arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-08-01 03:18:12 +00:00
Code Issues Releases Wiki Activity

fix: use public_key instead of pubkey in THP

Browse Source
This commit is contained in:
M1nd3r 2025-07-12 01:09:05 +02:00
parent 8fbd2d3d6b
commit de9fff8217
15 changed files with 265 additions and 236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common/protob/messages-thp.proto
View File

@ -208,7 +208,7 @@ message ThpNfcTagTrezor {
* @next ThpCredentialResponse
*/
message ThpCredentialRequest {
required bytes host_static_pubkey = 1; // Host's static public key identifying the credential.
required bytes host_static_public_key = 1; // Host's static public key identifying the credential.
optional bool autoconnect = 2 [default=false]; // Whether host wants to autoconnect without user confirmation
optional bytes credential = 3; // Host's previous credential
}
@ -219,7 +219,7 @@ message ThpCredentialRequest {
* @next ThpEndRequest
*/
message ThpCredentialResponse {
required bytes trezor_static_pubkey = 1; // Trezor's static public key used in the handshake.
required bytes trezor_static_public_key = 1; // Trezor's static public key used in the handshake.
required bytes credential = 2; // The pairing credential issued by the Trezor to the host.
}
@ -262,6 +262,6 @@ message ThpEndResponse {}
*/
message ThpAuthenticatedCredentialData {
option (internal_only) = true;
required bytes host_static_pubkey = 1; // Host's static public key used in the handshake
required bytes host_static_public_key = 1; // Host's static public key used in the handshake
required ThpCredentialMetadata cred_metadata = 2; // Credential metadata
}

14
core/src/apps/base.py
View File

@ -303,10 +303,10 @@ if utils.USE_THP:
# Assert that context `ctx` is `GenericSessionContext`
assert isinstance(ctx, GenericSessionContext)
# Check that request contains a host static pubkey
if message.host_static_pubkey is None:
# Check that request contains a host static public_key
if message.host_static_public_key is None:
return _get_autoconnect_failure(
"Credential request must contain a host static pubkey."
"Credential request must contain a host static public_key."
)
# Check that request contains valid credential
@ -315,7 +315,7 @@ if utils.USE_THP:
"Credential request must contain a previously issued pairing credential."
)
credential = decode_credential(message.credential)
if not validate_credential(credential, message.host_static_pubkey):
if not validate_credential(credential, message.host_static_public_key):
return _get_autoconnect_failure(
"Credential request contains an invalid pairing credential."
)
@ -335,13 +335,13 @@ if utils.USE_THP:
ctx, cred_metadata.host_name
)
new_cred = issue_credential(
host_static_pubkey=message.host_static_pubkey,
host_static_public_key=message.host_static_public_key,
credential_metadata=cred_metadata,
)
trezor_static_pubkey = crypto.get_trezor_static_pubkey()
trezor_static_public_key = crypto.get_trezor_static_public_key()
return ThpCredentialResponse(
trezor_static_pubkey=trezor_static_pubkey, credential=new_cred
trezor_static_public_key=trezor_static_public_key, credential=new_cred
)
def _get_autoconnect_failure(msg: str) -> Failure:

12
core/src/apps/thp/credential_manager.py
View File

@ -44,7 +44,7 @@ def invalidate_cred_auth_key() -> None:
def issue_credential(
host_static_pubkey: bytes,
host_static_public_key: bytes,
credential_metadata: ThpCredentialMetadata,
) -> bytes:
"""
@ -53,7 +53,7 @@ def issue_credential(
"""
cred_auth_key = derive_cred_auth_key()
proto_msg = ThpAuthenticatedCredentialData(
host_static_pubkey=host_static_pubkey,
host_static_public_key=host_static_public_key,
cred_metadata=credential_metadata,
)
authenticated_credential_data = _encode_message_into_new_buffer(proto_msg)
@ -78,14 +78,14 @@ def decode_credential(
def validate_credential(
credential: ThpPairingCredential,
host_static_pubkey: bytes,
host_static_public_key: bytes,
) -> bool:
"""
Validate a pairing credential binded to the provided host static public key.
"""
cred_auth_key = derive_cred_auth_key()
proto_msg = ThpAuthenticatedCredentialData(
host_static_pubkey=host_static_pubkey,
host_static_public_key=host_static_public_key,
cred_metadata=credential.cred_metadata,
)
authenticated_credential_data = _encode_message_into_new_buffer(proto_msg)
@ -95,14 +95,14 @@ def validate_credential(
def decode_and_validate_credential(
encoded_pairing_credential_message: bytes,
host_static_pubkey: bytes,
host_static_public_key: bytes,
) -> bool:
"""
Decode a protobuf encoded pairing credential and validate it
binded to the provided host static public key.
"""
credential = decode_credential(encoded_pairing_credential_message)
return validate_credential(credential, host_static_pubkey)
return validate_credential(credential, host_static_public_key)
def is_credential_autoconnect(credential: ThpPairingCredential) -> bool:

17
core/src/apps/thp/pairing.py
View File

@ -407,7 +407,7 @@ async def _handle_credential_request(
if not ThpCredentialRequest.is_type_of(message):
raise UnexpectedMessage("Unexpected message")
if message.host_static_pubkey is None:
if message.host_static_public_key is None:
raise Exception("Invalid message") # TODO change failure type
autoconnect: bool = False
@ -422,12 +422,13 @@ async def _handle_credential_request(
from .credential_manager import validate_credential
host_static_pubkey = ctx.channel_ctx.channel_cache.get(
host_static_public_key = ctx.channel_ctx.channel_cache.get(
CHANNEL_HOST_STATIC_PUBKEY
)
if not host_static_pubkey or not validate_credential(
credential=ctx.channel_ctx.credential, host_static_pubkey=host_static_pubkey
if not host_static_public_key or not validate_credential(
credential=ctx.channel_ctx.credential,
host_static_public_key=host_static_public_key,
):
raise Exception(
"Cannot ask for autoconnect credential without a valid credential!"
@ -435,16 +436,16 @@ async def _handle_credential_request(
await ctx.show_autoconnect_credential_confirmation_screen() # TODO add device name
trezor_static_pubkey = crypto.get_trezor_static_pubkey()
trezor_static_public_key = crypto.get_trezor_static_public_key()
credential_metadata = ThpCredentialMetadata(
host_name=ctx.host_name,
autoconnect=autoconnect,
)
credential = issue_credential(message.host_static_pubkey, credential_metadata)
credential = issue_credential(message.host_static_public_key, credential_metadata)
return await ctx.call_any(
ThpCredentialResponse(
trezor_static_pubkey=trezor_static_pubkey, credential=credential
trezor_static_public_key=trezor_static_public_key, credential=credential
),
ThpMessageType.ThpCredentialRequest,
ThpMessageType.ThpEndRequest,
@ -461,7 +462,7 @@ async def _handle_end_request(
async def _end_pairing(ctx: PairingContext) -> ThpEndResponse:
ctx.channel_ctx.replace_old_channels_with_the_same_host_pubkey()
ctx.channel_ctx.replace_old_channels_with_the_same_host_public_key()
ctx.channel_ctx.set_channel_state(ChannelState.ENCRYPTED_TRANSPORT)
return ThpEndResponse()

2
core/src/storage/cache_thp.py
View File

@ -75,7 +75,7 @@ class ChannelCache(ThpDataCache):
def sync(self, value: int) -> None:
self.set_int(CHANNEL_SYNC, value)
def set_host_static_pubkey(self, key: bytearray) -> None:
def set_host_static_public_key(self, key: bytearray) -> None:
if len(key) != KEY_LENGTH:
raise Exception("Invalid key length")
self.set(CHANNEL_HOST_STATIC_PUBKEY, key)

12
core/src/trezor/messages.py generated
View File

@ -6430,14 +6430,14 @@ if TYPE_CHECKING:
return isinstance(msg, cls)
class ThpCredentialRequest(protobuf.MessageType):
host_static_pubkey: "bytes"
host_static_public_key: "bytes"
autoconnect: "bool"
credential: "bytes | None"
def __init__(
self,
*,
host_static_pubkey: "bytes",
host_static_public_key: "bytes",
autoconnect: "bool | None" = None,
credential: "bytes | None" = None,
) -> None:
@ -6448,13 +6448,13 @@ if TYPE_CHECKING:
return isinstance(msg, cls)
class ThpCredentialResponse(protobuf.MessageType):
trezor_static_pubkey: "bytes"
trezor_static_public_key: "bytes"
credential: "bytes"
def __init__(
self,
*,
trezor_static_pubkey: "bytes",
trezor_static_public_key: "bytes",
credential: "bytes",
) -> None:
pass
@ -6508,13 +6508,13 @@ if TYPE_CHECKING:
return isinstance(msg, cls)
class ThpAuthenticatedCredentialData(protobuf.MessageType):
host_static_pubkey: "bytes"
host_static_public_key: "bytes"
cred_metadata: "ThpCredentialMetadata"
def __init__(
self,
*,
host_static_pubkey: "bytes",
host_static_public_key: "bytes",
cred_metadata: "ThpCredentialMetadata",
) -> None:
pass

2
core/src/trezor/wire/thp/channel.py
View File

@ -122,7 +122,7 @@ class Channel:
if __debug__:
self._log("set_channel_state: ", state_to_str(state))
def replace_old_channels_with_the_same_host_pubkey(self) -> None:
def replace_old_channels_with_the_same_host_public_key(self) -> None:
was_any_replaced = conditionally_replace_channel(
new_channel=self.channel_cache,
required_state=ChannelState.ENCRYPTED_TRANSPORT,

74
core/src/trezor/wire/thp/crypto.py
View File

@ -81,7 +81,7 @@ class Handshake:
"""
def __init__(self) -> None:
self.trezor_ephemeral_privkey: bytes
self.trezor_ephemeral_private_key: bytes
self.ck: bytes
self.k: bytes
self.h: bytes
@ -91,24 +91,30 @@ class Handshake:
def handle_th1_crypto(
self,
device_properties: bytes,
host_ephemeral_pubkey: bytes,
host_ephemeral_public_key: bytes,
) -> tuple[bytes, bytes, bytes]:
trezor_static_privkey, trezor_static_pubkey = _derive_static_key_pair()
self.trezor_ephemeral_privkey = curve25519.generate_secret()
trezor_ephemeral_pubkey = curve25519.publickey(self.trezor_ephemeral_privkey)
trezor_static_private_key, trezor_static_public_key = _derive_static_key_pair()
self.trezor_ephemeral_private_key = curve25519.generate_secret()
trezor_ephemeral_public_key = curve25519.publickey(
self.trezor_ephemeral_private_key
)
self.h = _hash_of_two(PROTOCOL_NAME, device_properties)
self.h = _hash_of_two(self.h, host_ephemeral_pubkey)
self.h = _hash_of_two(self.h, host_ephemeral_public_key)
self.h = _hash_of_two(self.h, b"")
self.h = _hash_of_two(self.h, trezor_ephemeral_pubkey)
self.h = _hash_of_two(self.h, trezor_ephemeral_public_key)
point = curve25519.multiply(
self.trezor_ephemeral_privkey, host_ephemeral_pubkey
self.trezor_ephemeral_private_key, host_ephemeral_public_key
)
self.ck, self.k = _hkdf(PROTOCOL_NAME, point)
mask = _hash_of_two(trezor_static_pubkey, trezor_ephemeral_pubkey)
trezor_masked_static_pubkey = curve25519.multiply(mask, trezor_static_pubkey)
mask = _hash_of_two(trezor_static_public_key, trezor_ephemeral_public_key)
trezor_masked_static_public_key = curve25519.multiply(
mask, trezor_static_public_key
)
aes_ctx = aesgcm(self.k, IV_1)
encrypted_trezor_static_pubkey = aes_ctx.encrypt(trezor_masked_static_pubkey)
encrypted_trezor_static_public_key = aes_ctx.encrypt(
trezor_masked_static_public_key
)
if __debug__:
log.debug(
__name__,
@ -120,46 +126,54 @@ class Handshake:
aes_ctx.auth(self.h)
tag_to_encrypted_key = aes_ctx.finish()
encrypted_trezor_static_pubkey = (
encrypted_trezor_static_pubkey + tag_to_encrypted_key
encrypted_trezor_static_public_key = (
encrypted_trezor_static_public_key + tag_to_encrypted_key
)
self.h = _hash_of_two(self.h, encrypted_trezor_static_public_key)
point = curve25519.multiply(
trezor_static_private_key, host_ephemeral_public_key
)
self.h = _hash_of_two(self.h, encrypted_trezor_static_pubkey)
point = curve25519.multiply(trezor_static_privkey, host_ephemeral_pubkey)
self.ck, self.k = _hkdf(self.ck, curve25519.multiply(mask, point))
aes_ctx = aesgcm(self.k, IV_1)
aes_ctx.auth(self.h)
tag = aes_ctx.finish()
self.h = _hash_of_two(self.h, tag)
return (trezor_ephemeral_pubkey, encrypted_trezor_static_pubkey, tag)
return (trezor_ephemeral_public_key, encrypted_trezor_static_public_key, tag)
def handle_th2_crypto(
self,
encrypted_host_static_pubkey: utils.BufferType,
encrypted_host_static_public_key: utils.BufferType,
encrypted_payload: utils.BufferType,
) -> None:
aes_ctx = aesgcm(self.k, IV_2)
# The new value of hash `h` MUST be computed before the `encrypted_host_static_pubkey` is decrypted.
# However, decryption of `encrypted_host_static_pubkey` MUST use the previous value of `h` for
# The new value of hash `h` MUST be computed before the `encrypted_host_static_public_key` is decrypted.
# However, decryption of `encrypted_host_static_public_key` MUST use the previous value of `h` for
# authentication of the gcm tag.
aes_ctx.auth(self.h) # Authenticate with the previous value of `h`
self.h = _hash_of_two(self.h, encrypted_host_static_pubkey) # Compute new value
self.h = _hash_of_two(
self.h, encrypted_host_static_public_key
) # Compute new value
aes_ctx.decrypt_in_place(
memoryview(encrypted_host_static_pubkey)[:PUBKEY_LENGTH]
memoryview(encrypted_host_static_public_key)[:PUBKEY_LENGTH]
)
if __debug__:
log.debug(
__name__, "th2 - dec (key: %s, nonce: %d)", hexlify_if_bytes(self.k), 1
)
host_static_pubkey = memoryview(encrypted_host_static_pubkey)[:PUBKEY_LENGTH]
host_static_public_key = memoryview(encrypted_host_static_public_key)[
:PUBKEY_LENGTH
]
tag = aes_ctx.finish()
if tag != encrypted_host_static_pubkey[-16:]:
if tag != encrypted_host_static_public_key[-16:]:
raise ThpDecryptionError()
self.ck, self.k = _hkdf(
self.ck,
curve25519.multiply(self.trezor_ephemeral_privkey, host_static_pubkey),
curve25519.multiply(
self.trezor_ephemeral_private_key, host_static_public_key
),
)
aes_ctx = aesgcm(self.k, IV_1)
aes_ctx.auth(self.h)
@ -194,17 +208,17 @@ def _derive_static_key_pair() -> tuple[bytes, bytes]:
node = bip32.from_seed(device.get_device_secret(), "curve25519")
node.derive(node_int)
trezor_static_privkey = node.private_key()
trezor_static_pubkey = node.public_key()[1:33]
trezor_static_private_key = node.private_key()
trezor_static_public_key = node.public_key()[1:33]
# Note: the first byte (\x01) of the public key is removed, as it
# only indicates the type of the elliptic curve used
return trezor_static_privkey, trezor_static_pubkey
return trezor_static_private_key, trezor_static_public_key
def get_trezor_static_pubkey() -> bytes:
_, pubkey = _derive_static_key_pair()
return pubkey
def get_trezor_static_public_key() -> bytes:
_, public_key = _derive_static_key_pair()
return public_key
def _hkdf(chaining_key: bytes, input: bytes) -> tuple[bytes, bytes]:

30
core/src/trezor/wire/thp/received_message_handler.py
View File

@ -254,31 +254,31 @@ def _handle_state_TH1(
# if buffer is BufferError:
# pass # TODO buffer is gone :/
host_ephemeral_pubkey = bytearray(
host_ephemeral_public_key = bytearray(
buffer[INIT_HEADER_LENGTH : message_length - CHECKSUM_LENGTH]
)
trezor_ephemeral_pubkey, encrypted_trezor_static_pubkey, tag = (
trezor_ephemeral_public_key, encrypted_trezor_static_public_key, tag = (
ctx.handshake.handle_th1_crypto(
get_encoded_device_properties(ctx.iface), host_ephemeral_pubkey
get_encoded_device_properties(ctx.iface), host_ephemeral_public_key
)
)
if __debug__:
log.debug(
__name__,
"trezor ephemeral pubkey: %s",
hexlify_if_bytes(trezor_ephemeral_pubkey),
"trezor ephemeral public key: %s",
hexlify_if_bytes(trezor_ephemeral_public_key),
iface=ctx.iface,
)
log.debug(
__name__,
"encrypted trezor masked static pubkey: %s",
hexlify_if_bytes(encrypted_trezor_static_pubkey),
"encrypted trezor masked static public key: %s",
hexlify_if_bytes(encrypted_trezor_static_public_key),
iface=ctx.iface,
)
log.debug(__name__, "tag: %s", hexlify_if_bytes(tag), iface=ctx.iface)
payload = trezor_ephemeral_pubkey + encrypted_trezor_static_pubkey + tag
payload = trezor_ephemeral_public_key + encrypted_trezor_static_public_key + tag
# send handshake init response message
ctx.write_handshake_message(HANDSHAKE_INIT_RES, payload)
@ -305,7 +305,7 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None
buffer = memory_manager.get_existing_read_buffer(ctx.get_channel_id_int())
# if buffer is BufferError:
# pass # TODO handle
host_encrypted_static_pubkey = buffer[
host_encrypted_static_public_key = buffer[
INIT_HEADER_LENGTH : INIT_HEADER_LENGTH + KEY_LENGTH + TAG_LENGTH
]
handshake_completion_request_noise_payload = buffer[
@ -313,7 +313,7 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None
]
ctx.handshake.handle_th2_crypto(
host_encrypted_static_pubkey, handshake_completion_request_noise_payload
host_encrypted_static_public_key, handshake_completion_request_noise_payload
)
ctx.channel_cache.set(CHANNEL_KEY_RECEIVE, ctx.handshake.key_receive)
@ -339,15 +339,15 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None
if __debug__:
log.debug(
__name__,
"host static pubkey: %s, noise payload: %s",
utils.hexlify_if_bytes(host_encrypted_static_pubkey),
"host static public key: %s, noise payload: %s",
utils.hexlify_if_bytes(host_encrypted_static_public_key),
utils.hexlify_if_bytes(handshake_completion_request_noise_payload),
iface=ctx.iface,
)
# key is decoded in handshake._handle_th2_crypto
host_static_pubkey = host_encrypted_static_pubkey[:PUBKEY_LENGTH]
ctx.channel_cache.set_host_static_pubkey(bytearray(host_static_pubkey))
host_static_public_key = host_encrypted_static_public_key[:PUBKEY_LENGTH]
ctx.channel_cache.set_host_static_public_key(bytearray(host_static_public_key))
paired: bool = False
trezor_state = _TREZOR_STATE_UNPAIRED
@ -357,7 +357,7 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None
credential = decode_credential(noise_payload.host_pairing_credential)
paired = validate_credential(
credential,
host_static_pubkey,
host_static_public_key,
)
if paired:
trezor_state = _TREZOR_STATE_PAIRED

4
core/tests/test_apps.thp.credential_manager.py
View File

@ -7,9 +7,9 @@ if utils.USE_THP:
from apps.thp import credential_manager
def _issue_credential(host_name: str, host_static_pubkey: bytes) -> bytes:
def _issue_credential(host_name: str, host_static_public_key: bytes) -> bytes:
metadata = ThpCredentialMetadata(host_name=host_name)
return credential_manager.issue_credential(host_static_pubkey, metadata)
return credential_manager.issue_credential(host_static_public_key, metadata)
def _dummy_log(name: str, msg: str, *args):
pass

22
core/tests/test_trezor.wire.thp.crypto.py
View File

@ -117,19 +117,19 @@ class TestTrezorHostProtocolCrypto(unittest.TestCase):
storage.device.get_device_secret = get_dummy_device_secret
handshake = self.handshake
host_ephemeral_privkey = curve25519.generate_secret()
host_ephemeral_pubkey = curve25519.publickey(host_ephemeral_privkey)
handshake.handle_th1_crypto(b"", host_ephemeral_pubkey)
host_ephemeral_private_key = curve25519.generate_secret()
host_ephemeral_public_key = curve25519.publickey(host_ephemeral_private_key)
handshake.handle_th1_crypto(b"", host_ephemeral_public_key)
def test_th2_crypto(self):
handshake = self.handshake
host_static_privkey = curve25519.generate_secret()
host_static_pubkey = curve25519.publickey(host_static_privkey)
host_static_private_key = curve25519.generate_secret()
host_static_public_key = curve25519.publickey(host_static_private_key)
aes_ctx = aesgcm(handshake.k, IV_2)
aes_ctx.auth(handshake.h)
encrypted_host_static_pubkey = bytearray(
aes_ctx.encrypt(host_static_pubkey) + aes_ctx.finish()
encrypted_host_static_public_key = bytearray(
aes_ctx.encrypt(host_static_public_key) + aes_ctx.finish()
)
# Code to encrypt Host's noise encrypted payload correctly:
@ -137,10 +137,12 @@ class TestTrezorHostProtocolCrypto(unittest.TestCase):
temp_k = handshake.k
temp_h = handshake.h
temp_h = crypto._hash_of_two(temp_h, encrypted_host_static_pubkey)
temp_h = crypto._hash_of_two(temp_h, encrypted_host_static_public_key)
_, temp_k = crypto._hkdf(
handshake.ck,
curve25519.multiply(handshake.trezor_ephemeral_privkey, host_static_pubkey),
curve25519.multiply(
handshake.trezor_ephemeral_private_key, host_static_public_key
),
)
aes_ctx = aesgcm(temp_k, IV_1)
aes_ctx.encrypt_in_place(protomsg)
@ -149,7 +151,7 @@ class TestTrezorHostProtocolCrypto(unittest.TestCase):
encrypted_payload = bytearray(protomsg + tag)
# end of encrypted payload generation
handshake.handle_th2_crypto(encrypted_host_static_pubkey, encrypted_payload)
handshake.handle_th2_crypto(encrypted_host_static_public_key, encrypted_payload)
self.assertEqual(encrypted_payload[:4], b"\x10\x02\x10\x03")

4
core/tests/test_trezor.wire.thp.py
View File

@ -361,8 +361,8 @@ class TestTrezorHostProtocol(unittest.TestCase):
user_message = Message(ThpMessageType.ThpCodeEntryTag, buffer)
self.interface.mock_read(user_message, gen)
host_static_pubkey = b"\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77"
msg = ThpCredentialRequest(host_static_pubkey=host_static_pubkey)
host_static_public_key = b"\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77"
msg = ThpCredentialRequest(host_static_public_key=host_static_public_key)
buffer: bytearray = bytearray(protobuf.encoded_length(msg))
protobuf.encode(buffer, msg)
credential_request = Message(ThpMessageType.ThpCredentialRequest, buffer)

18
python/src/trezorlib/messages.py generated
View File

@ -8162,7 +8162,7 @@ class ThpNfcTagTrezor(protobuf.MessageType):
class ThpCredentialRequest(protobuf.MessageType):
MESSAGE_WIRE_TYPE = 1010
FIELDS = {
1: protobuf.Field("host_static_pubkey", "bytes", repeated=False, required=True),
1: protobuf.Field("host_static_public_key", "bytes", repeated=False, required=True),
2: protobuf.Field("autoconnect", "bool", repeated=False, required=False, default=False),
3: protobuf.Field("credential", "bytes", repeated=False, required=False, default=None),
}
@ -8170,11 +8170,11 @@ class ThpCredentialRequest(protobuf.MessageType):
def __init__(
self,
*,
host_static_pubkey: "bytes",
host_static_public_key: "bytes",
autoconnect: Optional["bool"] = False,
credential: Optional["bytes"] = None,
) -> None:
self.host_static_pubkey = host_static_pubkey
self.host_static_public_key = host_static_public_key
self.autoconnect = autoconnect
self.credential = credential
@ -8182,17 +8182,17 @@ class ThpCredentialRequest(protobuf.MessageType):
class ThpCredentialResponse(protobuf.MessageType):
MESSAGE_WIRE_TYPE = 1011
FIELDS = {
1: protobuf.Field("trezor_static_pubkey", "bytes", repeated=False, required=True),
1: protobuf.Field("trezor_static_public_key", "bytes", repeated=False, required=True),
2: protobuf.Field("credential", "bytes", repeated=False, required=True),
}
def __init__(
self,
*,
trezor_static_pubkey: "bytes",
trezor_static_public_key: "bytes",
credential: "bytes",
) -> None:
self.trezor_static_pubkey = trezor_static_pubkey
self.trezor_static_public_key = trezor_static_public_key
self.credential = credential
@ -8241,17 +8241,17 @@ class ThpPairingCredential(protobuf.MessageType):
class ThpAuthenticatedCredentialData(protobuf.MessageType):
MESSAGE_WIRE_TYPE = None
FIELDS = {
1: protobuf.Field("host_static_pubkey", "bytes", repeated=False, required=True),
1: protobuf.Field("host_static_public_key", "bytes", repeated=False, required=True),
2: protobuf.Field("cred_metadata", "ThpCredentialMetadata", repeated=False, required=True),
}
def __init__(
self,
*,
host_static_pubkey: "bytes",
host_static_public_key: "bytes",
cred_metadata: "ThpCredentialMetadata",
) -> None:
self.host_static_pubkey = host_static_pubkey
self.host_static_public_key = host_static_public_key
self.cred_metadata = cred_metadata

