feat(core): add host static pubkey to channel cache

[no changelog]
2025-02-21 12:02:19 +00:00 · 2025-02-18 16:03:59 +01:00 · 2025-02-18 16:03:59 +01:00 · 1db161e451
commit 1db161e451
parent be4180e16f
4 changed files with 13 additions and 10 deletions
--- a/core/src/apps/thp/pairing.py
+++ b/core/src/apps/thp/pairing.py
@ -393,6 +393,9 @@ async def _handle_credential_request(
        autoconnect=autoconnect,
    )
    credential = issue_credential(message.host_static_pubkey, credential_metadata)
+    ctx.channel_ctx.channel_cache.set_host_static_pubkey(
+        bytearray(message.host_static_pubkey)
+    )  # TODO This could raise an exception, should be handled?

    return await ctx.call_any(
        ThpCredentialResponse(
--- a/core/src/storage/cache_common.py
+++ b/core/src/storage/cache_common.py
@ -21,6 +21,7 @@ if utils.USE_THP:
    CHANNEL_KEY_SEND = const(2)
    CHANNEL_NONCE_RECEIVE = const(3)
    CHANNEL_NONCE_SEND = const(4)
+    CHANNEL_HOST_STATIC_PUBKEY = const(5)

 # Keys that are valid across sessions
 SESSIONLESS_FLAG = const(128)
--- a/core/src/storage/cache_thp.py
+++ b/core/src/storage/cache_thp.py
@ -2,7 +2,7 @@ import builtins
 from micropython import const
 from typing import TYPE_CHECKING

-from storage.cache_common import DataCache
+from storage.cache_common import CHANNEL_HOST_STATIC_PUBKEY, DataCache

 if TYPE_CHECKING:
    from typing import Tuple
@ -41,18 +41,18 @@ class ThpDataCache(DataCache):


 class ChannelCache(ThpDataCache):
+
    def __init__(self) -> None:
-        self.host_ephemeral_pubkey = bytearray(KEY_LENGTH)
        self.state = bytearray(_CHANNEL_STATE_LENGTH)
        self.iface = bytearray(1)  # TODO add decoding
        self.sync = 0x80  # can_send_bit | sync_receive_bit | sync_send_bit | rfu(5)
-        self.session_id_counter = 0x00
        self.fields = (
            32,  # CHANNEL_HANDSHAKE_HASH
            32,  # CHANNEL_KEY_RECEIVE
            32,  # CHANNEL_KEY_SEND
            8,  # CHANNEL_NONCE_RECEIVE
            8,  # CHANNEL_NONCE_SEND
+            32,  # CHANNEL_HOST_STATIC_PUBKEY
        )
        super().__init__()

@ -60,11 +60,15 @@ class ChannelCache(ThpDataCache):
        self.state[:] = bytearray(
            int.to_bytes(0, _CHANNEL_STATE_LENGTH, "big")
        )  # Set state to UNALLOCATED
-        self.host_ephemeral_pubkey[:] = bytearray(KEY_LENGTH)
        self.state[:] = bytearray(_CHANNEL_STATE_LENGTH)
        self.iface[:] = bytearray(1)
        super().clear()

+    def set_host_static_pubkey(self, key: bytearray) -> None:
+        if len(key) != KEY_LENGTH:
+            raise Exception("Invalid key length")
+        self.set(CHANNEL_HOST_STATIC_PUBKEY, key)
+

 class SessionThpCache(ThpDataCache):
    def __init__(self) -> None:
@ -207,12 +211,6 @@ def is_seedless_session(session_cache: SessionThpCache) -> bool:
    return _get_session_state(session_cache) == _SEEDLESS_STATE


-def set_channel_host_ephemeral_key(channel: ChannelCache, key: bytearray) -> None:
-    if len(key) != KEY_LENGTH:
-        raise Exception("Invalid key length")
-    channel.host_ephemeral_pubkey = key
-
-
 def create_or_replace_session(
    channel: ChannelCache, session_id: bytes
 ) -> SessionThpCache:
--- a/core/src/trezor/wire/thp/received_message_handler.py
+++ b/core/src/trezor/wire/thp/received_message_handler.py
@ -335,6 +335,7 @@ async def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -
            if paired:
                trezor_state = _TREZOR_STATE_PAIRED
                ctx.credential = credential
+                ctx.channel_cache.set_host_static_pubkey(bytearray(host_static_pubkey))
            else:
                ctx.credential = None
        except DataError as e: