diff --git a/README.md b/README.md
index 3f5692ee24874ea615325d98fe11384dce606e3a..a8b319a3909ed7123fd4180841f0c2a6465d8399 100644
--- a/README.md
+++ b/README.md
@@ -57,14 +57,12 @@ Peers: # Peers to other goKMS
# peer to goKMS02
- PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2" # id of the peer
PeerInterComAddr: 172.100.20.11:50910 # inter com endpoint of the peer
- Sync: true # determines which peer partner is responsible for syncing
QuantumModule: # Quantum module used for this peer
Type: emulated # Type of the quantum module e.g. emulated or etsi
Address: 172.100.20.14 # Address of the quantum module
# peer to goKMS03
- PeerId: "f80db2c0-2480-46b9-b7d1-b63f954e8227"
PeerInterComAddr: 172.100.20.12:50910
- Sync: false
QuantumModule:
Type: emulated
Address: 172.100.20.18
diff --git a/config/goKMS/example01.yaml b/config/goKMS/example01.yaml
index 5162b5e020833f80ebdaf02860483f79243010bc..a80bf823e4d0b1aea97309db4453e54a9cbfa360 100644
--- a/config/goKMS/example01.yaml
+++ b/config/goKMS/example01.yaml
@@ -19,7 +19,6 @@ Peers:
# peer to kms02
- PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
PeerInterComAddr: 172.100.20.11:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
@@ -28,7 +27,6 @@ Peers:
# peer to kms03
- PeerId: "f80db2c0-2480-46b9-b7d1-b63f954e8227"
PeerInterComAddr: 172.100.20.12:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/example02.yaml b/config/goKMS/example02.yaml
index 32cc939bf65cf86b801e0e3946b241b1ed7c7217..d6f01e59130be52317fb663c844d2ae1d2879ebc 100644
--- a/config/goKMS/example02.yaml
+++ b/config/goKMS/example02.yaml
@@ -17,7 +17,6 @@ Peers:
# peer to kms01
- PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
PeerInterComAddr: 172.100.20.10:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
@@ -26,7 +25,6 @@ Peers:
# peer to kms04
- PeerId: "968fd594-b0e7-41f0-ba4b-de259047a933"
PeerInterComAddr: 172.100.20.13:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/example03.yaml b/config/goKMS/example03.yaml
index 9bb031d755d958f30b78ea07a81f0d777a231cb3..23502a3e792b8595bd5d00ab3951c61e0171dd47 100644
--- a/config/goKMS/example03.yaml
+++ b/config/goKMS/example03.yaml
@@ -17,7 +17,6 @@ Peers:
# peer to kms01
- PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
PeerInterComAddr: 172.100.20.10:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
@@ -26,7 +25,6 @@ Peers:
# peer to kms04
- PeerId: "968fd594-b0e7-41f0-ba4b-de259047a933"
PeerInterComAddr: 172.100.20.13:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/example04.yaml b/config/goKMS/example04.yaml
index 2d452687032e34bf91146784d3ae4ad1edab5c1e..3d7397414ce2bfc16d1ee8160459898d895dcefc 100644
--- a/config/goKMS/example04.yaml
+++ b/config/goKMS/example04.yaml
@@ -19,7 +19,6 @@ Peers:
# peer to kms02
- PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
PeerInterComAddr: 172.100.20.11:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
@@ -28,7 +27,6 @@ Peers:
# peer to kms03
- PeerId: "f80db2c0-2480-46b9-b7d1-b63f954e8227"
PeerInterComAddr: 172.100.20.12:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/small_kms_1.yaml b/config/goKMS/small_kms_1.yaml
index 686e5d3968f73d2391ddedc831e0d9881ce5e1f3..538ad6f8085a6576e572d1e5a2be0b5fa6e5e222 100644
--- a/config/goKMS/small_kms_1.yaml
+++ b/config/goKMS/small_kms_1.yaml
@@ -9,7 +9,6 @@ Peers:
# peer to kms_2
- PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
PeerInterComAddr: kms_2:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/small_kms_2.yaml b/config/goKMS/small_kms_2.yaml
