From de9fff82177e47213a293da7be2cbba313bf7f46 Mon Sep 17 00:00:00 2001 From: M1nd3r Date: Sat, 12 Jul 2025 01:09:05 +0200 Subject: [PATCH] fix: use public_key instead of pubkey in THP --- common/protob/messages-thp.proto | 6 +- core/src/apps/base.py | 14 +- core/src/apps/thp/credential_manager.py | 12 +- core/src/apps/thp/pairing.py | 17 +- core/src/storage/cache_thp.py | 2 +- core/src/trezor/messages.py | 12 +- core/src/trezor/wire/thp/channel.py | 2 +- core/src/trezor/wire/thp/crypto.py | 74 +++--- .../wire/thp/received_message_handler.py | 30 +-- .../tests/test_apps.thp.credential_manager.py | 4 +- core/tests/test_trezor.wire.thp.crypto.py | 22 +- core/tests/test_trezor.wire.thp.py | 4 +- python/src/trezorlib/messages.py | 18 +- .../src/protos/generated/messages_thp.rs | 232 +++++++++--------- tests/device_tests/thp/test_pairing.py | 52 ++-- 15 files changed, 265 insertions(+), 236 deletions(-) diff --git a/common/protob/messages-thp.proto b/common/protob/messages-thp.proto index 0f6b41a4a1..eaa11826df 100644 --- a/common/protob/messages-thp.proto +++ b/common/protob/messages-thp.proto @@ -208,7 +208,7 @@ message ThpNfcTagTrezor { * @next ThpCredentialResponse */ message ThpCredentialRequest { - required bytes host_static_pubkey = 1; // Host's static public key identifying the credential. + required bytes host_static_public_key = 1; // Host's static public key identifying the credential. optional bool autoconnect = 2 [default=false]; // Whether host wants to autoconnect without user confirmation optional bytes credential = 3; // Host's previous credential } @@ -219,7 +219,7 @@ message ThpCredentialRequest { * @next ThpEndRequest */ message ThpCredentialResponse { - required bytes trezor_static_pubkey = 1; // Trezor's static public key used in the handshake. + required bytes trezor_static_public_key = 1; // Trezor's static public key used in the handshake. required bytes credential = 2; // The pairing credential issued by the Trezor to the host. } @@ -262,6 +262,6 @@ message ThpEndResponse {} */ message ThpAuthenticatedCredentialData { option (internal_only) = true; - required bytes host_static_pubkey = 1; // Host's static public key used in the handshake + required bytes host_static_public_key = 1; // Host's static public key used in the handshake required ThpCredentialMetadata cred_metadata = 2; // Credential metadata } diff --git a/core/src/apps/base.py b/core/src/apps/base.py index 9c924003aa..778a318816 100644 --- a/core/src/apps/base.py +++ b/core/src/apps/base.py @@ -303,10 +303,10 @@ if utils.USE_THP: # Assert that context `ctx` is `GenericSessionContext` assert isinstance(ctx, GenericSessionContext) - # Check that request contains a host static pubkey - if message.host_static_pubkey is None: + # Check that request contains a host static public_key + if message.host_static_public_key is None: return _get_autoconnect_failure( - "Credential request must contain a host static pubkey." + "Credential request must contain a host static public_key." ) # Check that request contains valid credential @@ -315,7 +315,7 @@ if utils.USE_THP: "Credential request must contain a previously issued pairing credential." ) credential = decode_credential(message.credential) - if not validate_credential(credential, message.host_static_pubkey): + if not validate_credential(credential, message.host_static_public_key): return _get_autoconnect_failure( "Credential request contains an invalid pairing credential." ) @@ -335,13 +335,13 @@ if utils.USE_THP: ctx, cred_metadata.host_name ) new_cred = issue_credential( - host_static_pubkey=message.host_static_pubkey, + host_static_public_key=message.host_static_public_key, credential_metadata=cred_metadata, ) - trezor_static_pubkey = crypto.get_trezor_static_pubkey() + trezor_static_public_key = crypto.get_trezor_static_public_key() return ThpCredentialResponse( - trezor_static_pubkey=trezor_static_pubkey, credential=new_cred + trezor_static_public_key=trezor_static_public_key, credential=new_cred ) def _get_autoconnect_failure(msg: str) -> Failure: diff --git a/core/src/apps/thp/credential_manager.py b/core/src/apps/thp/credential_manager.py index 50e0f13317..a2e6a0506d 100644 --- a/core/src/apps/thp/credential_manager.py +++ b/core/src/apps/thp/credential_manager.py @@ -44,7 +44,7 @@ def invalidate_cred_auth_key() -> None: def issue_credential( - host_static_pubkey: bytes, + host_static_public_key: bytes, credential_metadata: ThpCredentialMetadata, ) -> bytes: """ @@ -53,7 +53,7 @@ def issue_credential( """ cred_auth_key = derive_cred_auth_key() proto_msg = ThpAuthenticatedCredentialData( - host_static_pubkey=host_static_pubkey, + host_static_public_key=host_static_public_key, cred_metadata=credential_metadata, ) authenticated_credential_data = _encode_message_into_new_buffer(proto_msg) @@ -78,14 +78,14 @@ def decode_credential( def validate_credential( credential: ThpPairingCredential, - host_static_pubkey: bytes, + host_static_public_key: bytes, ) -> bool: """ Validate a pairing credential binded to the provided host static public key. """ cred_auth_key = derive_cred_auth_key() proto_msg = ThpAuthenticatedCredentialData( - host_static_pubkey=host_static_pubkey, + host_static_public_key=host_static_public_key, cred_metadata=credential.cred_metadata, ) authenticated_credential_data = _encode_message_into_new_buffer(proto_msg) @@ -95,14 +95,14 @@ def validate_credential( def decode_and_validate_credential( encoded_pairing_credential_message: bytes, - host_static_pubkey: bytes, + host_static_public_key: bytes, ) -> bool: """ Decode a protobuf encoded pairing credential and validate it binded to the provided host static public key. """ credential = decode_credential(encoded_pairing_credential_message) - return validate_credential(credential, host_static_pubkey) + return validate_credential(credential, host_static_public_key) def is_credential_autoconnect(credential: ThpPairingCredential) -> bool: diff --git a/core/src/apps/thp/pairing.py b/core/src/apps/thp/pairing.py index ce4ddba481..23a8d58f41 100644 --- a/core/src/apps/thp/pairing.py +++ b/core/src/apps/thp/pairing.py @@ -407,7 +407,7 @@ async def _handle_credential_request( if not ThpCredentialRequest.is_type_of(message): raise UnexpectedMessage("Unexpected message") - if message.host_static_pubkey is None: + if message.host_static_public_key is None: raise Exception("Invalid message") # TODO change failure type autoconnect: bool = False @@ -422,12 +422,13 @@ async def _handle_credential_request( from .credential_manager import validate_credential - host_static_pubkey = ctx.channel_ctx.channel_cache.get( + host_static_public_key = ctx.channel_ctx.channel_cache.get( CHANNEL_HOST_STATIC_PUBKEY ) - if not host_static_pubkey or not validate_credential( - credential=ctx.channel_ctx.credential, host_static_pubkey=host_static_pubkey + if not host_static_public_key or not validate_credential( + credential=ctx.channel_ctx.credential, + host_static_public_key=host_static_public_key, ): raise Exception( "Cannot ask for autoconnect credential without a valid credential!" @@ -435,16 +436,16 @@ async def _handle_credential_request( await ctx.show_autoconnect_credential_confirmation_screen() # TODO add device name - trezor_static_pubkey = crypto.get_trezor_static_pubkey() + trezor_static_public_key = crypto.get_trezor_static_public_key() credential_metadata = ThpCredentialMetadata( host_name=ctx.host_name, autoconnect=autoconnect, ) - credential = issue_credential(message.host_static_pubkey, credential_metadata) + credential = issue_credential(message.host_static_public_key, credential_metadata) return await ctx.call_any( ThpCredentialResponse( - trezor_static_pubkey=trezor_static_pubkey, credential=credential + trezor_static_public_key=trezor_static_public_key, credential=credential ), ThpMessageType.ThpCredentialRequest, ThpMessageType.ThpEndRequest, @@ -461,7 +462,7 @@ async def _handle_end_request( async def _end_pairing(ctx: PairingContext) -> ThpEndResponse: - ctx.channel_ctx.replace_old_channels_with_the_same_host_pubkey() + ctx.channel_ctx.replace_old_channels_with_the_same_host_public_key() ctx.channel_ctx.set_channel_state(ChannelState.ENCRYPTED_TRANSPORT) return ThpEndResponse() diff --git a/core/src/storage/cache_thp.py b/core/src/storage/cache_thp.py index dff982b931..01f333972c 100644 --- a/core/src/storage/cache_thp.py +++ b/core/src/storage/cache_thp.py @@ -75,7 +75,7 @@ class ChannelCache(ThpDataCache): def sync(self, value: int) -> None: self.set_int(CHANNEL_SYNC, value) - def set_host_static_pubkey(self, key: bytearray) -> None: + def set_host_static_public_key(self, key: bytearray) -> None: if len(key) != KEY_LENGTH: raise Exception("Invalid key length") self.set(CHANNEL_HOST_STATIC_PUBKEY, key) diff --git a/core/src/trezor/messages.py b/core/src/trezor/messages.py index 6b66bf3bcd..da68535461 100644 --- a/core/src/trezor/messages.py +++ b/core/src/trezor/messages.py @@ -6430,14 +6430,14 @@ if TYPE_CHECKING: return isinstance(msg, cls) class ThpCredentialRequest(protobuf.MessageType): - host_static_pubkey: "bytes" + host_static_public_key: "bytes" autoconnect: "bool" credential: "bytes | None" def __init__( self, *, - host_static_pubkey: "bytes", + host_static_public_key: "bytes", autoconnect: "bool | None" = None, credential: "bytes | None" = None, ) -> None: @@ -6448,13 +6448,13 @@ if TYPE_CHECKING: return isinstance(msg, cls) class ThpCredentialResponse(protobuf.MessageType): - trezor_static_pubkey: "bytes" + trezor_static_public_key: "bytes" credential: "bytes" def __init__( self, *, - trezor_static_pubkey: "bytes", + trezor_static_public_key: "bytes", credential: "bytes", ) -> None: pass @@ -6508,13 +6508,13 @@ if TYPE_CHECKING: return isinstance(msg, cls) class ThpAuthenticatedCredentialData(protobuf.MessageType): - host_static_pubkey: "bytes" + host_static_public_key: "bytes" cred_metadata: "ThpCredentialMetadata" def __init__( self, *, - host_static_pubkey: "bytes", + host_static_public_key: "bytes", cred_metadata: "ThpCredentialMetadata", ) -> None: pass diff --git a/core/src/trezor/wire/thp/channel.py b/core/src/trezor/wire/thp/channel.py index ef22f726cf..e2f61b2d84 100644 --- a/core/src/trezor/wire/thp/channel.py +++ b/core/src/trezor/wire/thp/channel.py @@ -122,7 +122,7 @@ class Channel: if __debug__: self._log("set_channel_state: ", state_to_str(state)) - def replace_old_channels_with_the_same_host_pubkey(self) -> None: + def replace_old_channels_with_the_same_host_public_key(self) -> None: was_any_replaced = conditionally_replace_channel( new_channel=self.channel_cache, required_state=ChannelState.ENCRYPTED_TRANSPORT, diff --git a/core/src/trezor/wire/thp/crypto.py b/core/src/trezor/wire/thp/crypto.py index f3ee7262f8..ff26cf49e6 100644 --- a/core/src/trezor/wire/thp/crypto.py +++ b/core/src/trezor/wire/thp/crypto.py @@ -81,7 +81,7 @@ class Handshake: """ def __init__(self) -> None: - self.trezor_ephemeral_privkey: bytes + self.trezor_ephemeral_private_key: bytes self.ck: bytes self.k: bytes self.h: bytes @@ -91,24 +91,30 @@ class Handshake: def handle_th1_crypto( self, device_properties: bytes, - host_ephemeral_pubkey: bytes, + host_ephemeral_public_key: bytes, ) -> tuple[bytes, bytes, bytes]: - trezor_static_privkey, trezor_static_pubkey = _derive_static_key_pair() - self.trezor_ephemeral_privkey = curve25519.generate_secret() - trezor_ephemeral_pubkey = curve25519.publickey(self.trezor_ephemeral_privkey) + trezor_static_private_key, trezor_static_public_key = _derive_static_key_pair() + self.trezor_ephemeral_private_key = curve25519.generate_secret() + trezor_ephemeral_public_key = curve25519.publickey( + self.trezor_ephemeral_private_key + ) self.h = _hash_of_two(PROTOCOL_NAME, device_properties) - self.h = _hash_of_two(self.h, host_ephemeral_pubkey) + self.h = _hash_of_two(self.h, host_ephemeral_public_key) self.h = _hash_of_two(self.h, b"") - self.h = _hash_of_two(self.h, trezor_ephemeral_pubkey) + self.h = _hash_of_two(self.h, trezor_ephemeral_public_key) point = curve25519.multiply( - self.trezor_ephemeral_privkey, host_ephemeral_pubkey + self.trezor_ephemeral_private_key, host_ephemeral_public_key ) self.ck, self.k = _hkdf(PROTOCOL_NAME, point) - mask = _hash_of_two(trezor_static_pubkey, trezor_ephemeral_pubkey) - trezor_masked_static_pubkey = curve25519.multiply(mask, trezor_static_pubkey) + mask = _hash_of_two(trezor_static_public_key, trezor_ephemeral_public_key) + trezor_masked_static_public_key = curve25519.multiply( + mask, trezor_static_public_key + ) aes_ctx = aesgcm(self.k, IV_1) - encrypted_trezor_static_pubkey = aes_ctx.encrypt(trezor_masked_static_pubkey) + encrypted_trezor_static_public_key = aes_ctx.encrypt( + trezor_masked_static_public_key + ) if __debug__: log.debug( __name__, @@ -120,46 +126,54 @@ class Handshake: aes_ctx.auth(self.h) tag_to_encrypted_key = aes_ctx.finish() - encrypted_trezor_static_pubkey = ( - encrypted_trezor_static_pubkey + tag_to_encrypted_key + encrypted_trezor_static_public_key = ( + encrypted_trezor_static_public_key + tag_to_encrypted_key + ) + self.h = _hash_of_two(self.h, encrypted_trezor_static_public_key) + point = curve25519.multiply( + trezor_static_private_key, host_ephemeral_public_key ) - self.h = _hash_of_two(self.h, encrypted_trezor_static_pubkey) - point = curve25519.multiply(trezor_static_privkey, host_ephemeral_pubkey) self.ck, self.k = _hkdf(self.ck, curve25519.multiply(mask, point)) aes_ctx = aesgcm(self.k, IV_1) aes_ctx.auth(self.h) tag = aes_ctx.finish() self.h = _hash_of_two(self.h, tag) - return (trezor_ephemeral_pubkey, encrypted_trezor_static_pubkey, tag) + return (trezor_ephemeral_public_key, encrypted_trezor_static_public_key, tag) def handle_th2_crypto( self, - encrypted_host_static_pubkey: utils.BufferType, + encrypted_host_static_public_key: utils.BufferType, encrypted_payload: utils.BufferType, ) -> None: aes_ctx = aesgcm(self.k, IV_2) - # The new value of hash `h` MUST be computed before the `encrypted_host_static_pubkey` is decrypted. - # However, decryption of `encrypted_host_static_pubkey` MUST use the previous value of `h` for + # The new value of hash `h` MUST be computed before the `encrypted_host_static_public_key` is decrypted. + # However, decryption of `encrypted_host_static_public_key` MUST use the previous value of `h` for # authentication of the gcm tag. aes_ctx.auth(self.h) # Authenticate with the previous value of `h` - self.h = _hash_of_two(self.h, encrypted_host_static_pubkey) # Compute new value + self.h = _hash_of_two( + self.h, encrypted_host_static_public_key + ) # Compute new value aes_ctx.decrypt_in_place( - memoryview(encrypted_host_static_pubkey)[:PUBKEY_LENGTH] + memoryview(encrypted_host_static_public_key)[:PUBKEY_LENGTH] ) if __debug__: log.debug( __name__, "th2 - dec (key: %s, nonce: %d)", hexlify_if_bytes(self.k), 1 ) - host_static_pubkey = memoryview(encrypted_host_static_pubkey)[:PUBKEY_LENGTH] + host_static_public_key = memoryview(encrypted_host_static_public_key)[ + :PUBKEY_LENGTH + ] tag = aes_ctx.finish() - if tag != encrypted_host_static_pubkey[-16:]: + if tag != encrypted_host_static_public_key[-16:]: raise ThpDecryptionError() self.ck, self.k = _hkdf( self.ck, - curve25519.multiply(self.trezor_ephemeral_privkey, host_static_pubkey), + curve25519.multiply( + self.trezor_ephemeral_private_key, host_static_public_key + ), ) aes_ctx = aesgcm(self.k, IV_1) aes_ctx.auth(self.h) @@ -194,17 +208,17 @@ def _derive_static_key_pair() -> tuple[bytes, bytes]: node = bip32.from_seed(device.get_device_secret(), "curve25519") node.derive(node_int) - trezor_static_privkey = node.private_key() - trezor_static_pubkey = node.public_key()[1:33] + trezor_static_private_key = node.private_key() + trezor_static_public_key = node.public_key()[1:33] # Note: the first byte (\x01) of the public key is removed, as it # only indicates the type of the elliptic curve used - return trezor_static_privkey, trezor_static_pubkey + return trezor_static_private_key, trezor_static_public_key -def get_trezor_static_pubkey() -> bytes: - _, pubkey = _derive_static_key_pair() - return pubkey +def get_trezor_static_public_key() -> bytes: + _, public_key = _derive_static_key_pair() + return public_key def _hkdf(chaining_key: bytes, input: bytes) -> tuple[bytes, bytes]: diff --git a/core/src/trezor/wire/thp/received_message_handler.py b/core/src/trezor/wire/thp/received_message_handler.py index b5603c168d..5b4fb63439 100644 --- a/core/src/trezor/wire/thp/received_message_handler.py +++ b/core/src/trezor/wire/thp/received_message_handler.py @@ -254,31 +254,31 @@ def _handle_state_TH1( # if buffer is BufferError: # pass # TODO buffer is gone :/ - host_ephemeral_pubkey = bytearray( + host_ephemeral_public_key = bytearray( buffer[INIT_HEADER_LENGTH : message_length - CHECKSUM_LENGTH] ) - trezor_ephemeral_pubkey, encrypted_trezor_static_pubkey, tag = ( + trezor_ephemeral_public_key, encrypted_trezor_static_public_key, tag = ( ctx.handshake.handle_th1_crypto( - get_encoded_device_properties(ctx.iface), host_ephemeral_pubkey + get_encoded_device_properties(ctx.iface), host_ephemeral_public_key ) ) if __debug__: log.debug( __name__, - "trezor ephemeral pubkey: %s", - hexlify_if_bytes(trezor_ephemeral_pubkey), + "trezor ephemeral public key: %s", + hexlify_if_bytes(trezor_ephemeral_public_key), iface=ctx.iface, ) log.debug( __name__, - "encrypted trezor masked static pubkey: %s", - hexlify_if_bytes(encrypted_trezor_static_pubkey), + "encrypted trezor masked static public key: %s", + hexlify_if_bytes(encrypted_trezor_static_public_key), iface=ctx.iface, ) log.debug(__name__, "tag: %s", hexlify_if_bytes(tag), iface=ctx.iface) - payload = trezor_ephemeral_pubkey + encrypted_trezor_static_pubkey + tag + payload = trezor_ephemeral_public_key + encrypted_trezor_static_public_key + tag # send handshake init response message ctx.write_handshake_message(HANDSHAKE_INIT_RES, payload) @@ -305,7 +305,7 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None buffer = memory_manager.get_existing_read_buffer(ctx.get_channel_id_int()) # if buffer is BufferError: # pass # TODO handle - host_encrypted_static_pubkey = buffer[ + host_encrypted_static_public_key = buffer[ INIT_HEADER_LENGTH : INIT_HEADER_LENGTH + KEY_LENGTH + TAG_LENGTH ] handshake_completion_request_noise_payload = buffer[ @@ -313,7 +313,7 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None ] ctx.handshake.handle_th2_crypto( - host_encrypted_static_pubkey, handshake_completion_request_noise_payload + host_encrypted_static_public_key, handshake_completion_request_noise_payload ) ctx.channel_cache.set(CHANNEL_KEY_RECEIVE, ctx.handshake.key_receive) @@ -339,15 +339,15 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None if __debug__: log.debug( __name__, - "host static pubkey: %s, noise payload: %s", - utils.hexlify_if_bytes(host_encrypted_static_pubkey), + "host static public key: %s, noise payload: %s", + utils.hexlify_if_bytes(host_encrypted_static_public_key), utils.hexlify_if_bytes(handshake_completion_request_noise_payload), iface=ctx.iface, ) # key is decoded in handshake._handle_th2_crypto - host_static_pubkey = host_encrypted_static_pubkey[:PUBKEY_LENGTH] - ctx.channel_cache.set_host_static_pubkey(bytearray(host_static_pubkey)) + host_static_public_key = host_encrypted_static_public_key[:PUBKEY_LENGTH] + ctx.channel_cache.set_host_static_public_key(bytearray(host_static_public_key)) paired: bool = False trezor_state = _TREZOR_STATE_UNPAIRED @@ -357,7 +357,7 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None credential = decode_credential(noise_payload.host_pairing_credential) paired = validate_credential( credential, - host_static_pubkey, + host_static_public_key, ) if paired: trezor_state = _TREZOR_STATE_PAIRED diff --git a/core/tests/test_apps.thp.credential_manager.py b/core/tests/test_apps.thp.credential_manager.py index e25cc6a002..1dfacd9328 100644 --- a/core/tests/test_apps.thp.credential_manager.py +++ b/core/tests/test_apps.thp.credential_manager.py @@ -7,9 +7,9 @@ if utils.USE_THP: from apps.thp import credential_manager - def _issue_credential(host_name: str, host_static_pubkey: bytes) -> bytes: + def _issue_credential(host_name: str, host_static_public_key: bytes) -> bytes: metadata = ThpCredentialMetadata(host_name=host_name) - return credential_manager.issue_credential(host_static_pubkey, metadata) + return credential_manager.issue_credential(host_static_public_key, metadata) def _dummy_log(name: str, msg: str, *args): pass diff --git a/core/tests/test_trezor.wire.thp.crypto.py b/core/tests/test_trezor.wire.thp.crypto.py index 1eee57f8cb..80afc53844 100644 --- a/core/tests/test_trezor.wire.thp.crypto.py +++ b/core/tests/test_trezor.wire.thp.crypto.py @@ -117,19 +117,19 @@ class TestTrezorHostProtocolCrypto(unittest.TestCase): storage.device.get_device_secret = get_dummy_device_secret handshake = self.handshake - host_ephemeral_privkey = curve25519.generate_secret() - host_ephemeral_pubkey = curve25519.publickey(host_ephemeral_privkey) - handshake.handle_th1_crypto(b"", host_ephemeral_pubkey) + host_ephemeral_private_key = curve25519.generate_secret() + host_ephemeral_public_key = curve25519.publickey(host_ephemeral_private_key) + handshake.handle_th1_crypto(b"", host_ephemeral_public_key) def test_th2_crypto(self): handshake = self.handshake - host_static_privkey = curve25519.generate_secret() - host_static_pubkey = curve25519.publickey(host_static_privkey) + host_static_private_key = curve25519.generate_secret() + host_static_public_key = curve25519.publickey(host_static_private_key) aes_ctx = aesgcm(handshake.k, IV_2) aes_ctx.auth(handshake.h) - encrypted_host_static_pubkey = bytearray( - aes_ctx.encrypt(host_static_pubkey) + aes_ctx.finish() + encrypted_host_static_public_key = bytearray( + aes_ctx.encrypt(host_static_public_key) + aes_ctx.finish() ) # Code to encrypt Host's noise encrypted payload correctly: @@ -137,10 +137,12 @@ class TestTrezorHostProtocolCrypto(unittest.TestCase): temp_k = handshake.k temp_h = handshake.h - temp_h = crypto._hash_of_two(temp_h, encrypted_host_static_pubkey) + temp_h = crypto._hash_of_two(temp_h, encrypted_host_static_public_key) _, temp_k = crypto._hkdf( handshake.ck, - curve25519.multiply(handshake.trezor_ephemeral_privkey, host_static_pubkey), + curve25519.multiply( + handshake.trezor_ephemeral_private_key, host_static_public_key + ), ) aes_ctx = aesgcm(temp_k, IV_1) aes_ctx.encrypt_in_place(protomsg) @@ -149,7 +151,7 @@ class TestTrezorHostProtocolCrypto(unittest.TestCase): encrypted_payload = bytearray(protomsg + tag) # end of encrypted payload generation - handshake.handle_th2_crypto(encrypted_host_static_pubkey, encrypted_payload) + handshake.handle_th2_crypto(encrypted_host_static_public_key, encrypted_payload) self.assertEqual(encrypted_payload[:4], b"\x10\x02\x10\x03") diff --git a/core/tests/test_trezor.wire.thp.py b/core/tests/test_trezor.wire.thp.py index 964a9c17db..ad75231b4c 100644 --- a/core/tests/test_trezor.wire.thp.py +++ b/core/tests/test_trezor.wire.thp.py @@ -361,8 +361,8 @@ class TestTrezorHostProtocol(unittest.TestCase): user_message = Message(ThpMessageType.ThpCodeEntryTag, buffer) self.interface.mock_read(user_message, gen) - host_static_pubkey = b"\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77" - msg = ThpCredentialRequest(host_static_pubkey=host_static_pubkey) + host_static_public_key = b"\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77" + msg = ThpCredentialRequest(host_static_public_key=host_static_public_key) buffer: bytearray = bytearray(protobuf.encoded_length(msg)) protobuf.encode(buffer, msg) credential_request = Message(ThpMessageType.ThpCredentialRequest, buffer) diff --git a/python/src/trezorlib/messages.py b/python/src/trezorlib/messages.py index 0064cf7d96..528f140f8c 100644 --- a/python/src/trezorlib/messages.py +++ b/python/src/trezorlib/messages.py @@ -8162,7 +8162,7 @@ class ThpNfcTagTrezor(protobuf.MessageType): class ThpCredentialRequest(protobuf.MessageType): MESSAGE_WIRE_TYPE = 1010 FIELDS = { - 1: protobuf.Field("host_static_pubkey", "bytes", repeated=False, required=True), + 1: protobuf.Field("host_static_public_key", "bytes", repeated=False, required=True), 2: protobuf.Field("autoconnect", "bool", repeated=False, required=False, default=False), 3: protobuf.Field("credential", "bytes", repeated=False, required=False, default=None), } @@ -8170,11 +8170,11 @@ class ThpCredentialRequest(protobuf.MessageType): def __init__( self, *, - host_static_pubkey: "bytes", + host_static_public_key: "bytes", autoconnect: Optional["bool"] = False, credential: Optional["bytes"] = None, ) -> None: - self.host_static_pubkey = host_static_pubkey + self.host_static_public_key = host_static_public_key self.autoconnect = autoconnect self.credential = credential @@ -8182,17 +8182,17 @@ class ThpCredentialRequest(protobuf.MessageType): class ThpCredentialResponse(protobuf.MessageType): MESSAGE_WIRE_TYPE = 1011 FIELDS = { - 1: protobuf.Field("trezor_static_pubkey", "bytes", repeated=False, required=True), + 1: protobuf.Field("trezor_static_public_key", "bytes", repeated=False, required=True), 2: protobuf.Field("credential", "bytes", repeated=False, required=True), } def __init__( self, *, - trezor_static_pubkey: "bytes", + trezor_static_public_key: "bytes", credential: "bytes", ) -> None: - self.trezor_static_pubkey = trezor_static_pubkey + self.trezor_static_public_key = trezor_static_public_key self.credential = credential @@ -8241,17 +8241,17 @@ class ThpPairingCredential(protobuf.MessageType): class ThpAuthenticatedCredentialData(protobuf.MessageType): MESSAGE_WIRE_TYPE = None FIELDS = { - 1: protobuf.Field("host_static_pubkey", "bytes", repeated=False, required=True), + 1: protobuf.Field("host_static_public_key", "bytes", repeated=False, required=True), 2: protobuf.Field("cred_metadata", "ThpCredentialMetadata", repeated=False, required=True), } def __init__( self, *, - host_static_pubkey: "bytes", + host_static_public_key: "bytes", cred_metadata: "ThpCredentialMetadata", ) -> None: - self.host_static_pubkey = host_static_pubkey + self.host_static_public_key = host_static_public_key self.cred_metadata = cred_metadata diff --git a/rust/trezor-client/src/protos/generated/messages_thp.rs b/rust/trezor-client/src/protos/generated/messages_thp.rs index 488aee6b1e..4d9e6df6e9 100644 --- a/rust/trezor-client/src/protos/generated/messages_thp.rs +++ b/rust/trezor-client/src/protos/generated/messages_thp.rs @@ -2734,8 +2734,8 @@ impl ::protobuf::reflect::ProtobufValue for ThpNfcTagTrezor { #[derive(PartialEq,Clone,Default,Debug)] pub struct ThpCredentialRequest { // message fields - // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.host_static_pubkey) - pub host_static_pubkey: ::std::option::Option<::std::vec::Vec>, + // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.host_static_public_key) + pub host_static_public_key: ::std::option::Option<::std::vec::Vec>, // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.autoconnect) pub autoconnect: ::std::option::Option, // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.credential) @@ -2756,40 +2756,40 @@ impl ThpCredentialRequest { ::std::default::Default::default() } - // required bytes host_static_pubkey = 1; + // required bytes host_static_public_key = 1; - pub fn host_static_pubkey(&self) -> &[u8] { - match self.host_static_pubkey.as_ref() { + pub fn host_static_public_key(&self) -> &[u8] { + match self.host_static_public_key.as_ref() { Some(v) => v, None => &[], } } - pub fn clear_host_static_pubkey(&mut self) { - self.host_static_pubkey = ::std::option::Option::None; + pub fn clear_host_static_public_key(&mut self) { + self.host_static_public_key = ::std::option::Option::None; } - pub fn has_host_static_pubkey(&self) -> bool { - self.host_static_pubkey.is_some() + pub fn has_host_static_public_key(&self) -> bool { + self.host_static_public_key.is_some() } // Param is passed by value, moved - pub fn set_host_static_pubkey(&mut self, v: ::std::vec::Vec) { - self.host_static_pubkey = ::std::option::Option::Some(v); + pub fn set_host_static_public_key(&mut self, v: ::std::vec::Vec) { + self.host_static_public_key = ::std::option::Option::Some(v); } // Mutable pointer to the field. // If field is not initialized, it is initialized with default value first. - pub fn mut_host_static_pubkey(&mut self) -> &mut ::std::vec::Vec { - if self.host_static_pubkey.is_none() { - self.host_static_pubkey = ::std::option::Option::Some(::std::vec::Vec::new()); + pub fn mut_host_static_public_key(&mut self) -> &mut ::std::vec::Vec { + if self.host_static_public_key.is_none() { + self.host_static_public_key = ::std::option::Option::Some(::std::vec::Vec::new()); } - self.host_static_pubkey.as_mut().unwrap() + self.host_static_public_key.as_mut().unwrap() } // Take field - pub fn take_host_static_pubkey(&mut self) -> ::std::vec::Vec { - self.host_static_pubkey.take().unwrap_or_else(|| ::std::vec::Vec::new()) + pub fn take_host_static_public_key(&mut self) -> ::std::vec::Vec { + self.host_static_public_key.take().unwrap_or_else(|| ::std::vec::Vec::new()) } // optional bool autoconnect = 2; @@ -2851,9 +2851,9 @@ impl ThpCredentialRequest { let mut fields = ::std::vec::Vec::with_capacity(3); let mut oneofs = ::std::vec::Vec::with_capacity(0); fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>( - "host_static_pubkey", - |m: &ThpCredentialRequest| { &m.host_static_pubkey }, - |m: &mut ThpCredentialRequest| { &mut m.host_static_pubkey }, + "host_static_public_key", + |m: &ThpCredentialRequest| { &m.host_static_public_key }, + |m: &mut ThpCredentialRequest| { &mut m.host_static_public_key }, )); fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>( "autoconnect", @@ -2877,7 +2877,7 @@ impl ::protobuf::Message for ThpCredentialRequest { const NAME: &'static str = "ThpCredentialRequest"; fn is_initialized(&self) -> bool { - if self.host_static_pubkey.is_none() { + if self.host_static_public_key.is_none() { return false; } true @@ -2887,7 +2887,7 @@ impl ::protobuf::Message for ThpCredentialRequest { while let Some(tag) = is.read_raw_tag_or_eof()? { match tag { 10 => { - self.host_static_pubkey = ::std::option::Option::Some(is.read_bytes()?); + self.host_static_public_key = ::std::option::Option::Some(is.read_bytes()?); }, 16 => { self.autoconnect = ::std::option::Option::Some(is.read_bool()?); @@ -2907,7 +2907,7 @@ impl ::protobuf::Message for ThpCredentialRequest { #[allow(unused_variables)] fn compute_size(&self) -> u64 { let mut my_size = 0; - if let Some(v) = self.host_static_pubkey.as_ref() { + if let Some(v) = self.host_static_public_key.as_ref() { my_size += ::protobuf::rt::bytes_size(1, &v); } if let Some(v) = self.autoconnect { @@ -2922,7 +2922,7 @@ impl ::protobuf::Message for ThpCredentialRequest { } fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { - if let Some(v) = self.host_static_pubkey.as_ref() { + if let Some(v) = self.host_static_public_key.as_ref() { os.write_bytes(1, v)?; } if let Some(v) = self.autoconnect { @@ -2948,7 +2948,7 @@ impl ::protobuf::Message for ThpCredentialRequest { } fn clear(&mut self) { - self.host_static_pubkey = ::std::option::Option::None; + self.host_static_public_key = ::std::option::Option::None; self.autoconnect = ::std::option::Option::None; self.credential = ::std::option::Option::None; self.special_fields.clear(); @@ -2956,7 +2956,7 @@ impl ::protobuf::Message for ThpCredentialRequest { fn default_instance() -> &'static ThpCredentialRequest { static instance: ThpCredentialRequest = ThpCredentialRequest { - host_static_pubkey: ::std::option::Option::None, + host_static_public_key: ::std::option::Option::None, autoconnect: ::std::option::Option::None, credential: ::std::option::Option::None, special_fields: ::protobuf::SpecialFields::new(), @@ -2986,8 +2986,8 @@ impl ::protobuf::reflect::ProtobufValue for ThpCredentialRequest { #[derive(PartialEq,Clone,Default,Debug)] pub struct ThpCredentialResponse { // message fields - // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialResponse.trezor_static_pubkey) - pub trezor_static_pubkey: ::std::option::Option<::std::vec::Vec>, + // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialResponse.trezor_static_public_key) + pub trezor_static_public_key: ::std::option::Option<::std::vec::Vec>, // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialResponse.credential) pub credential: ::std::option::Option<::std::vec::Vec>, // special fields @@ -3006,40 +3006,40 @@ impl ThpCredentialResponse { ::std::default::Default::default() } - // required bytes trezor_static_pubkey = 1; + // required bytes trezor_static_public_key = 1; - pub fn trezor_static_pubkey(&self) -> &[u8] { - match self.trezor_static_pubkey.as_ref() { + pub fn trezor_static_public_key(&self) -> &[u8] { + match self.trezor_static_public_key.as_ref() { Some(v) => v, None => &[], } } - pub fn clear_trezor_static_pubkey(&mut self) { - self.trezor_static_pubkey = ::std::option::Option::None; + pub fn clear_trezor_static_public_key(&mut self) { + self.trezor_static_public_key = ::std::option::Option::None; } - pub fn has_trezor_static_pubkey(&self) -> bool { - self.trezor_static_pubkey.is_some() + pub fn has_trezor_static_public_key(&self) -> bool { + self.trezor_static_public_key.is_some() } // Param is passed by value, moved - pub fn set_trezor_static_pubkey(&mut self, v: ::std::vec::Vec) { - self.trezor_static_pubkey = ::std::option::Option::Some(v); + pub fn set_trezor_static_public_key(&mut self, v: ::std::vec::Vec) { + self.trezor_static_public_key = ::std::option::Option::Some(v); } // Mutable pointer to the field. // If field is not initialized, it is initialized with default value first. - pub fn mut_trezor_static_pubkey(&mut self) -> &mut ::std::vec::Vec { - if self.trezor_static_pubkey.is_none() { - self.trezor_static_pubkey = ::std::option::Option::Some(::std::vec::Vec::new()); + pub fn mut_trezor_static_public_key(&mut self) -> &mut ::std::vec::Vec { + if self.trezor_static_public_key.is_none() { + self.trezor_static_public_key = ::std::option::Option::Some(::std::vec::Vec::new()); } - self.trezor_static_pubkey.as_mut().unwrap() + self.trezor_static_public_key.as_mut().unwrap() } // Take field - pub fn take_trezor_static_pubkey(&mut self) -> ::std::vec::Vec { - self.trezor_static_pubkey.take().unwrap_or_else(|| ::std::vec::Vec::new()) + pub fn take_trezor_static_public_key(&mut self) -> ::std::vec::Vec { + self.trezor_static_public_key.take().unwrap_or_else(|| ::std::vec::Vec::new()) } // required bytes credential = 2; @@ -3082,9 +3082,9 @@ impl ThpCredentialResponse { let mut fields = ::std::vec::Vec::with_capacity(2); let mut oneofs = ::std::vec::Vec::with_capacity(0); fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>( - "trezor_static_pubkey", - |m: &ThpCredentialResponse| { &m.trezor_static_pubkey }, - |m: &mut ThpCredentialResponse| { &mut m.trezor_static_pubkey }, + "trezor_static_public_key", + |m: &ThpCredentialResponse| { &m.trezor_static_public_key }, + |m: &mut ThpCredentialResponse| { &mut m.trezor_static_public_key }, )); fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>( "credential", @@ -3103,7 +3103,7 @@ impl ::protobuf::Message for ThpCredentialResponse { const NAME: &'static str = "ThpCredentialResponse"; fn is_initialized(&self) -> bool { - if self.trezor_static_pubkey.is_none() { + if self.trezor_static_public_key.is_none() { return false; } if self.credential.is_none() { @@ -3116,7 +3116,7 @@ impl ::protobuf::Message for ThpCredentialResponse { while let Some(tag) = is.read_raw_tag_or_eof()? { match tag { 10 => { - self.trezor_static_pubkey = ::std::option::Option::Some(is.read_bytes()?); + self.trezor_static_public_key = ::std::option::Option::Some(is.read_bytes()?); }, 18 => { self.credential = ::std::option::Option::Some(is.read_bytes()?); @@ -3133,7 +3133,7 @@ impl ::protobuf::Message for ThpCredentialResponse { #[allow(unused_variables)] fn compute_size(&self) -> u64 { let mut my_size = 0; - if let Some(v) = self.trezor_static_pubkey.as_ref() { + if let Some(v) = self.trezor_static_public_key.as_ref() { my_size += ::protobuf::rt::bytes_size(1, &v); } if let Some(v) = self.credential.as_ref() { @@ -3145,7 +3145,7 @@ impl ::protobuf::Message for ThpCredentialResponse { } fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { - if let Some(v) = self.trezor_static_pubkey.as_ref() { + if let Some(v) = self.trezor_static_public_key.as_ref() { os.write_bytes(1, v)?; } if let Some(v) = self.credential.as_ref() { @@ -3168,14 +3168,14 @@ impl ::protobuf::Message for ThpCredentialResponse { } fn clear(&mut self) { - self.trezor_static_pubkey = ::std::option::Option::None; + self.trezor_static_public_key = ::std::option::Option::None; self.credential = ::std::option::Option::None; self.special_fields.clear(); } fn default_instance() -> &'static ThpCredentialResponse { static instance: ThpCredentialResponse = ThpCredentialResponse { - trezor_static_pubkey: ::std::option::Option::None, + trezor_static_public_key: ::std::option::Option::None, credential: ::std::option::Option::None, special_fields: ::protobuf::SpecialFields::new(), }; @@ -3793,8 +3793,8 @@ impl ::protobuf::reflect::ProtobufValue for ThpPairingCredential { #[derive(PartialEq,Clone,Default,Debug)] pub struct ThpAuthenticatedCredentialData { // message fields - // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpAuthenticatedCredentialData.host_static_pubkey) - pub host_static_pubkey: ::std::option::Option<::std::vec::Vec>, + // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpAuthenticatedCredentialData.host_static_public_key) + pub host_static_public_key: ::std::option::Option<::std::vec::Vec>, // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpAuthenticatedCredentialData.cred_metadata) pub cred_metadata: ::protobuf::MessageField, // special fields @@ -3813,49 +3813,49 @@ impl ThpAuthenticatedCredentialData { ::std::default::Default::default() } - // required bytes host_static_pubkey = 1; + // required bytes host_static_public_key = 1; - pub fn host_static_pubkey(&self) -> &[u8] { - match self.host_static_pubkey.as_ref() { + pub fn host_static_public_key(&self) -> &[u8] { + match self.host_static_public_key.as_ref() { Some(v) => v, None => &[], } } - pub fn clear_host_static_pubkey(&mut self) { - self.host_static_pubkey = ::std::option::Option::None; + pub fn clear_host_static_public_key(&mut self) { + self.host_static_public_key = ::std::option::Option::None; } - pub fn has_host_static_pubkey(&self) -> bool { - self.host_static_pubkey.is_some() + pub fn has_host_static_public_key(&self) -> bool { + self.host_static_public_key.is_some() } // Param is passed by value, moved - pub fn set_host_static_pubkey(&mut self, v: ::std::vec::Vec) { - self.host_static_pubkey = ::std::option::Option::Some(v); + pub fn set_host_static_public_key(&mut self, v: ::std::vec::Vec) { + self.host_static_public_key = ::std::option::Option::Some(v); } // Mutable pointer to the field. // If field is not initialized, it is initialized with default value first. - pub fn mut_host_static_pubkey(&mut self) -> &mut ::std::vec::Vec { - if self.host_static_pubkey.is_none() { - self.host_static_pubkey = ::std::option::Option::Some(::std::vec::Vec::new()); + pub fn mut_host_static_public_key(&mut self) -> &mut ::std::vec::Vec { + if self.host_static_public_key.is_none() { + self.host_static_public_key = ::std::option::Option::Some(::std::vec::Vec::new()); } - self.host_static_pubkey.as_mut().unwrap() + self.host_static_public_key.as_mut().unwrap() } // Take field - pub fn take_host_static_pubkey(&mut self) -> ::std::vec::Vec { - self.host_static_pubkey.take().unwrap_or_else(|| ::std::vec::Vec::new()) + pub fn take_host_static_public_key(&mut self) -> ::std::vec::Vec { + self.host_static_public_key.take().unwrap_or_else(|| ::std::vec::Vec::new()) } fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData { let mut fields = ::std::vec::Vec::with_capacity(2); let mut oneofs = ::std::vec::Vec::with_capacity(0); fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>( - "host_static_pubkey", - |m: &ThpAuthenticatedCredentialData| { &m.host_static_pubkey }, - |m: &mut ThpAuthenticatedCredentialData| { &mut m.host_static_pubkey }, + "host_static_public_key", + |m: &ThpAuthenticatedCredentialData| { &m.host_static_public_key }, + |m: &mut ThpAuthenticatedCredentialData| { &mut m.host_static_public_key }, )); fields.push(::protobuf::reflect::rt::v2::make_message_field_accessor::<_, ThpCredentialMetadata>( "cred_metadata", @@ -3874,7 +3874,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData { const NAME: &'static str = "ThpAuthenticatedCredentialData"; fn is_initialized(&self) -> bool { - if self.host_static_pubkey.is_none() { + if self.host_static_public_key.is_none() { return false; } if self.cred_metadata.is_none() { @@ -3892,7 +3892,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData { while let Some(tag) = is.read_raw_tag_or_eof()? { match tag { 10 => { - self.host_static_pubkey = ::std::option::Option::Some(is.read_bytes()?); + self.host_static_public_key = ::std::option::Option::Some(is.read_bytes()?); }, 18 => { ::protobuf::rt::read_singular_message_into_field(is, &mut self.cred_metadata)?; @@ -3909,7 +3909,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData { #[allow(unused_variables)] fn compute_size(&self) -> u64 { let mut my_size = 0; - if let Some(v) = self.host_static_pubkey.as_ref() { + if let Some(v) = self.host_static_public_key.as_ref() { my_size += ::protobuf::rt::bytes_size(1, &v); } if let Some(v) = self.cred_metadata.as_ref() { @@ -3922,7 +3922,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData { } fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> { - if let Some(v) = self.host_static_pubkey.as_ref() { + if let Some(v) = self.host_static_public_key.as_ref() { os.write_bytes(1, v)?; } if let Some(v) = self.cred_metadata.as_ref() { @@ -3945,14 +3945,14 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData { } fn clear(&mut self) { - self.host_static_pubkey = ::std::option::Option::None; + self.host_static_public_key = ::std::option::Option::None; self.cred_metadata.clear(); self.special_fields.clear(); } fn default_instance() -> &'static ThpAuthenticatedCredentialData { static instance: ThpAuthenticatedCredentialData = ThpAuthenticatedCredentialData { - host_static_pubkey: ::std::option::Option::None, + host_static_public_key: ::std::option::Option::None, cred_metadata: ::protobuf::MessageField::none(), special_fields: ::protobuf::SpecialFields::new(), }; @@ -4251,44 +4251,44 @@ static file_descriptor_proto_data: &'static [u8] = b"\ \x01\x20\x02(\x0cR\x03tag\")\n\x0fThpQrCodeSecret\x12\x16\n\x06secret\ \x18\x01\x20\x02(\x0cR\x06secret\"!\n\rThpNfcTagHost\x12\x10\n\x03tag\ \x18\x01\x20\x02(\x0cR\x03tag\"#\n\x0fThpNfcTagTrezor\x12\x10\n\x03tag\ - \x18\x01\x20\x02(\x0cR\x03tag\"\x8d\x01\n\x14ThpCredentialRequest\x12,\n\ - \x12host_static_pubkey\x18\x01\x20\x02(\x0cR\x10hostStaticPubkey\x12'\n\ - \x0bautoconnect\x18\x02\x20\x01(\x08:\x05falseR\x0bautoconnect\x12\x1e\n\ - \ncredential\x18\x03\x20\x01(\x0cR\ncredential\"i\n\x15ThpCredentialResp\ - onse\x120\n\x14trezor_static_pubkey\x18\x01\x20\x02(\x0cR\x12trezorStati\ - cPubkey\x12\x1e\n\ncredential\x18\x02\x20\x02(\x0cR\ncredential\"\x0f\n\ - \rThpEndRequest\"\x10\n\x0eThpEndResponse\"\\\n\x15ThpCredentialMetadata\ - \x12\x1b\n\thost_name\x18\x01\x20\x01(\tR\x08hostName\x12\x20\n\x0bautoc\ - onnect\x18\x02\x20\x01(\x08R\x0bautoconnect:\x04\x98\xb2\x19\x01\"\x82\ - \x01\n\x14ThpPairingCredential\x12R\n\rcred_metadata\x18\x01\x20\x02(\ - \x0b2-.hw.trezor.messages.thp.ThpCredentialMetadataR\x0ccredMetadata\x12\ - \x10\n\x03mac\x18\x02\x20\x02(\x0cR\x03mac:\x04\x98\xb2\x19\x01\"\xa8\ - \x01\n\x1eThpAuthenticatedCredentialData\x12,\n\x12host_static_pubkey\ - \x18\x01\x20\x02(\x0cR\x10hostStaticPubkey\x12R\n\rcred_metadata\x18\x02\ - \x20\x02(\x0b2-.hw.trezor.messages.thp.ThpCredentialMetadataR\x0ccredMet\ - adata:\x04\x98\xb2\x19\x01*\xcd\x06\n\x0eThpMessageType\x12\x19\n\x15Thp\ - MessageType_Cancel\x10\x14\x12\x20\n\x1cThpMessageType_ButtonRequest\x10\ - \x1a\x12%\n\x20ThpMessageType_ThpPairingRequest\x10\xee\x07\x12-\n(ThpMe\ - ssageType_ThpPairingRequestApproved\x10\xef\x07\x12#\n\x1eThpMessageType\ - _ThpSelectMethod\x10\xf0\x07\x122\n-ThpMessageType_ThpPairingPreparation\ - sFinished\x10\xf1\x07\x12(\n#ThpMessageType_ThpCredentialRequest\x10\xf2\ - \x07\x12)\n$ThpMessageType_ThpCredentialResponse\x10\xf3\x07\x12!\n\x1cT\ - hpMessageType_ThpEndRequest\x10\xf4\x07\x12\"\n\x1dThpMessageType_ThpEnd\ - Response\x10\xf5\x07\x12*\n%ThpMessageType_ThpCodeEntryCommitment\x10\ - \xf8\x07\x12)\n$ThpMessageType_ThpCodeEntryChallenge\x10\xf9\x07\x12+\n&\ - ThpMessageType_ThpCodeEntryCpaceTrezor\x10\xfa\x07\x12,\n'ThpMessageType\ - _ThpCodeEntryCpaceHostTag\x10\xfb\x07\x12&\n!ThpMessageType_ThpCodeEntry\ - Secret\x10\xfc\x07\x12\x20\n\x1bThpMessageType_ThpQrCodeTag\x10\x80\x08\ - \x12#\n\x1eThpMessageType_ThpQrCodeSecret\x10\x81\x08\x12!\n\x1cThpMessa\ - geType_ThpNfcTagHost\x10\x88\x08\x12#\n\x1eThpMessageType_ThpNfcTagTrezo\ - r\x10\x89\x08\x1a\x04\xd0\xf3\x18\x01\"\x04\x08\0\x10\x13\"\x04\x08\x15\ - \x10\x19\"\x05\x08\x1b\x10\xe7\x07\"\x06\x08\xe8\x07\x10\xe8\x07\"\x06\ - \x08\xe9\x07\x10\xed\x07\"\x06\x08\xf6\x07\x10\xf7\x07\"\x06\x08\xfd\x07\ - \x10\xff\x07\"\x06\x08\x82\x08\x10\x87\x08\"\t\x08\xcc\x08\x10\xff\xff\ - \xff\xff\x07*G\n\x10ThpPairingMethod\x12\x0f\n\x0bSkipPairing\x10\x01\ - \x12\r\n\tCodeEntry\x10\x02\x12\n\n\x06QrCode\x10\x03\x12\x07\n\x03NFC\ - \x10\x04B;\n#com.satoshilabs.trezor.lib.protobufB\x10TrezorMessageThp\ - \x80\xa6\x1d\x01\ + \x18\x01\x20\x02(\x0cR\x03tag\"\x94\x01\n\x14ThpCredentialRequest\x123\n\ + \x16host_static_public_key\x18\x01\x20\x02(\x0cR\x13hostStaticPublicKey\ + \x12'\n\x0bautoconnect\x18\x02\x20\x01(\x08:\x05falseR\x0bautoconnect\ + \x12\x1e\n\ncredential\x18\x03\x20\x01(\x0cR\ncredential\"p\n\x15ThpCred\ + entialResponse\x127\n\x18trezor_static_public_key\x18\x01\x20\x02(\x0cR\ + \x15trezorStaticPublicKey\x12\x1e\n\ncredential\x18\x02\x20\x02(\x0cR\nc\ + redential\"\x0f\n\rThpEndRequest\"\x10\n\x0eThpEndResponse\"\\\n\x15ThpC\ + redentialMetadata\x12\x1b\n\thost_name\x18\x01\x20\x01(\tR\x08hostName\ + \x12\x20\n\x0bautoconnect\x18\x02\x20\x01(\x08R\x0bautoconnect:\x04\x98\ + \xb2\x19\x01\"\x82\x01\n\x14ThpPairingCredential\x12R\n\rcred_metadata\ + \x18\x01\x20\x02(\x0b2-.hw.trezor.messages.thp.ThpCredentialMetadataR\ + \x0ccredMetadata\x12\x10\n\x03mac\x18\x02\x20\x02(\x0cR\x03mac:\x04\x98\ + \xb2\x19\x01\"\xaf\x01\n\x1eThpAuthenticatedCredentialData\x123\n\x16hos\ + t_static_public_key\x18\x01\x20\x02(\x0cR\x13hostStaticPublicKey\x12R\n\ + \rcred_metadata\x18\x02\x20\x02(\x0b2-.hw.trezor.messages.thp.ThpCredent\ + ialMetadataR\x0ccredMetadata:\x04\x98\xb2\x19\x01*\xcd\x06\n\x0eThpMessa\ + geType\x12\x19\n\x15ThpMessageType_Cancel\x10\x14\x12\x20\n\x1cThpMessag\ + eType_ButtonRequest\x10\x1a\x12%\n\x20ThpMessageType_ThpPairingRequest\ + \x10\xee\x07\x12-\n(ThpMessageType_ThpPairingRequestApproved\x10\xef\x07\ + \x12#\n\x1eThpMessageType_ThpSelectMethod\x10\xf0\x07\x122\n-ThpMessageT\ + ype_ThpPairingPreparationsFinished\x10\xf1\x07\x12(\n#ThpMessageType_Thp\ + CredentialRequest\x10\xf2\x07\x12)\n$ThpMessageType_ThpCredentialRespons\ + e\x10\xf3\x07\x12!\n\x1cThpMessageType_ThpEndRequest\x10\xf4\x07\x12\"\n\ + \x1dThpMessageType_ThpEndResponse\x10\xf5\x07\x12*\n%ThpMessageType_ThpC\ + odeEntryCommitment\x10\xf8\x07\x12)\n$ThpMessageType_ThpCodeEntryChallen\ + ge\x10\xf9\x07\x12+\n&ThpMessageType_ThpCodeEntryCpaceTrezor\x10\xfa\x07\ + \x12,\n'ThpMessageType_ThpCodeEntryCpaceHostTag\x10\xfb\x07\x12&\n!ThpMe\ + ssageType_ThpCodeEntrySecret\x10\xfc\x07\x12\x20\n\x1bThpMessageType_Thp\ + QrCodeTag\x10\x80\x08\x12#\n\x1eThpMessageType_ThpQrCodeSecret\x10\x81\ + \x08\x12!\n\x1cThpMessageType_ThpNfcTagHost\x10\x88\x08\x12#\n\x1eThpMes\ + sageType_ThpNfcTagTrezor\x10\x89\x08\x1a\x04\xd0\xf3\x18\x01\"\x04\x08\0\ + \x10\x13\"\x04\x08\x15\x10\x19\"\x05\x08\x1b\x10\xe7\x07\"\x06\x08\xe8\ + \x07\x10\xe8\x07\"\x06\x08\xe9\x07\x10\xed\x07\"\x06\x08\xf6\x07\x10\xf7\ + \x07\"\x06\x08\xfd\x07\x10\xff\x07\"\x06\x08\x82\x08\x10\x87\x08\"\t\x08\ + \xcc\x08\x10\xff\xff\xff\xff\x07*G\n\x10ThpPairingMethod\x12\x0f\n\x0bSk\ + ipPairing\x10\x01\x12\r\n\tCodeEntry\x10\x02\x12\n\n\x06QrCode\x10\x03\ + \x12\x07\n\x03NFC\x10\x04B;\n#com.satoshilabs.trezor.lib.protobufB\x10Tr\ + ezorMessageThp\x80\xa6\x1d\x01\ "; /// `FileDescriptorProto` object which was a source for this generated file diff --git a/tests/device_tests/thp/test_pairing.py b/tests/device_tests/thp/test_pairing.py index 2e6fc55421..96c7cfa15d 100644 --- a/tests/device_tests/thp/test_pairing.py +++ b/tests/device_tests/thp/test_pairing.py @@ -258,10 +258,12 @@ def test_connection_confirmation_cancel(client: Client) -> None: # Request credential with confirmation after pairing randomness_static = os.urandom(32) - host_static_privkey = curve25519.get_private_key(randomness_static) - host_static_pubkey = curve25519.get_public_key(host_static_privkey) + host_static_private_key = curve25519.get_private_key(randomness_static) + host_static_public_key = curve25519.get_public_key(host_static_private_key) protocol._send_message( - ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False) + ThpCredentialRequest( + host_static_public_key=host_static_public_key, autoconnect=False + ) ) credential_response = protocol._read_message(ThpCredentialResponse) @@ -300,10 +302,12 @@ def test_autoconnect_credential_request_cancel(client: Client) -> None: # Request credential with confirmation after pairing randomness_static = os.urandom(32) - host_static_privkey = curve25519.get_private_key(randomness_static) - host_static_pubkey = curve25519.get_public_key(host_static_privkey) + host_static_private_key = curve25519.get_private_key(randomness_static) + host_static_public_key = curve25519.get_public_key(host_static_private_key) protocol._send_message( - ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False) + ThpCredentialRequest( + host_static_public_key=host_static_public_key, autoconnect=False + ) ) credential_response = protocol._read_message(ThpCredentialResponse) @@ -317,7 +321,9 @@ def test_autoconnect_credential_request_cancel(client: Client) -> None: client=client, host_static_randomness=randomness_static, credential=credential ) protocol._send_message( - ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=True) + ThpCredentialRequest( + host_static_public_key=host_static_public_key, autoconnect=True + ) ) button_req = protocol._read_message(ButtonRequest) assert button_req.name == "thp_connection_request" @@ -337,10 +343,12 @@ def test_credential_phase(client: Client) -> None: # Request credential with confirmation after pairing randomness_static = os.urandom(32) - host_static_privkey = curve25519.get_private_key(randomness_static) - host_static_pubkey = curve25519.get_public_key(host_static_privkey) + host_static_private_key = curve25519.get_private_key(randomness_static) + host_static_public_key = curve25519.get_public_key(host_static_private_key) protocol._send_message( - ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False) + ThpCredentialRequest( + host_static_public_key=host_static_public_key, autoconnect=False + ) ) credential_response = protocol._read_message(ThpCredentialResponse) @@ -374,7 +382,9 @@ def test_credential_phase(client: Client) -> None: protocol._do_channel_allocation() protocol._do_handshake(credential, randomness_static) protocol._send_message( - ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=True) + ThpCredentialRequest( + host_static_public_key=host_static_public_key, autoconnect=True + ) ) # Connection confirmation dialog is shown. (Channel replacement is not triggered.) button_req = protocol._read_message(ButtonRequest) @@ -432,10 +442,12 @@ def test_credential_request_in_encrypted_transport_phase(client: Client) -> None _nfc_pairing(client, protocol) # Request credential with confirmation after pairing - host_static_privkey = curve25519.get_private_key(randomness_static) - host_static_pubkey = curve25519.get_public_key(host_static_privkey) + host_static_private_key = curve25519.get_private_key(randomness_static) + host_static_public_key = curve25519.get_public_key(host_static_private_key) protocol._send_message( - ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False) + ThpCredentialRequest( + host_static_public_key=host_static_public_key, autoconnect=False + ) ) credential_response = protocol._read_message(ThpCredentialResponse) @@ -448,7 +460,7 @@ def test_credential_request_in_encrypted_transport_phase(client: Client) -> None session.call( ThpCredentialRequest( - host_static_pubkey=host_static_pubkey, + host_static_public_key=host_static_public_key, autoconnect=True, credential=credential, ), @@ -462,10 +474,10 @@ def test_channel_replacement(client: Client) -> None: host_static_randomness = os.urandom(32) host_static_randomness_2 = os.urandom(32) - host_static_privkey = curve25519.get_private_key(host_static_randomness) - host_static_privkey_2 = curve25519.get_private_key(host_static_randomness_2) + host_static_private_key = curve25519.get_private_key(host_static_randomness) + host_static_private_key_2 = curve25519.get_private_key(host_static_randomness_2) - assert host_static_privkey != host_static_privkey_2 + assert host_static_private_key != host_static_private_key_2 client.protocol = get_encrypted_transport_protocol(client, host_static_randomness) @@ -476,7 +488,7 @@ def test_channel_replacement(client: Client) -> None: address_2 = get_test_address(session_2) assert address != address_2 - # create new channel using the same host_static_privkey + # create new channel using the same host_static_private_key client.protocol = get_encrypted_transport_protocol(client, host_static_randomness) session_3 = client.get_session(passphrase="OKIDOKI") address_3 = get_test_address(session_3) @@ -488,7 +500,7 @@ def test_channel_replacement(client: Client) -> None: new_address_3 = get_test_address(session_3) assert address_3 == new_address_3 - # create new channel using different host_static_privkey + # create new channel using different host_static_private_key client.protocol = get_encrypted_transport_protocol(client, host_static_randomness_2) with pytest.raises(exceptions.TrezorFailure) as e_1: _ = get_test_address(session)