def _ecdsa_sha256_response(self, challenge): """Compute the ecdsa signature Args: challenge: content of challenge in bytes Returns: r_bytes, s_bytes: ecdsa signature R, S in bytes Raises: BootstrapError: if the gateway cannot be properly loaded """ try: challenge_key = cert_utils.load_key(self._challenge_key_file) except (IOError, ValueError, TypeError) as e: raise BootstrapError( 'Gateway does not have a proper challenge key: %s' % e) try: signature = challenge_key.sign(challenge, ec.ECDSA(hashes.SHA256())) except TypeError: raise BootstrapError( 'Challenge key cannot be used for ECDSA signature') r_int, s_int = decode_dss_signature(signature) r_bytes = r_int.to_bytes((r_int.bit_length() + 7) // 8, 'big') s_bytes = s_int.to_bytes((s_int.bit_length() + 7) // 8, 'big') return r_bytes, s_bytes
def test_key(self): with TemporaryDirectory(prefix='/tmp/test_cert_utils') as temp_dir: key = ec.generate_private_key(ec.SECP384R1(), default_backend()) cu.write_key(key, os.path.join(temp_dir, 'test.key')) key_load = cu.load_key(os.path.join(temp_dir, 'test.key')) key_bytes = key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, serialization.NoEncryption()) key_load_bytes = key_load.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, serialization.NoEncryption()) self.assertEqual(key_bytes, key_load_bytes)