SFT-4306: Remove panic on hash length.

* extmod/foundation-rust/include/foundation.h: Re-generate file. * extmod/foundation-rust/src/firmware.rs: Remove panic. * ports/stm32/boards/Passport/modpassport.c: Handle new error.
Foundation-Devices · Oct 17, 2024 · ea997fc · ea997fc
1 parent f99ea66
commit ea997fc
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 2 deletions.
diff --git a/extmod/foundation-rust/include/foundation.h b/extmod/foundation-rust/include/foundation.h
@@ -175,6 +175,10 @@ typedef enum {
    * Missing user public key
    */
   FIRMWARE_RESULT_MISSING_USER_PUBLIC_KEY,
+  /**
+   * Invalid hash length
+   */
+  FIRMWARE_RESULT_INVALID_HASH_LENGTH,
 } FirmwareResult_Tag;
 
 typedef struct {

diff --git a/extmod/foundation-rust/src/firmware.rs b/extmod/foundation-rust/src/firmware.rs
@@ -55,6 +55,8 @@ pub enum FirmwareResult {
     FailedSignature2,
     /// Missing user public key
     MissingUserPublicKey,
+    /// Invalid hash length
+    InvalidHashLength,
 }
 
 impl From<VerifyHeaderError> for FirmwareResult {
@@ -159,8 +161,13 @@ pub extern "C" fn verify_update_signatures(
     result: &mut FirmwareResult,
 ) {
     let header = unsafe { slice::from_raw_parts(header, header_len) };
-    let firmware_hash = sha256d::Hash::from_slice(hash)
-        .expect("hash should be of correct length");
+    let firmware_hash = match sha256d::Hash::from_slice(hash) {
+        Ok(v) => v,
+        Err(_) => {
+            *result = FirmwareResult::InvalidHashLength;
+            return;
+        }
+    };
 
     let user_public_key = user_public_key
         .map(|v| {

diff --git a/ports/stm32/boards/Passport/modpassport.c b/ports/stm32/boards/Passport/modpassport.c
@@ -139,6 +139,10 @@ STATIC mp_obj_t mod_passport_verify_update_header(mp_obj_t header) {
             mp_raise_msg(&mp_type_InvalidFirmwareUpdate,
                          MP_ERROR_TEXT("Missing user public key"));
             break;
+        case FIRMWARE_RESULT_INVALID_HASH_LENGTH:
+            mp_raise_msg(&mp_type_InvalidFirmwareUpdate,
+                         MP_ERROR_TEXT("Invalid hash length"));
+            break;
         default:
             break;
     }
@@ -248,6 +252,10 @@ STATIC mp_obj_t mod_passport_verify_update_signatures(mp_obj_t header, mp_obj_t
             mp_raise_msg(&mp_type_InvalidFirmwareUpdate,
                          MP_ERROR_TEXT("Missing user public key"));
             break;
+        case FIRMWARE_RESULT_INVALID_HASH_LENGTH:
+            mp_raise_msg(&mp_type_InvalidFirmwareUpdate,
+                         MP_ERROR_TEXT("Invalid hash length"));
+            break;
         default:
             break;
     }