.gitlab-ci.yml

@@ -13,7 +13,6 @@ variables:
     GOLANG_MINOR_VERSION: "${GOLANG_VERSION}.0"
     DOCKER_TLS_CERTDIR: "/certs"
 
-
 # Build stage
 
 .build: &build
@@ -137,7 +136,6 @@ build-etsi14module-latest:
         - docker buildx build --push -t "$IMAGE_NAME:$TAG" -f etsi14module/Dockerfile --build-arg "GITLAB_PROXY=${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/" --build-arg GITLAB_LOGIN=${GITLAB_LOGIN} --build-arg GITLAB_TOKEN=${GITLAB_TOKEN} --build-arg GOLANG_VERSION=${GOLANG_VERSION} .
     <<: *build-latest
 
-
 # Analyze stage
 lint:
     stage: analyze
@@ -175,8 +173,24 @@ unit-tests:
                 path: coverage.xml
     needs: []
 
+integration-test-aes:
+    tags:
+        - shell
+    needs: []
+    variables:
+        DEPENDENCY_PROXY: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/
+    before_script:
+        - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+        - docker login -u $CI_DEPENDENCY_PROXY_USER -p $CI_DEPENDENCY_PROXY_PASSWORD $CI_DEPENDENCY_PROXY_SERVER
+        - ./scripts/install_go_as_user.sh $GOLANG_MINOR_VERSION
+        - export PATH="$HOME/go/go/bin:$PATH"
+        - export GOROOT="$HOME/go/go"
+        - export GOPATH=$HOME/go_projects
+        - go version
+    script:
+        - make integration-test-aes
 
-integration-test:
+integration-test-otp:
     tags:
         - shell
     needs: []
@@ -191,4 +205,4 @@ integration-test:
         - export GOPATH=$HOME/go_projects
         - go version
     script:
-        - make integration-test
+        - make integration-test-otp

.vscode/launch.json

@@ -15,7 +15,7 @@
             "showLog": true,
             "trace": "log",
             "logOutput": "rpc",
-            "preLaunchTask": "compose-debug-up",
+            "preLaunchTask": "compose-debug-up"
         },
         {
             "name": "kms02-debug",
@@ -28,7 +28,7 @@
             "showLog": true,
             "trace": "log",
             "logOutput": "rpc",
-            "preLaunchTask": "compose-debug-up",
+            "preLaunchTask": "compose-debug-up"
         },
         {
             "name": "kms03-debug",
@@ -41,7 +41,7 @@
             "showLog": true,
             "trace": "log",
             "logOutput": "rpc",
-            "preLaunchTask": "compose-debug-up",
+            "preLaunchTask": "compose-debug-up"
         },
         {
             "name": "kms04-debug",
@@ -54,10 +54,10 @@
             "showLog": true,
             "trace": "log",
             "logOutput": "rpc",
-            "preLaunchTask": "compose-debug-up",
+            "preLaunchTask": "compose-debug-up"
         },
         {
-            "name": "integration-test-kms01-debug",
+            "name": "integration-test-aes-kms01-debug",
             "type": "go",
             "request": "attach",
             "mode": "remote",
@@ -67,10 +67,10 @@
             "showLog": true,
             "trace": "log",
             "logOutput": "rpc",
-            "preLaunchTask": "integration-test-debug-kms-up",
+            "preLaunchTask": "integration-test-aes-debug-kms-up"
         },
         {
-            "name": "integration-test-kms02-debug",
+            "name": "integration-test-aes-kms02-debug",
             "type": "go",
             "request": "attach",
             "mode": "remote",
@@ -80,7 +80,33 @@
             "showLog": true,
             "trace": "log",
             "logOutput": "rpc",
-            "preLaunchTask": "integration-test-debug-kms-up",
+            "preLaunchTask": "integration-test-aes-debug-kms-up"
+        },
+        {
+            "name": "integration-test-otp-kms01-debug",
+            "type": "go",
+            "request": "attach",
+            "mode": "remote",
+            "remotePath": "",
+            "port": 4401,
+            "host": "127.0.0.1",
+            "showLog": true,
+            "trace": "log",
+            "logOutput": "rpc",
+            "preLaunchTask": "integration-test-otp-debug-kms-up"
+        },
+        {
+            "name": "integration-test-otp-kms02-debug",
+            "type": "go",
+            "request": "attach",
+            "mode": "remote",
+            "remotePath": "",
+            "port": 4402,
+            "host": "127.0.0.1",
+            "showLog": true,
+            "trace": "log",
+            "logOutput": "rpc",
+            "preLaunchTask": "integration-test-otp-debug-kms-up"
         },
         {
             "name": "Launch currently open test",
@@ -88,7 +114,7 @@
             "request": "launch",
             "mode": "auto",
             "program": "${file}"
-        },
+        }
     ],
     "compounds": [
         {

.vscode/tasks.json

@@ -2,14 +2,19 @@
     "version": "2.0.0",
     "tasks": [
         {
-            "label": "integration-test-debug-kms-up",
-            "command": "make integration-test-debug-compose-up",
-            "type": "shell",
+            "label": "integration-test-aes-debug-kms-up",
+            "command": "make integration-test-aes-debug-compose-up",
+            "type": "shell"
+        },
+        {
+            "label": "integration-test-otp-debug-kms-up",
+            "command": "make integration-test-otp-debug-compose-up",
+            "type": "shell"
         },
         {
             "label": "compose-debug-up",
             "command": "make compose-debug-up",
-            "type": "shell",
+            "type": "shell"
         }
     ]
 }

Makefile

@@ -101,7 +101,9 @@ compose-debug-up: generate-gokms-certs build-images install-gosdnc
 compose-debug-down:
 	docker compose -f docker-compose.yml -f docker-compose.override.debug.yml down
 
-integration-test: install-gosdnc generate-integration-test-certs build-images
+integration-test: integration-test-aes integration-test-otp
+
+integration-test-aes: install-gosdnc generate-integration-test-certs build-images
 	docker compose -f integration-tests/docker-compose.yml down
 	docker compose -f integration-tests/docker-compose.yml up -d
 	echo "Will sleep for the quantumlayers to get ready"
@@ -109,13 +111,28 @@ integration-test: install-gosdnc generate-integration-test-certs build-images
 	go test -p 1 -count=1 -v ./integration-tests/code/*
 	docker compose -f integration-tests/docker-compose.yml down
 
-integration-test-debug-compose-up: generate-integration-test-certs build-images install-gosdnc
+integration-test-aes-debug-compose-up: generate-integration-test-certs build-images install-gosdnc
 	docker compose -f integration-tests/docker-compose.yml -f integration-tests/docker-compose.override.debug.yml down
 	docker compose -f integration-tests/docker-compose.yml -f integration-tests/docker-compose.override.debug.yml up -d
 
-integration-test-debug-compose-down:
+integration-test-aes-debug-compose-down:
 	docker compose -f integration-tests/docker-compose.yml -f integration-tests/docker-compose.override.debug.yml down
 
+integration-test-otp: install-gosdnc generate-integration-test-certs build-images
+	docker compose -f integration-tests/docker-compose-otp.yml down
+	docker compose -f integration-tests/docker-compose-otp.yml up -d
+	echo "Will sleep for the quantumlayers to get ready"
+	sleep 45
+	go test -p 1 -count=1 -v ./integration-tests/code/*
+	docker compose -f integration-tests/docker-compose-otp.yml down
+
+integration-test-otp-debug-compose-up: generate-integration-test-certs build-images install-gosdnc
+	docker compose -f integration-tests/docker-compose-otp.yml -f integration-tests/docker-compose.override.debug.yml down
+	docker compose -f integration-tests/docker-compose-otp.yml -f integration-tests/docker-compose.override.debug.yml up -d
+
+integration-test-otp-debug-compose-down:
+	docker compose -f integration-tests/docker-compose-otp.yml -f integration-tests/docker-compose.override.debug.yml down
+
 generate-certs: generate-root-ca generate-gokms-certs generate-integration-test-certs
 
 generate-root-ca: pre

akms-simulator/akms-simulator.go

@@ -38,7 +38,7 @@ func main() {
 	router := http.NewServeMux()
 
 	router.HandleFunc("/api/v1/keys/push_ksa_key", handlePushKsaKey)
-	router.HandleFunc("/debug/get_log_file", getLogFile)
+	router.HandleFunc("/debug/get_log_file", logFileRequest)
 
 	server := &http.Server{
 		Addr:    ":4444",
@@ -77,7 +77,25 @@ func main() {
 	}
 }
 
-func getLogFile(w http.ResponseWriter, r *http.Request) {
+func logFileRequest(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodDelete {
+		if _, err := os.Stat("akms-simulator.log"); err == nil {
+			err := os.Remove("akms-simulator.log")
+			if err != nil {
+				logrus.Errorf("Error deleting log file: %s", err)
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+		}
+		logrus.Info("Log file deleted or never existed in the first place")
+		w.WriteHeader(http.StatusNoContent)
+		return
+	} else if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		logrus.Errorf("Method not allowed: %s", r.Method)
+		return
+	}
+
 	logrus.Info("Log file requested")
 	http.ServeFile(w, r, "akms-simulator.log")
 }

config/controller/add_devices.sh

@@ -6,7 +6,7 @@
 GOSDNC_PATH="./artifacts/gosdnc"
 GOSDN_ADDRESS="127.0.0.1:55055"
 ADMINPW="TestPassword"
-KMS_PLUGIN="823aad29-69be-42f0-b279-90f2c1b6a94d"
+KMS_PLUGIN="e404ecf7-4860-41ee-9cee-3dd6af6c5e2b"
 PND_UUID="5f20f34b-cbd0-4511-9ddc-c50cf6a3b49d"
 ## Adjust this if timer is to short.
 SLEEP_TIMER=20

config/controller/add_devices_no_sleep.sh

@@ -6,7 +6,7 @@
 GOSDNC_PATH="./artifacts/gosdnc"
 GOSDN_ADDRESS="127.0.0.1:55055"
 ADMINPW="TestPassword"
-KMS_PLUGIN="823aad29-69be-42f0-b279-90f2c1b6a94d"
+KMS_PLUGIN="e404ecf7-4860-41ee-9cee-3dd6af6c5e2b"
 PND_UUID="5f20f34b-cbd0-4511-9ddc-c50cf6a3b49d"
 
 echo 'Logging in via gosdnc and setting up KMS in controller...'

config/controller/qkdn-gosdn.toml

@@ -6,7 +6,7 @@ amqpuser = 'guest'
 basepnduuid = '5f20f34b-cbd0-4511-9ddc-c50cf6a3b49d'
 config = './configs/qkdn-gosdn.toml'
 csbi-orchestrator = 'localhost:55056'
-databaseconnection = 'mongodb://root:example@mongodb:27017'
+databaseconnection = 'mongodb://root:example@mongo:27017'
 defaultjwtduration = 24
 filesystempathtostores = 'stores'
 gnmisubscriptionspath = 'configs/gNMISubscriptions.txt'

config/scripts/add_kms_and_user_to_controller.sh

@@ -6,7 +6,7 @@
 GOSDNC_PATH="./gosdnc"
 GOSDN_ADDRESS="172.100.20.2:55055"
 ADMINPW="TestPassword"
-KMS_PLUGIN="823aad29-69be-42f0-b279-90f2c1b6a94d"
+KMS_PLUGIN="e404ecf7-4860-41ee-9cee-3dd6af6c5e2b"
 PND_UUID="5f20f34b-cbd0-4511-9ddc-c50cf6a3b49d"
 ## Adjust this if timer is to short.
 SLEEP_TIMER=20
@@ -29,4 +29,4 @@ $GOSDNC_PATH mne create --address 172.100.20.12:7030 --name kms03 --password adm
 $GOSDNC_PATH mne create --address 172.100.20.13:7030 --name kms04 --password admin --plugin-id $KMS_PLUGIN --username admin --uuid 968fd594-b0e7-41f0-ba4b-de259047a933
 
 ## Add additional user for an app
-$GOSDNC_PATH userCreate --u app --p TestApp --r app
+$GOSDNC_PATH user create --u app --p TestApp --r app

go.mod

@@ -16,10 +16,10 @@ require (
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0
-	golang.org/x/sys v0.25.0
+	golang.org/x/sys v0.26.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1
-	google.golang.org/grpc v1.66.2
-	google.golang.org/protobuf v1.34.2
+	google.golang.org/grpc v1.67.1
+	google.golang.org/protobuf v1.35.1
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -37,7 +37,7 @@ require (
 	github.com/tklauser/numcpus v0.7.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect
-	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/net v0.28.0 // indirect
 	golang.org/x/text v0.17.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect
 )

go.sum

@@ -141,6 +141,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -164,6 +166,8 @@ golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
 golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -237,6 +241,10 @@ google.golang.org/grpc v1.66.1 h1:hO5qAXR19+/Z44hmvIM4dQFMSYX9XcWsByfoxutBpAM=
 google.golang.org/grpc v1.66.1/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
 google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo=
 google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
+google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw=
+google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
+google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -254,6 +262,8 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
 google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

goKMS/api/gen/proto/go/kmsintercom/kmsintercom_grpc.pb.go

 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.3.0
+// - protoc-gen-go-grpc v1.5.1
 // - protoc             (unknown)
 // source: kmsintercom/kmsintercom.proto
 
@@ -15,8 +15,8 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
 
 const (
 	KmsTalker_InterComCapabilities_FullMethodName            = "/kmsintercom.KmsTalker/InterComCapabilities"
@@ -32,6 +32,8 @@ const (
 // KmsTalkerClient is the client API for KmsTalker service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// should be renamed to InterCom or KMSInterCom
 type KmsTalkerClient interface {
 	InterComCapabilities(ctx context.Context, in *InterComCapabilitiesRequest, opts ...grpc.CallOption) (*InterComCapabilitiesReply, error)
 	SyncQkdBulk(ctx context.Context, in *SyncQkdBulkRequest, opts ...grpc.CallOption) (*SyncQkdBulkResponse, error)
@@ -53,8 +55,9 @@ func NewKmsTalkerClient(cc grpc.ClientConnInterface) KmsTalkerClient {
 }
 
 func (c *kmsTalkerClient) InterComCapabilities(ctx context.Context, in *InterComCapabilitiesRequest, opts ...grpc.CallOption) (*InterComCapabilitiesReply, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(InterComCapabilitiesReply)
-	err := c.cc.Invoke(ctx, KmsTalker_InterComCapabilities_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, KmsTalker_InterComCapabilities_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -62,8 +65,9 @@ func (c *kmsTalkerClient) InterComCapabilities(ctx context.Context, in *InterCom
 }
 
 func (c *kmsTalkerClient) SyncQkdBulk(ctx context.Context, in *SyncQkdBulkRequest, opts ...grpc.CallOption) (*SyncQkdBulkResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(SyncQkdBulkResponse)
-	err := c.cc.Invoke(ctx, KmsTalker_SyncQkdBulk_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, KmsTalker_SyncQkdBulk_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -71,8 +75,9 @@ func (c *kmsTalkerClient) SyncQkdBulk(ctx context.Context, in *SyncQkdBulkReques
 }
 
 func (c *kmsTalkerClient) SyncKeyIdsForBulk(ctx context.Context, in *SyncKeyIdsForBulkRequest, opts ...grpc.CallOption) (*SyncKeyIdsForBulkResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(SyncKeyIdsForBulkResponse)
-	err := c.cc.Invoke(ctx, KmsTalker_SyncKeyIdsForBulk_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, KmsTalker_SyncKeyIdsForBulk_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -80,8 +85,9 @@ func (c *kmsTalkerClient) SyncKeyIdsForBulk(ctx context.Context, in *SyncKeyIdsF
 }
 
 func (c *kmsTalkerClient) InterComTransportKeyNegotiation(ctx context.Context, in *InterComTransportKeyNegotiationRequest, opts ...grpc.CallOption) (*InterComTransportKeyNegotiationResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(InterComTransportKeyNegotiationResponse)
-	err := c.cc.Invoke(ctx, KmsTalker_InterComTransportKeyNegotiation_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, KmsTalker_InterComTransportKeyNegotiation_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -89,8 +95,9 @@ func (c *kmsTalkerClient) InterComTransportKeyNegotiation(ctx context.Context, i
 }
 
 func (c *kmsTalkerClient) KeyForwarding(ctx context.Context, in *KeyForwardingRequest, opts ...grpc.CallOption) (*KeyForwardingResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(KeyForwardingResponse)
-	err := c.cc.Invoke(ctx, KmsTalker_KeyForwarding_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, KmsTalker_KeyForwarding_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -98,8 +105,9 @@ func (c *kmsTalkerClient) KeyForwarding(ctx context.Context, in *KeyForwardingRe
 }
 
 func (c *kmsTalkerClient) AckKeyForwarding(ctx context.Context, in *AckKeyForwardingRequest, opts ...grpc.CallOption) (*AckKeyForwardingResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(AckKeyForwardingResponse)
-	err := c.cc.Invoke(ctx, KmsTalker_AckKeyForwarding_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, KmsTalker_AckKeyForwarding_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -107,8 +115,9 @@ func (c *kmsTalkerClient) AckKeyForwarding(ctx context.Context, in *AckKeyForwar
 }
 
 func (c *kmsTalkerClient) KeyIdNotification(ctx context.Context, in *KeyIdNotificationRequest, opts ...grpc.CallOption) (*KeyIdNotificationResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(KeyIdNotificationResponse)
-	err := c.cc.Invoke(ctx, KmsTalker_KeyIdNotification_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, KmsTalker_KeyIdNotification_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -116,8 +125,9 @@ func (c *kmsTalkerClient) KeyIdNotification(ctx context.Context, in *KeyIdNotifi
 }
 
 func (c *kmsTalkerClient) KeyDelivery(ctx context.Context, in *KeyDeliveryRequest, opts ...grpc.CallOption) (*KeyDeliveryResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(KeyDeliveryResponse)
-	err := c.cc.Invoke(ctx, KmsTalker_KeyDelivery_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, KmsTalker_KeyDelivery_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -126,7 +136,9 @@ func (c *kmsTalkerClient) KeyDelivery(ctx context.Context, in *KeyDeliveryReques
 
 // KmsTalkerServer is the server API for KmsTalker service.
 // All implementations must embed UnimplementedKmsTalkerServer
-// for forward compatibility
+// for forward compatibility.
+//
+// should be renamed to InterCom or KMSInterCom
 type KmsTalkerServer interface {
 	InterComCapabilities(context.Context, *InterComCapabilitiesRequest) (*InterComCapabilitiesReply, error)
 	SyncQkdBulk(context.Context, *SyncQkdBulkRequest) (*SyncQkdBulkResponse, error)
@@ -140,9 +152,12 @@ type KmsTalkerServer interface {
 	mustEmbedUnimplementedKmsTalkerServer()
 }
 
-// UnimplementedKmsTalkerServer must be embedded to have forward compatible implementations.
-type UnimplementedKmsTalkerServer struct {
-}
+// UnimplementedKmsTalkerServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedKmsTalkerServer struct{}
 
 func (UnimplementedKmsTalkerServer) InterComCapabilities(context.Context, *InterComCapabilitiesRequest) (*InterComCapabilitiesReply, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method InterComCapabilities not implemented")
@@ -169,6 +184,7 @@ func (UnimplementedKmsTalkerServer) KeyDelivery(context.Context, *KeyDeliveryReq
 	return nil, status.Errorf(codes.Unimplemented, "method KeyDelivery not implemented")
 }
 func (UnimplementedKmsTalkerServer) mustEmbedUnimplementedKmsTalkerServer() {}
+func (UnimplementedKmsTalkerServer) testEmbeddedByValue()                   {}
 
 // UnsafeKmsTalkerServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to KmsTalkerServer will
@@ -178,6 +194,13 @@ type UnsafeKmsTalkerServer interface {
 }
 
 func RegisterKmsTalkerServer(s grpc.ServiceRegistrar, srv KmsTalkerServer) {
+	// If the following call pancis, it indicates UnimplementedKmsTalkerServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
 	s.RegisterService(&KmsTalker_ServiceDesc, srv)
 }
 

goKMS/api/kmsintercom/kmsintercom/kmsintercom.proto

@@ -4,110 +4,118 @@ package kmsintercom;
 
 // should be renamed to InterCom or KMSInterCom
 service KmsTalker {
-	rpc InterComCapabilities (InterComCapabilitiesRequest) returns (InterComCapabilitiesReply) {}
-    rpc SyncQkdBulk(SyncQkdBulkRequest) returns (SyncQkdBulkResponse) {}
-    rpc SyncKeyIdsForBulk(SyncKeyIdsForBulkRequest) returns (SyncKeyIdsForBulkResponse) {}
-	rpc InterComTransportKeyNegotiation(InterComTransportKeyNegotiationRequest) returns (InterComTransportKeyNegotiationResponse) {}
-    rpc KeyForwarding(KeyForwardingRequest) returns (KeyForwardingResponse) {}
-    rpc AckKeyForwarding(AckKeyForwardingRequest) returns (AckKeyForwardingResponse) {}
-    // KeyIDNotification is used for ETSI GS QKD 014
-    rpc KeyIdNotification(KeyIdNotificationRequest) returns (KeyIdNotificationResponse) {}
-    rpc KeyDelivery(KeyDeliveryRequest) returns (KeyDeliveryResponse) {}
+  rpc InterComCapabilities(InterComCapabilitiesRequest) returns (InterComCapabilitiesReply) {}
+  rpc SyncQkdBulk(SyncQkdBulkRequest) returns (SyncQkdBulkResponse) {}
+  rpc SyncKeyIdsForBulk(SyncKeyIdsForBulkRequest) returns (SyncKeyIdsForBulkResponse) {}
+  rpc InterComTransportKeyNegotiation(InterComTransportKeyNegotiationRequest) returns (InterComTransportKeyNegotiationResponse) {}
+  rpc KeyForwarding(KeyForwardingRequest) returns (KeyForwardingResponse) {}
+  rpc AckKeyForwarding(AckKeyForwardingRequest) returns (AckKeyForwardingResponse) {}
+  // KeyIDNotification is used for ETSI GS QKD 014
+  rpc KeyIdNotification(KeyIdNotificationRequest) returns (KeyIdNotificationResponse) {}
+  rpc KeyDelivery(KeyDeliveryRequest) returns (KeyDeliveryResponse) {}
 }
 
 // Capabilities
 // The request message containing the requesting kms' name.
 message InterComCapabilitiesRequest {
-	int64 timestamp = 1;
-    string myKmsName = 2;
+  int64 timestamp = 1;
+  string kmsId = 2;
+  bool resetKeyStore = 3;
 }
 
 // The response message containing the replying kms' name.
 message InterComCapabilitiesReply {
-	int64 timestamp = 1;
-	string peerKmsName= 2;
+  int64 timestamp = 1;
+  string peerKmsName = 2;
 }
 
 message SyncQkdBulkRequest {
-	int64 timestamp = 1;
-    string kmsId = 2;
-	repeated int64 bulkId = 3;
-	//string bulkHash = 4;
+  int64 timestamp = 1;
+  string kmsId = 2;
+  repeated int64 bulkId = 3;
+  //string bulkHash = 4;
 }
 
 message SyncKeyIdsForBulkRequest {
-	int64 timestamp = 1;
-    string kmsId = 2;
-	int64 bulkId = 3;
-	repeated string keyId = 4;
+  int64 timestamp = 1;
+  string kmsId = 2;
+  int64 bulkId = 3;
+  repeated string keyId = 4;
 }
 
 message SyncKeyIdsForBulkResponse {
-	int64 timestamp = 1;
+  int64 timestamp = 1;
 }
 
 message SyncQkdBulkResponse {
-	int64 timestamp = 1;
-    int64 bulkId = 2;
+  int64 timestamp = 1;
+  int64 bulkId = 2;
 }
 
 // Beim aushandeln
 message InterComTransportKeyNegotiationRequest {
-	int64 timestamp = 1;
-    string pathID = 2;
-    string keyToUse = 3;
+  int64 timestamp = 1;
+  string pathID = 2;
+  string keyToUse = 3;
 }
 
 message InterComTransportKeyNegotiationResponse {
-	int64 timestamp = 1;
+  int64 timestamp = 1;
 }
 
 message KeyForwardingRequest {
-	int64 timestamp = 1;
-	string pathId = 2;
-    string processId = 3;
-    Key key = 4;
+  int64 timestamp = 1;
+  string pathId = 2;
+  string processId = 3;
+  CryptoAlgorithm cryptoAlgorithm = 4;
+  Key key = 5;
 }
 
 message KeyForwardingResponse {
-	int64 timestamp = 1;
+  int64 timestamp = 1;
 }
 
 message AckKeyForwardingRequest {
-	int64 timestamp = 1;
-	string pathId = 2;
-    string processId = 3;
-    string KeyId = 4;
+  int64 timestamp = 1;
+  string pathId = 2;
+  string processId = 3;
+  string KeyId = 4;
 }
 
 message AckKeyForwardingResponse {
-	int64 timestamp = 1;
+  int64 timestamp = 1;
 }
 
 message KeyIdNotificationRequest {
-	int64 timestamp = 1;
-	string kmsId = 2;
-	repeated string keyIds = 3;
+  int64 timestamp = 1;
+  string kmsId = 2;
+  repeated string keyIds = 3;
 }
 
 message KeyIdNotificationResponse {
-	int64 timestamp = 1;
+  int64 timestamp = 1;
 }
 
 message KeyDeliveryRequest {
-	int64 timestamp = 1;
-    string kmsId = 3;
-    string keyId = 4;
-    string requestId = 5;
-    repeated Key keys = 6;
+  int64 timestamp = 1;
+  string kmsId = 3;
+  string keyId = 4;
+  string requestId = 5;
+  CryptoAlgorithm cryptoAlgorithm = 6;
+  repeated Key keys = 7;
 }
 
 message KeyDeliveryResponse {
-	int64 timestamp = 1;
+  int64 timestamp = 1;
 }
 
 message Key {
-    string id = 1;
-    string nonce = 2;
-    string key = 3;
+  string id = 1;
+  string nonce = 2;
+  string key = 3;
+}
+
+enum CryptoAlgorithm {
+  AES_256_GCM = 0;
+  OTP = 1;
 }

goKMS/config/config.go

@@ -13,6 +13,7 @@ type Config struct {
 	QuantumAddr          string             `yaml:"QuantumAddr"`
 	AKMS                 AKMS               `yaml:"AKMS"`
 	GnmiBindAddress      string             `yaml:"GnmiBindAddress"`
+	KSACryptoAlgorithm   string             `yaml:"KSACryptoAlgorithm"`
 	KmsTLS               TLSConfig          `yaml:"KmsTLS"`
 	Peers                []Peer             `yaml:"Peers"`
 	GnmiTLS              TLSConfig          `yaml:"GnmiTLS"`
@@ -31,6 +32,7 @@ type AKMS struct {
 type Peer struct {
 	PeerId           string        `yaml:"PeerId"`
 	PeerInterComAddr string        `yaml:"PeerInterComAddr"`
+	CryptoAlgorithm  string        `yaml:"CryptoAlgorithm"`
 	Type             string        `yaml:"Type"`
 	QuantumModule    QuantumModule `yaml:"QuantumModule"`
 }

goKMS/gnmiHandlers/kms/assignForwardingHandler.go

@@ -45,6 +45,8 @@ func (yh *AssignForwardingHandler) Update(c ygot.ValidatedGoStruct, jobs []*gnmi
 		return fmt.Errorf("failed type assertion for newConfig %T", (*gnmitargetygot.Gnmitarget)(nil))
 	}
 
+	log.Debugf("Received Update within AssignForwardingHandler")
+
 	forwarding := config.GetOrCreateAssignForwarding()
 
 	pathId := forwarding.GetPathId()
@@ -56,9 +58,11 @@ func (yh *AssignForwardingHandler) Update(c ygot.ValidatedGoStruct, jobs []*gnmi
 
 	if nextHop != nil {
 		nextHopString = nextHop.GetNodeId()
+		log.Debugf("AssignForwardingHandler - NextHopString: %s", nextHopString)
 	}
 	if prevHop != nil {
 		prevHopString = prevHop.GetNodeId()
+		log.Debugf("AssignForwardingHandler - PrevHopString: %s", prevHopString)
 	}
 
 	var initKMS *util.RemoteKMS
@@ -69,15 +73,16 @@ func (yh *AssignForwardingHandler) Update(c ygot.ValidatedGoStruct, jobs []*gnmi
 			addressPrefix = initiatingKmsAddress.GetIpAddress()
 		} else if initiatingKmsAddress.GetHostname() != "" {
 			addressPrefix = initiatingKmsAddress.GetHostname()
-		} else {
-			log.Error("initiatingKmsAddress must have either an IP address or a hostname")
-			return fmt.Errorf("initiatingKmsAddress must have either an IP address or a hostname")
 		}
 
-		initKMS = &util.RemoteKMS{
-			Id:      initiatingKmsAddress.GetNodeId(),
-			Address: addressPrefix,
-			Port:    initiatingKmsAddress.GetPort(),
+		log.Debugf("AssignForwardingHandler - InitiatingKMSAddress was set with the following parameters: NodeId: %s, Hostname: %s, IpAddress: %s, Port: %d", initiatingKmsAddress.GetNodeId(), initiatingKmsAddress.GetHostname(), initiatingKmsAddress.GetIpAddress(), initiatingKmsAddress.GetPort())
+
+		if addressPrefix != "" {
+			initKMS = &util.RemoteKMS{
+				Id:      initiatingKmsAddress.GetNodeId(),
+				Address: addressPrefix,
+				Port:    initiatingKmsAddress.GetPort(),
+			}
 		}
 	}
 

goKMS/kms/akmsInterface/server/server.go

@@ -97,6 +97,9 @@ func ksaReqHandler(eventBus *event.EventBus, receiver *receiver.Receiver, genera
 
 		select {
 		case <-receiverChan:
+			if err := receiver.RemoveReceiver(pathId); err != nil {
+				logrus.Errorf("Failed removing receiver for pathId: %s ; err: %v", pathId, err)
+			}
 		case <-time.After(20 * time.Second):
 			if err := receiver.RemoveReceiver(pathId); err != nil {
 				logrus.Errorf("Failed removing receiver for pathId: %s ; err: %v", pathId, err)

goKMS/kms/crypto/aes.go

+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"io"
+)
+
+// AES is an implementation of the CryptoAlgorithm interface.
+// AES provides the methods required for performing symmetric key encryption
+// and decryption using the AES algorithm.
+//
+// For this the aes package from the Go standard library is used.
+type AES struct {
+	name string
+}
+
+// NewAES creates a new instance of a AES struct.
+func NewAES(name string) *AES {
+	return &AES{
+		name: name,
+	}
+}
+
+// Encrypt encrypts the plaintext using a provided key.
+// The key should have a length of 16, 24 or 32 bytes to select AES-128,
+// AES-192 or AES-256.
+// The method returns the nonce, the encrypted output and an error if something
+// went wrong.
+func (a *AES) Encrypt(plaintext []byte, key []byte) ([]byte, []byte, error) {
+	// create a new cipher block from the key
+	c, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// create a new block cipher wrapped in GCM with default nonce (12
+	// bytes) and tag size (16 bytes).
+	gcm, err := cipher.NewGCM(c)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// generate a random nonce of nonce size (12 bytes)
+	nonce := make([]byte, gcm.NonceSize())
+	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
+		return nil, nil, err
+	}
+
+	// Encrypt the plaintext using AES-GCM
+	// Destination is set to nil, therefore seal only contains the
+	// ciphertext with the tag appended.
+	seal := gcm.Seal(nil, nonce, plaintext, nil)
+
+	return nonce, seal, nil
+}
+
+// Decrypt decrypts the ciphertext using the provided key and nonce.
+// The key should have a length of 16, 24 or 32 bytes to select AES-128,
+// AES-192 or AES-256.
+// The method returns the decrypted input.
+func (a *AES) Decrypt(nonce, ciphertext []byte, key []byte) ([]byte, error) {
+	// create a new cipher block from the key
+	c, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	// create a new block cipher wrapped in GCM with default nonce (12
+	// bytes) and tag size (16 bytes).
+	gcm, err := cipher.NewGCM(c)
+	if err != nil {
+		return nil, err
+	}
+
+	// Decrypt the ciphertext using AES-GCM
+	return gcm.Open(nil, nonce, ciphertext, nil)
+}
+
+func (a *AES) Name() string {
+	return a.name
+}

goKMS/kms/crypto/crypto_test.go → goKMS/kms/crypto/aes_test.go

@@ -49,7 +49,7 @@ func TestCrypto_AES_Encrypt(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 
-			aes := NewAES()
+			aes := NewAES("AES-256-GCM")
 			nonce, cipherText, err := aes.Encrypt(test.plaintext, test.key)
 			if test.error {
 				assert.Error(t, err)
@@ -175,7 +175,7 @@ func TestCrypto_AES_Decrypt(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
 
-			aes := NewAES()
+			aes := NewAES("AES-256-GCM")
 			plainText, err := aes.Decrypt(test.nonce, test.cipherText, test.key)
 			if test.error {
 				assert.Error(t, err)
@@ -191,7 +191,7 @@ func TestCrypto_AES_EncryptAndDecryptPlaintext(t *testing.T) {
 	secret := []byte("this is a secret")
 	key := []byte{0xfe, 0x34, 0x64, 0x9e, 0xdf, 0x1a, 0xf1, 0xc, 0xb7, 0x28, 0xee, 0x98, 0xe7, 0x7, 0x40, 0x8f, 0x3b, 0x8, 0x9a, 0xad, 0x45, 0x7a, 0x21, 0xe8, 0x84, 0x79, 0xc5, 0x1b, 0x25, 0x13, 0xa2, 0x3c}
 
-	aes := NewAES()
+	aes := NewAES("AES-256-GCM")
 
 	// encrypt the secret with encrypt method
 	nonce, encryptedSecret, err := aes.Encrypt(secret, key)

goKMS/kms/crypto/crypto.go

 package crypto
 
-import (
-	"crypto/aes"
-	"crypto/cipher"
-	"crypto/rand"
-	"io"
-)
-
 // CryptoAlgorithm is an interface that provides the methods required for
 // encryption and decryption of data.
 // Currently only AES is supported, but this could be extended to support other
@@ -14,71 +7,5 @@ import (
 type CryptoAlgorithm interface {
 	Encrypt(plaintext []byte, key []byte) ([]byte, []byte, error)
 	Decrypt(nonce, ciphertext []byte, key []byte) ([]byte, error)
-}
-
-// AES is an implementation of the CryptoAlgorithm interface.
-// AES provides the methods required for performing symmetric key encryption
-// and decryption using the AES algorithm.
-//
-// For this the aes package from the Go standard library is used.
-type AES struct{}
-
-// NewAES creates a new instance of a AES struct.
-func NewAES() *AES {
-	return &AES{}
-}
-
-// Encrypt encrypts the plaintext using a provided key.
-// The key should have a length of 16, 24 or 32 bytes to select AES-128,
-// AES-192 or AES-256.
-// The method returns the nonce, the encrypted output and an error if something
-// went wrong.
-func (a *AES) Encrypt(plaintext []byte, key []byte) ([]byte, []byte, error) {
-	// create a new cipher block from the key
-	c, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	// create a new block cipher wrapped in GCM with default nonce (12
-	// bytes) and tag size (16 bytes).
-	gcm, err := cipher.NewGCM(c)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	// generate a random nonce of nonce size (12 bytes)
-	nonce := make([]byte, gcm.NonceSize())
-	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
-		return nil, nil, err
-	}
-
-	// Encrypt the plaintext using AES-GCM
-	// Destination is set to nil, therefore seal only contains the
-	// ciphertext with the tag appended.
-	seal := gcm.Seal(nil, nonce, plaintext, nil)
-
-	return nonce, seal, nil
-}
-
-// Decrypt decrypts the ciphertext using the provided key and nonce.
-// The key should have a length of 16, 24 or 32 bytes to select AES-128,
-// AES-192 or AES-256.
-// The method returns the decrypted input.
-func (a *AES) Decrypt(nonce, ciphertext []byte, key []byte) ([]byte, error) {
-	// create a new cipher block from the key
-	c, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-
-	// create a new block cipher wrapped in GCM with default nonce (12
-	// bytes) and tag size (16 bytes).
-	gcm, err := cipher.NewGCM(c)
-	if err != nil {
-		return nil, err
-	}
-
-	// Decrypt the ciphertext using AES-GCM
-	return gcm.Open(nil, nonce, ciphertext, nil)
+	Name() string
 }