Make many things configurable

Author: brunorijsman

TODO

@@ -1,5 +1,7 @@
 TODO: Put .out files in a sub-directory
 
+TODO: Error message if --client or --hub does not exist in configuration
+
 TODO: Add pool thresholds to configuration (and document this)
 
 TODO: Cleanup Shamir's Secret Sharing (SSS) code (no back-and-forth conversion to RawShare)
@@ -8,8 +10,6 @@ TODO: Move code coverage data files to subdirectory
 
 TODO: Stop all nodes after each test (to make sure they are stopped if test case fails)
 
-TODO: Add a test cases with a netcat (nc) listener squatting the port
-
 TODO: Add Sphinx documentation
       Use https://github.com/tox-dev/sphinx-autodoc-typehints 
 
@@ -28,8 +28,6 @@ TODO: OpenAPI (Swagger) documentation should show proper type for request and re
 TODO: Use data (instead of value) in Fragment for consistency. Also in documentation (including
       figures)
 
-TODO: Avoid usage: __main__.py in --help output for client / hub
-
 TODO: Add test case: start hub later than client (registration retry logic in client)
 
 TODO: Forbid extra query parameters for API calls
@@ -55,6 +53,4 @@ TODO: Testcase for invalid signature
 
 TODO: Test case for: if signature validation fails, return fragment to pool
 
-TODO: Error message if --client or --hub does not exist in configuration
-
 TODO: Check SAE IDs on GET share, just as we do for POST share

client/__main__.py

@@ -2,44 +2,18 @@
 Main module for a DSKE client.
 """
 
-import argparse
 import contextlib
 import os
 import signal
 from typing import Annotated
 import fastapi
 import uvicorn
-from common import configuration
 from common import utils
 from common.exceptions import DSKEException, MissingAuthorizationHeaderError
+from .cli import parse_command_line_arguments
 from .client import Client
 
 
-def parse_command_line_arguments():
-    """
-    Parse command line arguments.
-    """
-    parser = argparse.ArgumentParser(description="DSKE Client")
-    parser.add_argument("name", type=str, help="Client name")
-    parser.add_argument(
-        "--port", type=int, default=configuration._DEFAULT_BASE_PORT, help="Port number"
-    )
-    parser.add_argument(
-        "--hubs",
-        nargs="+",
-        type=str,
-        help=f"Base URLs for hubs (e.g., http://127.0.0.1:{configuration._DEFAULT_BASE_PORT})",
-    )
-    parser.add_argument(
-        "--encryptors",
-        nargs="+",
-        type=str,
-        help="Names (SAE IDs) of encryptors consuming keys from this client (KME).",
-    )
-    args = parser.parse_args()
-    return args
-
-
 _ARGS = parse_command_line_arguments()
 peer_hub_urls = _ARGS.hubs
 if peer_hub_urls is None:
@@ -48,7 +22,15 @@ def parse_command_line_arguments():
     encryptor_names = []
 else:
     encryptor_names = _ARGS.encryptors
-_CLIENT = Client(_ARGS.name, encryptor_names, peer_hub_urls)
+_CLIENT = Client(
+    _ARGS.name,
+    _ARGS.start_request_psrd_threshold,
+    _ARGS.stop_request_psrd_threshold,
+    _ARGS.get_psrd_block_size,
+    _ARGS.min_nr_shares,
+    encryptor_names,
+    peer_hub_urls,
+)
 