index 83c4bb0cb165fa0d4a50041b1a6ac8324e170d71..e85e3563aa182269d4c21f54766a36396c2cb61f 100644
--- a/config/goKMS/small_kms_2.yaml
+++ b/config/goKMS/small_kms_2.yaml
@@ -9,7 +9,6 @@ Peers:
# peer to kms_1
- PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
PeerInterComAddr: kms_1:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/dev_env_data/debug_configs/config/kms/kms_1.yaml b/dev_env_data/debug_configs/config/kms/kms_1.yaml
index 2418ae7ad96c9e86360c7e1614c181ad80865855..3be024c2d425380fd6aab156243f7712b6d10adf 100644
--- a/dev_env_data/debug_configs/config/kms/kms_1.yaml
+++ b/dev_env_data/debug_configs/config/kms/kms_1.yaml
@@ -14,7 +14,6 @@ Peers:
# peer to kms_2
- PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
PeerInterComAddr: 127.0.0.1:51910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/dev_env_data/debug_configs/config/kms/kms_2.yaml b/dev_env_data/debug_configs/config/kms/kms_2.yaml
index de4255d8f8fca1d09ad315d96b267a1acc742bc9..fb8834357f5bbfb1f627707b4ecf8a4f724eca39 100644
--- a/dev_env_data/debug_configs/config/kms/kms_2.yaml
+++ b/dev_env_data/debug_configs/config/kms/kms_2.yaml
@@ -14,7 +14,6 @@ Peers:
# peer to kms_1
- PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
PeerInterComAddr: 172.18.0.1:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/goKMS/config/config.go b/goKMS/config/config.go
index f3c73ec23417f35508a0f456ed5699ac15325c82..a9ae1d6a42466bbe17a9edfedcdc53c95e6bfd5f 100644
--- a/goKMS/config/config.go
+++ b/goKMS/config/config.go
@@ -23,7 +23,6 @@ type Config struct {
type Peer struct {
PeerId string `yaml:"PeerId"`
PeerInterComAddr string `yaml:"PeerInterComAddr"`
- Sync bool `yaml:"Sync"`
Type string `yaml:"Type"`
QuantumModule QuantumModule `yaml:"QuantumModule"`
}
diff --git a/goKMS/gnmiHandlers/kms/peerHandler.go b/goKMS/gnmiHandlers/kms/peerHandler.go
index e8475ec55fb8995b0dbebe9a8ca5efd503593c66..7ed391142ff25fffb43890ea5c220bb846c7ed99 100644
--- a/goKMS/gnmiHandlers/kms/peerHandler.go
+++ b/goKMS/gnmiHandlers/kms/peerHandler.go
@@ -57,7 +57,6 @@ func (yh *PeerHandler) Init(config *handler.Config, publishToSubsFunc func([]*gn
diff, err := yh.updateOrCreatePeerTable(yh.kms)
if err != nil {
log.Errorf("Error within interface subscription goroutine; %v", err)
- // TODO: check again
break
}
if err := yh.PublishToSubs(diff); err != nil {
@@ -71,7 +70,6 @@ func (yh *PeerHandler) Init(config *handler.Config, publishToSubsFunc func([]*gn
}
func (yh *PeerHandler) Update(c ygot.ValidatedGoStruct, jobs []*gnmi.Update) error {
- // TODO: implement
return nil
}
@@ -104,9 +102,16 @@ func (yh *PeerHandler) updateOrCreatePeerTable(kms *kms.KMS) ([]*gnmi.Notificati
confTempPeerAddress.Hostname = ygot.String(peer.Address().String()) // TODO: get real hostname here
confTempPeerAddress.NodeId = ygot.String(peer.GetKmsPeerId().String())
- // TODO: implement for kms, curently hardcoded
- confInterKmsProtocol := confTempPeerInformation.GetOrCreateInterKmsProtocol()
- confInterKmsProtocol.ProtocolName = gnmitargetygot.Temp_KmsInterfaceTable_KmsInterfaces_ProtocolName_DANET_INTER_KMS_PROTO
+ client := peer.Client()
+ switch {
+ case client == nil:
+ log.Error("gRPC client for internal peer communication is not set.")
+ case client.KmsTalkerClient != nil:
+ confInterKmsProtocol := confTempPeerInformation.GetOrCreateInterKmsProtocol()
+ confInterKmsProtocol.ProtocolName = gnmitargetygot.Temp_KmsInterfaceTable_KmsInterfaces_ProtocolName_DANET_INTER_KMS_PROTO
+ default:
+ log.Error("unknown client for internal peer communication.")