232
rust/trezor-client/src/protos/generated/messages_thp.rs generated
View File

@ -2734,8 +2734,8 @@ impl ::protobuf::reflect::ProtobufValue for ThpNfcTagTrezor {
#[derive(PartialEq,Clone,Default,Debug)]
pub struct ThpCredentialRequest {
// message fields
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.host_static_pubkey)
pub host_static_pubkey: ::std::option::Option<::std::vec::Vec<u8>>,
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.host_static_public_key)
pub host_static_public_key: ::std::option::Option<::std::vec::Vec<u8>>,
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.autoconnect)
pub autoconnect: ::std::option::Option<bool>,
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.credential)
@ -2756,40 +2756,40 @@ impl ThpCredentialRequest {
::std::default::Default::default()
}
// required bytes host_static_pubkey = 1;
// required bytes host_static_public_key = 1;
pub fn host_static_pubkey(&self) -> &[u8] {
match self.host_static_pubkey.as_ref() {
pub fn host_static_public_key(&self) -> &[u8] {
match self.host_static_public_key.as_ref() {
Some(v) => v,
None => &[],
}
}
pub fn clear_host_static_pubkey(&mut self) {
self.host_static_pubkey = ::std::option::Option::None;
pub fn clear_host_static_public_key(&mut self) {
self.host_static_public_key = ::std::option::Option::None;
}
pub fn has_host_static_pubkey(&self) -> bool {
self.host_static_pubkey.is_some()
pub fn has_host_static_public_key(&self) -> bool {
self.host_static_public_key.is_some()
}
// Param is passed by value, moved
pub fn set_host_static_pubkey(&mut self, v: ::std::vec::Vec<u8>) {
self.host_static_pubkey = ::std::option::Option::Some(v);
pub fn set_host_static_public_key(&mut self, v: ::std::vec::Vec<u8>) {
self.host_static_public_key = ::std::option::Option::Some(v);
}
// Mutable pointer to the field.
// If field is not initialized, it is initialized with default value first.
pub fn mut_host_static_pubkey(&mut self) -> &mut ::std::vec::Vec<u8> {
if self.host_static_pubkey.is_none() {
self.host_static_pubkey = ::std::option::Option::Some(::std::vec::Vec::new());
pub fn mut_host_static_public_key(&mut self) -> &mut ::std::vec::Vec<u8> {
if self.host_static_public_key.is_none() {
self.host_static_public_key = ::std::option::Option::Some(::std::vec::Vec::new());
}
self.host_static_pubkey.as_mut().unwrap()
self.host_static_public_key.as_mut().unwrap()
}
// Take field
pub fn take_host_static_pubkey(&mut self) -> ::std::vec::Vec<u8> {
self.host_static_pubkey.take().unwrap_or_else(|| ::std::vec::Vec::new())
pub fn take_host_static_public_key(&mut self) -> ::std::vec::Vec<u8> {
self.host_static_public_key.take().unwrap_or_else(|| ::std::vec::Vec::new())
}
// optional bool autoconnect = 2;
@ -2851,9 +2851,9 @@ impl ThpCredentialRequest {
let mut fields = ::std::vec::Vec::with_capacity(3);
let mut oneofs = ::std::vec::Vec::with_capacity(0);
fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
"host_static_pubkey",
|m: &ThpCredentialRequest| { &m.host_static_pubkey },
|m: &mut ThpCredentialRequest| { &mut m.host_static_pubkey },
"host_static_public_key",
|m: &ThpCredentialRequest| { &m.host_static_public_key },
|m: &mut ThpCredentialRequest| { &mut m.host_static_public_key },
));
fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
"autoconnect",
@ -2877,7 +2877,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
const NAME: &'static str = "ThpCredentialRequest";
fn is_initialized(&self) -> bool {
if self.host_static_pubkey.is_none() {
if self.host_static_public_key.is_none() {
return false;
}
true
@ -2887,7 +2887,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
while let Some(tag) = is.read_raw_tag_or_eof()? {
match tag {
10 => {
self.host_static_pubkey = ::std::option::Option::Some(is.read_bytes()?);
self.host_static_public_key = ::std::option::Option::Some(is.read_bytes()?);
},
16 => {
self.autoconnect = ::std::option::Option::Some(is.read_bool()?);
@ -2907,7 +2907,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
#[allow(unused_variables)]
fn compute_size(&self) -> u64 {
let mut my_size = 0;
if let Some(v) = self.host_static_pubkey.as_ref() {
if let Some(v) = self.host_static_public_key.as_ref() {
my_size += ::protobuf::rt::bytes_size(1, &v);
}
if let Some(v) = self.autoconnect {
@ -2922,7 +2922,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
}
fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> {
if let Some(v) = self.host_static_pubkey.as_ref() {
if let Some(v) = self.host_static_public_key.as_ref() {
os.write_bytes(1, v)?;
}
if let Some(v) = self.autoconnect {
@ -2948,7 +2948,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
}
fn clear(&mut self) {
self.host_static_pubkey = ::std::option::Option::None;
self.host_static_public_key = ::std::option::Option::None;
self.autoconnect = ::std::option::Option::None;
self.credential = ::std::option::Option::None;
self.special_fields.clear();
@ -2956,7 +2956,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
fn default_instance() -> &'static ThpCredentialRequest {
static instance: ThpCredentialRequest = ThpCredentialRequest {
host_static_pubkey: ::std::option::Option::None,
host_static_public_key: ::std::option::Option::None,
autoconnect: ::std::option::Option::None,
credential: ::std::option::Option::None,
special_fields: ::protobuf::SpecialFields::new(),
@ -2986,8 +2986,8 @@ impl ::protobuf::reflect::ProtobufValue for ThpCredentialRequest {
#[derive(PartialEq,Clone,Default,Debug)]
pub struct ThpCredentialResponse {
// message fields
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialResponse.trezor_static_pubkey)
pub trezor_static_pubkey: ::std::option::Option<::std::vec::Vec<u8>>,
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialResponse.trezor_static_public_key)
pub trezor_static_public_key: ::std::option::Option<::std::vec::Vec<u8>>,
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialResponse.credential)
pub credential: ::std::option::Option<::std::vec::Vec<u8>>,
// special fields
@ -3006,40 +3006,40 @@ impl ThpCredentialResponse {
::std::default::Default::default()
}
// required bytes trezor_static_pubkey = 1;
// required bytes trezor_static_public_key = 1;
pub fn trezor_static_pubkey(&self) -> &[u8] {
match self.trezor_static_pubkey.as_ref() {
pub fn trezor_static_public_key(&self) -> &[u8] {
match self.trezor_static_public_key.as_ref() {
Some(v) => v,
None => &[],
}
}
pub fn clear_trezor_static_pubkey(&mut self) {
self.trezor_static_pubkey = ::std::option::Option::None;
pub fn clear_trezor_static_public_key(&mut self) {
self.trezor_static_public_key = ::std::option::Option::None;
}
pub fn has_trezor_static_pubkey(&self) -> bool {
self.trezor_static_pubkey.is_some()
pub fn has_trezor_static_public_key(&self) -> bool {
self.trezor_static_public_key.is_some()
}
// Param is passed by value, moved
pub fn set_trezor_static_pubkey(&mut self, v: ::std::vec::Vec<u8>) {
self.trezor_static_pubkey = ::std::option::Option::Some(v);
pub fn set_trezor_static_public_key(&mut self, v: ::std::vec::Vec<u8>) {
self.trezor_static_public_key = ::std::option::Option::Some(v);
}
// Mutable pointer to the field.
// If field is not initialized, it is initialized with default value first.
pub fn mut_trezor_static_pubkey(&mut self) -> &mut ::std::vec::Vec<u8> {
if self.trezor_static_pubkey.is_none() {
self.trezor_static_pubkey = ::std::option::Option::Some(::std::vec::Vec::new());
pub fn mut_trezor_static_public_key(&mut self) -> &mut ::std::vec::Vec<u8> {
if self.trezor_static_public_key.is_none() {
self.trezor_static_public_key = ::std::option::Option::Some(::std::vec::Vec::new());
}
self.trezor_static_pubkey.as_mut().unwrap()
self.trezor_static_public_key.as_mut().unwrap()
}
// Take field
pub fn take_trezor_static_pubkey(&mut self) -> ::std::vec::Vec<u8> {
self.trezor_static_pubkey.take().unwrap_or_else(|| ::std::vec::Vec::new())
pub fn take_trezor_static_public_key(&mut self) -> ::std::vec::Vec<u8> {
self.trezor_static_public_key.take().unwrap_or_else(|| ::std::vec::Vec::new())
}
// required bytes credential = 2;
@ -3082,9 +3082,9 @@ impl ThpCredentialResponse {
let mut fields = ::std::vec::Vec::with_capacity(2);
let mut oneofs = ::std::vec::Vec::with_capacity(0);
fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
"trezor_static_pubkey",
|m: &ThpCredentialResponse| { &m.trezor_static_pubkey },
|m: &mut ThpCredentialResponse| { &mut m.trezor_static_pubkey },
"trezor_static_public_key",
|m: &ThpCredentialResponse| { &m.trezor_static_public_key },
|m: &mut ThpCredentialResponse| { &mut m.trezor_static_public_key },
));
fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
"credential",
@ -3103,7 +3103,7 @@ impl ::protobuf::Message for ThpCredentialResponse {
const NAME: &'static str = "ThpCredentialResponse";
fn is_initialized(&self) -> bool {
if self.trezor_static_pubkey.is_none() {
if self.trezor_static_public_key.is_none() {
return false;
}
if self.credential.is_none() {
@ -3116,7 +3116,7 @@ impl ::protobuf::Message for ThpCredentialResponse {
while let Some(tag) = is.read_raw_tag_or_eof()? {
match tag {
10 => {
self.trezor_static_pubkey = ::std::option::Option::Some(is.read_bytes()?);
self.trezor_static_public_key = ::std::option::Option::Some(is.read_bytes()?);
},
18 => {
self.credential = ::std::option::Option::Some(is.read_bytes()?);
@ -3133,7 +3133,7 @@ impl ::protobuf::Message for ThpCredentialResponse {
#[allow(unused_variables)]
fn compute_size(&self) -> u64 {
let mut my_size = 0;
if let Some(v) = self.trezor_static_pubkey.as_ref() {
if let Some(v) = self.trezor_static_public_key.as_ref() {
my_size += ::protobuf::rt::bytes_size(1, &v);
}
if let Some(v) = self.credential.as_ref() {
@ -3145,7 +3145,7 @@ impl ::protobuf::Message for ThpCredentialResponse {
}
fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> {
if let Some(v) = self.trezor_static_pubkey.as_ref() {
if let Some(v) = self.trezor_static_public_key.as_ref() {
os.write_bytes(1, v)?;
}
if let Some(v) = self.credential.as_ref() {
@ -3168,14 +3168,14 @@ impl ::protobuf::Message for ThpCredentialResponse {
}
fn clear(&mut self) {
self.trezor_static_pubkey = ::std::option::Option::None;
self.trezor_static_public_key = ::std::option::Option::None;
self.credential = ::std::option::Option::None;
self.special_fields.clear();
}
fn default_instance() -> &'static ThpCredentialResponse {
static instance: ThpCredentialResponse = ThpCredentialResponse {
trezor_static_pubkey: ::std::option::Option::None,
trezor_static_public_key: ::std::option::Option::None,
credential: ::std::option::Option::None,
special_fields: ::protobuf::SpecialFields::new(),
};
@ -3793,8 +3793,8 @@ impl ::protobuf::reflect::ProtobufValue for ThpPairingCredential {
#[derive(PartialEq,Clone,Default,Debug)]
pub struct ThpAuthenticatedCredentialData {
// message fields
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpAuthenticatedCredentialData.host_static_pubkey)
pub host_static_pubkey: ::std::option::Option<::std::vec::Vec<u8>>,
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpAuthenticatedCredentialData.host_static_public_key)
pub host_static_public_key: ::std::option::Option<::std::vec::Vec<u8>>,
// @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpAuthenticatedCredentialData.cred_metadata)
pub cred_metadata: ::protobuf::MessageField<ThpCredentialMetadata>,
// special fields
@ -3813,49 +3813,49 @@ impl ThpAuthenticatedCredentialData {
::std::default::Default::default()
}
// required bytes host_static_pubkey = 1;
// required bytes host_static_public_key = 1;
pub fn host_static_pubkey(&self) -> &[u8] {
match self.host_static_pubkey.as_ref() {
pub fn host_static_public_key(&self) -> &[u8] {
match self.host_static_public_key.as_ref() {
Some(v) => v,
None => &[],
}
}
pub fn clear_host_static_pubkey(&mut self) {
self.host_static_pubkey = ::std::option::Option::None;
pub fn clear_host_static_public_key(&mut self) {
self.host_static_public_key = ::std::option::Option::None;
}
pub fn has_host_static_pubkey(&self) -> bool {
self.host_static_pubkey.is_some()
pub fn has_host_static_public_key(&self) -> bool {
self.host_static_public_key.is_some()
}
// Param is passed by value, moved
pub fn set_host_static_pubkey(&mut self, v: ::std::vec::Vec<u8>) {
self.host_static_pubkey = ::std::option::Option::Some(v);
pub fn set_host_static_public_key(&mut self, v: ::std::vec::Vec<u8>) {
self.host_static_public_key = ::std::option::Option::Some(v);
}
// Mutable pointer to the field.
// If field is not initialized, it is initialized with default value first.
pub fn mut_host_static_pubkey(&mut self) -> &mut ::std::vec::Vec<u8> {
if self.host_static_pubkey.is_none() {
self.host_static_pubkey = ::std::option::Option::Some(::std::vec::Vec::new());
pub fn mut_host_static_public_key(&mut self) -> &mut ::std::vec::Vec<u8> {
if self.host_static_public_key.is_none() {
self.host_static_public_key = ::std::option::Option::Some(::std::vec::Vec::new());
}
self.host_static_pubkey.as_mut().unwrap()
self.host_static_public_key.as_mut().unwrap()
}
// Take field
pub fn take_host_static_pubkey(&mut self) -> ::std::vec::Vec<u8> {
self.host_static_pubkey.take().unwrap_or_else(|| ::std::vec::Vec::new())
pub fn take_host_static_public_key(&mut self) -> ::std::vec::Vec<u8> {
self.host_static_public_key.take().unwrap_or_else(|| ::std::vec::Vec::new())
}
fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData {
let mut fields = ::std::vec::Vec::with_capacity(2);
let mut oneofs = ::std::vec::Vec::with_capacity(0);
fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
"host_static_pubkey",
|m: &ThpAuthenticatedCredentialData| { &m.host_static_pubkey },
|m: &mut ThpAuthenticatedCredentialData| { &mut m.host_static_pubkey },
"host_static_public_key",
|m: &ThpAuthenticatedCredentialData| { &m.host_static_public_key },
|m: &mut ThpAuthenticatedCredentialData| { &mut m.host_static_public_key },
));
fields.push(::protobuf::reflect::rt::v2::make_message_field_accessor::<_, ThpCredentialMetadata>(
"cred_metadata",
@ -3874,7 +3874,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
const NAME: &'static str = "ThpAuthenticatedCredentialData";
fn is_initialized(&self) -> bool {
if self.host_static_pubkey.is_none() {
if self.host_static_public_key.is_none() {
return false;
}
if self.cred_metadata.is_none() {
@ -3892,7 +3892,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
while let Some(tag) = is.read_raw_tag_or_eof()? {
match tag {
10 => {
self.host_static_pubkey = ::std::option::Option::Some(is.read_bytes()?);
self.host_static_public_key = ::std::option::Option::Some(is.read_bytes()?);
},
18 => {
::protobuf::rt::read_singular_message_into_field(is, &mut self.cred_metadata)?;
@ -3909,7 +3909,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
#[allow(unused_variables)]
fn compute_size(&self) -> u64 {
let mut my_size = 0;
if let Some(v) = self.host_static_pubkey.as_ref() {
if let Some(v) = self.host_static_public_key.as_ref() {
my_size += ::protobuf::rt::bytes_size(1, &v);
}
if let Some(v) = self.cred_metadata.as_ref() {
@ -3922,7 +3922,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
}
fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> {
if let Some(v) = self.host_static_pubkey.as_ref() {
if let Some(v) = self.host_static_public_key.as_ref() {
os.write_bytes(1, v)?;
}
if let Some(v) = self.cred_metadata.as_ref() {
@ -3945,14 +3945,14 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
}
fn clear(&mut self) {
self.host_static_pubkey = ::std::option::Option::None;
self.host_static_public_key = ::std::option::Option::None;
self.cred_metadata.clear();
self.special_fields.clear();
}
fn default_instance() -> &'static ThpAuthenticatedCredentialData {
static instance: ThpAuthenticatedCredentialData = ThpAuthenticatedCredentialData {
host_static_pubkey: ::std::option::Option::None,
host_static_public_key: ::std::option::Option::None,
cred_metadata: ::protobuf::MessageField::none(),
special_fields: ::protobuf::SpecialFields::new(),
};
@ -4251,44 +4251,44 @@ static file_descriptor_proto_data: &'static [u8] = b"\
\x01\x20\x02(\x0cR\x03tag\")\n\x0fThpQrCodeSecret\x12\x16\n\x06secret\
\x18\x01\x20\x02(\x0cR\x06secret\"!\n\rThpNfcTagHost\x12\x10\n\x03tag\
\x18\x01\x20\x02(\x0cR\x03tag\"#\n\x0fThpNfcTagTrezor\x12\x10\n\x03tag\
\x18\x01\x20\x02(\x0cR\x03tag\"\x8d\x01\n\x14ThpCredentialRequest\x12,\n\
\x12host_static_pubkey\x18\x01\x20\x02(\x0cR\x10hostStaticPubkey\x12'\n\
\x0bautoconnect\x18\x02\x20\x01(\x08:\x05falseR\x0bautoconnect\x12\x1e\n\
\ncredential\x18\x03\x20\x01(\x0cR\ncredential\"i\n\x15ThpCredentialResp\
onse\x120\n\x14trezor_static_pubkey\x18\x01\x20\x02(\x0cR\x12trezorStati\
cPubkey\x12\x1e\n\ncredential\x18\x02\x20\x02(\x0cR\ncredential\"\x0f\n\
\rThpEndRequest\"\x10\n\x0eThpEndResponse\"\\\n\x15ThpCredentialMetadata\
\x12\x1b\n\thost_name\x18\x01\x20\x01(\tR\x08hostName\x12\x20\n\x0bautoc\
onnect\x18\x02\x20\x01(\x08R\x0bautoconnect:\x04\x98\xb2\x19\x01\"\x82\
\x01\n\x14ThpPairingCredential\x12R\n\rcred_metadata\x18\x01\x20\x02(\
\x0b2-.hw.trezor.messages.thp.ThpCredentialMetadataR\x0ccredMetadata\x12\
\x10\n\x03mac\x18\x02\x20\x02(\x0cR\x03mac:\x04\x98\xb2\x19\x01\"\xa8\
\x01\n\x1eThpAuthenticatedCredentialData\x12,\n\x12host_static_pubkey\
\x18\x01\x20\x02(\x0cR\x10hostStaticPubkey\x12R\n\rcred_metadata\x18\x02\
\x20\x02(\x0b2-.hw.trezor.messages.thp.ThpCredentialMetadataR\x0ccredMet\
adata:\x04\x98\xb2\x19\x01*\xcd\x06\n\x0eThpMessageType\x12\x19\n\x15Thp\
MessageType_Cancel\x10\x14\x12\x20\n\x1cThpMessageType_ButtonRequest\x10\
\x1a\x12%\n\x20ThpMessageType_ThpPairingRequest\x10\xee\x07\x12-\n(ThpMe\
ssageType_ThpPairingRequestApproved\x10\xef\x07\x12#\n\x1eThpMessageType\
_ThpSelectMethod\x10\xf0\x07\x122\n-ThpMessageType_ThpPairingPreparation\
sFinished\x10\xf1\x07\x12(\n#ThpMessageType_ThpCredentialRequest\x10\xf2\
\x07\x12)\n$ThpMessageType_ThpCredentialResponse\x10\xf3\x07\x12!\n\x1cT\
hpMessageType_ThpEndRequest\x10\xf4\x07\x12\"\n\x1dThpMessageType_ThpEnd\
Response\x10\xf5\x07\x12*\n%ThpMessageType_ThpCodeEntryCommitment\x10\
\xf8\x07\x12)\n$ThpMessageType_ThpCodeEntryChallenge\x10\xf9\x07\x12+\n&\
ThpMessageType_ThpCodeEntryCpaceTrezor\x10\xfa\x07\x12,\n'ThpMessageType\
_ThpCodeEntryCpaceHostTag\x10\xfb\x07\x12&\n!ThpMessageType_ThpCodeEntry\
Secret\x10\xfc\x07\x12\x20\n\x1bThpMessageType_ThpQrCodeTag\x10\x80\x08\
\x12#\n\x1eThpMessageType_ThpQrCodeSecret\x10\x81\x08\x12!\n\x1cThpMessa\
geType_ThpNfcTagHost\x10\x88\x08\x12#\n\x1eThpMessageType_ThpNfcTagTrezo\
r\x10\x89\x08\x1a\x04\xd0\xf3\x18\x01\"\x04\x08\0\x10\x13\"\x04\x08\x15\
\x10\x19\"\x05\x08\x1b\x10\xe7\x07\"\x06\x08\xe8\x07\x10\xe8\x07\"\x06\
\x08\xe9\x07\x10\xed\x07\"\x06\x08\xf6\x07\x10\xf7\x07\"\x06\x08\xfd\x07\
\x10\xff\x07\"\x06\x08\x82\x08\x10\x87\x08\"\t\x08\xcc\x08\x10\xff\xff\
\xff\xff\x07*G\n\x10ThpPairingMethod\x12\x0f\n\x0bSkipPairing\x10\x01\
\x12\r\n\tCodeEntry\x10\x02\x12\n\n\x06QrCode\x10\x03\x12\x07\n\x03NFC\
\x10\x04B;\n#com.satoshilabs.trezor.lib.protobufB\x10TrezorMessageThp\
\x80\xa6\x1d\x01\
\x18\x01\x20\x02(\x0cR\x03tag\"\x94\x01\n\x14ThpCredentialRequest\x123\n\
\x16host_static_public_key\x18\x01\x20\x02(\x0cR\x13hostStaticPublicKey\
\x12'\n\x0bautoconnect\x18\x02\x20\x01(\x08:\x05falseR\x0bautoconnect\
\x12\x1e\n\ncredential\x18\x03\x20\x01(\x0cR\ncredential\"p\n\x15ThpCred\
entialResponse\x127\n\x18trezor_static_public_key\x18\x01\x20\x02(\x0cR\
\x15trezorStaticPublicKey\x12\x1e\n\ncredential\x18\x02\x20\x02(\x0cR\nc\
redential\"\x0f\n\rThpEndRequest\"\x10\n\x0eThpEndResponse\"\\\n\x15ThpC\
redentialMetadata\x12\x1b\n\thost_name\x18\x01\x20\x01(\tR\x08hostName\
\x12\x20\n\x0bautoconnect\x18\x02\x20\x01(\x08R\x0bautoconnect:\x04\x98\
\xb2\x19\x01\"\x82\x01\n\x14ThpPairingCredential\x12R\n\rcred_metadata\
\x18\x01\x20\x02(\x0b2-.hw.trezor.messages.thp.ThpCredentialMetadataR\
\x0ccredMetadata\x12\x10\n\x03mac\x18\x02\x20\x02(\x0cR\x03mac:\x04\x98\
\xb2\x19\x01\"\xaf\x01\n\x1eThpAuthenticatedCredentialData\x123\n\x16hos\
t_static_public_key\x18\x01\x20\x02(\x0cR\x13hostStaticPublicKey\x12R\n\
\rcred_metadata\x18\x02\x20\x02(\x0b2-.hw.trezor.messages.thp.ThpCredent\
ialMetadataR\x0ccredMetadata:\x04\x98\xb2\x19\x01*\xcd\x06\n\x0eThpMessa\
geType\x12\x19\n\x15ThpMessageType_Cancel\x10\x14\x12\x20\n\x1cThpMessag\
eType_ButtonRequest\x10\x1a\x12%\n\x20ThpMessageType_ThpPairingRequest\
\x10\xee\x07\x12-\n(ThpMessageType_ThpPairingRequestApproved\x10\xef\x07\
\x12#\n\x1eThpMessageType_ThpSelectMethod\x10\xf0\x07\x122\n-ThpMessageT\
ype_ThpPairingPreparationsFinished\x10\xf1\x07\x12(\n#ThpMessageType_Thp\
CredentialRequest\x10\xf2\x07\x12)\n$ThpMessageType_ThpCredentialRespons\
e\x10\xf3\x07\x12!\n\x1cThpMessageType_ThpEndRequest\x10\xf4\x07\x12\"\n\
\x1dThpMessageType_ThpEndResponse\x10\xf5\x07\x12*\n%ThpMessageType_ThpC\
odeEntryCommitment\x10\xf8\x07\x12)\n$ThpMessageType_ThpCodeEntryChallen\
ge\x10\xf9\x07\x12+\n&ThpMessageType_ThpCodeEntryCpaceTrezor\x10\xfa\x07\
\x12,\n'ThpMessageType_ThpCodeEntryCpaceHostTag\x10\xfb\x07\x12&\n!ThpMe\
ssageType_ThpCodeEntrySecret\x10\xfc\x07\x12\x20\n\x1bThpMessageType_Thp\
QrCodeTag\x10\x80\x08\x12#\n\x1eThpMessageType_ThpQrCodeSecret\x10\x81\
\x08\x12!\n\x1cThpMessageType_ThpNfcTagHost\x10\x88\x08\x12#\n\x1eThpMes\
sageType_ThpNfcTagTrezor\x10\x89\x08\x1a\x04\xd0\xf3\x18\x01\"\x04\x08\0\
\x10\x13\"\x04\x08\x15\x10\x19\"\x05\x08\x1b\x10\xe7\x07\"\x06\x08\xe8\
\x07\x10\xe8\x07\"\x06\x08\xe9\x07\x10\xed\x07\"\x06\x08\xf6\x07\x10\xf7\
\x07\"\x06\x08\xfd\x07\x10\xff\x07\"\x06\x08\x82\x08\x10\x87\x08\"\t\x08\
\xcc\x08\x10\xff\xff\xff\xff\x07*G\n\x10ThpPairingMethod\x12\x0f\n\x0bSk\
ipPairing\x10\x01\x12\r\n\tCodeEntry\x10\x02\x12\n\n\x06QrCode\x10\x03\
\x12\x07\n\x03NFC\x10\x04B;\n#com.satoshilabs.trezor.lib.protobufB\x10Tr\
ezorMessageThp\x80\xa6\x1d\x01\
";
/// `FileDescriptorProto` object which was a source for this generated file

52
tests/device_tests/thp/test_pairing.py
View File

@ -258,10 +258,12 @@ def test_connection_confirmation_cancel(client: Client) -> None:
# Request credential with confirmation after pairing
randomness_static = os.urandom(32)
host_static_privkey = curve25519.get_private_key(randomness_static)
host_static_pubkey = curve25519.get_public_key(host_static_privkey)
host_static_private_key = curve25519.get_private_key(randomness_static)
host_static_public_key = curve25519.get_public_key(host_static_private_key)
protocol._send_message(
ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False)
ThpCredentialRequest(
host_static_public_key=host_static_public_key, autoconnect=False
)
)
credential_response = protocol._read_message(ThpCredentialResponse)
@ -300,10 +302,12 @@ def test_autoconnect_credential_request_cancel(client: Client) -> None:
# Request credential with confirmation after pairing
randomness_static = os.urandom(32)
host_static_privkey = curve25519.get_private_key(randomness_static)
host_static_pubkey = curve25519.get_public_key(host_static_privkey)
host_static_private_key = curve25519.get_private_key(randomness_static)
host_static_public_key = curve25519.get_public_key(host_static_private_key)
protocol._send_message(
ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False)
ThpCredentialRequest(
host_static_public_key=host_static_public_key, autoconnect=False
)
)
credential_response = protocol._read_message(ThpCredentialResponse)
@ -317,7 +321,9 @@ def test_autoconnect_credential_request_cancel(client: Client) -> None:
client=client, host_static_randomness=randomness_static, credential=credential
)
protocol._send_message(
ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=True)
ThpCredentialRequest(
host_static_public_key=host_static_public_key, autoconnect=True
)
)
button_req = protocol._read_message(ButtonRequest)
assert button_req.name == "thp_connection_request"
@ -337,10 +343,12 @@ def test_credential_phase(client: Client) -> None:
# Request credential with confirmation after pairing
randomness_static = os.urandom(32)
host_static_privkey = curve25519.get_private_key(randomness_static)
host_static_pubkey = curve25519.get_public_key(host_static_privkey)
host_static_private_key = curve25519.get_private_key(randomness_static)
host_static_public_key = curve25519.get_public_key(host_static_private_key)
protocol._send_message(
ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False)
ThpCredentialRequest(
host_static_public_key=host_static_public_key, autoconnect=False
)
)
credential_response = protocol._read_message(ThpCredentialResponse)
@ -374,7 +382,9 @@ def test_credential_phase(client: Client) -> None:
protocol._do_channel_allocation()
protocol._do_handshake(credential, randomness_static)
protocol._send_message(
ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=True)
ThpCredentialRequest(
host_static_public_key=host_static_public_key, autoconnect=True
)
)
# Connection confirmation dialog is shown. (Channel replacement is not triggered.)
button_req = protocol._read_message(ButtonRequest)
@ -432,10 +442,12 @@ def test_credential_request_in_encrypted_transport_phase(client: Client) -> None
_nfc_pairing(client, protocol)
# Request credential with confirmation after pairing
host_static_privkey = curve25519.get_private_key(randomness_static)
host_static_pubkey = curve25519.get_public_key(host_static_privkey)
host_static_private_key = curve25519.get_private_key(randomness_static)
host_static_public_key = curve25519.get_public_key(host_static_private_key)
protocol._send_message(
ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False)
ThpCredentialRequest(
host_static_public_key=host_static_public_key, autoconnect=False
)
)
credential_response = protocol._read_message(ThpCredentialResponse)
@ -448,7 +460,7 @@ def test_credential_request_in_encrypted_transport_phase(client: Client) -> None
session.call(
ThpCredentialRequest(
host_static_pubkey=host_static_pubkey,
host_static_public_key=host_static_public_key,
autoconnect=True,
credential=credential,
),
@ -462,10 +474,10 @@ def test_channel_replacement(client: Client) -> None:
host_static_randomness = os.urandom(32)
host_static_randomness_2 = os.urandom(32)
host_static_privkey = curve25519.get_private_key(host_static_randomness)
host_static_privkey_2 = curve25519.get_private_key(host_static_randomness_2)
host_static_private_key = curve25519.get_private_key(host_static_randomness)
host_static_private_key_2 = curve25519.get_private_key(host_static_randomness_2)
assert host_static_privkey != host_static_privkey_2
assert host_static_private_key != host_static_private_key_2
client.protocol = get_encrypted_transport_protocol(client, host_static_randomness)
@ -476,7 +488,7 @@ def test_channel_replacement(client: Client) -> None:
address_2 = get_test_address(session_2)
assert address != address_2
# create new channel using the same host_static_privkey
# create new channel using the same host_static_private_key
client.protocol = get_encrypted_transport_protocol(client, host_static_randomness)
session_3 = client.get_session(passphrase="OKIDOKI")
address_3 = get_test_address(session_3)
@ -488,7 +500,7 @@ def test_channel_replacement(client: Client) -> None:
new_address_3 = get_test_address(session_3)
assert address_3 == new_address_3
# create new channel using different host_static_privkey
# create new channel using different host_static_private_key
client.protocol = get_encrypted_transport_protocol(client, host_static_randomness_2)
with pytest.raises(exceptions.TrezorFailure) as e_1:
_ = get_test_address(session)