From 8594ff19c37684a04b930cfa6ea68e03c65ad784 Mon Sep 17 00:00:00 2001
From: M1nd3r <petrsedlacek.km@seznam.cz>
Date: Sun, 9 Mar 2025 08:50:11 +0100
Subject: [PATCH] fix(core): make custom noise implementation compatible with
 standard

---
 core/src/trezor/wire/thp/crypto.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/src/trezor/wire/thp/crypto.py b/core/src/trezor/wire/thp/crypto.py
index 4ba7fc71c9..05cfa54247 100644
--- a/core/src/trezor/wire/thp/crypto.py
+++ b/core/src/trezor/wire/thp/crypto.py
@@ -98,6 +98,7 @@ class Handshake:
         trezor_ephemeral_pubkey = curve25519.publickey(self.trezor_ephemeral_privkey)
         self.h = _hash_of_two(PROTOCOL_NAME, device_properties)
         self.h = _hash_of_two(self.h, host_ephemeral_pubkey)
+        self.h = _hash_of_two(self.h, b"")
         self.h = _hash_of_two(self.h, trezor_ephemeral_pubkey)
         point = curve25519.multiply(
             self.trezor_ephemeral_privkey, host_ephemeral_pubkey
@@ -156,6 +157,7 @@ class Handshake:
         )
         aes_ctx = aesgcm(self.k, IV_1)
         aes_ctx.auth(self.h)
+        self.h = _hash_of_two(self.h, memoryview(encrypted_payload))
         aes_ctx.decrypt_in_place(memoryview(encrypted_payload)[:-16])
         if __debug__:
             log.debug(
@@ -165,7 +167,6 @@ class Handshake:
         if tag != encrypted_payload[-16:]:
             raise ThpDecryptionError()
 
-        self.h = _hash_of_two(self.h, memoryview(encrypted_payload)[:-16])
         self.key_receive, self.key_send = _hkdf(self.ck, b"")
         if __debug__:
             log.debug(