+ }
confTempPeerInformation.QkdModuleId = ygot.String(peer.QuantumModule().ID().String())
@@ -119,7 +124,7 @@ func (yh *PeerHandler) updateOrCreatePeerTable(kms *kms.KMS) ([]*gnmi.Notificati
confTempPeerInformation.OpStatus = gnmitargetygot.Temp_OpStatus_ERROR
}
- // TODO: implement for kms, curently hardcoded
+ // NOTE: Currently it is assumed that only 256 bit keys are necessary.
confTempPeerInformation.NegotiatedKeyLength = ygot.Uint64(256)
}
diff --git a/goKMS/gnmiHandlers/system/memoryHandler.go b/goKMS/gnmiHandlers/system/memoryHandler.go
index 02fcb723f4ab7e737388c48b7e48682a4d330792..9080b132a7385a32e530ec87757f74161d9a887d 100644
--- a/goKMS/gnmiHandlers/system/memoryHandler.go
+++ b/goKMS/gnmiHandlers/system/memoryHandler.go
@@ -61,9 +61,22 @@ func (yh *MemoryHandler) updateOrCreateMemory(os osclient.Osclient) ([]*gnmi.Not
confSystem := newConfig.GetOrCreateSystem()
if memory := confSystem.GetOrCreateMemory(); memory != nil {
- memory.GetOrCreateState().Physical = ygot.Uint64(os.GetTotalMemory())
- memory.GetOrCreateState().Free = ygot.Uint64(os.GetFreeMemory())
- memory.GetOrCreateState().Used = ygot.Uint64(os.GetUsedMemory())
+ totalMemory, err := os.GetTotalMemory()
+ if err != nil {
+ return nil, fmt.Errorf("Failed to get the total memory; err: %w", err)
+ }
+ freeMemory, err := os.GetFreeMemory()
+ if err != nil {
+ return nil, fmt.Errorf("Failed to get the free memory; err: %w", err)
+ }
+ usedMemory, err := os.GetUsedMemory()
+ if err != nil {
+ return nil, fmt.Errorf("Failed to get the used memory; err: %w", err)
+ }
+
+ memory.GetOrCreateState().Physical = ygot.Uint64(totalMemory)
+ memory.GetOrCreateState().Free = ygot.Uint64(freeMemory)
+ memory.GetOrCreateState().Used = ygot.Uint64(usedMemory)
}
//validate struct
diff --git a/goKMS/gnmiHandlers/system/stateHandler.go b/goKMS/gnmiHandlers/system/stateHandler.go
index 989c5eb2dbb1058f9d54ac11061a887f315309ee..3357a425b705c4cb6a357cceae4881c41eebbaa2 100644
--- a/goKMS/gnmiHandlers/system/stateHandler.go
+++ b/goKMS/gnmiHandlers/system/stateHandler.go
@@ -71,8 +71,10 @@ func (yh *StateHandler) updateOrCreateState(os osclient.Osclient) ([]*gnmi.Notif
state.BootTime = ygot.Uint64(bootTime)
// Read version of the operating system
- // TODO: better error handling, or even better error handling at all
- osVersion, _ := os.GetSoftwareVersion()
+ osVersion, err := os.GetSoftwareVersion()
+ if err != nil {
+ return nil, fmt.Errorf("Failed to get the current software version of the operating system; err: %w", err)
+ }
state.SoftwareVersion = ygot.String(osVersion)
}
diff --git a/goKMS/kms/kms.go b/goKMS/kms/kms.go
index a002fa643c5ff5dd7aae29590193889cd2d1fd0b..5540cb88e5e5ee7d02826b7ad0edff84aa6659c0 100644
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -222,24 +222,11 @@ func (kms *KMS) initializePeers(config *config.Config) error {
client.KmsTalkerClient = pbIC.NewKmsTalkerClient(newPeerConn)
}
- p, err := kms.AddPeer(peer.PeerId, peer.PeerInterComAddr, qm, client)
+ _, err = kms.AddPeer(peer.PeerId, peer.PeerInterComAddr, qm, client)
if err != nil {
log.Fatalf("Failed to create a peer: %s", err)
return nil
}
-
- // TODO: check again; we might want to use this based on the quantum
- // module in use.
- if peer.Sync {
- go func() {
- time.Sleep(time.Second * 32)
- if err := p.SyncBulkKeys(); err != nil {
- log.Info("SYNC ERROR: ", err)
- } else {
- log.Info("SYNCED successfully!")
