From 66c1da8a8bb34e064e06bc2aa6fc2d178877bde1 Mon Sep 17 00:00:00 2001
From: strmci <strmci@protonmail.com>
Date: Tue, 17 Feb 2026 16:43:56 +0100
Subject: [PATCH] firmware: return errors instead of panicking in Noise pairing

Replace panic-based error handling  with normal error
returns. This prevents process crashes when the device returns
malformed or truncated Noise handshake responses (for
example: "noise: message is too short") and lets callers handle
initialization failures gracefully.
---
 api/firmware/pairing.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/api/firmware/pairing.go b/api/firmware/pairing.go
index bf218a0..64ec1b5 100644
--- a/api/firmware/pairing.go
+++ b/api/firmware/pairing.go
@@ -35,7 +35,7 @@ func (device *Device) pair() error {
 		device.log.Info("noise static keypair created")
 		kp, err := cipherSuite.GenerateKeypair(rand.Reader)
 		if err != nil {
-			panic(err)
+			return err
 		}
 		keypair = &kp
 		if err := device.config.SetAppNoiseStaticKeypair(keypair); err != nil {
@@ -53,19 +53,19 @@ func (device *Device) pair() error {
 		Initiator:     true,
 	})
 	if err != nil {
-		panic(err)
+		return err
 	}
 	responseBytes, err := device.rawQuery([]byte(opICanHasHandShaek))
 	if err != nil {
 		return err
 	}
 	if string(responseBytes) != responseSuccess {
-		panic(string(responseBytes))
+		return errp.Newf("unexpected handshake start response: %x", responseBytes)
 	}
 	// do handshake:
 	msg, _, _, err := handshake.WriteMessage(nil, nil)
 	if err != nil {
-		panic(err)
+		return err
 	}
 	responseBytes, err = device.handshakeQuery(msg)
 	if err != nil {
@@ -73,11 +73,11 @@ func (device *Device) pair() error {
 	}
 	_, _, _, err = handshake.ReadMessage(nil, responseBytes)
 	if err != nil {
-		panic(err)
+		return err
 	}
 	msg, device.sendCipher, device.receiveCipher, err = handshake.WriteMessage(nil, nil)
 	if err != nil {
-		panic(err)
+		return err
 	}
 	responseBytes, err = device.handshakeQuery(msg)
 	if err != nil {
@@ -86,7 +86,7 @@ func (device *Device) pair() error {
 
 	device.deviceNoiseStaticPubkey = handshake.PeerStatic()
 	if len(device.deviceNoiseStaticPubkey) != 32 {
-		panic(errp.New("expected 32 byte remote static pubkey"))
+		return errp.New("expected 32 byte remote static pubkey")
 	}
 
 	pairingVerificationRequiredByApp := !device.options.optionalNoisePairingConfirmation && !device.config.ContainsDeviceStaticPubkey(device.deviceNoiseStaticPubkey)