From adaac3066c33914c65c8c7b372f6a509a8c60dbe Mon Sep 17 00:00:00 2001 From: Noah Laptop Date: Fri, 16 Oct 2020 13:56:36 -0700 Subject: [PATCH] fix: remove cryptography import, cleanup error handling --- tools/pycert_bearssl/cert_util.py | 8 +++++--- tools/pycert_bearssl/pycert_bearssl.py | 13 ++++++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/tools/pycert_bearssl/cert_util.py b/tools/pycert_bearssl/cert_util.py index 98d88e7..998c8a9 100644 --- a/tools/pycert_bearssl/cert_util.py +++ b/tools/pycert_bearssl/cert_util.py @@ -20,7 +20,6 @@ import socket import textwrap import math import os -import cryptography CERT_PATTERN = re.compile("^\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-[a-z,A-Z,0-9,\n,\/,+]+={0,2}\n\-\-\-\-\-END CERTIFICATE-\-\-\-\-", re.MULTILINE) @@ -291,7 +290,8 @@ def x509_to_header(x509Certs, cert_var, cert_length_var, output_file, keep_dupes # next, the RSA public numbers pubkey = cert.get_pubkey() numbers = pubkey.to_cryptography_key().public_numbers() - if type(numbers) is cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers: + numbers_typename = type(numbers).__name__ + if 'RSA' in numbers_typename: # starting with the modulous n_bytes_str = bytes_to_c_data(numbers.n.to_bytes(pubkey.bits() // 8, byteorder="big")) static_arrays.append(CRAY_TEMPLATE.format( @@ -309,7 +309,7 @@ def x509_to_header(x509Certs, cert_var, cert_length_var, output_file, keep_dupes ta_dn_name=DN_PRE + str(cert_index), rsa_number_name=RSA_N_PRE + str(cert_index), rsa_exp_name=RSA_E_PRE + str(cert_index))) - elif type(numbers) is cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers: + elif 'Elliptic' in numbers_typename: # starting with the modulous curve_bytes = b'\x04' + numbers.x.to_bytes(pubkey.bits() // 8, byteorder="big") + numbers.y.to_bytes( pubkey.bits() // 8, byteorder="big") @@ -325,6 +325,8 @@ def x509_to_header(x509Certs, cert_var, cert_length_var, output_file, keep_dupes ec_number_name=EC_CURVE_PRE + str(cert_index), ec_curve_name=EC_CURVE_NAME_PRE + curve_name )) + else: + raise Exception(f'Unknown public key type {numbers_typename}') # concatonate it all into the big header file template # cert descriptions cert_desc_out = '\n * \n'.join(cert_desc) diff --git a/tools/pycert_bearssl/pycert_bearssl.py b/tools/pycert_bearssl/pycert_bearssl.py index 14cd792..7b25f35 100644 --- a/tools/pycert_bearssl/pycert_bearssl.py +++ b/tools/pycert_bearssl/pycert_bearssl.py @@ -86,7 +86,11 @@ def download(port, cert_var, cert_length_var, output, use_store, keep_dupes, dom # append cert to array down_certs.append(cert) # Combine PEMs and write output header. - cert_util.x509_to_header(down_certs, cert_var, cert_length_var, output, keep_dupes, domains=domain) + try: + cert_util.x509_to_header(down_certs, cert_var, cert_length_var, output, keep_dupes, domains=domain) + except Exception as E: + click.echo(f'Recieved error when converting certificate to header: {E}') + exit(1) @pycert_bearssl.command(short_help='Convert PEM certs into a C header.') @@ -144,8 +148,11 @@ def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_search, else: root_certs.append(cert_dict[cn_hash]) # Combine PEMs and write output header. - cert_util.x509_to_header(root_certs, cert_var, cert_length_var, output, keep_dupes) - + try: + cert_util.x509_to_header(root_certs, cert_var, cert_length_var, output, keep_dupes) + except Exception as E: + click.echo(f'Recieved error when converting certificate to header: {E}') + exit(1) if __name__ == '__main__': pycert_bearssl() \ No newline at end of file