- }
- }()
- }
}
return nil
}
@@ -261,7 +248,7 @@ func (kms *KMS) startGRPC() {
healthpb.RegisterHealthServer(interKMSServer, healthCheck)
pbIC.RegisterKmsTalkerServer(interKMSServer, &kmsTalkerServer{
keyNegotiationMap: make(map[uuid.UUID]*store.KmsKSElement),
- KMS: kms,
+ kms: kms,
})
if kms.quantumAddress != "" {
@@ -306,7 +293,7 @@ func (kms *KMS) AddPeer(peerKmsId string, kmsPeerSocket string, servingQLE peers
log.Errorf("Trying to add existing peer %s, with KMS ID %s", kmsPeerSocket, peerKmsId)
return nil, fmt.Errorf("trying to add existing peer %s, with KMS ID %s", kmsPeerSocket, peerKmsId)
}
- peer, err := peers.NewKmsPeer(peerKmsId, servingQLE, kmsPeerSocket, kms.interComAddr, client, kms.eventBus)
+ peer, err := peers.NewKmsPeer(peerKmsId, servingQLE, kmsPeerSocket, client, kms.eventBus)
if err != nil {
return nil, err
}
diff --git a/goKMS/kms/kmsintercom.go b/goKMS/kms/kmsintercom.go
index 225aac2227b0d79a90bc93afd36d70222f6e02c8..4bb2fb8dff42cd8690aa9da0ce582fc28180b363 100644
--- a/goKMS/kms/kmsintercom.go
+++ b/goKMS/kms/kmsintercom.go
@@ -30,26 +30,24 @@ type kmsTalkerServer struct {
pb.UnimplementedKmsTalkerServer
keyNegotationMutex sync.Mutex
keyNegotiationMap map[uuid.UUID]*store.KmsKSElement
- KMS *KMS
+ kms *KMS
}
-// This must somehow find out and agree to a specific key length.
func (s *kmsTalkerServer) InterComCapabilities(ctx context.Context, in *pb.InterComCapabilitiesRequest) (capReply *pb.InterComCapabilitiesReply, err error) {
log.Debugf("Received: %v", in.GetMyKmsName())
- // TODO: Call to ksp := NewKmsKeyStore(<desired-size-of-each-key-in-bits)
- // this to be stored in the serving QLE QuantumElement struct under keyStorePeer
- // Further, the KMS peers have to agree on a ready-to-be-used keyBulk based on the bulkId
- // This requires to go through the rawBulkKeys of type QuantumElement and lookup a bulkId both side do know Once agreed upon on keyBulk, this here has to call KeyChopper of the actual NewKmsKeyStore
+ // NOTE: InterComCapabilities should return the capabilities of the kms.
+ // This could include supported key sizes, crypto algorithms, etc.
+ // Therefore the proto definitions should be extended accordingly.
return &pb.InterComCapabilitiesReply{
- PeerKmsName: "whatever",
+ PeerKmsName: s.kms.kmsName,
}, nil
}
func (s *kmsTalkerServer) KeyIdNotification(ctx context.Context, in *pb.KeyIdNotificationRequest) (*pb.KeyIdNotificationResponse, error) {
// check if a peer exists
- peer, ok := s.KMS.KmsPeers[in.GetKmsId()]
+ peer, ok := s.kms.KmsPeers[in.GetKmsId()]
if !ok {
return nil, status.Errorf(codes.Internal, "peer with ID: %s does not exist in peers", in.GetKmsId())
}
@@ -86,7 +84,6 @@ func (s *kmsTalkerServer) KeyIdNotification(ctx context.Context, in *pb.KeyIdNot
return nil, status.Error(codes.Aborted, string(body))
}
- // TODO: could be run in go routine
if err := store.AddETSIKeysToKeystore(eqm.KeyStore(), keyContainer.GetKeys()); err != nil {
return nil, status.Error(codes.Internal, "expected etsi014 quantum module")
}
@@ -96,14 +93,12 @@ func (s *kmsTalkerServer) KeyIdNotification(ctx context.Context, in *pb.KeyIdNot
}, nil
}
-// TODO: should be removed as soon as the emulated quantum module has been
-// changed; is specific for emulated quantum module.
func (s *kmsTalkerServer) SyncQkdBulk(ctx context.Context, in *pb.SyncQkdBulkRequest) (*pb.SyncQkdBulkResponse, error) {
// NOTE: with "google.golang.org/grpc/peer" it would be possible to get the client ip directly
p, _ := peer.FromContext(ctx)
log.Infof("Received SyncQkdBulkRequest from %s", p.Addr.String())
// check if a peer exists
- peer, ok := s.KMS.KmsPeers[in.GetKmsId()]
+ peer, ok := s.kms.KmsPeers[in.GetKmsId()]
if !ok {
return nil, status.Errorf(codes.Internal, "peer with ID: %s does not exist in peers", in.GetKmsId())
}
@@ -128,7 +123,7 @@ func (s *kmsTalkerServer) SyncQkdBulk(ctx context.Context, in *pb.SyncQkdBulkReq
}
func (s *kmsTalkerServer) SyncKeyIdsForBulk(ctx context.Context, in *pb.SyncKeyIdsForBulkRequest) (*pb.SyncKeyIdsForBulkResponse, error) {
- peer, ok := s.KMS.KmsPeers[in.GetKmsId()]
+ peer, ok := s.kms.KmsPeers[in.GetKmsId()]
if !ok {
return nil, status.Errorf(codes.Internal, "For KMS id: %s, no peer exists", in.GetKmsId())
}
@@ -187,17 +182,11 @@ func (s *kmsTalkerServer) InterComTransportKeyNegotiation(ctx context.Context, i
return nil, status.Errorf(codes.InvalidArgument, "path id: %s can not be parsed to uuid", in.GetPathID())
}
- route, ok := s.KMS.routingTable[pathId]
+ route, ok := s.kms.routingTable[pathId]
if !ok {
return nil, status.Errorf(codes.Internal, "There is no route for the given pathID: %s .", in.PathID)
}
- //TODO: This limits a pathId so that it is only possible to send one single
- //payload.
