def get_drkey_reply(sv, src_ia, dst_ia, priv_key, signing_key, cert_ver,
dst_cert, trc_ver):
"""
Generate a DRKeyReply. The Reply is signed with the signing key.
The contained drkey is encrypted using the public key of the
destination certificate.
:param DRKeySecretValue sv: the local secret value used to derive the DRKey.
:param ISD_AS src_ia: the local ISD-AS address.
:param ISD_AS dst_ia: the ISD-AS for which the DRKey is computed.
:param PrivateKey priv_key: local private key.
:param SigningKey signing_key: local signing key.
:param int cert_ver: version of the certificate, priv_key and signing_key are associated with.
:param Certificate dst_cert: the certificated of the destination ISD-AS.
:param int trc_ver: version of trc associated with cert_ver.
:returns: the resulting DRKeyReply
:rtype: DRKeyReply
"""
drkey = derive_drkey_raw(sv, dst_ia)
cipher = bytes(
encrypt(drkey, priv_key, PublicKey(dst_cert.subject_enc_key_raw)))
timestamp = drkey_time()
signature = sign(
get_signing_input_rep(src_ia, timestamp, sv.exp_time, cipher),
signing_key)
return DRKeyReply.from_values(src_ia, timestamp, sv.exp_time, cipher,
signature, cert_ver, dst_cert.version,
trc_ver)
def _cached_drkeys_handler(self, raw_entries):
for raw in raw_entries:
msg = CtrlPayload(DRKeyMgmt(DRKeyReply.from_raw(raw)))
self.process_drkey_reply(msg, None, from_zk=True)