From 7c4b9ff9cb90b53fe67405a524e6964c4417fb98 Mon Sep 17 00:00:00 2001 From: Dennis Fokin Date: Tue, 20 Aug 2024 13:47:18 +0200 Subject: [PATCH] Check if device is fips capable before creating an SCP session --- helper/helper/device.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/helper/helper/device.py b/helper/helper/device.py index dbf72de5..755911e3 100644 --- a/helper/helper/device.py +++ b/helper/helper/device.py @@ -521,16 +521,17 @@ class ScpConnectionNode(ConnectionNode): self.fips_capable = info.fips_capable self.scp_params = None try: - scp = SecurityDomainSession(connection) + if self.fips_capable != 0: + scp = SecurityDomainSession(connection) - for ref in scp.get_key_information().keys(): - if ref.kid == 0x13: - chain = scp.get_certificate_bundle(ref) - if chain: - pub_key = chain[-1].public_key() - assert isinstance(pub_key, EllipticCurvePublicKey) # nosec - self.scp_params = Scp11KeyParams(ref, pub_key) - break + for ref in scp.get_key_information().keys(): + if ref.kid == 0x13: + chain = scp.get_certificate_bundle(ref) + if chain: + pub_key = chain[-1].public_key() + assert isinstance(pub_key, EllipticCurvePublicKey) # nosec + self.scp_params = Scp11KeyParams(ref, pub_key) + break except NotSupportedError: pass