- //if _, ok := s.keyNegotiationMap[pathId]; ok {
- // return nil, status.Errorf(codes.Internal, "A transport key for pathID: %s has already been negotiated.", in.PathID)
- //}
-
quantumModuleKeyStore := route.Previous.QuantumModule().KeyStore()
key, err := quantumModuleKeyStore.GetKeyWithID(keyID)
@@ -230,12 +219,12 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
return nil, status.Errorf(codes.Internal, "%s", err)
}
- route, ok := s.KMS.routingTable[pathId]
+ route, ok := s.kms.routingTable[pathId]
if !ok {
return nil, status.Errorf(codes.Internal, "There is no route for the given pathID: %s .", in.PathId)
}
- log.Infof("%s received a key: %s, from %s", s.KMS.kmsName, in.GetKey(), route.Previous.TcpSocketStr)
+ log.Debugf("%s received a key: %s, from %s", s.kms.kmsName, in.GetKey(), route.Previous.TcpSocketStr)
s.keyNegotationMutex.Lock()
defer s.keyNegotationMutex.Unlock()
@@ -250,16 +239,14 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
}
if route.Next != nil {
- log.Infof("%s forwards payload to : %s", s.KMS.kmsName, route.Next.TcpSocketStr)
+ log.Debugf("%s forwards payload to : %s", s.kms.kmsName, route.Next.TcpSocketStr)
- // TODO: Find a better way of handling this; ignore the lint error for
- // now.
go route.Next.SendPayload(&crypto.Key{ //nolint:errcheck
ID: keyID,
Key: decryptedKey,
}, pathId, processId)
} else {
- log.Infof("%s received the final payload: %s", s.KMS.kmsName, string(decryptedKey))
+ log.Debugf("%s received the final payload: %s", s.kms.kmsName, decryptedKey)
s.storeReceivedPlatformKey(route.RemoteKMS.Id, in.GetProcessId(), keyID, decryptedKey)
@@ -285,7 +272,7 @@ func (s *kmsTalkerServer) AckKeyForwarding(ctx context.Context, in *pb.AckKeyFor
// - Are pathId and processId valid?
// - Is the keyId valid?
- err = s.KMS.receiver.InformReceiver(pathId)
+ err = s.kms.receiver.InformReceiver(pathId)
if err != nil {
return nil, status.Errorf(codes.InvalidArgument, "Failed while informing Receiver; err: %v", err)
}
@@ -301,7 +288,7 @@ func (s *kmsTalkerServer) KeyDelivery(ctx context.Context, in *pb.KeyDeliveryReq
}
// look up PK
- platformKey, err := s.KMS.GetSpecificPlatformKey(in.GetKmsId(), keyId)
+ platformKey, err := s.kms.GetSpecificPlatformKey(in.GetKmsId(), keyId)
if err != nil {
return nil, status.Errorf(codes.NotFound, "%s", err)
}
@@ -321,7 +308,7 @@ func (s *kmsTalkerServer) KeyDelivery(ctx context.Context, in *pb.KeyDeliveryReq
keyId := key.GetId()
- log.Debugf("KeyID: %s, Key: %s", ksaKeyAsString, keyId)
+ log.Debugf("KeyID: %s, Key: %s", keyId, ksaKeyAsString)
akmsKSAKeys[i] = crypto.KSAKey{
KeyID: keyId,
@@ -329,11 +316,11 @@ func (s *kmsTalkerServer) KeyDelivery(ctx context.Context, in *pb.KeyDeliveryReq
}
}
- if s.KMS.keyStoreChannel != nil && in.GetRequestId() == etsi014RequestID {
- log.Debugf("(ETSI14) Pushing to KeyStoreChannel: %v in %s", s.KMS.keyStoreChannel, s.KMS.kmsName)
- s.KMS.keyStoreChannel <- akmsKSAKeys
- } else if s.KMS.ckmsAkmsClient != nil {
- go s.KMS.ckmsAkmsClient.SendKSAKeysToRequestingInstances(in.GetRequestId(), platformKey.ProcessId, akmsKSAKeys) //nolint:errcheck
+ if s.kms.keyStoreChannel != nil && in.GetRequestId() == etsi014RequestID {
+ log.Debugf("(ETSI14) Pushing to KeyStoreChannel: %v in %s", s.kms.keyStoreChannel, s.kms.kmsName)
+ s.kms.keyStoreChannel <- akmsKSAKeys
+ } else if s.kms.ckmsAkmsClient != nil {
+ go s.kms.ckmsAkmsClient.SendKSAKeysToRequestingInstances(in.GetRequestId(), platformKey.ProcessId, akmsKSAKeys) //nolint:errcheck
}
return &pb.KeyDeliveryResponse{Timestamp: time.Now().Unix()}, nil
@@ -359,12 +346,12 @@ func (s *kmsTalkerServer) getDecryptedKey(keyForDecryption []byte, cryptoAlgorit
}
func (s *kmsTalkerServer) storeReceivedPlatformKey(remoteKmsID, processID string, keyID uuid.UUID, decryptedKey []byte) {
- s.KMS.PKStoreMutex.Lock()
- defer s.KMS.PKStoreMutex.Unlock()
+ s.kms.PKStoreMutex.Lock()
+ defer s.kms.PKStoreMutex.Unlock()
- keys, ok := s.KMS.PKStore[remoteKmsID]
+ keys, ok := s.kms.PKStore[remoteKmsID]
if !ok {
- s.KMS.PKStore[remoteKmsID] = map[uuid.UUID]*PlatformKey{
+ s.kms.PKStore[remoteKmsID] = map[uuid.UUID]*PlatformKey{
keyID: {
Id: keyID,
Value: decryptedKey,
@@ -379,11 +366,11 @@ func (s *kmsTalkerServer) storeReceivedPlatformKey(remoteKmsID, processID string
}
}
- log.Debug("Current PKSTORE: ", s.KMS.PKStore)
+ log.Debug("Current PKSTORE: ", s.kms.PKStore)
}
func (s *kmsTalkerServer) sendAcknowledgeKeyForwarding(ctx context.Context, remoteKmsAddr, pathID, processID, keyID string) error {
- gRPCTransportCreds, err := kmstls.GenerateGRPCClientTransportCredsBasedOnTLSFlag(s.KMS.tlsConfig)
+ gRPCTransportCreds, err := kmstls.GenerateGRPCClientTransportCredsBasedOnTLSFlag(s.kms.tlsConfig)
if err != nil {
return fmt.Errorf("unable to generate gRPC transport creds: %w", err)
}
diff --git a/goKMS/kms/peers/danetQuantummodule.go b/goKMS/kms/peers/danetQuantummodule.go
index 13300f5f8673d32a8da2c8eb6c3e80a9b8420a84..797f906e41d95f69b4f605f8984b9eee4a5cbab6 100644
--- a/goKMS/kms/peers/danetQuantummodule.go
+++ b/goKMS/kms/peers/danetQuantummodule.go
@@ -82,8 +82,9 @@ func (qm *DanetQuantumModule) Sync() error {
return fmt.Errorf("could not find raw bulk key with id: %d", initialPeerSetupResponse.BulkId)
}
- // TODO: Initially the peer partners should discuss about the key length,
- // for now it is hardcoded.
+ // NOTE: Currently it is assumed that only 256 bit keys are necessary.
+ // This process could be improved by letting the peer partners initially
+ // discuss about the key length.
qm.keyStore = store.NewKmsKeyStore(256)
keyIds, keyData, err := qm.KeyChopper(bulkKey, []string{})
diff --git a/goKMS/kms/peers/kmsPeer.go b/goKMS/kms/peers/kmsPeer.go
index c9bacc956397406665a31816190d02bf4f83b0e7..a6828434065e0b49f2b3ec1bca9be3d5b88c661f 100644
--- a/goKMS/kms/peers/kmsPeer.go
+++ b/goKMS/kms/peers/kmsPeer.go
@@ -40,7 +40,6 @@ type KmsPeer struct {
peerClient *GRPCClient
peerStatus KmsPeerStatus
peerKmsId uuid.UUID
- interComAddr string
servingQuantumModul QuantumModule
tcpSocket *net.TCPAddr // the IP address and TCP port (aka socket) of the kms peer
TcpSocketStr string // string rep. of tcpSocket
@@ -52,7 +51,7 @@ type KmsPeer struct {
}
// TODO: check intercomaddr -> remove?
-func NewKmsPeer(peerKmsId string, quantummodule QuantumModule, tcpSocketStr string, interComAddr string, client *GRPCClient, eventBus *event.EventBus) (*KmsPeer, error) {
+func NewKmsPeer(peerKmsId string, quantummodule QuantumModule, tcpSocketStr string, client *GRPCClient, eventBus *event.EventBus) (*KmsPeer, error) {
var peerKmsIdUUID uuid.UUID
if peerKmsId == "" {
peerKmsIdUUID = uuid.New()
@@ -81,9 +80,8 @@ func NewKmsPeer(peerKmsId string, quantummodule QuantumModule, tcpSocketStr stri
// We need multiple peer clients!
peerClient: client,
// TODO: change this, only for demo purposes
- peerStatus: KmsPeerUp,
- peerKmsId: peerKmsIdUUID,
- interComAddr: interComAddr,
+ peerStatus: KmsPeerUp,
+ peerKmsId: peerKmsIdUUID,
// NOTE a peer could have multiple quantum modules
servingQuantumModul: quantummodule,
tcpSocket: tcpSocket,
@@ -156,8 +154,6 @@ func (kp *KmsPeer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID)
}
}
- // TODO: Return a message if keys are empty
-
// select a key from key store
key, err := kp.servingQuantumModul.KeyStore().GetKey()
if err != nil {
@@ -178,9 +174,6 @@ func (kp *KmsPeer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID)
kp.servingQuantumModul.KeyStore().DeleteKey(key.KeyID)
- // TODO: would be better to update the index counter here (to keep it
- // synchronized).
-
nonce, encryptedPayload, err := kp.et.Encrypt(payload.Key, key.Key)
if err != nil {
return err
diff --git a/goKMS/kms/store/kms-keystore.go b/goKMS/kms/store/kms-keystore.go
index aa177cbeb4224a4ee09c600b64bf2ee097607d20..9a4334b1a7f2abacf635a586e93957e8c5769264 100644
--- a/goKMS/kms/store/kms-keystore.go
+++ b/goKMS/kms/store/kms-keystore.go
@@ -70,7 +70,6 @@ func (ks *KmsKeyStore) GetKey() (*KmsKSElement, error) {
ks.keyStoreMutex.Lock()
defer ks.keyStoreMutex.Unlock()
- // TODO: if we want random here, then we have to take a different approach
for _, key := range ks.keyStore {
if key.Status == AVAILABLE {
// change status of key to reserved
diff --git a/goKMS/osclient/additions/system_freebsd.go b/goKMS/osclient/additions/system_freebsd.go
index 781572e554d4488b3ef3515b070e34f76b63277e..db8b5ee866a75ae3a77034523e86c048ddb4f850 100644
--- a/goKMS/osclient/additions/system_freebsd.go
+++ b/goKMS/osclient/additions/system_freebsd.go
@@ -32,33 +32,40 @@ func (sys *system) SetHostname(hostname *string) error {
return nil
}
-func (sys *system) GetFreeMemory() uint64 {
+func (sys *system) GetFreeMemory() (uint64, error) {
free, err := SysctlUint("vm.stats.vm.v_free_count")
if err != nil {
log.Error("GetFreeMemory(): ", err)
- return 0
+ return 0, err
}
free *= sys.pageSize
- return free
+ return free, nil
}
-func (sys *system) GetTotalMemory() uint64 {
+func (sys *system) GetTotalMemory() (uint64, error) {
total, err := SysctlUint("hw.physmem")
if err != nil {
log.Error("GetTotalMemory(): ", err)
- return 0
+ return 0, err
}
- return total
+ return total, nil
}
-func (sys *system) GetUsedMemory() uint64 {
- return (sys.GetTotalMemory() - sys.GetFreeMemory())
+func (sys *system) GetUsedMemory() (uint64, error) {
+ totalMem, err := sys.GetTotalMemory()
+ if err != nil {
+ return 0, err
+ }
+ freeMem, err := sys.GetFreeMemory()
+ if err != nil {
+ return 0, err
+ }
+ return (totalMem - freeMem), nil
}
-// TODO: replace by real motd and not just this text.
func (sys *system) GetMotd() (string, error) {
return "generic kms motd. Not real OS motd, sorry.", nil
}
diff --git a/goKMS/osclient/additions/system_freebsd_test.go b/goKMS/osclient/additions/system_freebsd_test.go
index b8e4bdf64ab6e79b60c05f59b53dbcdc47e81d09..9d8b2838391a19cead8d29d684d76809081f9e67 100644
--- a/goKMS/osclient/additions/system_freebsd_test.go
+++ b/goKMS/osclient/additions/system_freebsd_test.go
@@ -12,9 +12,8 @@ func TestSystemFreeBSD(t *testing.T) {
t.Errorf("NewSystem fails with : %s", err)
}
- mem := sys.GetFreeMemory()
+ mem, err := sys.GetFreeMemory()
if mem == 0 {
- t.Errorf("GetFreeMemory delivered wrong value of 0")
- }
+ t.Errorf("GetFreeMemory delivered wrong value of 0")
+ }
}
-
diff --git a/goKMS/osclient/additions/system_linux.go b/goKMS/osclient/additions/system_linux.go
index b2ddd6c91d3002b900cbf961c6ab4575cba2de52..c31b15840bb71b9295be2a80ce0530e401b843a0 100644
--- a/goKMS/osclient/additions/system_linux.go
+++ b/goKMS/osclient/additions/system_linux.go
@@ -31,40 +31,36 @@ func NewSystem() (System, error) {
}
func (sys *system) SetHostname(hostname *string) error {
- // TODO: potentially some safety checks?
return syscall.Sethostname([]byte(*hostname))
}
-func (sys *system) GetFreeMemory() uint64 {
+func (sys *system) GetFreeMemory() (uint64, error) {
memInfo, err := sys.pfs.Meminfo()
if err != nil {
- // TODO: better error handling is required
log.Error("GetTotalMemory ", err)
- return 0
+ return 0, err
}
- return *memInfo.MemFree
+ return *memInfo.MemFree, nil
}
-func (sys *system) GetTotalMemory() uint64 {
+func (sys *system) GetTotalMemory() (uint64, error) {
memInfo, err := sys.pfs.Meminfo()
if err != nil {
- // TODO: better error handling is required
log.Error("GetTotalMemory ", err)
- return 0
+ return 0, err
}
- return *memInfo.MemTotal
+ return *memInfo.MemTotal, nil
}
-func (sys *system) GetUsedMemory() uint64 {
+func (sys *system) GetUsedMemory() (uint64, error) {
memInfo, err := sys.pfs.Meminfo()
if err != nil {
- // TODO: better error handling is required
log.Error("GetTotalMemory ", err)
- return 0
+ return 0, err
}
- return *memInfo.MemTotal - *memInfo.MemFree
+ return (*memInfo.MemTotal - *memInfo.MemFree), nil
}
func (sys *system) GetSoftwareVersion() (string, error) {
@@ -85,7 +81,6 @@ func (sys *system) GetSoftwareVersion() (string, error) {
// go line by line and look for
// ID and VERSION_ID entries
// this version may result in empty or incomplete information
- // TODO: better error handling while parsing the file.
for fileRdr.Scan() {
strElement := strings.FieldsFunc(fileRdr.Text(), func(r rune) bool {
if r == '=' {
diff --git a/goKMS/osclient/additions/types.go b/goKMS/osclient/additions/types.go
index e6bb26f4b28579aa8b7e5b0d381b2fee86fb385e..bea55cb85a200cef20565fe1acc9d7fa92c2b805 100644
--- a/goKMS/osclient/additions/types.go
+++ b/goKMS/osclient/additions/types.go
@@ -7,9 +7,9 @@ type System interface {
SetHostname(hostname *string) error
GetCurrentTime() time.Time
GetTimeZoneName() string
- GetTotalMemory() uint64
- GetFreeMemory() uint64
- GetUsedMemory() uint64
+ GetTotalMemory() (uint64, error)
+ GetFreeMemory() (uint64, error)
+ GetUsedMemory() (uint64, error)
GetDomainName() (string, error)
GetMotd() (string, error)
SetMotd(message string) error
diff --git a/integration-tests/config/kms/kms_1.yaml b/integration-tests/config/kms/kms_1.yaml
index 4c7a9289c228f4055399ed1434221e0308a59da3..e9a119b8d6b3a357908180dc46e06536d2fb5993 100644
--- a/integration-tests/config/kms/kms_1.yaml
+++ b/integration-tests/config/kms/kms_1.yaml
@@ -14,7 +14,6 @@ Peers:
# peer to kms_2
- PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
PeerInterComAddr: kms_2:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/integration-tests/config/kms/kms_2.yaml b/integration-tests/config/kms/kms_2.yaml
index a887c49ce1053e442cdcd112ba1a87ad580bc573..595ca285c5c4b329869ab99e2feee4a1334ab9db 100644
--- a/integration-tests/config/kms/kms_2.yaml
+++ b/integration-tests/config/kms/kms_2.yaml
@@ -14,7 +14,6 @@ Peers:
# peer to kms_1
- PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
PeerInterComAddr: kms_1:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule: