Simplifies Env upgrade API (#551)

* removes read_partition and partition_length from upgrade API * renames partition to bundle, also data type change from slice to Vec * removes hash from Env API * fixes comment
2022-10-03 16:33:34 +02:00
parent 6610a29a67
commit 3c28ff49ee
5 changed files with 62 additions and 89 deletions
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -1399,19 +1399,14 @@ impl CtapState {
        params: AuthenticatorVendorUpgradeParameters,
    ) -> Result<ResponseData, Ctap2StatusCode> {
        let AuthenticatorVendorUpgradeParameters { offset, data, hash } = params;
-        let upgrade_locations = env
-            .upgrade_storage()
-            .ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND)?;
-        upgrade_locations
-            .write_partition(offset, &data)
-            .map_err(|_| Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)?;
-        let written_slice = upgrade_locations
-            .read_partition(offset, data.len())
-            .map_err(|_| Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)?;
-        let written_hash = Sha256::hash(written_slice);
-        if hash != written_hash {
+        let calculated_hash = Sha256::hash(&data);
+        if hash != calculated_hash {
            return Err(Ctap2StatusCode::CTAP2_ERR_INTEGRITY_FAILURE);
        }
+        env.upgrade_storage()
+            .ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND)?
+            .write_bundle(offset, data)
+            .map_err(|_| Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER)?;
        Ok(ResponseData::AuthenticatorVendorUpgrade)
    }

@@ -1424,7 +1419,7 @@ impl CtapState {
            .ok_or(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND)?;
        Ok(ResponseData::AuthenticatorVendorUpgradeInfo(
            AuthenticatorVendorUpgradeInfoResponse {
-                info: upgrade_locations.partition_identifier(),
+                info: upgrade_locations.bundle_identifier(),
            },
        ))
    }
@@ -3393,9 +3388,9 @@ mod test {

        const METADATA_LEN: usize = 0x1000;
        let metadata = vec![0xFF; METADATA_LEN];
-        let metadata_hash = Sha256::hash(&metadata).to_vec();
+        let metadata_hash = Sha256::hash(&metadata);
        let data = vec![0xFF; 0x1000];
-        let hash = Sha256::hash(&data).to_vec();
+        let hash = Sha256::hash(&data);

        // Write to partition.
        let response = ctap_state.process_vendor_upgrade(
@@ -3403,7 +3398,7 @@ mod test {
            AuthenticatorVendorUpgradeParameters {
                offset: 0x20000,
                data: data.clone(),
-                hash: hash.clone(),
+                hash,
            },
        );
        assert_eq!(response, Ok(ResponseData::AuthenticatorVendorUpgrade));
@@ -3414,7 +3409,7 @@ mod test {
            AuthenticatorVendorUpgradeParameters {
                offset: 0,
                data: metadata.clone(),
-                hash: metadata_hash.clone(),
+                hash: metadata_hash,
            },
        );
        assert_eq!(response, Ok(ResponseData::AuthenticatorVendorUpgrade));
@@ -3425,7 +3420,7 @@ mod test {
            AuthenticatorVendorUpgradeParameters {
                offset: METADATA_LEN,
                data: data.clone(),
-                hash: hash.clone(),
+                hash,
            },
        );
        assert_eq!(response, Ok(ResponseData::AuthenticatorVendorUpgrade));
@@ -3439,7 +3434,7 @@ mod test {
                hash: metadata_hash,
            },
        );
-        assert_eq!(response, Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER));
+        assert_eq!(response, Err(Ctap2StatusCode::CTAP2_ERR_INTEGRITY_FAILURE));

        // Write outside of the partition.
        let response = ctap_state.process_vendor_upgrade(
@@ -3458,7 +3453,7 @@ mod test {
            AuthenticatorVendorUpgradeParameters {
                offset: 0x20000,
                data,
-                hash: [0xEE; 32].to_vec(),
+                hash: [0xEE; 32],
            },
        );
        assert_eq!(response, Err(Ctap2StatusCode::CTAP2_ERR_INTEGRITY_FAILURE));
@@ -3471,7 +3466,7 @@ mod test {
        let mut ctap_state = CtapState::new(&mut env, CtapInstant::new(0));

        let data = vec![0xFF; 0x1000];
-        let hash = Sha256::hash(&data).to_vec();
+        let hash = Sha256::hash(&data);
        let response = ctap_state.process_vendor_upgrade(
            &mut env,
            AuthenticatorVendorUpgradeParameters {
@@ -3487,14 +3482,14 @@ mod test {
    fn test_vendor_upgrade_info() {
        let mut env = TestEnv::new();
        let ctap_state = CtapState::new(&mut env, CtapInstant::new(0));
-        let partition_identifier = env.upgrade_storage().unwrap().partition_identifier();
+        let bundle_identifier = env.upgrade_storage().unwrap().bundle_identifier();

        let upgrade_info_reponse = ctap_state.process_vendor_upgrade_info(&mut env);
        assert_eq!(
            upgrade_info_reponse,
            Ok(ResponseData::AuthenticatorVendorUpgradeInfo(
                AuthenticatorVendorUpgradeInfoResponse {
-                    info: partition_identifier,
+                    info: bundle_identifier,
                }
            ))
        );