) (*pbIC.Key, *client.KSAKey, error) {
+func generateNewKSAKey(cryptoAlgo crypto.CryptoAlgorithm, platformKeyValue []byte) (*pbIC.Key, *crypto.KSAKey, error) {
// generate ksa key
ksaKeyId := uuid.New()
ksaKey, err := crypto.Random256BitKey()
@@ -581,7 +598,7 @@ func generateNewKSAKey(cryptoAlgo crypto.CryptoAlgorithm, platformKeyValue []byt
Key: encryptedKSAKeyAsString,
}
- akmsKSAKey := &client.KSAKey{
+ akmsKSAKey := &crypto.KSAKey{
KeyID: ksaKeyId.String(),
Key: ksaKeyAsString,
}
@@ -621,7 +638,7 @@ func (kms *KMS) sendKSAKeysToPlatformKmsPeer(kmsPeerAddress, platformKeyID, requ
return nil
}
-func (kms *KMS) ExchangeKeyAfterETSI14GetKeyRequest(receivingCKMSID uuid.UUID, number int64, requestID string) ([]client.KSAKey, error) {
+func (kms *KMS) exchangeKeyAfterETSI14GetKeyRequest(receivingCKMSID uuid.UUID, number int64, requestID string) ([]crypto.KSAKey, error) {
// CreateRouteRequest
pathID := uuid.New()
log.Debugf("(ETSI14) created new path id: %s, for incoming ETSI14 key request", pathID)
@@ -652,7 +669,7 @@ func (kms *KMS) ExchangeKeyAfterETSI14GetKeyRequest(receivingCKMSID uuid.UUID, n
return kms.generateAndReturnKsaKey(receivingCKMSID, pathID, number, requestID)
}
-func (kms *KMS) generateAndReturnKsaKey(receivingCKMSID, pathID uuid.UUID, number int64, requestID string) ([]client.KSAKey, error) {
+func (kms *KMS) generateAndReturnKsaKey(receivingCKMSID, pathID uuid.UUID, number int64, requestID string) ([]crypto.KSAKey, error) {
if number < 1 {
log.Errorf("number must be positive and at least 1, provided: %d\n", number)
return nil, fmt.Errorf("number must be positive and at least 1, provided: %d", number)
@@ -672,7 +689,7 @@ func (kms *KMS) generateAndReturnKsaKey(receivingCKMSID, pathID uuid.UUID, numbe
}
ksaKeysToSendToRemoteKMS := make([]*pbIC.Key, number)
- ksaKeysToReturn := make([]client.KSAKey, number)
+ ksaKeysToReturn := make([]crypto.KSAKey, number)
cryptoAlgo := crypto.NewAES()
for i := int64(0); i < number; i++ {
remoteKSAKey, localKSAKey, err := generateNewKSAKey(cryptoAlgo, platformKey.Value)
diff --git a/goKMS/kms/kmsintercom.go b/goKMS/kms/kmsintercom.go
index 00d8806cbe6c489cc8c5a5398cfb4173f5ea9cce..dff5a2a23d018b44bf59265643704cf9909a33f5 100644
--- a/goKMS/kms/kmsintercom.go
+++ b/goKMS/kms/kmsintercom.go
@@ -13,7 +13,6 @@ import (
etsi14 "code.fbi.h-da.de/danet/quant/etsi014/go/rest/etsi/client"
pb "code.fbi.h-da.de/danet/quant/goKMS/api/gen/proto/go/kmsintercom"
- "code.fbi.h-da.de/danet/quant/goKMS/kms/akms/client"
"code.fbi.h-da.de/danet/quant/goKMS/kms/crypto"
"code.fbi.h-da.de/danet/quant/goKMS/kms/event"
"code.fbi.h-da.de/danet/quant/goKMS/kms/peers"
@@ -308,7 +307,7 @@ func (s *kmsTalkerServer) KeyDelivery(ctx context.Context, in *pb.KeyDeliveryReq
}
// decrypt keys
- akmsKSAKeys := make([]client.KSAKey, len(in.Keys))
+ akmsKSAKeys := make([]crypto.KSAKey, len(in.Keys))
for i, key := range in.Keys {
// decrypt the key
cryptoAlgo := crypto.NewAES()
@@ -324,17 +323,17 @@ func (s *kmsTalkerServer) KeyDelivery(ctx context.Context, in *pb.KeyDeliveryReq
log.Debugf("KeyID: %s, Key: %s", ksaKeyAsString, keyId)
- akmsKSAKeys[i] = client.KSAKey{
+ akmsKSAKeys[i] = crypto.KSAKey{
KeyID: keyId,
Key: ksaKeyAsString,
}
}
- if s.KMS.KeyStoreChannel != nil && in.GetRequestId() == etsi014RequestID {
- log.Debugf("(ETSI14) Pushing to KeyStoreChannel: %v in %s", s.KMS.KeyStoreChannel, s.KMS.kmsName)
- s.KMS.KeyStoreChannel <- akmsKSAKeys
- } else if s.KMS.CKMSAkmsClient != nil {
- go s.KMS.CKMSAkmsClient.SendKSAKeysToRequestingInstances(in.GetRequestId(), platformKey.ProcessId, akmsKSAKeys) //nolint:errcheck
+ if s.KMS.keyStoreChannel != nil && in.GetRequestId() == etsi014RequestID {
