From fc5b9796f87aeeb7f2f086c9b694cae77bd0a9fd Mon Sep 17 00:00:00 2001
From: Malte Bauch <malte.bauch@h-da.de>
Date: Wed, 26 Jun 2024 15:36:31 +0000
Subject: [PATCH] Check current open TODOs and resolve
See merge request danet/quant!163
---
README.md | 2 -
config/goKMS/example01.yaml | 2 -
config/goKMS/example02.yaml | 2 -
config/goKMS/example03.yaml | 2 -
config/goKMS/example04.yaml | 2 -
config/goKMS/small_kms_1.yaml | 1 -
config/goKMS/small_kms_2.yaml | 1 -
.../debug_configs/config/kms/kms_1.yaml | 1 -
.../debug_configs/config/kms/kms_2.yaml | 1 -
goKMS/config/config.go | 1 -
goKMS/gnmiHandlers/kms/peerHandler.go | 17 +++--
goKMS/gnmiHandlers/system/memoryHandler.go | 19 +++++-
goKMS/gnmiHandlers/system/stateHandler.go | 6 +-
goKMS/kms/kms.go | 19 +-----
goKMS/kms/kmsintercom.go | 67 ++++++++-----------
goKMS/kms/peers/danetQuantummodule.go | 5 +-
goKMS/kms/peers/kmsPeer.go | 13 +---
goKMS/kms/store/kms-keystore.go | 1 -
goKMS/osclient/additions/system_freebsd.go | 25 ++++---
.../osclient/additions/system_freebsd_test.go | 7 +-
goKMS/osclient/additions/system_linux.go | 23 +++----
goKMS/osclient/additions/types.go | 6 +-
integration-tests/config/kms/kms_1.yaml | 1 -
integration-tests/config/kms/kms_2.yaml | 1 -
24 files changed, 98 insertions(+), 127 deletions(-)
diff --git a/README.md b/README.md
index 3f5692ee..a8b319a3 100644
--- a/README.md
+++ b/README.md
@@ -57,14 +57,12 @@ Peers: # Peers to other goKMS
# peer to goKMS02
- PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2" # id of the peer
PeerInterComAddr: 172.100.20.11:50910 # inter com endpoint of the peer
- Sync: true # determines which peer partner is responsible for syncing
QuantumModule: # Quantum module used for this peer
Type: emulated # Type of the quantum module e.g. emulated or etsi
Address: 172.100.20.14 # Address of the quantum module
# peer to goKMS03
- PeerId: "f80db2c0-2480-46b9-b7d1-b63f954e8227"
PeerInterComAddr: 172.100.20.12:50910
- Sync: false
QuantumModule:
Type: emulated
Address: 172.100.20.18
diff --git a/config/goKMS/example01.yaml b/config/goKMS/example01.yaml
index 5162b5e0..a80bf823 100644
--- a/config/goKMS/example01.yaml
+++ b/config/goKMS/example01.yaml
@@ -19,7 +19,6 @@ Peers:
# peer to kms02
- PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
PeerInterComAddr: 172.100.20.11:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
@@ -28,7 +27,6 @@ Peers:
# peer to kms03
- PeerId: "f80db2c0-2480-46b9-b7d1-b63f954e8227"
PeerInterComAddr: 172.100.20.12:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/example02.yaml b/config/goKMS/example02.yaml
index 32cc939b..d6f01e59 100644
--- a/config/goKMS/example02.yaml
+++ b/config/goKMS/example02.yaml
@@ -17,7 +17,6 @@ Peers:
# peer to kms01
- PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
PeerInterComAddr: 172.100.20.10:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
@@ -26,7 +25,6 @@ Peers:
# peer to kms04
- PeerId: "968fd594-b0e7-41f0-ba4b-de259047a933"
PeerInterComAddr: 172.100.20.13:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/example03.yaml b/config/goKMS/example03.yaml
index 9bb031d7..23502a3e 100644
--- a/config/goKMS/example03.yaml
+++ b/config/goKMS/example03.yaml
@@ -17,7 +17,6 @@ Peers:
# peer to kms01
- PeerId: "0ff33c82-7fe1-482b-a0ca-67565806ee4b"
PeerInterComAddr: 172.100.20.10:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
@@ -26,7 +25,6 @@ Peers:
# peer to kms04
- PeerId: "968fd594-b0e7-41f0-ba4b-de259047a933"
PeerInterComAddr: 172.100.20.13:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/example04.yaml b/config/goKMS/example04.yaml
index 2d452687..3d739741 100644
--- a/config/goKMS/example04.yaml
+++ b/config/goKMS/example04.yaml
@@ -19,7 +19,6 @@ Peers:
# peer to kms02
- PeerId: "5e41c291-6121-4335-84f6-41e04b8bdaa2"
PeerInterComAddr: 172.100.20.11:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
@@ -28,7 +27,6 @@ Peers:
# peer to kms03
- PeerId: "f80db2c0-2480-46b9-b7d1-b63f954e8227"
PeerInterComAddr: 172.100.20.12:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/small_kms_1.yaml b/config/goKMS/small_kms_1.yaml
index 686e5d39..538ad6f8 100644
--- a/config/goKMS/small_kms_1.yaml
+++ b/config/goKMS/small_kms_1.yaml
@@ -9,7 +9,6 @@ Peers:
# peer to kms_2
- PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
PeerInterComAddr: kms_2:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/config/goKMS/small_kms_2.yaml b/config/goKMS/small_kms_2.yaml
index 83c4bb0c..e85e3563 100644
--- a/config/goKMS/small_kms_2.yaml
+++ b/config/goKMS/small_kms_2.yaml
@@ -9,7 +9,6 @@ Peers:
# peer to kms_1
- PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
PeerInterComAddr: kms_1:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/dev_env_data/debug_configs/config/kms/kms_1.yaml b/dev_env_data/debug_configs/config/kms/kms_1.yaml
index 2418ae7a..3be024c2 100644
--- a/dev_env_data/debug_configs/config/kms/kms_1.yaml
+++ b/dev_env_data/debug_configs/config/kms/kms_1.yaml
@@ -14,7 +14,6 @@ Peers:
# peer to kms_2
- PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
PeerInterComAddr: 127.0.0.1:51910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/dev_env_data/debug_configs/config/kms/kms_2.yaml b/dev_env_data/debug_configs/config/kms/kms_2.yaml
index de4255d8..fb883435 100644
--- a/dev_env_data/debug_configs/config/kms/kms_2.yaml
+++ b/dev_env_data/debug_configs/config/kms/kms_2.yaml
@@ -14,7 +14,6 @@ Peers:
# peer to kms_1
- PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
PeerInterComAddr: 172.18.0.1:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/goKMS/config/config.go b/goKMS/config/config.go
index f3c73ec2..a9ae1d6a 100644
--- a/goKMS/config/config.go
+++ b/goKMS/config/config.go
@@ -23,7 +23,6 @@ type Config struct {
type Peer struct {
PeerId string `yaml:"PeerId"`
PeerInterComAddr string `yaml:"PeerInterComAddr"`
- Sync bool `yaml:"Sync"`
Type string `yaml:"Type"`
QuantumModule QuantumModule `yaml:"QuantumModule"`
}
diff --git a/goKMS/gnmiHandlers/kms/peerHandler.go b/goKMS/gnmiHandlers/kms/peerHandler.go
index e8475ec5..7ed39114 100644
--- a/goKMS/gnmiHandlers/kms/peerHandler.go
+++ b/goKMS/gnmiHandlers/kms/peerHandler.go
@@ -57,7 +57,6 @@ func (yh *PeerHandler) Init(config *handler.Config, publishToSubsFunc func([]*gn
diff, err := yh.updateOrCreatePeerTable(yh.kms)
if err != nil {
log.Errorf("Error within interface subscription goroutine; %v", err)
- // TODO: check again
break
}
if err := yh.PublishToSubs(diff); err != nil {
@@ -71,7 +70,6 @@ func (yh *PeerHandler) Init(config *handler.Config, publishToSubsFunc func([]*gn
}
func (yh *PeerHandler) Update(c ygot.ValidatedGoStruct, jobs []*gnmi.Update) error {
- // TODO: implement
return nil
}
@@ -104,9 +102,16 @@ func (yh *PeerHandler) updateOrCreatePeerTable(kms *kms.KMS) ([]*gnmi.Notificati
confTempPeerAddress.Hostname = ygot.String(peer.Address().String()) // TODO: get real hostname here
confTempPeerAddress.NodeId = ygot.String(peer.GetKmsPeerId().String())
- // TODO: implement for kms, curently hardcoded
- confInterKmsProtocol := confTempPeerInformation.GetOrCreateInterKmsProtocol()
- confInterKmsProtocol.ProtocolName = gnmitargetygot.Temp_KmsInterfaceTable_KmsInterfaces_ProtocolName_DANET_INTER_KMS_PROTO
+ client := peer.Client()
+ switch {
+ case client == nil:
+ log.Error("gRPC client for internal peer communication is not set.")