 
 @contextlib.asynccontextmanager

client/cli.py

@@ -0,0 +1,129 @@
+"""
+Command line interface for DSKE client.
+"""
+
+import argparse
+from common import configuration
+
+
+def _check_start_request_psrd_threshold(value):
+    int_value = int(value)
+    if (
+        int_value <= configuration.MIN_START_REQUEST_PSRD_THRESHOLD
+        or int_value > configuration.MAX_START_REQUEST_PSRD_THRESHOLD
+    ):
+        raise argparse.ArgumentTypeError(
+            f"value {value} is invalid; "
+            f"it must be between "
+            f"{configuration.MIN_START_REQUEST_PSRD_THRESHOLD} and "
+            f"{configuration.MAX_START_REQUEST_PSRD_THRESHOLD}"
+        )
+    return int_value
+
+
+def _check_get_psrd_block_size(value):
+    int_value = int(value)
+    if (
+        int_value <= configuration.MIN_GET_PSRD_BLOCK_SIZE
+        or int_value > configuration.MAX_GET_PSRD_BLOCK_SIZE
+    ):
+        raise argparse.ArgumentTypeError(
+            f"value {value} is invalid; "
+            f"it must be between "
+            f"{configuration.MIN_GET_PSRD_BLOCK_SIZE} and "
+            f"{configuration.MAX_GET_PSRD_BLOCK_SIZE}"
+        )
+    return int_value
+
+
+def _check_stop_request_psrd_threshold(value):
+    int_value = int(value)
+    if (
+        int_value <= configuration.MIN_STOP_REQUEST_PSRD_THRESHOLD
+        or int_value > configuration.MAX_STOP_REQUEST_PSRD_THRESHOLD
+    ):
+        raise argparse.ArgumentTypeError(
+            f"value {value} is invalid; "
+            f"it must be between "
+            f"{configuration.MIN_STOP_REQUEST_PSRD_THRESHOLD} and "
+            f"{configuration.MAX_STOP_REQUEST_PSRD_THRESHOLD}"
+        )
+    return int_value
+
+
+def _check_min_nr_shares(value):
+    int_value = int(value)
+    if (
+        int_value <= configuration.MIN_MIN_NR_SHARES
+        or int_value > configuration.MAX_MIN_NR_SHARES
+    ):
+        raise argparse.ArgumentTypeError(
+            f"value {value} is invalid; "
+            f"it must be between "
+            f"{configuration.MIN_MIN_NR_SHARES} and "
+            f"{configuration.MAX_MIN_NR_SHARES}"
+        )
+    return int_value
+
+
+def parse_command_line_arguments():
+    """
+    Parse command line arguments.
+    """
+    parser = argparse.ArgumentParser(description="DSKE Client", prog="client")
+    parser.add_argument("name", type=str, help="Client name")
+    parser.add_argument(
+        "--port",
+        type=int,
+        help="Port number",
+    )
+    parser.add_argument(
+        "--start-request-psrd_threshold",
+        type=_check_start_request_psrd_threshold,
+        default=configuration.DEFAULT_START_REQUEST_PSRD_THRESHOLD,
+        help=(
+            f"Start request PSRD threshold "
+            f"(default: {configuration.DEFAULT_START_REQUEST_PSRD_THRESHOLD})"
+        ),
+    )
+    parser.add_argument(
+        "--stop-request-psrd-threshold",
+        type=_check_start_request_psrd_threshold,
+        default=configuration.DEFAULT_STOP_REQUEST_PSRD_THRESHOLD,
+        help=(
+            f"Stop request PSRD threshold "
+            f"(default: {configuration.DEFAULT_STOP_REQUEST_PSRD_THRESHOLD})"
+        ),
+    )
+    parser.add_argument(
+        "--get-psrd-block-size",
+        type=_check_get_psrd_block_size,
+        default=configuration.DEFAULT_GET_PSRD_BLOCK_SIZE,
+        help=(
+            f"Request PSRD block size "
+            f"(default: {configuration.DEFAULT_GET_PSRD_BLOCK_SIZE})"
+        ),
+    )
+    parser.add_argument(
+        "--min-nr-shares",
+        type=_check_min_nr_shares,
+        default=configuration.DEFAULT_MIN_NR_SHARES,
+        help=(
+            f"Minimum number of shares "
+            f"(default: {configuration.DEFAULT_MIN_NR_SHARES})"
+        ),
+    )
+    parser.add_argument(
+        "--hubs",
+        nargs="+",
+        type=str,
+        help=f"Base URLs for hubs (e.g., http://127.0.0.1:{configuration.DEFAULT_BASE_PORT})",
+    )
+    parser.add_argument(
+        "--encryptors",
+        nargs="+",
+        type=str,
+        help="Names (SAE IDs) of encryptors consuming keys from this client (KME).",
+    )
+    args = parser.parse_args()
+    return args

client/client.py

@@ -13,10 +13,6 @@
 from common.user_key import UserKey
 from .peer_hub import PeerHub
 
-# TODO: Make this configurable
-# TODO: The Shamir code also has a max (is that really needed?)
-_MIN_NR_SHARES = 3  # The minimum number of key shares required to reconstruct the key.
-
 
 class Client:
     """
@@ -29,40 +25,42 @@ class Client:
     _MAX_STORED_KEY_COUNT = 1_000  # Arbitrary large value
     _MAX_KEYS_PER_REQUEST = 1  # We don't support the number parameter for Get Key calls
 
-    _name: str
-    _encryptor_names: list[str]
-    _peer_hubs: list[PeerHub]
+    name: str
+    encryptor_names: list[str]
+    peer_hubs: list[PeerHub]
 
-    def __init__(self, name: str, encryptor_names: list[str], peer_hub_urls: list[str]):
-        self._name = name
-        self._encryptor_names = encryptor_names
-        self._peer_hubs = []
+    def __init__(
+        self,
+        name: str,
+        start_request_psrd_threshold: int,
+        stop_request_psrd_threshold: int,
+        get_psrd_block_size: int,
+        min_nr_shares: int,
+        encryptor_names: list[str],
+        peer_hub_urls: list[str],
+    ):
+        self.name = name
+        self.start_request_psrd_threshold = start_request_psrd_threshold
+        self.stop_request_psrd_threshold = stop_request_psrd_threshold
+        self.get_psrd_block_size = get_psrd_block_size
+        self.min_nr_shares = min_nr_shares
+        self.encryptor_names = encryptor_names
+        self.peer_hubs = []
         for peer_hub_url in peer_hub_urls:
             peer_hub = PeerHub(self, peer_hub_url)
-            self._peer_hubs.append(peer_hub)
-
-    @property
-    def name(self):
-        """
-        Get the name.
-        """
-        return self._name
-
-    @property
-    def encryptor_names(self):
-        """
-        Get the encryptor names.
-        """
-        return self._encryptor_names
+            self.peer_hubs.append(peer_hub)
 
     def to_mgmt(self):
         """
         Get the management status.
         """
-        peer_hubs_status = [peer_hub.to_mgmt() for peer_hub in self._peer_hubs]
+        peer_hubs_status = [peer_hub.to_mgmt() for peer_hub in self.peer_hubs]
         return {
-            "name": self._name,
-            "encryptor_names": self._encryptor_names,
+            "name": self.name,
+            "start_request_psrd_threshold": self.start_request_psrd_threshold,
+            "stop_request_psrd_threshold": self.stop_request_psrd_threshold,
+            "get_psrd_block_size": self.get_psrd_block_size,
+            "encryptor_names": self.encryptor_names,
             "peer_hubs": peer_hubs_status,
         }
 
@@ -85,7 +83,7 @@ async def etsi_status(self, master_sae_id: str, slave_sae_id: str):
         # it is). For that reason, we return an arbitrary number as the stored key count.
         #
         return {
-            "source_kme_id": self._name,
+            "source_kme_id": self.name,
             "target_kme_id": "",  # See comment above
             "master_sae_id": master_sae_id,
             "slave_sae_id": slave_sae_id,
@@ -154,7 +152,7 @@ def start_all_peer_hubs(self) -> None:
         """
         Start all peer hubs.
         """
-        for peer_hub in self._peer_hubs:
+        for peer_hub in self.peer_hubs:
             peer_hub.start_register_task()
 
     async def scatter_key_amongst_peer_hubs(
@@ -166,14 +164,14 @@ async def scatter_key_amongst_peer_hubs(
         """
         Split the key into key shares, and send each key share to a peer hub.
         """
-        nr_shares = len(self._peer_hubs)
+        nr_shares = len(self.peer_hubs)
         shares = key.split_into_shares(
-            master_sae_id, slave_sae_id, nr_shares, _MIN_NR_SHARES
+            master_sae_id, slave_sae_id, nr_shares, self.min_nr_shares
         )
         assert len(shares) == nr_shares
         coroutines = [
             peer_hub.post_share(master_sae_id, slave_sae_id, share)
-            for peer_hub, share in zip(self._peer_hubs, shares)
+            for peer_hub, share in zip(self.peer_hubs, shares)
         ]
         results = await asyncio.gather(*coroutines, return_exceptions=True)
         success_results = [
@@ -184,12 +182,12 @@ async def scatter_key_amongst_peer_hubs(
             f"Successfully scattered {nr_shares_successfully_scattered} out of {nr_shares} shares "
             f"for key ID {key.key_id}"
         )
-        if nr_shares_successfully_scattered < _MIN_NR_SHARES:
+        if nr_shares_successfully_scattered < self.min_nr_shares:
             causes, status_code = self.summarize_failure(results)
             raise exceptions.CouldNotScatterEnoughSharesError(
                 key.key_id,
                 nr_shares_successfully_scattered,
-                _MIN_NR_SHARES,
+                self.min_nr_shares,
                 status_code,
                 causes,
             )
@@ -204,10 +202,10 @@ async def gather_key_from_peer_hubs(
         Gather key shares from the peer hubs, and reconstruct the key out of (a subset of)
         the key shares.
         """
-        nr_shares_attempted_to_gather = len(self._peer_hubs)
+        nr_shares_attempted_to_gather = len(self.peer_hubs)
         coroutines = [
             peer_hub.get_share(master_sae_id, slave_sae_id, key_id)
-            for peer_hub in self._peer_hubs
+            for peer_hub in self.peer_hubs
         ]
         results = await asyncio.gather(*coroutines, return_exceptions=True)
         shares = [result for result in results if not isinstance(result, Exception)]
@@ -217,19 +215,19 @@ async def gather_key_from_peer_hubs(
             f"out of {nr_shares_attempted_to_gather} attempted "
             f"for key ID {key_id}"
         )
-        if nr_shares_successfully_gathered < _MIN_NR_SHARES:
+        if nr_shares_successfully_gathered < self.min_nr_shares:
             causes, status_code = self.summarize_failure(results)
             raise exceptions.CouldNotGatherEnoughSharesError(
                 key_id,
                 nr_shares_successfully_gathered,
-                _MIN_NR_SHARES,
+                self.min_nr_shares,
                 status_code,
                 causes,
             )
         shamir_input = [(share.share_index, share.value) for share in shares]
         try:
             key_value = shamir.reconstruct_binary_secret_from_shares(
-                _MIN_NR_SHARES, shamir_input
+                self.min_nr_shares, shamir_input
             )
         except ValueError as exc:
             raise exceptions.ShamirReconstructError(key_id, str(exc)) from exc