diff --git a/goKMS/kms/kmsintercom.go b/goKMS/kms/kmsintercom.go
index 1c52e43d92744e9b633978f165dfef0028681775..d7338d6eed4d98acb546f6a761cf24c875d743fe 100644
--- a/goKMS/kms/kmsintercom.go
+++ b/goKMS/kms/kmsintercom.go
@@ -56,6 +56,15 @@ func (s *kmsTalkerServer) KeyIdNotification(ctx context.Context, in *pb.KeyIdNot
return nil, status.Error(codes.Internal, "expected etsi014 quantum module")
}
+ switch {
+ case !eqm.IsActive():
+ log.Debugf("The key store for quantum module: %s is not active and denied incoming key sync attempts", eqm.ID())
+ return nil, status.Errorf(codes.Aborted, "The corresponding key store is not active and does not accept incoming key sync attempts")
+ case eqm.KeyStore().Length() >= int(eqm.MaxKeyFillLevel()):
+ log.Debugf("The key store for quantum module: %s is at its maximum key fill level and does not accept incoming key sync attempts", eqm.ID())
+ return nil, status.Errorf(codes.Aborted, "The corresponding key store is at its maximum key fill level and does not accept incoming key sync attempts")
+ }
+
etsi14KeyIds := make([]etsi14.KeyIDsRequestKeyIDsInner, len(in.KeyIds))
for i, keyid := range in.KeyIds {
etsi14KeyIds[i] = etsi14.KeyIDsRequestKeyIDsInner{
diff --git a/goKMS/kms/peers/danetQuantummodule.go b/goKMS/kms/peers/danetQuantummodule.go
index 797f906e41d95f69b4f605f8984b9eee4a5cbab6..08fabd86d0128cb868fb5c6358555c78fd0f10e7 100644
--- a/goKMS/kms/peers/danetQuantummodule.go
+++ b/goKMS/kms/peers/danetQuantummodule.go
@@ -22,6 +22,7 @@ type DanetQuantumModule struct {
// QuantumElementLink *quantumlayer.QuantumlayerEmuPRNG // contains information about the quantum links
// key stores of unchopped bulk keys go here
addr string
+ active bool // determs if the module is active to receive keys
RawBulkKeysMutex sync.Mutex
RawBulkKeys map[int64]*quantumlayer.QuantumLayerBulkKey
keyStore *store.KmsKeyStore // the keys used between two peers.
@@ -35,6 +36,7 @@ func NewDanetQuantumModule(kmsUDPAddr string, kmsId string) *DanetQuantumModule
QlID: uuid.New(),
kmsId: kmsId,
addr: kmsUDPAddr,
+ active: false,
RawBulkKeys: make(map[int64]*quantumlayer.QuantumLayerBulkKey),
keyStore: store.NewKmsKeyStore(256),
kmsClient: nil,
@@ -48,9 +50,20 @@ func (qm *DanetQuantumModule) ID() uuid.UUID {
}
func (qm *DanetQuantumModule) Initialize() error {
+ qm.RawBulkKeysMutex.Lock()
+ defer qm.RawBulkKeysMutex.Unlock()
+ qm.active = true
return nil
}
+func (qm *DanetQuantumModule) Reset() {
+ qm.RawBulkKeysMutex.Lock()
+ defer qm.RawBulkKeysMutex.Unlock()
+ qm.active = false
+ qm.RawBulkKeys = make(map[int64]*quantumlayer.QuantumLayerBulkKey)
+ qm.KeyStore().Reset()
+}
+
func (qm *DanetQuantumModule) SetKmsPeerInformation(kmsClient *GRPCClient, kmsEventBus *event.EventBus, kmsTcpSocketStr string) error {
qm.kmsClient = kmsClient
qm.kmsEventBus = kmsEventBus
@@ -62,6 +75,10 @@ func (qm *DanetQuantumModule) Address() string {
return qm.addr
}
+func (qm *DanetQuantumModule) IsActive() bool {
+ return qm.active
+}
+
func (qm *DanetQuantumModule) Sync() error {
rawBulkKeyIds := util.KeysOfMap(qm.RawBulkKeys)
log.Info("Found the following bulk key ids for usage: ", rawBulkKeyIds)
diff --git a/goKMS/kms/peers/etsi14Quantummodule.go b/goKMS/kms/peers/etsi14Quantummodule.go
index def13a49f184923dae1dfdaa5092958e1aeaefce..a948cbd39212bcfadcac915c888542609b913959 100644
--- a/goKMS/kms/peers/etsi14Quantummodule.go
+++ b/goKMS/kms/peers/etsi14Quantummodule.go
@@ -32,6 +32,7 @@ type ETSI014HTTPQuantumModule struct {
keyFetchAmount int64
maxKeyFillLevel uint64
stopFetch context.CancelFunc
+ active bool
}
func NewETSI014HTTPQuantumModule(addr, kmsId, localSAEID, targetSAEID string, tlsConfig config.TLSConfig, master bool, keyFetchInterval int, keyFetchAmount int64, maxKeyFillLevel uint64) (*ETSI014HTTPQuantumModule, error) {
@@ -95,6 +96,7 @@ func NewETSI014HTTPQuantumModule(addr, kmsId, localSAEID, targetSAEID string, tl
keyFetchInterval: keyFetchInterval,
keyFetchAmount: keyFetchAmount,
maxKeyFillLevel: maxKeyFillLevel,
+ active: false,
}, nil
}
@@ -110,6 +112,8 @@ func (qm *ETSI014HTTPQuantumModule) Initialize() error {
var ctx context.Context
ctx, qm.stopFetch = context.WithCancel(context.Background())
+ qm.active = true
+
// start polling keys
if qm.master {
go func() {
@@ -132,10 +136,20 @@ func (qm *ETSI014HTTPQuantumModule) Initialize() error {
return nil
}
-func (qm *ETSI014HTTPQuantumModule) StopKeyFetching() {
+func (qm *ETSI014HTTPQuantumModule) Reset() {
if qm.master {
qm.stopFetch()
}
+ qm.active = false
+ qm.KeyStore().Reset()
+}
+
+func (qm *ETSI014HTTPQuantumModule) MaxKeyFillLevel() uint64 {
+ return qm.maxKeyFillLevel
+}
+
+func (qm *ETSI014HTTPQuantumModule) IsActive() bool {
+ return qm.active
}
func (qm *ETSI014HTTPQuantumModule) SetKmsPeerInformation(kmsClient *GRPCClient, kmsEventBus *event.EventBus, kmsTcpSocketStr string) error {
diff --git a/goKMS/kms/peers/quantummodule.go b/goKMS/kms/peers/quantummodule.go
index cb9753ac1fede1fcc0aa29f27894a54166a9ca22..166293631135285d0a91e937b3f380226c2a86dd 100644
--- a/goKMS/kms/peers/quantummodule.go
+++ b/goKMS/kms/peers/quantummodule.go
@@ -22,4 +22,6 @@ type QuantumModule interface {
SetKeyStore(*store.KmsKeyStore)
Sync() error
Address() string
+ IsActive() bool
+ Reset()
}
diff --git a/goKMS/kms/quipsec.go b/goKMS/kms/quipsec.go
index d2a850923c9f10ed3c28bd4eb98e00e996cb8638..da6c9c4ec4fad45007f0057338d7dce2035f7ea6 100644
--- a/goKMS/kms/quipsec.go
+++ b/goKMS/kms/quipsec.go
@@ -49,12 +49,16 @@ func (qs *quipSecServer) PushKeys(ctx context.Context, req *pb.PushKeysRequest)
}
eqm.RawBulkKeysMutex.Lock()
+ defer eqm.RawBulkKeysMutex.Unlock()
+ if !eqm.IsActive() {
+ logrus.Debugf("Quantum module: %s is not active and denied incoming bulk keys", eqm.ID())
+ return nil, status.Errorf(codes.Aborted, "Currently no new bulk keys are accepted")
+ }
eqm.RawBulkKeys[bulkKeyId] = &quantumlayer.QuantumLayerBulkKey{
BulkKeyId: bulkKeyId,
BulkKeyLength: int(req.GetKeyBulk().GetKeyLength()),
BulkKey: req.GetKeyBulk().Keys,
}
- eqm.RawBulkKeysMutex.Unlock()
logrus.Debugf("%s received a new bulk from: %s with id: %s and a length of: %d", qs.KMS.kmsName, qm.Address(), req.GetKeyBulk().GetKeyId(), req.GetKeyBulk().GetKeyLength())
return &pb.PushKeysResponse{Timestamp: time.Now().Unix()}, nil
diff --git a/goKMS/kms/store/kms-keystore.go b/goKMS/kms/store/kms-keystore.go
index 289a17dd401c3555fcdf31dc65afc5b257deed80..565f33bf17afb6829ddb85594bbe79d51b73095f 100644
--- a/goKMS/kms/store/kms-keystore.go
+++ b/goKMS/kms/store/kms-keystore.go
@@ -7,7 +7,6 @@ import (
etsi14 "code.fbi.h-da.de/danet/quant/etsi014/go/rest/etsi/client"
"github.com/google/uuid"
- log "github.com/sirupsen/logrus"
)
type Status int
@@ -47,14 +46,13 @@ func (ks *KmsKeyStore) Length() int {
return len(ks.keyStore)
}
-func (ks *KmsKeyStore) AddKey(keyId uuid.UUID, keyToadd []byte) {
+func (ks *KmsKeyStore) AddKey(keyId uuid.UUID, keyToadd []byte) error {
ks.keyStoreMutex.Lock()
defer ks.keyStoreMutex.Unlock()
// test for collisions
- if _, notThere := ks.keyStore[keyId]; notThere {
- log.Errorf("Whop: addKey collisions of key id %s", keyId)
- return
+ if _, keyIdExists := ks.keyStore[keyId]; keyIdExists {
+ return fmt.Errorf("Key with id %s already exists", keyId)
}
newKeyElement := &KmsKSElement{
@@ -64,6 +62,7 @@ func (ks *KmsKeyStore) AddKey(keyId uuid.UUID, keyToadd []byte) {
}
// ok to add
ks.keyStore[newKeyElement.KeyID] = newKeyElement
+ return nil
}
func (ks *KmsKeyStore) GetKey() (*KmsKSElement, error) {
diff --git a/goKMS/qkdnManager/server.go b/goKMS/qkdnManager/server.go
index 3e365b4782406bf5210e3ccfe689c5192d3fb874..9349c8614e6db541a4a7201371bb6067cba1b562 100644
--- a/goKMS/qkdnManager/server.go
+++ b/goKMS/qkdnManager/server.go
@@ -219,8 +219,7 @@ func (qs *QkdnManagerServer) handleSetKeyStore(w http.ResponseWriter, r *http.Re
return
}
} else if fetch == "false" {
- eqm.StopKeyFetching()
- eqm.KeyStore().Reset()
+ eqm.Reset()
}
}