+ case client.KmsTalkerClient != nil:
+ confInterKmsProtocol := confTempPeerInformation.GetOrCreateInterKmsProtocol()
+ confInterKmsProtocol.ProtocolName = gnmitargetygot.Temp_KmsInterfaceTable_KmsInterfaces_ProtocolName_DANET_INTER_KMS_PROTO
+ default:
+ log.Error("unknown client for internal peer communication.")
+ }
confTempPeerInformation.QkdModuleId = ygot.String(peer.QuantumModule().ID().String())
@@ -119,7 +124,7 @@ func (yh *PeerHandler) updateOrCreatePeerTable(kms *kms.KMS) ([]*gnmi.Notificati
confTempPeerInformation.OpStatus = gnmitargetygot.Temp_OpStatus_ERROR
}
- // TODO: implement for kms, curently hardcoded
+ // NOTE: Currently it is assumed that only 256 bit keys are necessary.
confTempPeerInformation.NegotiatedKeyLength = ygot.Uint64(256)
}
diff --git a/goKMS/gnmiHandlers/system/memoryHandler.go b/goKMS/gnmiHandlers/system/memoryHandler.go
index 02fcb723..9080b132 100644
--- a/goKMS/gnmiHandlers/system/memoryHandler.go
+++ b/goKMS/gnmiHandlers/system/memoryHandler.go
@@ -61,9 +61,22 @@ func (yh *MemoryHandler) updateOrCreateMemory(os osclient.Osclient) ([]*gnmi.Not
confSystem := newConfig.GetOrCreateSystem()
if memory := confSystem.GetOrCreateMemory(); memory != nil {
- memory.GetOrCreateState().Physical = ygot.Uint64(os.GetTotalMemory())
- memory.GetOrCreateState().Free = ygot.Uint64(os.GetFreeMemory())
- memory.GetOrCreateState().Used = ygot.Uint64(os.GetUsedMemory())
+ totalMemory, err := os.GetTotalMemory()
+ if err != nil {
+ return nil, fmt.Errorf("Failed to get the total memory; err: %w", err)
+ }
+ freeMemory, err := os.GetFreeMemory()
+ if err != nil {
+ return nil, fmt.Errorf("Failed to get the free memory; err: %w", err)
+ }
+ usedMemory, err := os.GetUsedMemory()
+ if err != nil {
+ return nil, fmt.Errorf("Failed to get the used memory; err: %w", err)
+ }
+
+ memory.GetOrCreateState().Physical = ygot.Uint64(totalMemory)
+ memory.GetOrCreateState().Free = ygot.Uint64(freeMemory)
+ memory.GetOrCreateState().Used = ygot.Uint64(usedMemory)
}
//validate struct
diff --git a/goKMS/gnmiHandlers/system/stateHandler.go b/goKMS/gnmiHandlers/system/stateHandler.go
index 989c5eb2..3357a425 100644
--- a/goKMS/gnmiHandlers/system/stateHandler.go
+++ b/goKMS/gnmiHandlers/system/stateHandler.go
@@ -71,8 +71,10 @@ func (yh *StateHandler) updateOrCreateState(os osclient.Osclient) ([]*gnmi.Notif
state.BootTime = ygot.Uint64(bootTime)
// Read version of the operating system
- // TODO: better error handling, or even better error handling at all
- osVersion, _ := os.GetSoftwareVersion()
+ osVersion, err := os.GetSoftwareVersion()
+ if err != nil {
+ return nil, fmt.Errorf("Failed to get the current software version of the operating system; err: %w", err)
+ }
state.SoftwareVersion = ygot.String(osVersion)
}
diff --git a/goKMS/kms/kms.go b/goKMS/kms/kms.go
index a002fa64..5540cb88 100644
--- a/goKMS/kms/kms.go
+++ b/goKMS/kms/kms.go
@@ -222,24 +222,11 @@ func (kms *KMS) initializePeers(config *config.Config) error {
client.KmsTalkerClient = pbIC.NewKmsTalkerClient(newPeerConn)
}
- p, err := kms.AddPeer(peer.PeerId, peer.PeerInterComAddr, qm, client)
+ _, err = kms.AddPeer(peer.PeerId, peer.PeerInterComAddr, qm, client)
if err != nil {
log.Fatalf("Failed to create a peer: %s", err)
return nil
}
-
- // TODO: check again; we might want to use this based on the quantum
- // module in use.
- if peer.Sync {
- go func() {
- time.Sleep(time.Second * 32)
- if err := p.SyncBulkKeys(); err != nil {
- log.Info("SYNC ERROR: ", err)
- } else {
- log.Info("SYNCED successfully!")
- }
- }()
- }
}
return nil
}
@@ -261,7 +248,7 @@ func (kms *KMS) startGRPC() {
healthpb.RegisterHealthServer(interKMSServer, healthCheck)
pbIC.RegisterKmsTalkerServer(interKMSServer, &kmsTalkerServer{
keyNegotiationMap: make(map[uuid.UUID]*store.KmsKSElement),
- KMS: kms,
+ kms: kms,
})
if kms.quantumAddress != "" {
@@ -306,7 +293,7 @@ func (kms *KMS) AddPeer(peerKmsId string, kmsPeerSocket string, servingQLE peers
log.Errorf("Trying to add existing peer %s, with KMS ID %s", kmsPeerSocket, peerKmsId)
return nil, fmt.Errorf("trying to add existing peer %s, with KMS ID %s", kmsPeerSocket, peerKmsId)
}
- peer, err := peers.NewKmsPeer(peerKmsId, servingQLE, kmsPeerSocket, kms.interComAddr, client, kms.eventBus)
+ peer, err := peers.NewKmsPeer(peerKmsId, servingQLE, kmsPeerSocket, client, kms.eventBus)
if err != nil {
return nil, err
}
diff --git a/goKMS/kms/kmsintercom.go b/goKMS/kms/kmsintercom.go
index 225aac22..4bb2fb8d 100644
--- a/goKMS/kms/kmsintercom.go
+++ b/goKMS/kms/kmsintercom.go
@@ -30,26 +30,24 @@ type kmsTalkerServer struct {
pb.UnimplementedKmsTalkerServer
keyNegotationMutex sync.Mutex
keyNegotiationMap map[uuid.UUID]*store.KmsKSElement
- KMS *KMS
+ kms *KMS
}
-// This must somehow find out and agree to a specific key length.
func (s *kmsTalkerServer) InterComCapabilities(ctx context.Context, in *pb.InterComCapabilitiesRequest) (capReply *pb.InterComCapabilitiesReply, err error) {
log.Debugf("Received: %v", in.GetMyKmsName())
- // TODO: Call to ksp := NewKmsKeyStore(<desired-size-of-each-key-in-bits)
- // this to be stored in the serving QLE QuantumElement struct under keyStorePeer
- // Further, the KMS peers have to agree on a ready-to-be-used keyBulk based on the bulkId
- // This requires to go through the rawBulkKeys of type QuantumElement and lookup a bulkId both side do know Once agreed upon on keyBulk, this here has to call KeyChopper of the actual NewKmsKeyStore
+ // NOTE: InterComCapabilities should return the capabilities of the kms.
+ // This could include supported key sizes, crypto algorithms, etc.
+ // Therefore the proto definitions should be extended accordingly.
return &pb.InterComCapabilitiesReply{
- PeerKmsName: "whatever",
+ PeerKmsName: s.kms.kmsName,
}, nil
}
func (s *kmsTalkerServer) KeyIdNotification(ctx context.Context, in *pb.KeyIdNotificationRequest) (*pb.KeyIdNotificationResponse, error) {
// check if a peer exists
- peer, ok := s.KMS.KmsPeers[in.GetKmsId()]
+ peer, ok := s.kms.KmsPeers[in.GetKmsId()]
if !ok {
return nil, status.Errorf(codes.Internal, "peer with ID: %s does not exist in peers", in.GetKmsId())
}
@@ -86,7 +84,6 @@ func (s *kmsTalkerServer) KeyIdNotification(ctx context.Context, in *pb.KeyIdNot
return nil, status.Error(codes.Aborted, string(body))
}
- // TODO: could be run in go routine
if err := store.AddETSIKeysToKeystore(eqm.KeyStore(), keyContainer.GetKeys()); err != nil {
return nil, status.Error(codes.Internal, "expected etsi014 quantum module")
}
@@ -96,14 +93,12 @@ func (s *kmsTalkerServer) KeyIdNotification(ctx context.Context, in *pb.KeyIdNot
}, nil
}
-// TODO: should be removed as soon as the emulated quantum module has been
-// changed; is specific for emulated quantum module.
func (s *kmsTalkerServer) SyncQkdBulk(ctx context.Context, in *pb.SyncQkdBulkRequest) (*pb.SyncQkdBulkResponse, error) {
// NOTE: with "google.golang.org/grpc/peer" it would be possible to get the client ip directly
p, _ := peer.FromContext(ctx)
log.Infof("Received SyncQkdBulkRequest from %s", p.Addr.String())
// check if a peer exists
- peer, ok := s.KMS.KmsPeers[in.GetKmsId()]
+ peer, ok := s.kms.KmsPeers[in.GetKmsId()]
if !ok {
return nil, status.Errorf(codes.Internal, "peer with ID: %s does not exist in peers", in.GetKmsId())
}
@@ -128,7 +123,7 @@ func (s *kmsTalkerServer) SyncQkdBulk(ctx context.Context, in *pb.SyncQkdBulkReq
}
func (s *kmsTalkerServer) SyncKeyIdsForBulk(ctx context.Context, in *pb.SyncKeyIdsForBulkRequest) (*pb.SyncKeyIdsForBulkResponse, error) {
- peer, ok := s.KMS.KmsPeers[in.GetKmsId()]
+ peer, ok := s.kms.KmsPeers[in.GetKmsId()]
if !ok {
return nil, status.Errorf(codes.Internal, "For KMS id: %s, no peer exists", in.GetKmsId())
}
@@ -187,17 +182,11 @@ func (s *kmsTalkerServer) InterComTransportKeyNegotiation(ctx context.Context, i
return nil, status.Errorf(codes.InvalidArgument, "path id: %s can not be parsed to uuid", in.GetPathID())
}
- route, ok := s.KMS.routingTable[pathId]
+ route, ok := s.kms.routingTable[pathId]
if !ok {
return nil, status.Errorf(codes.Internal, "There is no route for the given pathID: %s .", in.PathID)
}
- //TODO: This limits a pathId so that it is only possible to send one single
- //payload.
- //if _, ok := s.keyNegotiationMap[pathId]; ok {
- // return nil, status.Errorf(codes.Internal, "A transport key for pathID: %s has already been negotiated.", in.PathID)
- //}
-
quantumModuleKeyStore := route.Previous.QuantumModule().KeyStore()
key, err := quantumModuleKeyStore.GetKeyWithID(keyID)
@@ -230,12 +219,12 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
return nil, status.Errorf(codes.Internal, "%s", err)
}
- route, ok := s.KMS.routingTable[pathId]
+ route, ok := s.kms.routingTable[pathId]
if !ok {
return nil, status.Errorf(codes.Internal, "There is no route for the given pathID: %s .", in.PathId)
}
- log.Infof("%s received a key: %s, from %s", s.KMS.kmsName, in.GetKey(), route.Previous.TcpSocketStr)
+ log.Debugf("%s received a key: %s, from %s", s.kms.kmsName, in.GetKey(), route.Previous.TcpSocketStr)
s.keyNegotationMutex.Lock()
defer s.keyNegotationMutex.Unlock()
@@ -250,16 +239,14 @@ func (s *kmsTalkerServer) KeyForwarding(ctx context.Context, in *pb.KeyForwardin
}
if route.Next != nil {
- log.Infof("%s forwards payload to : %s", s.KMS.kmsName, route.Next.TcpSocketStr)
+ log.Debugf("%s forwards payload to : %s", s.kms.kmsName, route.Next.TcpSocketStr)
- // TODO: Find a better way of handling this; ignore the lint error for
- // now.
go route.Next.SendPayload(&crypto.Key{ //nolint:errcheck
ID: keyID,
Key: decryptedKey,
}, pathId, processId)
} else {
- log.Infof("%s received the final payload: %s", s.KMS.kmsName, string(decryptedKey))
+ log.Debugf("%s received the final payload: %s", s.kms.kmsName, decryptedKey)
s.storeReceivedPlatformKey(route.RemoteKMS.Id, in.GetProcessId(), keyID, decryptedKey)
@@ -285,7 +272,7 @@ func (s *kmsTalkerServer) AckKeyForwarding(ctx context.Context, in *pb.AckKeyFor
// - Are pathId and processId valid?
// - Is the keyId valid?
