Check if device is fips capable before creating an SCP session

Yubico · Aug 20, 2024 · 7c4b9ff · 7c4b9ff
1 parent a3f9ace
commit 7c4b9ff
Showing 1 changed file with 11 additions and 10 deletions.
diff --git a/helper/helper/device.py b/helper/helper/device.py
@@ -521,16 +521,17 @@ def __init__(self, device, connection, info):
         self.fips_capable = info.fips_capable
         self.scp_params = None
         try:
-            scp = SecurityDomainSession(connection)
-
-            for ref in scp.get_key_information().keys():
-                if ref.kid == 0x13:
-                    chain = scp.get_certificate_bundle(ref)
-                    if chain:
-                        pub_key = chain[-1].public_key()
-                        assert isinstance(pub_key, EllipticCurvePublicKey)  # nosec
-                        self.scp_params = Scp11KeyParams(ref, pub_key)
-                        break
+            if self.fips_capable != 0:
+                scp = SecurityDomainSession(connection)
+
+                for ref in scp.get_key_information().keys():
+                    if ref.kid == 0x13:
+                        chain = scp.get_certificate_bundle(ref)
+                        if chain:
+                            pub_key = chain[-1].public_key()
+                            assert isinstance(pub_key, EllipticCurvePublicKey)  # nosec
+                            self.scp_params = Scp11KeyParams(ref, pub_key)
+                            break
         except NotSupportedError:
             pass