+ log.Debugf("(ETSI14) Pushing to KeyStoreChannel: %v in %s", s.KMS.keyStoreChannel, s.KMS.kmsName)
+ s.KMS.keyStoreChannel <- akmsKSAKeys
+ } else if s.KMS.ckmsAkmsClient != nil {
+ go s.KMS.ckmsAkmsClient.SendKSAKeysToRequestingInstances(in.GetRequestId(), platformKey.ProcessId, akmsKSAKeys) //nolint:errcheck
}
return &pb.KeyDeliveryResponse{Timestamp: time.Now().Unix()}, nil
diff --git a/goKMS/kms/peers/qmodule.go b/goKMS/kms/peers/qmodule.go
index 545b4cf2fee1963f4914ffd48da77b0094ebc7a3..aa531e9acce11f20b4aac390e5b3512d4f4e98a1 100644
--- a/goKMS/kms/peers/qmodule.go
+++ b/goKMS/kms/peers/qmodule.go
@@ -9,10 +9,10 @@ import (
"sync"
"time"
- etsi14 "code.fbi.h-da.de/danet/quant/etsi014/go/rest/etsi/client"
+ etsi14ClientGenerated "code.fbi.h-da.de/danet/quant/etsi014/go/rest/etsi/client"
pbIC "code.fbi.h-da.de/danet/quant/goKMS/api/gen/proto/go/kmsintercom"
"code.fbi.h-da.de/danet/quant/goKMS/config"
- restclient "code.fbi.h-da.de/danet/quant/goKMS/etsi/etsi14/client"
+ etsi14ClientImpl "code.fbi.h-da.de/danet/quant/goKMS/kms/etsi/etsi14/client"
"code.fbi.h-da.de/danet/quant/goKMS/kms/event"
"code.fbi.h-da.de/danet/quant/goKMS/kms/store"
kmstls "code.fbi.h-da.de/danet/quant/goKMS/kms/tls"
@@ -221,7 +221,7 @@ type ETSI014HTTPQuantumModule struct {
addr string
keyStore *store.KmsKeyStore
peer *Peer
- client *restclient.ClientImpl
+ client *etsi14ClientImpl.ClientImpl
SlaveSAEID string
MasterSAEID string
master bool
@@ -233,9 +233,9 @@ func NewETSI014HTTPQuantumModule(addr, kmsId, slaveSAEID, masterSAEID string, tl
return nil, err
}
- restClientConf := &etsi14.Configuration{
+ restClientConf := &etsi14ClientGenerated.Configuration{
Debug: true,
- Servers: etsi14.ServerConfigurations{
+ Servers: etsi14ClientGenerated.ServerConfigurations{
{
URL: parsedUrl.String(),
Description: "QKD Module with ETSI14 implemented as API.",
@@ -257,7 +257,7 @@ func NewETSI014HTTPQuantumModule(addr, kmsId, slaveSAEID, masterSAEID string, tl
}
}
- client, err := restclient.NewClientImpl(restClientConf)
+ client, err := etsi14ClientImpl.NewClientImpl(restClientConf)
if err != nil {
return nil, err
}
@@ -279,7 +279,7 @@ func (eqe *ETSI014HTTPQuantumModule) ID() uuid.UUID {
return eqe.id
}
-func (eqe *ETSI014HTTPQuantumModule) Client() *restclient.ClientImpl {
+func (eqe *ETSI014HTTPQuantumModule) Client() *etsi14ClientImpl.ClientImpl {
return eqe.client
}
diff --git a/goKMS/main.go b/goKMS/main.go
index df9d108313204b3ce9371059b202ad2589e6a38e..e7c39a224a243e0b4d1c9c5a8ab083b23bf77542 100644
--- a/goKMS/main.go
+++ b/goKMS/main.go
@@ -40,7 +40,6 @@ import (
gnmitarget "code.fbi.h-da.de/danet/gnmi-target"
"code.fbi.h-da.de/danet/gnmi-target/handler"
"code.fbi.h-da.de/danet/quant/goKMS/config"
- etsiServer "code.fbi.h-da.de/danet/quant/goKMS/etsi/etsi14/etsi14Server"
kmsHandler "code.fbi.h-da.de/danet/quant/goKMS/gnmiHandlers/kms"
"code.fbi.h-da.de/danet/quant/goKMS/gnmiHandlers/system"
"code.fbi.h-da.de/danet/quant/goKMS/kms"
@@ -113,20 +112,6 @@ func main() {
kms := kms.NewKMS(kmsId, os.Stdout, log.GetLevel(), false, kmsConfig, receiver)
- // Setup ETSI14 Server if info is in config
- if kmsConfig.ETSI14Server != nil {
- remoteCKMSID, err := uuid.Parse(kmsConfig.ETSI14Server.RemoteCKMSID)
- if err != nil {
- log.Error(err)
- }
-
- etsi14Service := etsiServer.NewETSI14RESTService(kmsConfig.ETSI14Server.Address, remoteCKMSID, kms)
- go etsiServer.Run(etsi14Service)
- kms.KeyStoreChannel = etsi14Service.KeyStoreChannel
- } else {
- log.Info("No ETSI14 server running.")
- }
-
// start Qkdn Manager server, if there is info about it in the config
if kmsConfig.QkdnManagerServer != nil {
go setupQkdnManagerServer(kms, *kmsConfig.QkdnManagerServer)