Clean up and first adjustments

b539bcb0 · Malte Bauch · 66bc4a63 · b539bcb0 · b539bcb0 · b539bcb0
Commit b539bcb0 authored 1 year ago by Malte Bauch
--- a/internal/api/gen/proto/go/kmsetsi/kmsetsiproto.pb.go
+++ b/internal/api/gen/proto/go/kmsetsi/kmsetsiproto.pb.go
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
+// 	protoc-gen-go v1.32.0
 // 	protoc        (unknown)
 // source: kmsetsi/kmsetsiproto.proto


--- a/internal/api/gen/proto/go/kmsintercom/kmsintercom.pb.go
+++ b/internal/api/gen/proto/go/kmsintercom/kmsintercom.pb.go
--- a/internal/api/gen/proto/go/kmsintercom/kmsintercom_grpc.pb.go
+++ b/internal/api/gen/proto/go/kmsintercom/kmsintercom_grpc.pb.go
@@ -25,6 +25,7 @@ const (
 	KmsTalker_InterComTransportKeyNegotiation_FullMethodName = "/kmsintercom.KmsTalker/InterComTransportKeyNegotiation"
 	KmsTalker_KeyForwarding_FullMethodName                   = "/kmsintercom.KmsTalker/KeyForwarding"
 	KmsTalker_KeyIdNotification_FullMethodName               = "/kmsintercom.KmsTalker/KeyIdNotification"
+	KmsTalker_KeyDelivery_FullMethodName                     = "/kmsintercom.KmsTalker/KeyDelivery"
 )

 // KmsTalkerClient is the client API for KmsTalker service.
@@ -38,6 +39,7 @@ type KmsTalkerClient interface {
 	KeyForwarding(ctx context.Context, in *KeyForwardingRequest, opts ...grpc.CallOption) (*KeyForwardingResponse, error)
 	// KeyIDNotification is used for ETSI GS QKD 014
 	KeyIdNotification(ctx context.Context, in *KeyIdNotificationRequest, opts ...grpc.CallOption) (*KeyIdNotificationResponse, error)
+	KeyDelivery(ctx context.Context, in *KeyDeliveryRequest, opts ...grpc.CallOption) (*KeyDeliveryResponse, error)
 }

 type kmsTalkerClient struct {
@@ -102,6 +104,15 @@ func (c *kmsTalkerClient) KeyIdNotification(ctx context.Context, in *KeyIdNotifi
 	return out, nil
 }

+func (c *kmsTalkerClient) KeyDelivery(ctx context.Context, in *KeyDeliveryRequest, opts ...grpc.CallOption) (*KeyDeliveryResponse, error) {
+	out := new(KeyDeliveryResponse)
+	err := c.cc.Invoke(ctx, KmsTalker_KeyDelivery_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // KmsTalkerServer is the server API for KmsTalker service.
 // All implementations must embed UnimplementedKmsTalkerServer
 // for forward compatibility
@@ -113,6 +124,7 @@ type KmsTalkerServer interface {
 	KeyForwarding(context.Context, *KeyForwardingRequest) (*KeyForwardingResponse, error)
 	// KeyIDNotification is used for ETSI GS QKD 014
 	KeyIdNotification(context.Context, *KeyIdNotificationRequest) (*KeyIdNotificationResponse, error)
+	KeyDelivery(context.Context, *KeyDeliveryRequest) (*KeyDeliveryResponse, error)
 	mustEmbedUnimplementedKmsTalkerServer()
 }

@@ -138,6 +150,9 @@ func (UnimplementedKmsTalkerServer) KeyForwarding(context.Context, *KeyForwardin
 func (UnimplementedKmsTalkerServer) KeyIdNotification(context.Context, *KeyIdNotificationRequest) (*KeyIdNotificationResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method KeyIdNotification not implemented")
 }
+func (UnimplementedKmsTalkerServer) KeyDelivery(context.Context, *KeyDeliveryRequest) (*KeyDeliveryResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method KeyDelivery not implemented")
+}
 func (UnimplementedKmsTalkerServer) mustEmbedUnimplementedKmsTalkerServer() {}

 // UnsafeKmsTalkerServer may be embedded to opt out of forward compatibility for this service.
@@ -259,6 +274,24 @@ func _KmsTalker_KeyIdNotification_Handler(srv interface{}, ctx context.Context,
 	return interceptor(ctx, in, info, handler)
 }

+func _KmsTalker_KeyDelivery_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(KeyDeliveryRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(KmsTalkerServer).KeyDelivery(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: KmsTalker_KeyDelivery_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(KmsTalkerServer).KeyDelivery(ctx, req.(*KeyDeliveryRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 // KmsTalker_ServiceDesc is the grpc.ServiceDesc for KmsTalker service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@@ -290,6 +323,10 @@ var KmsTalker_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "KeyIdNotification",
 			Handler:    _KmsTalker_KeyIdNotification_Handler,
 		},
+		{
+			MethodName: "KeyDelivery",
+			Handler:    _KmsTalker_KeyDelivery_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "kmsintercom/kmsintercom.proto",

--- a/internal/api/kmsintercom/kmsintercom/kmsintercom.proto
+++ b/internal/api/kmsintercom/kmsintercom/kmsintercom.proto
@@ -11,6 +11,7 @@ service KmsTalker {
    rpc KeyForwarding(KeyForwardingRequest) returns (KeyForwardingResponse) {}
    // KeyIDNotification is used for ETSI GS QKD 014
    rpc KeyIdNotification(KeyIdNotificationRequest) returns (KeyIdNotificationResponse) {}
+    rpc KeyDelivery(KeyDeliveryRequest) returns (KeyDeliveryResponse) {}
 }

 // Capabilities
@@ -70,6 +71,16 @@ message KeyForwardingResponse {
 	int64 timestamp = 1;
 }

+message KeyDeliveryRequest {
+	int64 timestamp = 1;
+	string pathId = 2;
+	repeated Key key = 4;
+}
+
+message KeyDeliveryResponse {
+	int64 timestamp = 1;
+}
+
 message KeyIdNotificationRequest {
 	int64 timestamp = 1;
 	string interComAddr = 2;
@@ -79,3 +90,8 @@ message KeyIdNotificationRequest {
 message KeyIdNotificationResponse {
 	int64 timestamp = 1;
 }
+
+message Key {
+    string id = 1;
+    string key = 2;
+}
--- a/internal/kms/crypto.go
+++ b/internal/kms/crypto.go
-package kms
+package crypto

 import (
 	"crypto/aes"
@@ -8,14 +8,13 @@ import (
 	"io"
 )

-type CryptoAlgorithm interface {
+type Algorithm interface {
 	Encrypt(plaintext []byte, key []byte) ([]byte, error)
 	Decrypt(ciphertext []byte, key []byte) ([]byte, error)
 }

 // AES.
-type AES struct {
-}
+type AES struct{}

 func NewAES() *AES {
 	return &AES{}

--- a/internal/kms/crypto/util.go
+++ b/internal/kms/crypto/util.go
+package crypto
+
+import "crypto/rand"
+
+func Random256Bit() ([]byte, error) {
+	b := make([]byte, 32)
+	_, err := rand.Read(b)
+	if err != nil {
+		return nil, err
+	}
+	return b, nil
+}
--- a/internal/kms/kms-keystore.go
+++ b/internal/kms/kms-keystore.go
@@ -90,6 +90,6 @@ func (ks *kmsKeyStore) GetKeyWithID(id uuid.UUID) (*kmsKSElement, error) {

 func (ks *kmsKeyStore) DeleteKey(keyId uuid.UUID) {
 	ks.keyStoreMutex.Lock()
+	defer ks.keyStoreMutex.Unlock()
 	delete(ks.keyStore, keyId)
-	ks.keyStoreMutex.Unlock()
 }
--- a/internal/kms/kms.go
+++ b/internal/kms/kms.go
@@ -145,7 +145,7 @@ func (kms *EKMS) AddQuantumElement(qm QuantumModule) error {
 }

 func (kms *EKMS) AddPeer(peerKmsId string, kmsPeerSocket string, servingQLE QuantumModule) (*kmsPeer, error) {
-	//check if peer exists
+	// check if peer exists
 	if _, there := kms.KmsPeers[kmsPeerSocket]; there {
 		log.Errorf("Trying to add existing peer %s", kmsPeerSocket)
 		return nil, fmt.Errorf("Trying to add existing peer %s", kmsPeerSocket)
@@ -160,7 +160,7 @@ func (kms *EKMS) AddPeer(peerKmsId string, kmsPeerSocket string, servingQLE Quan
 	kms.KmsPeers[kmsPeerSocket] = peer
 	kms.kmsPeersMutex.Unlock()

-	//go peer.PeerHandler(kms.kmsName)
+	// go peer.PeerHandler(kms.kmsName)
 	return peer, nil
 }

@@ -210,7 +210,7 @@ func (kms *EKMS) EventBus() *event.EventBus {
 // TODO/XXX error handling
 func (kms *EKMS) RemovePeer(kmsPeerSocket string) {
 	if _, there := kms.KmsPeers[kmsPeerSocket]; there {
-		//peer.quit <- true
+		// peer.quit <- true
 		delete(kms.KmsPeers, kmsPeerSocket)
 		return
 	}

--- a/internal/kms/kmsintercom.go
+++ b/internal/kms/kmsintercom.go
@@ -11,6 +11,7 @@ import (

 	etsi14 "code.fbi.h-da.de/danet/ekms/api/go/rest/etsi/client"
 	pb "code.fbi.h-da.de/danet/ekms/internal/api/gen/proto/go/kmsintercom"
+	"code.fbi.h-da.de/danet/ekms/internal/kms/crypto"
 	"code.fbi.h-da.de/danet/ekms/internal/kms/event"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -40,7 +41,7 @@ func (s *kmsTalkerServer) KeyIdNotification(ctx context.Context, in *pb.KeyIdNot
 	// check if a peer exists
 	peer, ok := s.eKMS.KmsPeers[in.GetInterComAddr()]
 	if !ok {
-		//TODO: proper error message
+		// TODO: proper error message
 		return nil, status.Error(codes.Internal, "peer does not exist")
 	}

@@ -90,7 +91,7 @@ func (s *kmsTalkerServer) SyncQkdBulk(ctx context.Context, in *pb.SyncQkdBulkReq
 	// check if a peer exists
 	peer, ok := s.eKMS.KmsPeers[in.GetInterComAddr()]
 	if !ok {
-		//TODO: proper error message
+		// TODO: proper error message
 		return nil, status.Errorf(codes.Internal, "peer does not exist")
 	}

@@ -229,6 +230,14 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
 		log.Infof("%s forwards payload to : %s", s.eKMS.kmsName, route.Next.tcpSocketStr)
 		go route.Next.SendPayload(decryptedPayload, pathId)
 	} else {
+		// NOTE: generate key
+		_, err := crypto.Random256Bit()
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "%s", err)
+		}
+
+		// TODO: deliver key
+
 		log.Infof("%s received the final payload: %s", s.eKMS.kmsName, string(decryptedPayload))
 	}


--- a/internal/kms/kmspeers.go
+++ b/internal/kms/kmspeers.go
@@ -8,6 +8,7 @@ import (
 	"time"

 	pbIC "code.fbi.h-da.de/danet/ekms/internal/api/gen/proto/go/kmsintercom"
+	"code.fbi.h-da.de/danet/ekms/internal/kms/crypto"
 	"code.fbi.h-da.de/danet/ekms/internal/kms/event"
 	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
@@ -32,14 +33,18 @@ type kmsPeerInfo interface {
 }

 type kmsPeer struct {
-	peerClient          pbIC.KmsTalkerClient
-	peerStatus          KmsPeerStatus
-	peerKmsId           uuid.UUID // NOTE: might be changed in the future
-	interComAddr        string
+	// NOTE It could be a good idea to turn client and status into its own
+	// struct (and additional information) e.g. a link
+	// We need multiple peer clients!
+	peerClient   pbIC.KmsTalkerClient
+	peerStatus   KmsPeerStatus
+	peerKmsId    uuid.UUID // NOTE: might be changed in the future
+	interComAddr string
+	// NOTE a peer could have multiple quantum modules
 	servingQuantumModul QuantumModule
 	tcpSocket           *net.TCPAddr // the IP address and TCP port (aka socket) of the kms peer
 	tcpSocketStr        string       // string rep. of tcpSocket
-	et                  CryptoAlgorithm
+	et                  crypto.Algorithm
 	name                string    // the name of the kms peer
 	id                  uuid.UUID // uuid of the peer
 	quit                chan bool // cancel the peer goroutine
@@ -78,7 +83,7 @@ func NewKmsPeer(peerKmsId string, servQM QuantumModule, tcpSocketStr string, int
 		servingQuantumModul: servQM,
 		tcpSocket:           tcpSocket,
 		tcpSocketStr:        tcpSocketStr,
-		et:                  NewAES(),
+		et:                  crypto.NewAES(),
 		id:                  uuid.New(),
 		quit:                make(chan bool),
 		eventBus:            eventBus,
@@ -109,8 +114,8 @@ func (ph *kmsPeer) SyncBulkKeys() error {
 // the peer KMS. The key that was agreed upon, is used to create a encrypted
 // payload.
 func (ph *kmsPeer) TransportKeyNegotiation() error {
-	//ctx, cancel := context.WithTimeout(context.Background(), time.Second)
-	//req, err := ph.peerClient.InterComTransportKeyNegotiation()
+	// ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	// req, err := ph.peerClient.InterComTransportKeyNegotiation()
 	return nil
 }


--- a/internal/kms/module.go
+++ b/internal/kms/module.go
@@ -33,8 +33,8 @@ type QuantumModule interface {

 type EmulatedQuantumModule struct {
 	QlID uuid.UUID
-	//QuantumElementLink *quantumlayer.QuantumlayerEmuPRNG // contains information about the quantum links
-	//key stores of unchopped bulk keys go here
+	// QuantumElementLink *quantumlayer.QuantumlayerEmuPRNG // contains information about the quantum links
+	// key stores of unchopped bulk keys go here
 	addr             string
 	rawBulkKeysMutex sync.Mutex
 	rawBulkKeys      map[int64]*quantumlayer.QuantumLayerBulkKey
@@ -45,7 +45,7 @@ type EmulatedQuantumModule struct {
 func NewEmulatedQuantumModule(kmsUDPAddr string) *EmulatedQuantumModule {
 	return &EmulatedQuantumModule{
 		QlID: uuid.New(),
-		//QuantumElementLink: ql,
+		// QuantumElementLink: ql,
 		addr:        kmsUDPAddr,
 		rawBulkKeys: make(map[int64]*quantumlayer.QuantumLayerBulkKey),
 		keyStore:    NewKmsKeyStore(256),
@@ -59,7 +59,7 @@ func (eqe *EmulatedQuantumModule) ID() uuid.UUID {

 func (eqe *EmulatedQuantumModule) Initialize() error {
 	// TODO: error handling
-	//go eqe.keyHandler()
+	// go eqe.keyHandler()
 	return nil
 }


--- a/internal/kms/quipsec.go
+++ b/internal/kms/quipsec.go
@@ -25,6 +25,8 @@ func (qs *quipSecServer) PushKeys(ctx context.Context, req *pb.PushKeysRequest)
 	if err != nil {
 	}

+	// TODO: qm.address is used as key for map. could be
+	// used here to directly access.
 	for _, qm := range qs.eKMS.quantumModules {
 		if qm.Address() == host {
 			eqm, ok := qm.(*EmulatedQuantumModule)

--- a/models/danet/temp.yang
+++ b/models/danet/temp.yang
@@ -68,6 +68,8 @@ module temp { // fix module and file name
    grouping key-properties {
        description
            "TBD";
+
+        // NOTE: reference for the must use quantum module
    }

    // key-store
@@ -86,10 +88,11 @@ module temp { // fix module and file name
                "Name of the used inter-KMS-Protocol.";
        }

-        leaf op-status {
+        // name?
+        leaf admin-status {
            type enumeration {
                enum ALLOWED;
-                enum DISALLOWED;
+                enum FORBIDDEN;
            }

            description
@@ -134,7 +137,7 @@ module temp { // fix module and file name
        leaf node-id {
            type danet-qkdn-comm:id;
            description
-                "Id of the node.";
+                "ID of the node.";
        }

        leaf ip-address {
@@ -146,6 +149,7 @@ module temp { // fix module and file name
        }
    }

+    // NOTE: Maybe we want something like multiple links for that specific peer
    grouping kms-peer {
        description
            "Another KMS connected to this KMS.";
@@ -178,13 +182,14 @@ module temp { // fix module and file name
                config false;

                description
-                    "Id of the QKD module connected to the peer.";
+                    "ID of the QKD module connected to the peer.";
            }

            leaf op-status {
                type enumeration {
                    enum PENDING;
-                    enum ACTIVE;
+                    enum ESTABLISHED;
+                    enum DOWN;
                    enum ERROR;
                }
                config false;
@@ -201,7 +206,7 @@ module temp { // fix module and file name
                    "The key length negotiated between the two KMS in bits.";
            }

-            // add:
+            // relevant???:
            // - was this peer known or did it just appear? maybe sth like status field for this (known, unknown)
            // - administrative status: can I talk with this peer/am I allowed to talk to this peer?
        }
@@ -211,7 +216,7 @@ module temp { // fix module and file name
        description
            "Definition of an interface inside of the KMS.";

-         leaf ip-address {
+        leaf ip-address {
            type inet:ipv4-address;
        }

@@ -219,11 +224,6 @@ module temp { // fix module and file name
            type inet:port-number;
        }

-        container inter-kms-protocol {
-            uses danet-qkdn-comm:inter-kms-protocol;
-            config false;
-        }
-
        leaf index {
            type int16;
            description
@@ -263,7 +263,7 @@ module temp { // fix module and file name
        leaf path-id {
            type danet-qkdn-comm:id;
            description
-                "Id that is connected to one calculated path through the network and is used as a
+                "ID that is connected to one calculated path through the network and is used as a
                reference during the forwarding process.";
        }

@@ -307,6 +307,7 @@ module temp { // fix module and file name
                "A list of available protocols for communication with other KMS.";
        }

+        // NOTE:  Could be useful to add something like: QKD-Module-Information
        leaf-list qkd-module-protocols {
            type danet-qkdn-comm:qkd-protocol;
            config false;
@@ -377,10 +378,14 @@ module temp { // fix module and file name
                    "The amount of keys forwarded since establishing the route.";
            }

-            leaf op-status {    // maybe add more like: down, peer unavailable, specific kind of issue, etc.
+            // NOTE: This is difficult to handle, since we have two endings for
+            // one routing session that can effect the operation status
+            // (previous and next).
+            leaf op-status {
                type enumeration {
                    enum PENDING;
                    enum ESTABLISHED;
+                    enum DOWN;
                    enum ERROR;
                }

@@ -403,6 +408,7 @@ module temp { // fix module and file name
            uses danet-qkdn-comm:key-properties;
        }

+        // UUID for now, maybe change after discussions
        leaf remote-ukms-id {
            type danet-qkdn-comm:id;
            description