Support new curve from python (#36)

Auto-detect curve to use based on server CA

src/node/entities.h

@@ -17,7 +17,6 @@ namespace ccf
   using NodeId = ObjectId;
   using UserId = ObjectId;
   using CallerId = ObjectId;
-  using CaId = ObjectId;
   using Cert = std::vector<uint8_t>;
   using CodeVersion = ObjectId;
 

tests/infra/ccf.py

@@ -152,10 +152,11 @@ class Network:
                 with node.management_client() as c:
                     for _ in range(15):
                         id = c.request(method="getCommit", params={})
-                        res = c.response(id).result
-                        if res[b"commit"] >= 2 and res[b"term"] == 2:
-                            LOG.info("Node {} has joined (client)".format(node_id))
-                            break
+                        rep = c.response(id)
+                        if rep.error is None:
+                            if rep.result["commit"] >= 2 and rep.result["term"] == 2:
+                                LOG.info("Node {} has joined (client)".format(node_id))
+                                break
                         time.sleep(1)
                     else:
                         raise ValueError(
@@ -496,6 +497,7 @@ class Node:
             "management",
             cert=None,
             key=None,
+            cafile="{}.pem".format(self.node_id),
             description="node {} (mgmt)".format(self.node_id),
             **kwargs,
         )

tests/infra/jsonrpc.py

@@ -11,6 +11,9 @@ import logging
 import time
 import os
 from enum import IntEnum
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import asymmetric
 
 from loguru import logger as LOG
 
@@ -140,6 +143,16 @@ class FramedTLSClient:
     def connect(self):
         if self.cafile:
             self.context = ssl.create_default_context(cafile=self.cafile)
+
+            # Auto detect EC curve to use based on server CA
+            ca_bytes = open(self.cafile, "rb").read()
+            ca_curve = (
+                x509.load_pem_x509_certificate(ca_bytes, default_backend())
+                .public_key()
+                .curve
+            )
+            if isinstance(ca_curve, asymmetric.ec.SECP256K1):
+                self.context.set_ecdh_curve("secp256k1")
         else:
             self.context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
         if self.cert and self.key: