diff --git a/config/configure-and-run-docker-playground.sh b/config/configure-and-run-docker-playground.sh
index dfcc87a781a1e1db3e46f749f150f3cbc3686d8f..c5c2b5464ffc811bbdda3c8be4fc2ab8dba3702e 100755
--- a/config/configure-and-run-docker-playground.sh
+++ b/config/configure-and-run-docker-playground.sh
@@ -1,17 +1,13 @@
#! /bin/sh
-sleep 2
-gnmic -a "172.100.20.13:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=38e0588b-6a2d-42c9-85a0-887cc877c299]' --update-file ./config/kms03-a.json
-gnmic -a "172.100.20.12:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=38e0588b-6a2d-42c9-85a0-887cc877c299]' --update-file ./config/kms02-a.json
-gnmic -a "172.100.20.10:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=38e0588b-6a2d-42c9-85a0-887cc877c299]' --update-file ./config/kms01-a.json
-
-sleep 2
-gnmic -a "172.100.20.13:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=f6a575e5-c7f9-4765-8890-134ae5b8f451]' --update-file ./config/kms03-b.json
-gnmic -a "172.100.20.11:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=f6a575e5-c7f9-4765-8890-134ae5b8f451]' --update-file ./config/kms02-b.json
-gnmic -a "172.100.20.10:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=f6a575e5-c7f9-4765-8890-134ae5b8f451]' --update-file ./config/kms01-b.json
+# NOTE:
+# To use this script the pathId within goKMS/kms/akms/server/server.go has to
+# be set manually.
+#
+# `pathId := uuid.MustParse("38e0588b-6a2d-42c9-85a0-887cc877c299")` instead of
+# `pathId := uuid.New()` at line 71.
-sleep 2
# initiating a key request from kms01
curl -X POST -H "Content-Type: application/json" -d '{
"receiving_CKMS_ID": "968fd594-b0e7-41f0-ba4b-de259047a933",
@@ -22,19 +18,35 @@ curl -X POST -H "Content-Type: application/json" -d '{
"timeout": 20,
"TTL": 24
}
-}' 'http://172.100.20.10:9696/api/v1/keys/ksa_key_req'
+}' 'http://172.100.20.10:9696/api/v1/keys/ksa_key_req' &
-# initiating a key request from kms04
-curl -X POST -H "Content-Type: application/json" -d '{
- "receiving_CKMS_ID": "0ff33c82-7fe1-482b-a0ca-67565806ee4b",
- "request_ID": "request_ID-5678",
- "key_properties": {
- "number": 1,
- "key_length": 256,
- "timeout": 20,
- "TTL": 24
- }
-}' 'http://172.100.20.13:9696/api/v1/keys/ksa_key_req'
+sleep 1
+
+gnmic -a "172.100.20.13:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=38e0588b-6a2d-42c9-85a0-887cc877c299]' --update-file ./config/kms03-a.json
+gnmic -a "172.100.20.12:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=38e0588b-6a2d-42c9-85a0-887cc877c299]' --update-file ./config/kms02-a.json
+gnmic -a "172.100.20.10:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=38e0588b-6a2d-42c9-85a0-887cc877c299]' --update-file ./config/kms01-a.json
+
+# Optional request from kms 04
+
+## initiating a key request from kms04
+#curl -X POST -H "Content-Type: application/json" -d '{
+# "receiving_CKMS_ID": "0ff33c82-7fe1-482b-a0ca-67565806ee4b",
+# "request_ID": "request_ID-5678",
+# "key_properties": {
+# "number": 1,
+# "key_length": 256,
+# "timeout": 20,
+# "TTL": 24
+# }
+#}' 'http://172.100.20.13:9696/api/v1/keys/ksa_key_req'
+
+#sleep 1
+
+#gnmic -a "172.100.20.13:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=f6a575e5-c7f9-4765-8890-134ae5b8f451]' --update-file ./config/kms03-b.json
+#gnmic -a "172.100.20.11:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=f6a575e5-c7f9-4765-8890-134ae5b8f451]' --update-file ./config/kms02-b.json
+#gnmic -a "172.100.20.10:7030" -u admin -p admin --insecure -e JSON_IETF set --update-path 'key-routing-sessions/routing-sessions[path-id=f6a575e5-c7f9-4765-8890-134ae5b8f451]' --update-file ./config/kms01-b.json
+
+sleep 2
docker-compose logs akms-receiver01
docker-compose logs akms-receiver02
diff --git a/goKMS/gnmiHandlers/kms/assignForwardingHandler.go b/goKMS/gnmiHandlers/kms/assignForwardingHandler.go
index d5edbbd6ec36192acd81ef2d39547b2ba4a7ef03..13a023702969f77a365d437655c4252c6c4be521 100644
--- a/goKMS/gnmiHandlers/kms/assignForwardingHandler.go
+++ b/goKMS/gnmiHandlers/kms/assignForwardingHandler.go
@@ -80,9 +80,7 @@ func (yh *AssignForwardingHandler) Update(c ygot.ValidatedGoStruct, jobs []*gnmi
}
}
- if err := yh.kms.AssignForwardingRoute(pathId, prevHopString, nextHopString, initKMS); err != nil {
- return err
- }
+ go yh.kms.AssignForwardingRoute(pathId, prevHopString, nextHopString, initKMS)
return nil
}
diff --git a/goKMS/gnmiHandlers/kms/keyRoutingSessionsHandler.go b/goKMS/gnmiHandlers/kms/keyRoutingSessionsHandler.go
index e8a09b4ccab0bdd8b27fb7528d8a6d47d680611d..9933c5770699cf07d5d88208ada15d58cea63b1c 100644
--- a/goKMS/gnmiHandlers/kms/keyRoutingSessionsHandler.go
+++ b/goKMS/gnmiHandlers/kms/keyRoutingSessionsHandler.go
@@ -133,10 +133,7 @@ func (yh *KeyRoutingSessionHandler) Update(c ygot.ValidatedGoStruct, jobs []*gnm
}
}
- err := yh.kms.AssignForwardingRoute(pathId, prevHopString, nextHopString, initKMS)
- if err != nil {
- return err
- }
+ go yh.kms.AssignForwardingRoute(pathId, prevHopString, nextHopString, initKMS)
}
return nil
diff --git a/goKMS/kms/akms/server/receiver.go b/goKMS/kms/akms/server/receiver.go
index c5680ebb248c9b884e805ac103cbae9da2ba13ca..63e4102a83605658a5719a823855666811234f61 100644
--- a/goKMS/kms/akms/server/receiver.go
+++ b/goKMS/kms/akms/server/receiver.go
@@ -9,11 +9,11 @@ import (
type Receiver struct {
mu sync.RWMutex
- receivers map[uuid.UUID]chan<- struct{}
+ receivers map[uuid.UUID]chan<- error
}
-func (r *Receiver) RequestReceiverChannel(pathId uuid.UUID) (<-chan struct{}, error) {
- newSubChan := make(chan struct{})
+func (r *Receiver) RequestReceiverChannel(pathId uuid.UUID) (<-chan error, error) {
+ newSubChan := make(chan error)
r.mu.Lock()
defer r.mu.Unlock()
@@ -22,12 +22,12 @@ func (r *Receiver) RequestReceiverChannel(pathId uuid.UUID) (<-chan struct{}, er
return newSubChan, nil
}
-func (r *Receiver) InformReceiver(pathId uuid.UUID) error {
+func (r *Receiver) InformReceiver(pathId uuid.UUID, err error) error {
r.mu.RLock()
defer r.mu.RUnlock()
if receiver, ok := r.receivers[pathId]; ok {
- receiver <- struct{}{}
+ receiver <- err
} else {
return fmt.Errorf("There are no active subscribers for pathId: %s", pathId)
}
diff --git a/goKMS/kms/akms/server/server.go b/goKMS/kms/akms/server/server.go
index 879a7370b4373a99d2e9a6f0a74a593951820127..8d563a30e645c44af93ac7d6bc1114bbad38784a 100644
--- a/goKMS/kms/akms/server/server.go
+++ b/goKMS/kms/akms/server/server.go
@@ -2,7 +2,9 @@ package server
import (
"encoding/json"
+ "fmt"
"net/http"
+ "time"
"code.fbi.h-da.de/danet/quant/goKMS/kms/event"
"github.com/google/uuid"
@@ -18,7 +20,7 @@ func NewAKMSReceiver(port string, eventBus *event.EventBus, generateAndSend func
router := http.NewServeMux()
receiver := &Receiver{
- receivers: make(map[uuid.UUID]chan<- struct{}),
+ receivers: make(map[uuid.UUID]chan<- error),
}
router.HandleFunc("/api/v1/keys/ksa_key_req", ksaReqHandler(eventBus, receiver, generateAndSend))
@@ -82,7 +84,37 @@ func ksaReqHandler(eventBus *event.EventBus, receiver *Receiver, generateAndSend
return
}
- <-receiverChan
+ // NOTE: timeout if something on controller/app side goes wrong
+ select {
+ case err := <-receiverChan:
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ logrus.Errorf("error after receiving a new route from controller: %s", err)
+ return
+ } else {
+ logrus.Infof("Route for pathId: %s, has been created", pathId.String())
+ }
+ case <-time.After(10 * time.Second):
+ http.Error(w, fmt.Sprintf("did not receive a route for request_ID: %s", kmsKeyRequest.RequestID), http.StatusInternalServerError)
+ logrus.Errorf("did not receive a route for request_ID: %s", kmsKeyRequest.RequestID)
+ return
+ }
+
+ select {
+ case err := <-receiverChan:
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ logrus.Errorf("failed to send platform key: %s", err)
+ return
+ } else {
+ logrus.Infof("successfully exchanged platform key, for pathId: %s", pathId.String())
+ }
+ case <-time.After(30 * time.Second):
+ http.Error(w, fmt.Sprintf("timed out while exchanging platform key, for request_ID: %s", kmsKeyRequest.RequestID), http.StatusInternalServerError)
+ logrus.Errorf("timed out while exchanging platform key, for request_ID: %s", kmsKeyRequest.RequestID)
+ return
+ }
+
err = generateAndSend(kmsKeyRequest.ReceivingCKMSID, pathId, kmsKeyRequest.RequestID, kmsKeyRequest.KeyProperties.Number)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
diff --git a/goKMS/kms/kms.go b/goKMS/kms/kms.go
index 44220445c260f97e5bb9bdf4eede85e0fd5c46a2..41590ea3d20a4a3992da8f1a27c871c17a215091 100644
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -377,9 +377,20 @@ func (kms *KMS) AssignForwardingRoute(pId, pHop, nHop string, remoteKMS *RemoteK
remoteKMSAdrress := fmt.Sprintf("%s:%d", remoteKMS.Address, remoteKMS.Port)
+ // TODO: inform about new created route
+ if err := kms.CKMSAkmsServer.Receiver.InformReceiver(pathId, nil); err != nil {
+ return err
+ }
+
err = tmpRoute.Next.SendInitialPayloadBasedOnGRPCClient(pk, tmpRoute.PathId, processId, kms.kmsUUID.String(), remoteKMSAdrress)
if err != nil {
- log.Error(err)
+ if err := kms.CKMSAkmsServer.Receiver.InformReceiver(pathId, err); err != nil {
+ return err
+ }
+ return err
+ }
+
+ if err := kms.CKMSAkmsServer.Receiver.InformReceiver(pathId, nil); err != nil {
return err
}
}
diff --git a/goKMS/kms/kmsintercom.go b/goKMS/kms/kmsintercom.go
index 42eb8afce8e3abea3901afc3f01461a7e22fb007..aae7a7c6c00e8a71d77a11785b8d679823e5679c 100644
--- a/goKMS/kms/kmsintercom.go
+++ b/goKMS/kms/kmsintercom.go
@@ -123,7 +123,7 @@ func (s *kmsTalkerServer) SyncQkdBulk(ctx context.Context, in *pb.SyncQkdBulkReq
}
}
- return nil, status.Errorf(codes.Unimplemented, "method SyncQkdBulk not implemented")
+ return nil, status.Errorf(codes.NotFound, "Could not find a bulkkey for sync")
}
func (s *kmsTalkerServer) SyncKeyIdsForBulk(ctx context.Context, in *pb.SyncKeyIdsForBulkRequest) (*pb.SyncKeyIdsForBulkResponse, error) {
@@ -253,10 +253,13 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
// TODO: Find a better way of handling this; ignore the lint error for
// now.
- go route.Next.SendPayload(&crypto.Key{ //nolint:errcheck
+ err := route.Next.SendPayload(ctx, &crypto.Key{ //nolint:errcheck
ID: keyID,
Key: decryptedKey,
}, pathId, processId)
+ if err != nil {
+ return nil, status.Errorf(codes.Aborted, "%s", err)
+ }
} else {
log.Infof("%s received the final payload: %s", s.KMS.kmsName, string(decryptedKey))
@@ -274,21 +277,11 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
}
func (s *kmsTalkerServer) AckKeyForwarding(ctx context.Context, in *pb.AckKeyForwardingRequest) (*pb.AckKeyForwardingResponse, error) {
- pathId, err := uuid.Parse(in.GetPathId())
- if err != nil {
- return nil, status.Errorf(codes.InvalidArgument, "")
- }
-
// TODO: additional checks, like e.g.:
// - Did this kms initiate the key forwarding?
// - Are pathId and processId valid?
// - Is the keyId valid?
- err = s.KMS.CKMSAkmsServer.Receiver.InformReceiver(pathId)
- if err != nil {
- return nil, status.Errorf(codes.InvalidArgument, "Failed while informing Receiver; err: %v", err)
- }
-
return &pb.AckKeyForwardingResponse{Timestamp: time.Now().Unix()}, nil
}
diff --git a/goKMS/kms/peers/peers.go b/goKMS/kms/peers/peers.go
index 4184cc5b937366facde181c8af7f0eeb575d8323..7f39a74e3a8b14068feaddf5bf4f185fbf144897 100644
--- a/goKMS/kms/peers/peers.go
+++ b/goKMS/kms/peers/peers.go
@@ -134,13 +134,15 @@ func (ph *Peer) TransportKeyNegotiation() error {
}
func (ph *Peer) SendInitialPayloadBasedOnGRPCClient(key *crypto.Key, pathId, processId uuid.UUID, kmsId string, remoteKMSAddress string) error {
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
+ defer cancel()
if ph.peerClient.KmsTalkerClient != nil {
- return ph.SendPayload(key, pathId, processId)
+ return ph.SendPayload(ctx, key, pathId, processId)
}
return fmt.Errorf("Could not find a valid peer client.")
}
-func (ph *Peer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID) error {
+func (ph *Peer) SendPayload(ctx context.Context, payload *crypto.Key, pathId, processId uuid.UUID) error {
// NOTE: It should be assumed that there are keys available if we try to
// send.
if ph.servingQuantumModul.KeyStore().Length() == 0 {
@@ -160,8 +162,6 @@ func (ph *Peer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID) er
}
// Start the negotiation process for a transport key
- ctx, cancel := context.WithTimeout(context.Background(), time.Second)
- defer cancel()
_, err = ph.peerClient.InterComTransportKeyNegotiation(ctx, &pbIC.InterComTransportKeyNegotiationRequest{
Timestamp: time.Now().Unix(),
PathID: pathId.String(),
@@ -186,9 +186,7 @@ func (ph *Peer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID) er
log.Infof("Sent encrypted Payload: %s with nonce: %s", encryptedPayloadAsString, nonceAsString)
- ctx2, cancel2 := context.WithTimeout(context.Background(), time.Second)
- defer cancel2()
- _, err = ph.peerClient.KeyForwarding(ctx2, &pbIC.KeyForwardingRequest{
+ _, err = ph.peerClient.KeyForwarding(ctx, &pbIC.KeyForwardingRequest{
Timestamp: time.Now().Unix(),
PathId: pathId.String(),
ProcessId: processId.String(),