From 6c379b74b1e49c38b2ca839e0b3fd5dc4b61af00 Mon Sep 17 00:00:00 2001 From: M1nd3r Date: Tue, 18 Feb 2025 16:03:59 +0100 Subject: [PATCH] feat(core): add host static pubkey to channel cache [no changelog] --- core/src/apps/thp/pairing.py | 3 +++ core/src/storage/cache_common.py | 1 + core/src/storage/cache_thp.py | 18 ++++++++---------- .../wire/thp/received_message_handler.py | 1 + 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/core/src/apps/thp/pairing.py b/core/src/apps/thp/pairing.py index 9f6d22bb0d..8171e34481 100644 --- a/core/src/apps/thp/pairing.py +++ b/core/src/apps/thp/pairing.py @@ -393,6 +393,9 @@ async def _handle_credential_request( autoconnect=autoconnect, ) credential = issue_credential(message.host_static_pubkey, credential_metadata) + ctx.channel_ctx.channel_cache.set_host_static_pubkey( + bytearray(message.host_static_pubkey) + ) # TODO This could raise an exception, should be handled? return await ctx.call_any( ThpCredentialResponse( diff --git a/core/src/storage/cache_common.py b/core/src/storage/cache_common.py index 40eee905cc..17c2641d66 100644 --- a/core/src/storage/cache_common.py +++ b/core/src/storage/cache_common.py @@ -21,6 +21,7 @@ if utils.USE_THP: CHANNEL_KEY_SEND = const(2) CHANNEL_NONCE_RECEIVE = const(3) CHANNEL_NONCE_SEND = const(4) + CHANNEL_HOST_STATIC_PUBKEY = const(5) # Keys that are valid across sessions SESSIONLESS_FLAG = const(128) diff --git a/core/src/storage/cache_thp.py b/core/src/storage/cache_thp.py index 53ab110755..235983be02 100644 --- a/core/src/storage/cache_thp.py +++ b/core/src/storage/cache_thp.py @@ -2,7 +2,7 @@ import builtins from micropython import const from typing import TYPE_CHECKING -from storage.cache_common import DataCache +from storage.cache_common import CHANNEL_HOST_STATIC_PUBKEY, DataCache if TYPE_CHECKING: from typing import Tuple @@ -41,18 +41,18 @@ class ThpDataCache(DataCache): class ChannelCache(ThpDataCache): + def __init__(self) -> None: - self.host_ephemeral_pubkey = bytearray(KEY_LENGTH) self.state = bytearray(_CHANNEL_STATE_LENGTH) self.iface = bytearray(1) # TODO add decoding self.sync = 0x80 # can_send_bit | sync_receive_bit | sync_send_bit | rfu(5) - self.session_id_counter = 0x00 self.fields = ( 32, # CHANNEL_HANDSHAKE_HASH 32, # CHANNEL_KEY_RECEIVE 32, # CHANNEL_KEY_SEND 8, # CHANNEL_NONCE_RECEIVE 8, # CHANNEL_NONCE_SEND + 32, # CHANNEL_HOST_STATIC_PUBKEY ) super().__init__() @@ -60,11 +60,15 @@ class ChannelCache(ThpDataCache): self.state[:] = bytearray( int.to_bytes(0, _CHANNEL_STATE_LENGTH, "big") ) # Set state to UNALLOCATED - self.host_ephemeral_pubkey[:] = bytearray(KEY_LENGTH) self.state[:] = bytearray(_CHANNEL_STATE_LENGTH) self.iface[:] = bytearray(1) super().clear() + def set_host_static_pubkey(self, key: bytearray) -> None: + if len(key) != KEY_LENGTH: + raise Exception("Invalid key length") + self.set(CHANNEL_HOST_STATIC_PUBKEY, key) + class SessionThpCache(ThpDataCache): def __init__(self) -> None: @@ -207,12 +211,6 @@ def is_seedless_session(session_cache: SessionThpCache) -> bool: return _get_session_state(session_cache) == _SEEDLESS_STATE -def set_channel_host_ephemeral_key(channel: ChannelCache, key: bytearray) -> None: - if len(key) != KEY_LENGTH: - raise Exception("Invalid key length") - channel.host_ephemeral_pubkey = key - - def create_or_replace_session( channel: ChannelCache, session_id: bytes ) -> SessionThpCache: diff --git a/core/src/trezor/wire/thp/received_message_handler.py b/core/src/trezor/wire/thp/received_message_handler.py index f176615387..4f6a7afc3b 100644 --- a/core/src/trezor/wire/thp/received_message_handler.py +++ b/core/src/trezor/wire/thp/received_message_handler.py @@ -335,6 +335,7 @@ async def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) - if paired: trezor_state = _TREZOR_STATE_PAIRED ctx.credential = credential + ctx.channel_cache.set_host_static_pubkey(bytearray(host_static_pubkey)) else: ctx.credential = None except DataError as e: