def _ecdsa_sha256_response(self, challenge):
"""Compute the ecdsa signature
Args:
challenge: content of challenge in bytes
Returns:
r_bytes, s_bytes: ecdsa signature R, S in bytes
Raises:
BootstrapError: if the gateway cannot be properly loaded
"""
try:
challenge_key = cert_utils.load_key(self._challenge_key_file)
except (IOError, ValueError, TypeError) as e:
raise BootstrapError(
'Gateway does not have a proper challenge key: %s' % e)
try:
signature = challenge_key.sign(challenge,
ec.ECDSA(hashes.SHA256()))
except TypeError:
raise BootstrapError(
'Challenge key cannot be used for ECDSA signature')
r_int, s_int = decode_dss_signature(signature)
r_bytes = r_int.to_bytes((r_int.bit_length() + 7) // 8, 'big')
s_bytes = s_int.to_bytes((s_int.bit_length() + 7) // 8, 'big')
return r_bytes, s_bytes
def test_key(self):
with TemporaryDirectory(prefix='/tmp/test_cert_utils') as temp_dir:
key = ec.generate_private_key(ec.SECP384R1(), default_backend())
cu.write_key(key, os.path.join(temp_dir, 'test.key'))
key_load = cu.load_key(os.path.join(temp_dir, 'test.key'))
key_bytes = key.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption())
key_load_bytes = key_load.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption())
self.assertEqual(key_bytes, key_load_bytes)
