def _secureReplaceKey(self, slot, newKey):
partitionId = self._getPartitionIdForSlot(slot)
self.log.debug('SECURE replacing key in slot: {} in partition: {}'.format(slot, partitionId))
if (0 == partitionId):
oldPartitionKey = self._getMasterKey()
newPartitionKey = self._getMasterKey()
else:
oldPartitionKey = self._getKeyFromCascade(partitionId)
newPartitionKey = CryptoLib.generateRandomKey()
partition = self.getPartition(partitionId, oldPartitionKey)
localSlot = self._slotToLocalSlot(slot)
partition.setKey(localSlot, newKey)
self.storePartition(partition, newPartitionKey)
if (0 == partitionId):
# print('Replaced master key with: {}'.format(newPartitionKey))
pass
else:
self._secureReplaceKey(partitionId, newPartitionKey)
def generateKey(self, slot):
if (self.EMPTY_KEY != self.keys[slot]):
raise SystemError('requested generate key but slot is not empty')
key = CryptoLib.generateRandomKey()
self.setKey(slot, key)
return key
