QuantumModule key store handling based on active status

0f381ca8 · Malte Bauch · 4e0cbc47 · 0f381ca8 · 0f381ca8 · 0f381ca8
Verified Commit 0f381ca8 authored 8 months ago by Malte Bauch
--- a/goKMS/kms/kmsintercom.go
+++ b/goKMS/kms/kmsintercom.go
@@ -56,6 +56,15 @@ func (s *kmsTalkerServer) KeyIdNotification(ctx context.Context, in *pb.KeyIdNot
 		return nil, status.Error(codes.Internal, "expected etsi014 quantum module")
 	}

+	switch {
+	case !eqm.IsActive():
+		log.Debugf("The key store for quantum module: %s is not active and denied incoming key sync attempts", eqm.ID())
+		return nil, status.Errorf(codes.Aborted, "The corresponding key store is not active and does not accept incoming key sync attempts")
+	case eqm.KeyStore().Length() >= int(eqm.MaxKeyFillLevel()):
+		log.Debugf("The key store for quantum module: %s is at its maximum key fill level and does not accept incoming key sync attempts", eqm.ID())
+		return nil, status.Errorf(codes.Aborted, "The corresponding key store is at its maximum key fill level and does not accept incoming key sync attempts")
+	}
+
 	etsi14KeyIds := make([]etsi14.KeyIDsRequestKeyIDsInner, len(in.KeyIds))
 	for i, keyid := range in.KeyIds {
 		etsi14KeyIds[i] = etsi14.KeyIDsRequestKeyIDsInner{

--- a/goKMS/kms/peers/danetQuantummodule.go
+++ b/goKMS/kms/peers/danetQuantummodule.go
@@ -22,6 +22,7 @@ type DanetQuantumModule struct {
 	// QuantumElementLink *quantumlayer.QuantumlayerEmuPRNG // contains information about the quantum links
 	// key stores of unchopped bulk keys go here
 	addr             string
+	active           bool // determs if the module is active to receive keys
 	RawBulkKeysMutex sync.Mutex
 	RawBulkKeys      map[int64]*quantumlayer.QuantumLayerBulkKey
 	keyStore         *store.KmsKeyStore // the keys used between two peers.
@@ -35,6 +36,7 @@ func NewDanetQuantumModule(kmsUDPAddr string, kmsId string) *DanetQuantumModule
 		QlID:            uuid.New(),
 		kmsId:           kmsId,
 		addr:            kmsUDPAddr,
+		active:          false,
 		RawBulkKeys:     make(map[int64]*quantumlayer.QuantumLayerBulkKey),
 		keyStore:        store.NewKmsKeyStore(256),
 		kmsClient:       nil,
@@ -48,9 +50,20 @@ func (qm *DanetQuantumModule) ID() uuid.UUID {
 }

 func (qm *DanetQuantumModule) Initialize() error {
+	qm.RawBulkKeysMutex.Lock()
+	defer qm.RawBulkKeysMutex.Unlock()
+	qm.active = true
 	return nil
 }

+func (qm *DanetQuantumModule) Reset() {
+	qm.RawBulkKeysMutex.Lock()
+	defer qm.RawBulkKeysMutex.Unlock()
+	qm.active = false
+	qm.RawBulkKeys = make(map[int64]*quantumlayer.QuantumLayerBulkKey)
+	qm.KeyStore().Reset()
+}
+
 func (qm *DanetQuantumModule) SetKmsPeerInformation(kmsClient *GRPCClient, kmsEventBus *event.EventBus, kmsTcpSocketStr string) error {
 	qm.kmsClient = kmsClient
 	qm.kmsEventBus = kmsEventBus
@@ -62,6 +75,10 @@ func (qm *DanetQuantumModule) Address() string {
 	return qm.addr
 }

+func (qm *DanetQuantumModule) IsActive() bool {
+	return qm.active
+}
+
 func (qm *DanetQuantumModule) Sync() error {
 	rawBulkKeyIds := util.KeysOfMap(qm.RawBulkKeys)
 	log.Info("Found the following bulk key ids for usage: ", rawBulkKeyIds)

--- a/goKMS/kms/peers/etsi14Quantummodule.go
+++ b/goKMS/kms/peers/etsi14Quantummodule.go
@@ -32,6 +32,7 @@ type ETSI014HTTPQuantumModule struct {
 	keyFetchAmount   int64
 	maxKeyFillLevel  uint64
 	stopFetch        context.CancelFunc
+	active           bool
 }

 func NewETSI014HTTPQuantumModule(addr, kmsId, localSAEID, targetSAEID string, tlsConfig config.TLSConfig, master bool, keyFetchInterval int, keyFetchAmount int64, maxKeyFillLevel uint64) (*ETSI014HTTPQuantumModule, error) {
@@ -95,6 +96,7 @@ func NewETSI014HTTPQuantumModule(addr, kmsId, localSAEID, targetSAEID string, tl
 		keyFetchInterval: keyFetchInterval,
 		keyFetchAmount:   keyFetchAmount,
 		maxKeyFillLevel:  maxKeyFillLevel,
+		active:           false,
 	}, nil
 }

@@ -110,6 +112,8 @@ func (qm *ETSI014HTTPQuantumModule) Initialize() error {
 	var ctx context.Context
 	ctx, qm.stopFetch = context.WithCancel(context.Background())

+	qm.active = true
+
 	// start polling keys
 	if qm.master {
 		go func() {
@@ -132,10 +136,20 @@ func (qm *ETSI014HTTPQuantumModule) Initialize() error {
 	return nil
 }

-func (qm *ETSI014HTTPQuantumModule) StopKeyFetching() {
+func (qm *ETSI014HTTPQuantumModule) Reset() {
 	if qm.master {
 		qm.stopFetch()
 	}
+	qm.active = false
+	qm.KeyStore().Reset()
+}
+
+func (qm *ETSI014HTTPQuantumModule) MaxKeyFillLevel() uint64 {
+	return qm.maxKeyFillLevel
+}
+
+func (qm *ETSI014HTTPQuantumModule) IsActive() bool {
+	return qm.active
 }

 func (qm *ETSI014HTTPQuantumModule) SetKmsPeerInformation(kmsClient *GRPCClient, kmsEventBus *event.EventBus, kmsTcpSocketStr string) error {

--- a/goKMS/kms/peers/quantummodule.go
+++ b/goKMS/kms/peers/quantummodule.go
@@ -22,4 +22,6 @@ type QuantumModule interface {
 	SetKeyStore(*store.KmsKeyStore)
 	Sync() error
 	Address() string
+	IsActive() bool
+	Reset()
 }
--- a/goKMS/kms/quipsec.go
+++ b/goKMS/kms/quipsec.go
@@ -49,12 +49,16 @@ func (qs *quipSecServer) PushKeys(ctx context.Context, req *pb.PushKeysRequest)
 	}

 	eqm.RawBulkKeysMutex.Lock()
+	defer eqm.RawBulkKeysMutex.Unlock()
+	if !eqm.IsActive() {
+		logrus.Debugf("Quantum module: %s is not active and denied incoming bulk keys", eqm.ID())
+		return nil, status.Errorf(codes.Aborted, "Currently no new bulk keys are accepted")
+	}
 	eqm.RawBulkKeys[bulkKeyId] = &quantumlayer.QuantumLayerBulkKey{
 		BulkKeyId:     bulkKeyId,
 		BulkKeyLength: int(req.GetKeyBulk().GetKeyLength()),
 		BulkKey:       req.GetKeyBulk().Keys,
 	}
-	eqm.RawBulkKeysMutex.Unlock()

 	logrus.Debugf("%s received a new bulk from: %s with id: %s and a length of: %d", qs.KMS.kmsName, qm.Address(), req.GetKeyBulk().GetKeyId(), req.GetKeyBulk().GetKeyLength())
 	return &pb.PushKeysResponse{Timestamp: time.Now().Unix()}, nil

--- a/goKMS/kms/store/kms-keystore.go
+++ b/goKMS/kms/store/kms-keystore.go
@@ -7,7 +7,6 @@ import (

 	etsi14 "code.fbi.h-da.de/danet/quant/etsi014/go/rest/etsi/client"
 	"github.com/google/uuid"
-	log "github.com/sirupsen/logrus"
 )

 type Status int
@@ -47,14 +46,13 @@ func (ks *KmsKeyStore) Length() int {
 	return len(ks.keyStore)
 }

-func (ks *KmsKeyStore) AddKey(keyId uuid.UUID, keyToadd []byte) {
+func (ks *KmsKeyStore) AddKey(keyId uuid.UUID, keyToadd []byte) error {
 	ks.keyStoreMutex.Lock()
 	defer ks.keyStoreMutex.Unlock()

 	// test for collisions
-	if _, notThere := ks.keyStore[keyId]; notThere {
-		log.Errorf("Whop: addKey collisions of key id %s", keyId)
-		return
+	if _, keyIdExists := ks.keyStore[keyId]; keyIdExists {
+		return fmt.Errorf("Key with id %s already exists", keyId)
 	}

 	newKeyElement := &KmsKSElement{
@@ -64,6 +62,7 @@ func (ks *KmsKeyStore) AddKey(keyId uuid.UUID, keyToadd []byte) {
 	}
 	// ok to add
 	ks.keyStore[newKeyElement.KeyID] = newKeyElement
+	return nil
 }

 func (ks *KmsKeyStore) GetKey() (*KmsKSElement, error) {

--- a/goKMS/qkdnManager/server.go
+++ b/goKMS/qkdnManager/server.go
@@ -219,8 +219,7 @@ func (qs *QkdnManagerServer) handleSetKeyStore(w http.ResponseWriter, r *http.Re
 				return
 			}
 		} else if fetch == "false" {
-			eqm.StopKeyFetching()
-			eqm.KeyStore().Reset()
+			eqm.Reset()
 		}
 	}