Report error when signing fails

author: Timotej Lazar <timotej.lazar@araneo.si> 2024-01-16 21:51:47 +0100
committer: Timotej Lazar <timotej.lazar@araneo.si> 2024-01-16 21:52:10 +0100
commit: 188567a42942dba1078ac7384ee9d9fe864594fa (patch)
tree: 20af914aa8723a168fc3e088f7fb87a79581db50
parent: 0578bdffcb0599d2c4f06998281ad968bec43ac0 (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/margfools b/margfools
index 71634ad..cf4de00 100755
--- a/margfools
+++ b/margfools
@@ -15,12 +15,12 @@ import getpass
 # use requests instead of urllib.request for keep-alive connection
 import requests
 
-def sign(data, key, pin=None, engine=None):
+def sign(b64data, key, pin=None, engine=None):
     if engine is None:
         # key in file
         cmd = ['openssl', 'pkeyutl', '-sign', '-inkey', key, '-pkeyopt', 'digest:sha256']
-        raw_data = base64.b64decode(data)
         env = None
+        data = base64.b64decode(b64data)
     elif engine == 'pkcs11':
         # key on smartcard
         digest_info = { # from RFC 3447
@@ -33,8 +33,12 @@ def sign(data, key, pin=None, engine=None):
         }
         cmd = ['pkcs11-tool', '--id', key, '-s', '-m', 'RSA-PKCS', '-p', 'env:PIN']
         env = {'PIN': pin}
-        raw_data = bytes.fromhex(digest_info['SHA-256']) + base64.b64decode(data)
-    p = subprocess.run(cmd, env=env, input=raw_data, capture_output=True)
+        data = bytes.fromhex(digest_info['SHA-256']) + base64.b64decode(b64data)
+
+    p = subprocess.run(cmd, env=env, input=data, capture_output=True)
+    if p.returncode != 0:
+        raise RuntimeError('could not sign data')
+
     return base64.b64encode(p.stdout).decode()
 
 if __name__ == '__main__':
author	Timotej Lazar <timotej.lazar@araneo.si>	2024-01-16 21:51:47 +0100
committer	Timotej Lazar <timotej.lazar@araneo.si>	2024-01-16 21:52:10 +0100
commit	188567a42942dba1078ac7384ee9d9fe864594fa (patch)
tree	20af914aa8723a168fc3e088f7fb87a79581db50
parent	0578bdffcb0599d2c4f06998281ad968bec43ac0 (diff)