Add test test_wrong_master_sae_id

Author: brunorijsman

.vscode/settings.json

@@ -53,6 +53,7 @@
         "RINT",
         "Rivest",
         "rtype",
+        "SAEID",
         "Satoshi",
         "setaf",
         "Shamir",

common/exceptions.py

@@ -382,3 +382,39 @@ def __init__(self, client_name: str):
                 "client_name": client_name,
             },
         )
+
+
+class WrongMasterSAEIDError(DSKEException):
+    """
+    Exception raised when the master SAE ID in a Get key with key IDs request does not match
+    the master SAE ID used in the original Get key request.
+    """
+
+    def __init__(self, client_name: str, master_sae_id: str, key_id: str):
+        super().__init__(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            message="Master SAE ID does not match the one used in the original Get key request.",
+            details={
+                "client_name": client_name,
+                "master_sae_id": master_sae_id,
+                "key_id": key_id,
+            },
+        )
+
+
+class WrongSlaveSAEIDError(DSKEException):
+    """
+    Exception raised when the slave SAE ID in a Get key with key IDs request does not match
+    the slave SAE ID used in the original Get key request.
+    """
+
+    def __init__(self, client_name: str, slave_sae_id: str, key_id: str):
+        super().__init__(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            message="Slave SAE ID does not match the one used in the original Get key request.",
+            details={
+                "client_name": client_name,
+                "slave_sae_id": slave_sae_id,
+                "key_id": key_id,
+            },
+        )

hub/__main__.py

@@ -129,14 +129,22 @@ async def post_key_share(
 async def get_key_share(
     client_name: str,
     key_id: str,
+    master_sae_id: str,
+    slave_sae_id: str,
     raw_request: fastapi.Request,
     headers_temp_response: fastapi.Response,
 ) -> APIGetShareResponse:
     """
     DSKE API: Get key share.
     """
+    # pylint: disable=too-many-function-args
     headers_temp_response = await _HUB.get_share_requested_by_client(
-        client_name, key_id, raw_request, headers_temp_response
+        client_name,
+        key_id,
+        master_sae_id,
+        slave_sae_id,
+        raw_request,
+        headers_temp_response,
     )
     return headers_temp_response
 

hub/hub.py

@@ -13,7 +13,10 @@
 from common.allocation import Allocation
 from common.block import Block
 from common.encryption_key import EncryptionKey
-from common.exceptions import EncryptorNotRegisteredForClientError
+from common.exceptions import (
+    EncryptorNotRegisteredForClientError,
+    WrongMasterSAEIDError,
+)
 from common.logging import LOGGER
 from common.pool import Pool
 from common.share import Share
@@ -144,6 +147,8 @@ async def get_share_requested_by_client(
         self,
         client_name: str,
         key_id_str: str,
+        master_sae_id: str,
+        slave_sae_id: str,
         raw_request: fastapi.Request,
         headers_temp_response: fastapi.Response,
     ) -> APIGetShareResponse:
@@ -168,6 +173,22 @@ async def get_share_requested_by_client(
         except KeyError as exc:
             LOGGER.warning(f"No share for key ID {key_id_str}")
             raise exceptions.UnknownKeyIDError(key_id) from exc
+        # Check that master and slave SAE IDs in the Get key with key IDs request match those in the
+        # original Get key request.
+        if master_sae_id != share.master_sae_id:
+            LOGGER.warning(
+                f"Requested master SAE ID {master_sae_id} does not match stored master SAE ID "
+                f"{share.master_sae_id} for key ID {key_id_str}"
+            )
+            raise exceptions.WrongMasterSAEIDError(
+                client_name, master_sae_id, key_id_str
+            )
+        if slave_sae_id != share.slave_sae_id:
+            LOGGER.warning(
+                f"Requested slave SAE ID {slave_sae_id} does not match stored slave SAE ID "
+                f"{share.slave_sae_id} for key ID {key_id_str}"
+            )
+            raise WrongMasterSAEIDError(client_name, slave_sae_id, key_id_str)
         # Encrypt the share value
         encryption_key = EncryptionKey.from_pool(peer_client.local_pool, share.size)
         encrypted_share_value = encryption_key.encrypt(share.value)

system_tests/test_etsi_qkd.py

@@ -3,6 +3,7 @@
 """
 
 import uuid
+import httpx
 import pytest
 from . import system_test_common
 
@@ -57,3 +58,38 @@ def test_wrong_key_id():
     system_test_common.get_key_with_key_ids(
         "sam", "sofia", wrong_uuid, expected_status_code=400
     )
+
+
+def test_wrong_master_sae_id():
+    """
+    ETSI QKD Get ey with key IDs, using a master SAE ID that does not match the master SAE ID
+    that was used in the Get key call (expect error).
+    """
+    key_id = system_test_common.get_key("sam", "sofia")
+    assert key_id is not None
+    connie_port = 8108
+    url = (
+        f"http://127.0.0.1:{connie_port}"
+        f"/client/connie/etsi/api/v1/keys/wrong_master_sae_id/dec_keys?"
+        f"key_ID={key_id}"
+    )
+    result = httpx.get(url, headers={"Authorization": "sofia"})
+    assert result.status_code == 400
+    assert "Master SAE ID does not match" in result.text
+
+
+# def test_wrong_slave_sae_id():
+#     """
+#     ETSI QKD Get ey with key IDs, using a master SAE ID that does not match the master SAE ID
+#     that was used in the Get key call (expect error).
+#     """
+#     key_id = system_test_common.get_key("sam", "sofia")
+#     assert key_id is not None
+#     connie_port = 8108
+#     url = (
+#         f"http://127.0.0.1:{connie_port}/client/connie/etsi/api/v1/keys/sunny/dec_keys?"
+#         f"key_ID={key_id}"
+#     )
+#     result = httpx.get(url)
+#     assert result.status_code == 400
+#     assert "Master SAE ID does not match" in result.text