- err = s.KMS.receiver.InformReceiver(pathId)
+ err = s.kms.receiver.InformReceiver(pathId)
if err != nil {
return nil, status.Errorf(codes.InvalidArgument, "Failed while informing Receiver; err: %v", err)
}
@@ -301,7 +288,7 @@ func (s *kmsTalkerServer) KeyDelivery(ctx context.Context, in *pb.KeyDeliveryReq
}
// look up PK
- platformKey, err := s.KMS.GetSpecificPlatformKey(in.GetKmsId(), keyId)
+ platformKey, err := s.kms.GetSpecificPlatformKey(in.GetKmsId(), keyId)
if err != nil {
return nil, status.Errorf(codes.NotFound, "%s", err)
}
@@ -321,7 +308,7 @@ func (s *kmsTalkerServer) KeyDelivery(ctx context.Context, in *pb.KeyDeliveryReq
keyId := key.GetId()
- log.Debugf("KeyID: %s, Key: %s", ksaKeyAsString, keyId)
+ log.Debugf("KeyID: %s, Key: %s", keyId, ksaKeyAsString)
akmsKSAKeys[i] = crypto.KSAKey{
KeyID: keyId,
@@ -329,11 +316,11 @@ func (s *kmsTalkerServer) KeyDelivery(ctx context.Context, in *pb.KeyDeliveryReq
}
}
- if s.KMS.keyStoreChannel != nil && in.GetRequestId() == etsi014RequestID {
- log.Debugf("(ETSI14) Pushing to KeyStoreChannel: %v in %s", s.KMS.keyStoreChannel, s.KMS.kmsName)
- s.KMS.keyStoreChannel <- akmsKSAKeys
- } else if s.KMS.ckmsAkmsClient != nil {
- go s.KMS.ckmsAkmsClient.SendKSAKeysToRequestingInstances(in.GetRequestId(), platformKey.ProcessId, akmsKSAKeys) //nolint:errcheck
+ if s.kms.keyStoreChannel != nil && in.GetRequestId() == etsi014RequestID {
+ log.Debugf("(ETSI14) Pushing to KeyStoreChannel: %v in %s", s.kms.keyStoreChannel, s.kms.kmsName)
+ s.kms.keyStoreChannel <- akmsKSAKeys
+ } else if s.kms.ckmsAkmsClient != nil {
+ go s.kms.ckmsAkmsClient.SendKSAKeysToRequestingInstances(in.GetRequestId(), platformKey.ProcessId, akmsKSAKeys) //nolint:errcheck
}
return &pb.KeyDeliveryResponse{Timestamp: time.Now().Unix()}, nil
@@ -359,12 +346,12 @@ func (s *kmsTalkerServer) getDecryptedKey(keyForDecryption []byte, cryptoAlgorit
}
func (s *kmsTalkerServer) storeReceivedPlatformKey(remoteKmsID, processID string, keyID uuid.UUID, decryptedKey []byte) {
- s.KMS.PKStoreMutex.Lock()
- defer s.KMS.PKStoreMutex.Unlock()
+ s.kms.PKStoreMutex.Lock()
+ defer s.kms.PKStoreMutex.Unlock()
- keys, ok := s.KMS.PKStore[remoteKmsID]
+ keys, ok := s.kms.PKStore[remoteKmsID]
if !ok {
- s.KMS.PKStore[remoteKmsID] = map[uuid.UUID]*PlatformKey{
+ s.kms.PKStore[remoteKmsID] = map[uuid.UUID]*PlatformKey{
keyID: {
Id: keyID,
Value: decryptedKey,
@@ -379,11 +366,11 @@ func (s *kmsTalkerServer) storeReceivedPlatformKey(remoteKmsID, processID string
}
}
- log.Debug("Current PKSTORE: ", s.KMS.PKStore)
+ log.Debug("Current PKSTORE: ", s.kms.PKStore)
}
func (s *kmsTalkerServer) sendAcknowledgeKeyForwarding(ctx context.Context, remoteKmsAddr, pathID, processID, keyID string) error {
- gRPCTransportCreds, err := kmstls.GenerateGRPCClientTransportCredsBasedOnTLSFlag(s.KMS.tlsConfig)
+ gRPCTransportCreds, err := kmstls.GenerateGRPCClientTransportCredsBasedOnTLSFlag(s.kms.tlsConfig)
if err != nil {
return fmt.Errorf("unable to generate gRPC transport creds: %w", err)
}
diff --git a/goKMS/kms/peers/danetQuantummodule.go b/goKMS/kms/peers/danetQuantummodule.go
index 13300f5f..797f906e 100644
--- a/goKMS/kms/peers/danetQuantummodule.go
+++ b/goKMS/kms/peers/danetQuantummodule.go
@@ -82,8 +82,9 @@ func (qm *DanetQuantumModule) Sync() error {
return fmt.Errorf("could not find raw bulk key with id: %d", initialPeerSetupResponse.BulkId)
}
- // TODO: Initially the peer partners should discuss about the key length,
- // for now it is hardcoded.
+ // NOTE: Currently it is assumed that only 256 bit keys are necessary.
+ // This process could be improved by letting the peer partners initially
+ // discuss about the key length.
qm.keyStore = store.NewKmsKeyStore(256)
keyIds, keyData, err := qm.KeyChopper(bulkKey, []string{})
diff --git a/goKMS/kms/peers/kmsPeer.go b/goKMS/kms/peers/kmsPeer.go
index c9bacc95..a6828434 100644
--- a/goKMS/kms/peers/kmsPeer.go
+++ b/goKMS/kms/peers/kmsPeer.go
@@ -40,7 +40,6 @@ type KmsPeer struct {
peerClient *GRPCClient
peerStatus KmsPeerStatus
peerKmsId uuid.UUID
- interComAddr string
servingQuantumModul QuantumModule
tcpSocket *net.TCPAddr // the IP address and TCP port (aka socket) of the kms peer
TcpSocketStr string // string rep. of tcpSocket
@@ -52,7 +51,7 @@ type KmsPeer struct {
}
// TODO: check intercomaddr -> remove?
-func NewKmsPeer(peerKmsId string, quantummodule QuantumModule, tcpSocketStr string, interComAddr string, client *GRPCClient, eventBus *event.EventBus) (*KmsPeer, error) {
+func NewKmsPeer(peerKmsId string, quantummodule QuantumModule, tcpSocketStr string, client *GRPCClient, eventBus *event.EventBus) (*KmsPeer, error) {
var peerKmsIdUUID uuid.UUID
if peerKmsId == "" {
peerKmsIdUUID = uuid.New()
@@ -81,9 +80,8 @@ func NewKmsPeer(peerKmsId string, quantummodule QuantumModule, tcpSocketStr stri
// We need multiple peer clients!
peerClient: client,
// TODO: change this, only for demo purposes
- peerStatus: KmsPeerUp,
- peerKmsId: peerKmsIdUUID,
- interComAddr: interComAddr,
+ peerStatus: KmsPeerUp,
+ peerKmsId: peerKmsIdUUID,
// NOTE a peer could have multiple quantum modules
servingQuantumModul: quantummodule,
tcpSocket: tcpSocket,
@@ -156,8 +154,6 @@ func (kp *KmsPeer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID)
}
}
- // TODO: Return a message if keys are empty
-
// select a key from key store
key, err := kp.servingQuantumModul.KeyStore().GetKey()
if err != nil {
@@ -178,9 +174,6 @@ func (kp *KmsPeer) SendPayload(payload *crypto.Key, pathId, processId uuid.UUID)
kp.servingQuantumModul.KeyStore().DeleteKey(key.KeyID)
- // TODO: would be better to update the index counter here (to keep it
- // synchronized).
-
nonce, encryptedPayload, err := kp.et.Encrypt(payload.Key, key.Key)
if err != nil {
return err
diff --git a/goKMS/kms/store/kms-keystore.go b/goKMS/kms/store/kms-keystore.go
index aa177cbe..9a4334b1 100644
--- a/goKMS/kms/store/kms-keystore.go
+++ b/goKMS/kms/store/kms-keystore.go
@@ -70,7 +70,6 @@ func (ks *KmsKeyStore) GetKey() (*KmsKSElement, error) {
ks.keyStoreMutex.Lock()
defer ks.keyStoreMutex.Unlock()
- // TODO: if we want random here, then we have to take a different approach
for _, key := range ks.keyStore {
if key.Status == AVAILABLE {
// change status of key to reserved
diff --git a/goKMS/osclient/additions/system_freebsd.go b/goKMS/osclient/additions/system_freebsd.go
index 781572e5..db8b5ee8 100644
--- a/goKMS/osclient/additions/system_freebsd.go
+++ b/goKMS/osclient/additions/system_freebsd.go
@@ -32,33 +32,40 @@ func (sys *system) SetHostname(hostname *string) error {
return nil
}
-func (sys *system) GetFreeMemory() uint64 {
+func (sys *system) GetFreeMemory() (uint64, error) {
free, err := SysctlUint("vm.stats.vm.v_free_count")
if err != nil {
log.Error("GetFreeMemory(): ", err)
- return 0
+ return 0, err
}
free *= sys.pageSize
- return free
+ return free, nil
}
-func (sys *system) GetTotalMemory() uint64 {
+func (sys *system) GetTotalMemory() (uint64, error) {
total, err := SysctlUint("hw.physmem")
if err != nil {
log.Error("GetTotalMemory(): ", err)
- return 0
+ return 0, err
}
- return total
+ return total, nil
}
-func (sys *system) GetUsedMemory() uint64 {
- return (sys.GetTotalMemory() - sys.GetFreeMemory())
+func (sys *system) GetUsedMemory() (uint64, error) {
+ totalMem, err := sys.GetTotalMemory()
+ if err != nil {
+ return 0, err
+ }
+ freeMem, err := sys.GetFreeMemory()
+ if err != nil {
+ return 0, err
+ }
+ return (totalMem - freeMem), nil
}
-// TODO: replace by real motd and not just this text.
func (sys *system) GetMotd() (string, error) {
return "generic kms motd. Not real OS motd, sorry.", nil
}
diff --git a/goKMS/osclient/additions/system_freebsd_test.go b/goKMS/osclient/additions/system_freebsd_test.go
index b8e4bdf6..9d8b2838 100644
--- a/goKMS/osclient/additions/system_freebsd_test.go
+++ b/goKMS/osclient/additions/system_freebsd_test.go
@@ -12,9 +12,8 @@ func TestSystemFreeBSD(t *testing.T) {
t.Errorf("NewSystem fails with : %s", err)
}
- mem := sys.GetFreeMemory()
+ mem, err := sys.GetFreeMemory()
if mem == 0 {
- t.Errorf("GetFreeMemory delivered wrong value of 0")
- }
+ t.Errorf("GetFreeMemory delivered wrong value of 0")
+ }
}
-
diff --git a/goKMS/osclient/additions/system_linux.go b/goKMS/osclient/additions/system_linux.go
index b2ddd6c9..c31b1584 100644
--- a/goKMS/osclient/additions/system_linux.go
+++ b/goKMS/osclient/additions/system_linux.go
@@ -31,40 +31,36 @@ func NewSystem() (System, error) {
}
func (sys *system) SetHostname(hostname *string) error {
- // TODO: potentially some safety checks?
return syscall.Sethostname([]byte(*hostname))
}
-func (sys *system) GetFreeMemory() uint64 {
+func (sys *system) GetFreeMemory() (uint64, error) {
memInfo, err := sys.pfs.Meminfo()
if err != nil {
- // TODO: better error handling is required
log.Error("GetTotalMemory ", err)
- return 0
+ return 0, err
}
- return *memInfo.MemFree
+ return *memInfo.MemFree, nil
}
-func (sys *system) GetTotalMemory() uint64 {
+func (sys *system) GetTotalMemory() (uint64, error) {
memInfo, err := sys.pfs.Meminfo()
if err != nil {
- // TODO: better error handling is required
log.Error("GetTotalMemory ", err)
- return 0
+ return 0, err
}
- return *memInfo.MemTotal
+ return *memInfo.MemTotal, nil
}
-func (sys *system) GetUsedMemory() uint64 {
+func (sys *system) GetUsedMemory() (uint64, error) {
memInfo, err := sys.pfs.Meminfo()
if err != nil {
- // TODO: better error handling is required
log.Error("GetTotalMemory ", err)
- return 0
+ return 0, err
}
- return *memInfo.MemTotal - *memInfo.MemFree
+ return (*memInfo.MemTotal - *memInfo.MemFree), nil
}
func (sys *system) GetSoftwareVersion() (string, error) {
@@ -85,7 +81,6 @@ func (sys *system) GetSoftwareVersion() (string, error) {
// go line by line and look for
// ID and VERSION_ID entries
// this version may result in empty or incomplete information
- // TODO: better error handling while parsing the file.
for fileRdr.Scan() {
strElement := strings.FieldsFunc(fileRdr.Text(), func(r rune) bool {
if r == '=' {
diff --git a/goKMS/osclient/additions/types.go b/goKMS/osclient/additions/types.go
index e6bb26f4..bea55cb8 100644
--- a/goKMS/osclient/additions/types.go
+++ b/goKMS/osclient/additions/types.go
@@ -7,9 +7,9 @@ type System interface {
SetHostname(hostname *string) error
GetCurrentTime() time.Time
GetTimeZoneName() string
- GetTotalMemory() uint64
- GetFreeMemory() uint64
- GetUsedMemory() uint64
+ GetTotalMemory() (uint64, error)
+ GetFreeMemory() (uint64, error)
+ GetUsedMemory() (uint64, error)
GetDomainName() (string, error)
GetMotd() (string, error)
SetMotd(message string) error
diff --git a/integration-tests/config/kms/kms_1.yaml b/integration-tests/config/kms/kms_1.yaml
index 4c7a9289..e9a119b8 100644
--- a/integration-tests/config/kms/kms_1.yaml
+++ b/integration-tests/config/kms/kms_1.yaml
@@ -14,7 +14,6 @@ Peers:
# peer to kms_2
- PeerId: '5e41c291-6121-4335-84f6-41e04b8bdaa2'
PeerInterComAddr: kms_2:50910
- Sync: true
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
diff --git a/integration-tests/config/kms/kms_2.yaml b/integration-tests/config/kms/kms_2.yaml
index a887c49c..595ca285 100644
--- a/integration-tests/config/kms/kms_2.yaml
+++ b/integration-tests/config/kms/kms_2.yaml
@@ -14,7 +14,6 @@ Peers:
# peer to kms_1
- PeerId: '0ff33c82-7fe1-482b-a0ca-67565806ee4b'
PeerInterComAddr: kms_1:50910
- Sync: false
Type: danet
# quantum module of type emulated at the given address
QuantumModule:
--
GitLab