Skip to content

Commit

Permalink
espsecure: Improve error message for incorrect PEM format
Browse files Browse the repository at this point in the history
Closes #881
  • Loading branch information
dobairoland committed May 18, 2023
1 parent 54a765d commit 6fbe8dd
Showing 1 changed file with 16 additions and 3 deletions.
19 changes: 16 additions & 3 deletions espsecure/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,13 @@ def generate_signing_key(args):

def load_ecdsa_signing_key(keyfile):
"""Load ECDSA signing key"""
sk = ecdsa.SigningKey.from_pem(keyfile.read())
try:
sk = ecdsa.SigningKey.from_pem(keyfile.read())
except ValueError:
raise esptool.FatalError(
"Incorrect ECDSA private key specified. "
"Please check algorithm and/or format."
)
if sk.curve not in [ecdsa.NIST192p, ecdsa.NIST256p]:
raise esptool.FatalError("Supports NIST192p and NIST256p keys only")
return sk
Expand All @@ -221,7 +227,13 @@ def _load_ecdsa_signing_key(keyfile):

def _load_ecdsa_verifying_key(keyfile):
"""Load ECDSA verifying key for Secure Boot V1 only"""
vk = ecdsa.VerifyingKey.from_pem(keyfile.read())
try:
vk = ecdsa.VerifyingKey.from_pem(keyfile.read())
except ValueError:
raise esptool.FatalError(
"Incorrect ECDSA public key specified. "
"Please check algorithm and/or format."
)
if vk.curve != ecdsa.NIST256p:
raise esptool.FatalError(
"Signing key uses incorrect curve. ESP32 Secure Boot only supports "
Expand Down Expand Up @@ -1645,7 +1657,8 @@ def main(custom_commandline=None):
p = subparsers.add_parser(
"digest_private_key",
help="Generate an SHA-256 digest of the private signing key. "
"This can be used as a reproducible secure bootloader or flash encryption key.",
"This can be used as a reproducible secure bootloader (only secure boot v1) "
"or flash encryption key.",
)
p.add_argument(
"--keyfile",
Expand Down

0 comments on commit 6fbe8dd

Please sign in to comment.