fix: use public_key instead of pubkey in THP

common/protob/messages-thp.proto

@@ -208,7 +208,7 @@ message ThpNfcTagTrezor {
  * @next ThpCredentialResponse
  */
 message ThpCredentialRequest {
-    required bytes host_static_pubkey = 1;         // Host's static public key identifying the credential.
+    required bytes host_static_public_key = 1;         // Host's static public key identifying the credential.
     optional bool autoconnect = 2 [default=false]; // Whether host wants to autoconnect without user confirmation
     optional bytes credential = 3;                 // Host's previous credential
 }
@@ -219,7 +219,7 @@ message ThpCredentialRequest {
  * @next ThpEndRequest
  */
 message ThpCredentialResponse {
-    required bytes trezor_static_pubkey = 1;     // Trezor's static public key used in the handshake.
+    required bytes trezor_static_public_key = 1;     // Trezor's static public key used in the handshake.
     required bytes credential = 2;               // The pairing credential issued by the Trezor to the host.
 }
 
@@ -262,6 +262,6 @@ message ThpEndResponse {}
  */
  message ThpAuthenticatedCredentialData {
     option (internal_only) = true;
-    required bytes host_static_pubkey = 1;            // Host's static public key used in the handshake
+    required bytes host_static_public_key = 1;            // Host's static public key used in the handshake
     required ThpCredentialMetadata cred_metadata = 2; // Credential metadata
 }

core/src/apps/base.py

@@ -303,10 +303,10 @@ if utils.USE_THP:
         # Assert that context `ctx` is `GenericSessionContext`
         assert isinstance(ctx, GenericSessionContext)
 
-        # Check that request contains a host static pubkey
+        # Check that request contains a host static public_key
-        if message.host_static_pubkey is None:
+        if message.host_static_public_key is None:
             return _get_autoconnect_failure(
-                "Credential request must contain a host static pubkey."
+                "Credential request must contain a host static public_key."
             )
 
         # Check that request contains valid credential
@@ -315,7 +315,7 @@ if utils.USE_THP:
                 "Credential request must contain a previously issued pairing credential."
             )
         credential = decode_credential(message.credential)
-        if not validate_credential(credential, message.host_static_pubkey):
+        if not validate_credential(credential, message.host_static_public_key):
             return _get_autoconnect_failure(
                 "Credential request contains an invalid pairing credential."
             )
@@ -335,13 +335,13 @@ if utils.USE_THP:
                 ctx, cred_metadata.host_name
             )
         new_cred = issue_credential(
-            host_static_pubkey=message.host_static_pubkey,
+            host_static_public_key=message.host_static_public_key,
             credential_metadata=cred_metadata,
         )
-        trezor_static_pubkey = crypto.get_trezor_static_pubkey()
+        trezor_static_public_key = crypto.get_trezor_static_public_key()
 
         return ThpCredentialResponse(
-            trezor_static_pubkey=trezor_static_pubkey, credential=new_cred
+            trezor_static_public_key=trezor_static_public_key, credential=new_cred
         )
 
     def _get_autoconnect_failure(msg: str) -> Failure:

core/src/apps/thp/credential_manager.py

@@ -44,7 +44,7 @@ def invalidate_cred_auth_key() -> None:
 
 
 def issue_credential(
-    host_static_pubkey: bytes,
+    host_static_public_key: bytes,
     credential_metadata: ThpCredentialMetadata,
 ) -> bytes:
     """
@@ -53,7 +53,7 @@ def issue_credential(
     """
     cred_auth_key = derive_cred_auth_key()
     proto_msg = ThpAuthenticatedCredentialData(
-        host_static_pubkey=host_static_pubkey,
+        host_static_public_key=host_static_public_key,
         cred_metadata=credential_metadata,
     )
     authenticated_credential_data = _encode_message_into_new_buffer(proto_msg)
@@ -78,14 +78,14 @@ def decode_credential(
 
 def validate_credential(
     credential: ThpPairingCredential,
-    host_static_pubkey: bytes,
+    host_static_public_key: bytes,
 ) -> bool:
     """
     Validate a pairing credential binded to the provided host static public key.
     """
     cred_auth_key = derive_cred_auth_key()
     proto_msg = ThpAuthenticatedCredentialData(
-        host_static_pubkey=host_static_pubkey,
+        host_static_public_key=host_static_public_key,
         cred_metadata=credential.cred_metadata,
     )
     authenticated_credential_data = _encode_message_into_new_buffer(proto_msg)
@@ -95,14 +95,14 @@ def validate_credential(
 
 def decode_and_validate_credential(
     encoded_pairing_credential_message: bytes,
-    host_static_pubkey: bytes,
+    host_static_public_key: bytes,
 ) -> bool:
     """
     Decode a protobuf encoded pairing credential and validate it
     binded to the provided host static public key.
     """
     credential = decode_credential(encoded_pairing_credential_message)
-    return validate_credential(credential, host_static_pubkey)
+    return validate_credential(credential, host_static_public_key)
 
 
 def is_credential_autoconnect(credential: ThpPairingCredential) -> bool:

core/src/apps/thp/pairing.py

@@ -407,7 +407,7 @@ async def _handle_credential_request(
 
     if not ThpCredentialRequest.is_type_of(message):
         raise UnexpectedMessage("Unexpected message")
-    if message.host_static_pubkey is None:
+    if message.host_static_public_key is None:
         raise Exception("Invalid message")  # TODO change failure type
 
     autoconnect: bool = False
@@ -422,12 +422,13 @@ async def _handle_credential_request(
 
         from .credential_manager import validate_credential
 
-        host_static_pubkey = ctx.channel_ctx.channel_cache.get(
+        host_static_public_key = ctx.channel_ctx.channel_cache.get(
             CHANNEL_HOST_STATIC_PUBKEY
         )
 
-        if not host_static_pubkey or not validate_credential(
+        if not host_static_public_key or not validate_credential(
-            credential=ctx.channel_ctx.credential, host_static_pubkey=host_static_pubkey
+            credential=ctx.channel_ctx.credential,
+            host_static_public_key=host_static_public_key,
         ):
             raise Exception(
                 "Cannot ask for autoconnect credential without a valid credential!"
@@ -435,16 +436,16 @@ async def _handle_credential_request(
 
         await ctx.show_autoconnect_credential_confirmation_screen()  # TODO add device name
 
-    trezor_static_pubkey = crypto.get_trezor_static_pubkey()
+    trezor_static_public_key = crypto.get_trezor_static_public_key()
     credential_metadata = ThpCredentialMetadata(
         host_name=ctx.host_name,
         autoconnect=autoconnect,
     )
-    credential = issue_credential(message.host_static_pubkey, credential_metadata)
+    credential = issue_credential(message.host_static_public_key, credential_metadata)
 
     return await ctx.call_any(
         ThpCredentialResponse(
-            trezor_static_pubkey=trezor_static_pubkey, credential=credential
+            trezor_static_public_key=trezor_static_public_key, credential=credential
         ),
         ThpMessageType.ThpCredentialRequest,
         ThpMessageType.ThpEndRequest,
@@ -461,7 +462,7 @@ async def _handle_end_request(
 
 
 async def _end_pairing(ctx: PairingContext) -> ThpEndResponse:
-    ctx.channel_ctx.replace_old_channels_with_the_same_host_pubkey()
+    ctx.channel_ctx.replace_old_channels_with_the_same_host_public_key()
     ctx.channel_ctx.set_channel_state(ChannelState.ENCRYPTED_TRANSPORT)
     return ThpEndResponse()
 

core/src/storage/cache_thp.py

@@ -75,7 +75,7 @@ class ChannelCache(ThpDataCache):
     def sync(self, value: int) -> None:
         self.set_int(CHANNEL_SYNC, value)
 
-    def set_host_static_pubkey(self, key: bytearray) -> None:
+    def set_host_static_public_key(self, key: bytearray) -> None:
         if len(key) != KEY_LENGTH:
             raise Exception("Invalid key length")
         self.set(CHANNEL_HOST_STATIC_PUBKEY, key)

core/src/trezor/messages.py

@@ -6430,14 +6430,14 @@ if TYPE_CHECKING:
             return isinstance(msg, cls)
 
     class ThpCredentialRequest(protobuf.MessageType):
-        host_static_pubkey: "bytes"
+        host_static_public_key: "bytes"
         autoconnect: "bool"
         credential: "bytes | None"
 
         def __init__(
             self,
             *,
-            host_static_pubkey: "bytes",
+            host_static_public_key: "bytes",
             autoconnect: "bool | None" = None,
             credential: "bytes | None" = None,
         ) -> None:
@@ -6448,13 +6448,13 @@ if TYPE_CHECKING:
             return isinstance(msg, cls)
 
     class ThpCredentialResponse(protobuf.MessageType):
-        trezor_static_pubkey: "bytes"
+        trezor_static_public_key: "bytes"
         credential: "bytes"
 
         def __init__(
             self,
             *,
-            trezor_static_pubkey: "bytes",
+            trezor_static_public_key: "bytes",
             credential: "bytes",
         ) -> None:
             pass
@@ -6508,13 +6508,13 @@ if TYPE_CHECKING:
             return isinstance(msg, cls)
 
     class ThpAuthenticatedCredentialData(protobuf.MessageType):
-        host_static_pubkey: "bytes"
+        host_static_public_key: "bytes"
         cred_metadata: "ThpCredentialMetadata"
 
         def __init__(
             self,
             *,
-            host_static_pubkey: "bytes",
+            host_static_public_key: "bytes",
             cred_metadata: "ThpCredentialMetadata",
         ) -> None:
             pass

core/src/trezor/wire/thp/channel.py

@@ -122,7 +122,7 @@ class Channel:
         if __debug__:
             self._log("set_channel_state: ", state_to_str(state))
 
-    def replace_old_channels_with_the_same_host_pubkey(self) -> None:
+    def replace_old_channels_with_the_same_host_public_key(self) -> None:
         was_any_replaced = conditionally_replace_channel(
             new_channel=self.channel_cache,
             required_state=ChannelState.ENCRYPTED_TRANSPORT,

core/src/trezor/wire/thp/crypto.py

@@ -81,7 +81,7 @@ class Handshake:
     """
 
     def __init__(self) -> None:
-        self.trezor_ephemeral_privkey: bytes
+        self.trezor_ephemeral_private_key: bytes
         self.ck: bytes
         self.k: bytes
         self.h: bytes
@@ -91,24 +91,30 @@ class Handshake:
     def handle_th1_crypto(
         self,
         device_properties: bytes,
-        host_ephemeral_pubkey: bytes,
+        host_ephemeral_public_key: bytes,
     ) -> tuple[bytes, bytes, bytes]:
 
-        trezor_static_privkey, trezor_static_pubkey = _derive_static_key_pair()
+        trezor_static_private_key, trezor_static_public_key = _derive_static_key_pair()
-        self.trezor_ephemeral_privkey = curve25519.generate_secret()
+        self.trezor_ephemeral_private_key = curve25519.generate_secret()
-        trezor_ephemeral_pubkey = curve25519.publickey(self.trezor_ephemeral_privkey)
+        trezor_ephemeral_public_key = curve25519.publickey(
+            self.trezor_ephemeral_private_key
+        )
         self.h = _hash_of_two(PROTOCOL_NAME, device_properties)
-        self.h = _hash_of_two(self.h, host_ephemeral_pubkey)
+        self.h = _hash_of_two(self.h, host_ephemeral_public_key)
         self.h = _hash_of_two(self.h, b"")
-        self.h = _hash_of_two(self.h, trezor_ephemeral_pubkey)
+        self.h = _hash_of_two(self.h, trezor_ephemeral_public_key)
         point = curve25519.multiply(
-            self.trezor_ephemeral_privkey, host_ephemeral_pubkey
+            self.trezor_ephemeral_private_key, host_ephemeral_public_key
         )
         self.ck, self.k = _hkdf(PROTOCOL_NAME, point)
-        mask = _hash_of_two(trezor_static_pubkey, trezor_ephemeral_pubkey)
+        mask = _hash_of_two(trezor_static_public_key, trezor_ephemeral_public_key)
-        trezor_masked_static_pubkey = curve25519.multiply(mask, trezor_static_pubkey)
+        trezor_masked_static_public_key = curve25519.multiply(
+            mask, trezor_static_public_key
+        )
         aes_ctx = aesgcm(self.k, IV_1)
-        encrypted_trezor_static_pubkey = aes_ctx.encrypt(trezor_masked_static_pubkey)
+        encrypted_trezor_static_public_key = aes_ctx.encrypt(
+            trezor_masked_static_public_key
+        )
         if __debug__:
             log.debug(
                 __name__,
@@ -120,46 +126,54 @@ class Handshake:
 
         aes_ctx.auth(self.h)
         tag_to_encrypted_key = aes_ctx.finish()
-        encrypted_trezor_static_pubkey = (
+        encrypted_trezor_static_public_key = (
-            encrypted_trezor_static_pubkey + tag_to_encrypted_key
+            encrypted_trezor_static_public_key + tag_to_encrypted_key
+        )
+        self.h = _hash_of_two(self.h, encrypted_trezor_static_public_key)
+        point = curve25519.multiply(
+            trezor_static_private_key, host_ephemeral_public_key
         )
-        self.h = _hash_of_two(self.h, encrypted_trezor_static_pubkey)
-        point = curve25519.multiply(trezor_static_privkey, host_ephemeral_pubkey)
         self.ck, self.k = _hkdf(self.ck, curve25519.multiply(mask, point))
         aes_ctx = aesgcm(self.k, IV_1)
         aes_ctx.auth(self.h)
         tag = aes_ctx.finish()
         self.h = _hash_of_two(self.h, tag)
-        return (trezor_ephemeral_pubkey, encrypted_trezor_static_pubkey, tag)
+        return (trezor_ephemeral_public_key, encrypted_trezor_static_public_key, tag)
 
     def handle_th2_crypto(
         self,
-        encrypted_host_static_pubkey: utils.BufferType,
+        encrypted_host_static_public_key: utils.BufferType,
         encrypted_payload: utils.BufferType,
     ) -> None:
 
         aes_ctx = aesgcm(self.k, IV_2)
 
-        # The new value of hash `h` MUST be computed before the `encrypted_host_static_pubkey` is decrypted.
+        # The new value of hash `h` MUST be computed before the `encrypted_host_static_public_key` is decrypted.
-        # However, decryption of `encrypted_host_static_pubkey` MUST use the previous value of `h` for
+        # However, decryption of `encrypted_host_static_public_key` MUST use the previous value of `h` for
         # authentication of the gcm tag.
         aes_ctx.auth(self.h)  # Authenticate with the previous value of `h`
-        self.h = _hash_of_two(self.h, encrypted_host_static_pubkey)  # Compute new value
+        self.h = _hash_of_two(
+            self.h, encrypted_host_static_public_key
+        )  # Compute new value
         aes_ctx.decrypt_in_place(
-            memoryview(encrypted_host_static_pubkey)[:PUBKEY_LENGTH]
+            memoryview(encrypted_host_static_public_key)[:PUBKEY_LENGTH]
         )
         if __debug__:
             log.debug(
                 __name__, "th2 - dec (key: %s, nonce: %d)", hexlify_if_bytes(self.k), 1
             )
-        host_static_pubkey = memoryview(encrypted_host_static_pubkey)[:PUBKEY_LENGTH]
+        host_static_public_key = memoryview(encrypted_host_static_public_key)[
+            :PUBKEY_LENGTH
+        ]
         tag = aes_ctx.finish()
-        if tag != encrypted_host_static_pubkey[-16:]:
+        if tag != encrypted_host_static_public_key[-16:]:
             raise ThpDecryptionError()
 
         self.ck, self.k = _hkdf(
             self.ck,
-            curve25519.multiply(self.trezor_ephemeral_privkey, host_static_pubkey),
+            curve25519.multiply(
+                self.trezor_ephemeral_private_key, host_static_public_key
+            ),
         )
         aes_ctx = aesgcm(self.k, IV_1)
         aes_ctx.auth(self.h)
@@ -194,17 +208,17 @@ def _derive_static_key_pair() -> tuple[bytes, bytes]:
     node = bip32.from_seed(device.get_device_secret(), "curve25519")
     node.derive(node_int)
 
-    trezor_static_privkey = node.private_key()
+    trezor_static_private_key = node.private_key()
-    trezor_static_pubkey = node.public_key()[1:33]
+    trezor_static_public_key = node.public_key()[1:33]
     # Note: the first byte (\x01) of the public key is removed, as it
     # only indicates the type of the elliptic curve used
 
-    return trezor_static_privkey, trezor_static_pubkey
+    return trezor_static_private_key, trezor_static_public_key
 
 
-def get_trezor_static_pubkey() -> bytes:
+def get_trezor_static_public_key() -> bytes:
-    _, pubkey = _derive_static_key_pair()
+    _, public_key = _derive_static_key_pair()
-    return pubkey
+    return public_key
 
 
 def _hkdf(chaining_key: bytes, input: bytes) -> tuple[bytes, bytes]:

core/src/trezor/wire/thp/received_message_handler.py

@@ -254,31 +254,31 @@ def _handle_state_TH1(
     # if buffer is BufferError:
     # pass  # TODO buffer is gone :/
 
-    host_ephemeral_pubkey = bytearray(
+    host_ephemeral_public_key = bytearray(
         buffer[INIT_HEADER_LENGTH : message_length - CHECKSUM_LENGTH]
     )
-    trezor_ephemeral_pubkey, encrypted_trezor_static_pubkey, tag = (
+    trezor_ephemeral_public_key, encrypted_trezor_static_public_key, tag = (
         ctx.handshake.handle_th1_crypto(
-            get_encoded_device_properties(ctx.iface), host_ephemeral_pubkey
+            get_encoded_device_properties(ctx.iface), host_ephemeral_public_key
         )
     )
 
     if __debug__:
         log.debug(
             __name__,
-            "trezor ephemeral pubkey: %s",
+            "trezor ephemeral public key: %s",
-            hexlify_if_bytes(trezor_ephemeral_pubkey),
+            hexlify_if_bytes(trezor_ephemeral_public_key),
             iface=ctx.iface,
         )
         log.debug(
             __name__,
-            "encrypted trezor masked static pubkey: %s",
+            "encrypted trezor masked static public key: %s",
-            hexlify_if_bytes(encrypted_trezor_static_pubkey),
+            hexlify_if_bytes(encrypted_trezor_static_public_key),
             iface=ctx.iface,
         )
         log.debug(__name__, "tag: %s", hexlify_if_bytes(tag), iface=ctx.iface)
 
-    payload = trezor_ephemeral_pubkey + encrypted_trezor_static_pubkey + tag
+    payload = trezor_ephemeral_public_key + encrypted_trezor_static_public_key + tag
 
     # send handshake init response message
     ctx.write_handshake_message(HANDSHAKE_INIT_RES, payload)
@@ -305,7 +305,7 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None
     buffer = memory_manager.get_existing_read_buffer(ctx.get_channel_id_int())
     # if buffer is BufferError:
     # pass  # TODO handle
-    host_encrypted_static_pubkey = buffer[
+    host_encrypted_static_public_key = buffer[
         INIT_HEADER_LENGTH : INIT_HEADER_LENGTH + KEY_LENGTH + TAG_LENGTH
     ]
     handshake_completion_request_noise_payload = buffer[
@@ -313,7 +313,7 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None
     ]
 
     ctx.handshake.handle_th2_crypto(
-        host_encrypted_static_pubkey, handshake_completion_request_noise_payload
+        host_encrypted_static_public_key, handshake_completion_request_noise_payload
     )
 
     ctx.channel_cache.set(CHANNEL_KEY_RECEIVE, ctx.handshake.key_receive)
@@ -339,15 +339,15 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None
     if __debug__:
         log.debug(
             __name__,
-            "host static pubkey: %s, noise payload: %s",
+            "host static public key: %s, noise payload: %s",
-            utils.hexlify_if_bytes(host_encrypted_static_pubkey),
+            utils.hexlify_if_bytes(host_encrypted_static_public_key),
             utils.hexlify_if_bytes(handshake_completion_request_noise_payload),
             iface=ctx.iface,
         )
 
     # key is decoded in handshake._handle_th2_crypto
-    host_static_pubkey = host_encrypted_static_pubkey[:PUBKEY_LENGTH]
+    host_static_public_key = host_encrypted_static_public_key[:PUBKEY_LENGTH]
-    ctx.channel_cache.set_host_static_pubkey(bytearray(host_static_pubkey))
+    ctx.channel_cache.set_host_static_public_key(bytearray(host_static_public_key))
 
     paired: bool = False
     trezor_state = _TREZOR_STATE_UNPAIRED
@@ -357,7 +357,7 @@ def _handle_state_TH2(ctx: Channel, message_length: int, ctrl_byte: int) -> None
             credential = decode_credential(noise_payload.host_pairing_credential)
             paired = validate_credential(
                 credential,
-                host_static_pubkey,
+                host_static_public_key,
             )
             if paired:
                 trezor_state = _TREZOR_STATE_PAIRED

core/tests/test_apps.thp.credential_manager.py

@@ -7,9 +7,9 @@ if utils.USE_THP:
 
     from apps.thp import credential_manager
 
-    def _issue_credential(host_name: str, host_static_pubkey: bytes) -> bytes:
+    def _issue_credential(host_name: str, host_static_public_key: bytes) -> bytes:
         metadata = ThpCredentialMetadata(host_name=host_name)
-        return credential_manager.issue_credential(host_static_pubkey, metadata)
+        return credential_manager.issue_credential(host_static_public_key, metadata)
 
     def _dummy_log(name: str, msg: str, *args):
         pass

core/tests/test_trezor.wire.thp.crypto.py

@@ -117,19 +117,19 @@ class TestTrezorHostProtocolCrypto(unittest.TestCase):
         storage.device.get_device_secret = get_dummy_device_secret
         handshake = self.handshake
 
-        host_ephemeral_privkey = curve25519.generate_secret()
+        host_ephemeral_private_key = curve25519.generate_secret()
-        host_ephemeral_pubkey = curve25519.publickey(host_ephemeral_privkey)
+        host_ephemeral_public_key = curve25519.publickey(host_ephemeral_private_key)
-        handshake.handle_th1_crypto(b"", host_ephemeral_pubkey)
+        handshake.handle_th1_crypto(b"", host_ephemeral_public_key)
 
     def test_th2_crypto(self):
         handshake = self.handshake
 
-        host_static_privkey = curve25519.generate_secret()
+        host_static_private_key = curve25519.generate_secret()
-        host_static_pubkey = curve25519.publickey(host_static_privkey)
+        host_static_public_key = curve25519.publickey(host_static_private_key)
         aes_ctx = aesgcm(handshake.k, IV_2)
         aes_ctx.auth(handshake.h)
-        encrypted_host_static_pubkey = bytearray(
+        encrypted_host_static_public_key = bytearray(
-            aes_ctx.encrypt(host_static_pubkey) + aes_ctx.finish()
+            aes_ctx.encrypt(host_static_public_key) + aes_ctx.finish()
         )
 
         # Code to encrypt Host's noise encrypted payload correctly:
@@ -137,10 +137,12 @@ class TestTrezorHostProtocolCrypto(unittest.TestCase):
         temp_k = handshake.k
         temp_h = handshake.h
 
-        temp_h = crypto._hash_of_two(temp_h, encrypted_host_static_pubkey)
+        temp_h = crypto._hash_of_two(temp_h, encrypted_host_static_public_key)
         _, temp_k = crypto._hkdf(
             handshake.ck,
-            curve25519.multiply(handshake.trezor_ephemeral_privkey, host_static_pubkey),
+            curve25519.multiply(
+                handshake.trezor_ephemeral_private_key, host_static_public_key
+            ),
         )
         aes_ctx = aesgcm(temp_k, IV_1)
         aes_ctx.encrypt_in_place(protomsg)
@@ -149,7 +151,7 @@ class TestTrezorHostProtocolCrypto(unittest.TestCase):
         encrypted_payload = bytearray(protomsg + tag)
         # end of encrypted payload generation
 
-        handshake.handle_th2_crypto(encrypted_host_static_pubkey, encrypted_payload)
+        handshake.handle_th2_crypto(encrypted_host_static_public_key, encrypted_payload)
         self.assertEqual(encrypted_payload[:4], b"\x10\x02\x10\x03")
 
 

core/tests/test_trezor.wire.thp.py

@@ -361,8 +361,8 @@ class TestTrezorHostProtocol(unittest.TestCase):
         user_message = Message(ThpMessageType.ThpCodeEntryTag, buffer)
         self.interface.mock_read(user_message, gen)
 
-        host_static_pubkey = b"\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77"
+        host_static_public_key = b"\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77\x00\x11\x22\x33\x44\x55\x66\x77"
-        msg = ThpCredentialRequest(host_static_pubkey=host_static_pubkey)
+        msg = ThpCredentialRequest(host_static_public_key=host_static_public_key)
         buffer: bytearray = bytearray(protobuf.encoded_length(msg))
         protobuf.encode(buffer, msg)
         credential_request = Message(ThpMessageType.ThpCredentialRequest, buffer)

python/src/trezorlib/messages.py

@@ -8162,7 +8162,7 @@ class ThpNfcTagTrezor(protobuf.MessageType):
 class ThpCredentialRequest(protobuf.MessageType):
     MESSAGE_WIRE_TYPE = 1010
     FIELDS = {
-        1: protobuf.Field("host_static_pubkey", "bytes", repeated=False, required=True),
+        1: protobuf.Field("host_static_public_key", "bytes", repeated=False, required=True),
         2: protobuf.Field("autoconnect", "bool", repeated=False, required=False, default=False),
         3: protobuf.Field("credential", "bytes", repeated=False, required=False, default=None),
     }
@@ -8170,11 +8170,11 @@ class ThpCredentialRequest(protobuf.MessageType):
     def __init__(
         self,
         *,
-        host_static_pubkey: "bytes",
+        host_static_public_key: "bytes",
         autoconnect: Optional["bool"] = False,
         credential: Optional["bytes"] = None,
     ) -> None:
-        self.host_static_pubkey = host_static_pubkey
+        self.host_static_public_key = host_static_public_key
         self.autoconnect = autoconnect
         self.credential = credential
 
@@ -8182,17 +8182,17 @@ class ThpCredentialRequest(protobuf.MessageType):
 class ThpCredentialResponse(protobuf.MessageType):
     MESSAGE_WIRE_TYPE = 1011
     FIELDS = {
-        1: protobuf.Field("trezor_static_pubkey", "bytes", repeated=False, required=True),
+        1: protobuf.Field("trezor_static_public_key", "bytes", repeated=False, required=True),
         2: protobuf.Field("credential", "bytes", repeated=False, required=True),
     }
 
     def __init__(
         self,
         *,
-        trezor_static_pubkey: "bytes",
+        trezor_static_public_key: "bytes",
         credential: "bytes",
     ) -> None:
-        self.trezor_static_pubkey = trezor_static_pubkey
+        self.trezor_static_public_key = trezor_static_public_key
         self.credential = credential
 
 
@@ -8241,17 +8241,17 @@ class ThpPairingCredential(protobuf.MessageType):
 class ThpAuthenticatedCredentialData(protobuf.MessageType):
     MESSAGE_WIRE_TYPE = None
     FIELDS = {
-        1: protobuf.Field("host_static_pubkey", "bytes", repeated=False, required=True),
+        1: protobuf.Field("host_static_public_key", "bytes", repeated=False, required=True),
         2: protobuf.Field("cred_metadata", "ThpCredentialMetadata", repeated=False, required=True),
     }
 
     def __init__(
         self,
         *,
-        host_static_pubkey: "bytes",
+        host_static_public_key: "bytes",
         cred_metadata: "ThpCredentialMetadata",
     ) -> None:
-        self.host_static_pubkey = host_static_pubkey
+        self.host_static_public_key = host_static_public_key
         self.cred_metadata = cred_metadata
 
 

rust/trezor-client/src/protos/generated/messages_thp.rs

@@ -2734,8 +2734,8 @@ impl ::protobuf::reflect::ProtobufValue for ThpNfcTagTrezor {
 #[derive(PartialEq,Clone,Default,Debug)]
 pub struct ThpCredentialRequest {
     // message fields
-    // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.host_static_pubkey)
+    // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.host_static_public_key)
-    pub host_static_pubkey: ::std::option::Option<::std::vec::Vec<u8>>,
+    pub host_static_public_key: ::std::option::Option<::std::vec::Vec<u8>>,
     // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.autoconnect)
     pub autoconnect: ::std::option::Option<bool>,
     // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialRequest.credential)
@@ -2756,40 +2756,40 @@ impl ThpCredentialRequest {
         ::std::default::Default::default()
     }
 
-    // required bytes host_static_pubkey = 1;
+    // required bytes host_static_public_key = 1;
 
-    pub fn host_static_pubkey(&self) -> &[u8] {
+    pub fn host_static_public_key(&self) -> &[u8] {
-        match self.host_static_pubkey.as_ref() {
+        match self.host_static_public_key.as_ref() {
             Some(v) => v,
             None => &[],
         }
     }
 
-    pub fn clear_host_static_pubkey(&mut self) {
+    pub fn clear_host_static_public_key(&mut self) {
-        self.host_static_pubkey = ::std::option::Option::None;
+        self.host_static_public_key = ::std::option::Option::None;
     }
 
-    pub fn has_host_static_pubkey(&self) -> bool {
+    pub fn has_host_static_public_key(&self) -> bool {
-        self.host_static_pubkey.is_some()
+        self.host_static_public_key.is_some()
     }
 
     // Param is passed by value, moved
-    pub fn set_host_static_pubkey(&mut self, v: ::std::vec::Vec<u8>) {
+    pub fn set_host_static_public_key(&mut self, v: ::std::vec::Vec<u8>) {
-        self.host_static_pubkey = ::std::option::Option::Some(v);
+        self.host_static_public_key = ::std::option::Option::Some(v);
     }
 
     // Mutable pointer to the field.
     // If field is not initialized, it is initialized with default value first.
-    pub fn mut_host_static_pubkey(&mut self) -> &mut ::std::vec::Vec<u8> {
+    pub fn mut_host_static_public_key(&mut self) -> &mut ::std::vec::Vec<u8> {
-        if self.host_static_pubkey.is_none() {
+        if self.host_static_public_key.is_none() {
-            self.host_static_pubkey = ::std::option::Option::Some(::std::vec::Vec::new());
+            self.host_static_public_key = ::std::option::Option::Some(::std::vec::Vec::new());
         }
-        self.host_static_pubkey.as_mut().unwrap()
+        self.host_static_public_key.as_mut().unwrap()
     }
 
     // Take field
-    pub fn take_host_static_pubkey(&mut self) -> ::std::vec::Vec<u8> {
+    pub fn take_host_static_public_key(&mut self) -> ::std::vec::Vec<u8> {
-        self.host_static_pubkey.take().unwrap_or_else(|| ::std::vec::Vec::new())
+        self.host_static_public_key.take().unwrap_or_else(|| ::std::vec::Vec::new())
     }
 
     // optional bool autoconnect = 2;
@@ -2851,9 +2851,9 @@ impl ThpCredentialRequest {
         let mut fields = ::std::vec::Vec::with_capacity(3);
         let mut oneofs = ::std::vec::Vec::with_capacity(0);
         fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
-            "host_static_pubkey",
+            "host_static_public_key",
-            |m: &ThpCredentialRequest| { &m.host_static_pubkey },
+            |m: &ThpCredentialRequest| { &m.host_static_public_key },
-            |m: &mut ThpCredentialRequest| { &mut m.host_static_pubkey },
+            |m: &mut ThpCredentialRequest| { &mut m.host_static_public_key },
         ));
         fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
             "autoconnect",
@@ -2877,7 +2877,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
     const NAME: &'static str = "ThpCredentialRequest";
 
     fn is_initialized(&self) -> bool {
-        if self.host_static_pubkey.is_none() {
+        if self.host_static_public_key.is_none() {
             return false;
         }
         true
@@ -2887,7 +2887,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
         while let Some(tag) = is.read_raw_tag_or_eof()? {
             match tag {
                 10 => {
-                    self.host_static_pubkey = ::std::option::Option::Some(is.read_bytes()?);
+                    self.host_static_public_key = ::std::option::Option::Some(is.read_bytes()?);
                 },
                 16 => {
                     self.autoconnect = ::std::option::Option::Some(is.read_bool()?);
@@ -2907,7 +2907,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
     #[allow(unused_variables)]
     fn compute_size(&self) -> u64 {
         let mut my_size = 0;
-        if let Some(v) = self.host_static_pubkey.as_ref() {
+        if let Some(v) = self.host_static_public_key.as_ref() {
             my_size += ::protobuf::rt::bytes_size(1, &v);
         }
         if let Some(v) = self.autoconnect {
@@ -2922,7 +2922,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
     }
 
     fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> {
-        if let Some(v) = self.host_static_pubkey.as_ref() {
+        if let Some(v) = self.host_static_public_key.as_ref() {
             os.write_bytes(1, v)?;
         }
         if let Some(v) = self.autoconnect {
@@ -2948,7 +2948,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
     }
 
     fn clear(&mut self) {
-        self.host_static_pubkey = ::std::option::Option::None;
+        self.host_static_public_key = ::std::option::Option::None;
         self.autoconnect = ::std::option::Option::None;
         self.credential = ::std::option::Option::None;
         self.special_fields.clear();
@@ -2956,7 +2956,7 @@ impl ::protobuf::Message for ThpCredentialRequest {
 
     fn default_instance() -> &'static ThpCredentialRequest {
         static instance: ThpCredentialRequest = ThpCredentialRequest {
-            host_static_pubkey: ::std::option::Option::None,
+            host_static_public_key: ::std::option::Option::None,
             autoconnect: ::std::option::Option::None,
             credential: ::std::option::Option::None,
             special_fields: ::protobuf::SpecialFields::new(),
@@ -2986,8 +2986,8 @@ impl ::protobuf::reflect::ProtobufValue for ThpCredentialRequest {
 #[derive(PartialEq,Clone,Default,Debug)]
 pub struct ThpCredentialResponse {
     // message fields
-    // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialResponse.trezor_static_pubkey)
+    // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialResponse.trezor_static_public_key)
-    pub trezor_static_pubkey: ::std::option::Option<::std::vec::Vec<u8>>,
+    pub trezor_static_public_key: ::std::option::Option<::std::vec::Vec<u8>>,
     // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpCredentialResponse.credential)
     pub credential: ::std::option::Option<::std::vec::Vec<u8>>,
     // special fields
@@ -3006,40 +3006,40 @@ impl ThpCredentialResponse {
         ::std::default::Default::default()
     }
 
-    // required bytes trezor_static_pubkey = 1;
+    // required bytes trezor_static_public_key = 1;
 
-    pub fn trezor_static_pubkey(&self) -> &[u8] {
+    pub fn trezor_static_public_key(&self) -> &[u8] {
-        match self.trezor_static_pubkey.as_ref() {
+        match self.trezor_static_public_key.as_ref() {
             Some(v) => v,
             None => &[],
         }
     }
 
-    pub fn clear_trezor_static_pubkey(&mut self) {
+    pub fn clear_trezor_static_public_key(&mut self) {
-        self.trezor_static_pubkey = ::std::option::Option::None;
+        self.trezor_static_public_key = ::std::option::Option::None;
     }
 
-    pub fn has_trezor_static_pubkey(&self) -> bool {
+    pub fn has_trezor_static_public_key(&self) -> bool {
-        self.trezor_static_pubkey.is_some()
+        self.trezor_static_public_key.is_some()
     }
 
     // Param is passed by value, moved
-    pub fn set_trezor_static_pubkey(&mut self, v: ::std::vec::Vec<u8>) {
+    pub fn set_trezor_static_public_key(&mut self, v: ::std::vec::Vec<u8>) {
-        self.trezor_static_pubkey = ::std::option::Option::Some(v);
+        self.trezor_static_public_key = ::std::option::Option::Some(v);
     }
 
     // Mutable pointer to the field.
     // If field is not initialized, it is initialized with default value first.
-    pub fn mut_trezor_static_pubkey(&mut self) -> &mut ::std::vec::Vec<u8> {
+    pub fn mut_trezor_static_public_key(&mut self) -> &mut ::std::vec::Vec<u8> {
-        if self.trezor_static_pubkey.is_none() {
+        if self.trezor_static_public_key.is_none() {
-            self.trezor_static_pubkey = ::std::option::Option::Some(::std::vec::Vec::new());
+            self.trezor_static_public_key = ::std::option::Option::Some(::std::vec::Vec::new());
         }
-        self.trezor_static_pubkey.as_mut().unwrap()
+        self.trezor_static_public_key.as_mut().unwrap()
     }
 
     // Take field
-    pub fn take_trezor_static_pubkey(&mut self) -> ::std::vec::Vec<u8> {
+    pub fn take_trezor_static_public_key(&mut self) -> ::std::vec::Vec<u8> {
-        self.trezor_static_pubkey.take().unwrap_or_else(|| ::std::vec::Vec::new())
+        self.trezor_static_public_key.take().unwrap_or_else(|| ::std::vec::Vec::new())
     }
 
     // required bytes credential = 2;
@@ -3082,9 +3082,9 @@ impl ThpCredentialResponse {
         let mut fields = ::std::vec::Vec::with_capacity(2);
         let mut oneofs = ::std::vec::Vec::with_capacity(0);
         fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
-            "trezor_static_pubkey",
+            "trezor_static_public_key",
-            |m: &ThpCredentialResponse| { &m.trezor_static_pubkey },
+            |m: &ThpCredentialResponse| { &m.trezor_static_public_key },
-            |m: &mut ThpCredentialResponse| { &mut m.trezor_static_pubkey },
+            |m: &mut ThpCredentialResponse| { &mut m.trezor_static_public_key },
         ));
         fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
             "credential",
@@ -3103,7 +3103,7 @@ impl ::protobuf::Message for ThpCredentialResponse {
     const NAME: &'static str = "ThpCredentialResponse";
 
     fn is_initialized(&self) -> bool {
-        if self.trezor_static_pubkey.is_none() {
+        if self.trezor_static_public_key.is_none() {
             return false;
         }
         if self.credential.is_none() {
@@ -3116,7 +3116,7 @@ impl ::protobuf::Message for ThpCredentialResponse {
         while let Some(tag) = is.read_raw_tag_or_eof()? {
             match tag {
                 10 => {
-                    self.trezor_static_pubkey = ::std::option::Option::Some(is.read_bytes()?);
+                    self.trezor_static_public_key = ::std::option::Option::Some(is.read_bytes()?);
                 },
                 18 => {
                     self.credential = ::std::option::Option::Some(is.read_bytes()?);
@@ -3133,7 +3133,7 @@ impl ::protobuf::Message for ThpCredentialResponse {
     #[allow(unused_variables)]
     fn compute_size(&self) -> u64 {
         let mut my_size = 0;
-        if let Some(v) = self.trezor_static_pubkey.as_ref() {
+        if let Some(v) = self.trezor_static_public_key.as_ref() {
             my_size += ::protobuf::rt::bytes_size(1, &v);
         }
         if let Some(v) = self.credential.as_ref() {
@@ -3145,7 +3145,7 @@ impl ::protobuf::Message for ThpCredentialResponse {
     }
 
     fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> {
-        if let Some(v) = self.trezor_static_pubkey.as_ref() {
+        if let Some(v) = self.trezor_static_public_key.as_ref() {
             os.write_bytes(1, v)?;
         }
         if let Some(v) = self.credential.as_ref() {
@@ -3168,14 +3168,14 @@ impl ::protobuf::Message for ThpCredentialResponse {
     }
 
     fn clear(&mut self) {
-        self.trezor_static_pubkey = ::std::option::Option::None;
+        self.trezor_static_public_key = ::std::option::Option::None;
         self.credential = ::std::option::Option::None;
         self.special_fields.clear();
     }
 
     fn default_instance() -> &'static ThpCredentialResponse {
         static instance: ThpCredentialResponse = ThpCredentialResponse {
-            trezor_static_pubkey: ::std::option::Option::None,
+            trezor_static_public_key: ::std::option::Option::None,
             credential: ::std::option::Option::None,
             special_fields: ::protobuf::SpecialFields::new(),
         };
@@ -3793,8 +3793,8 @@ impl ::protobuf::reflect::ProtobufValue for ThpPairingCredential {
 #[derive(PartialEq,Clone,Default,Debug)]
 pub struct ThpAuthenticatedCredentialData {
     // message fields
-    // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpAuthenticatedCredentialData.host_static_pubkey)
+    // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpAuthenticatedCredentialData.host_static_public_key)
-    pub host_static_pubkey: ::std::option::Option<::std::vec::Vec<u8>>,
+    pub host_static_public_key: ::std::option::Option<::std::vec::Vec<u8>>,
     // @@protoc_insertion_point(field:hw.trezor.messages.thp.ThpAuthenticatedCredentialData.cred_metadata)
     pub cred_metadata: ::protobuf::MessageField<ThpCredentialMetadata>,
     // special fields
@@ -3813,49 +3813,49 @@ impl ThpAuthenticatedCredentialData {
         ::std::default::Default::default()
     }
 
-    // required bytes host_static_pubkey = 1;
+    // required bytes host_static_public_key = 1;
 
-    pub fn host_static_pubkey(&self) -> &[u8] {
+    pub fn host_static_public_key(&self) -> &[u8] {
-        match self.host_static_pubkey.as_ref() {
+        match self.host_static_public_key.as_ref() {
             Some(v) => v,
             None => &[],
         }
     }
 
-    pub fn clear_host_static_pubkey(&mut self) {
+    pub fn clear_host_static_public_key(&mut self) {
-        self.host_static_pubkey = ::std::option::Option::None;
+        self.host_static_public_key = ::std::option::Option::None;
     }
 
-    pub fn has_host_static_pubkey(&self) -> bool {
+    pub fn has_host_static_public_key(&self) -> bool {
-        self.host_static_pubkey.is_some()
+        self.host_static_public_key.is_some()
     }
 
     // Param is passed by value, moved
-    pub fn set_host_static_pubkey(&mut self, v: ::std::vec::Vec<u8>) {
+    pub fn set_host_static_public_key(&mut self, v: ::std::vec::Vec<u8>) {
-        self.host_static_pubkey = ::std::option::Option::Some(v);
+        self.host_static_public_key = ::std::option::Option::Some(v);
     }
 
     // Mutable pointer to the field.
     // If field is not initialized, it is initialized with default value first.
-    pub fn mut_host_static_pubkey(&mut self) -> &mut ::std::vec::Vec<u8> {
+    pub fn mut_host_static_public_key(&mut self) -> &mut ::std::vec::Vec<u8> {
-        if self.host_static_pubkey.is_none() {
+        if self.host_static_public_key.is_none() {
-            self.host_static_pubkey = ::std::option::Option::Some(::std::vec::Vec::new());
+            self.host_static_public_key = ::std::option::Option::Some(::std::vec::Vec::new());
         }
-        self.host_static_pubkey.as_mut().unwrap()
+        self.host_static_public_key.as_mut().unwrap()
     }
 
     // Take field
-    pub fn take_host_static_pubkey(&mut self) -> ::std::vec::Vec<u8> {
+    pub fn take_host_static_public_key(&mut self) -> ::std::vec::Vec<u8> {
-        self.host_static_pubkey.take().unwrap_or_else(|| ::std::vec::Vec::new())
+        self.host_static_public_key.take().unwrap_or_else(|| ::std::vec::Vec::new())
     }
 
     fn generated_message_descriptor_data() -> ::protobuf::reflect::GeneratedMessageDescriptorData {
         let mut fields = ::std::vec::Vec::with_capacity(2);
         let mut oneofs = ::std::vec::Vec::with_capacity(0);
         fields.push(::protobuf::reflect::rt::v2::make_option_accessor::<_, _>(
-            "host_static_pubkey",
+            "host_static_public_key",
-            |m: &ThpAuthenticatedCredentialData| { &m.host_static_pubkey },
+            |m: &ThpAuthenticatedCredentialData| { &m.host_static_public_key },
-            |m: &mut ThpAuthenticatedCredentialData| { &mut m.host_static_pubkey },
+            |m: &mut ThpAuthenticatedCredentialData| { &mut m.host_static_public_key },
         ));
         fields.push(::protobuf::reflect::rt::v2::make_message_field_accessor::<_, ThpCredentialMetadata>(
             "cred_metadata",
@@ -3874,7 +3874,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
     const NAME: &'static str = "ThpAuthenticatedCredentialData";
 
     fn is_initialized(&self) -> bool {
-        if self.host_static_pubkey.is_none() {
+        if self.host_static_public_key.is_none() {
             return false;
         }
         if self.cred_metadata.is_none() {
@@ -3892,7 +3892,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
         while let Some(tag) = is.read_raw_tag_or_eof()? {
             match tag {
                 10 => {
-                    self.host_static_pubkey = ::std::option::Option::Some(is.read_bytes()?);
+                    self.host_static_public_key = ::std::option::Option::Some(is.read_bytes()?);
                 },
                 18 => {
                     ::protobuf::rt::read_singular_message_into_field(is, &mut self.cred_metadata)?;
@@ -3909,7 +3909,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
     #[allow(unused_variables)]
     fn compute_size(&self) -> u64 {
         let mut my_size = 0;
-        if let Some(v) = self.host_static_pubkey.as_ref() {
+        if let Some(v) = self.host_static_public_key.as_ref() {
             my_size += ::protobuf::rt::bytes_size(1, &v);
         }
         if let Some(v) = self.cred_metadata.as_ref() {
@@ -3922,7 +3922,7 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
     }
 
     fn write_to_with_cached_sizes(&self, os: &mut ::protobuf::CodedOutputStream<'_>) -> ::protobuf::Result<()> {
-        if let Some(v) = self.host_static_pubkey.as_ref() {
+        if let Some(v) = self.host_static_public_key.as_ref() {
             os.write_bytes(1, v)?;
         }
         if let Some(v) = self.cred_metadata.as_ref() {
@@ -3945,14 +3945,14 @@ impl ::protobuf::Message for ThpAuthenticatedCredentialData {
     }
 
     fn clear(&mut self) {
-        self.host_static_pubkey = ::std::option::Option::None;
+        self.host_static_public_key = ::std::option::Option::None;
         self.cred_metadata.clear();
         self.special_fields.clear();
     }
 
     fn default_instance() -> &'static ThpAuthenticatedCredentialData {
         static instance: ThpAuthenticatedCredentialData = ThpAuthenticatedCredentialData {
-            host_static_pubkey: ::std::option::Option::None,
+            host_static_public_key: ::std::option::Option::None,
             cred_metadata: ::protobuf::MessageField::none(),
             special_fields: ::protobuf::SpecialFields::new(),
         };
@@ -4251,44 +4251,44 @@ static file_descriptor_proto_data: &'static [u8] = b"\
     \x01\x20\x02(\x0cR\x03tag\")\n\x0fThpQrCodeSecret\x12\x16\n\x06secret\
     \x18\x01\x20\x02(\x0cR\x06secret\"!\n\rThpNfcTagHost\x12\x10\n\x03tag\
     \x18\x01\x20\x02(\x0cR\x03tag\"#\n\x0fThpNfcTagTrezor\x12\x10\n\x03tag\
-    \x18\x01\x20\x02(\x0cR\x03tag\"\x8d\x01\n\x14ThpCredentialRequest\x12,\n\
+    \x18\x01\x20\x02(\x0cR\x03tag\"\x94\x01\n\x14ThpCredentialRequest\x123\n\
-    \x12host_static_pubkey\x18\x01\x20\x02(\x0cR\x10hostStaticPubkey\x12'\n\
+    \x16host_static_public_key\x18\x01\x20\x02(\x0cR\x13hostStaticPublicKey\
-    \x0bautoconnect\x18\x02\x20\x01(\x08:\x05falseR\x0bautoconnect\x12\x1e\n\
+    \x12'\n\x0bautoconnect\x18\x02\x20\x01(\x08:\x05falseR\x0bautoconnect\
-    \ncredential\x18\x03\x20\x01(\x0cR\ncredential\"i\n\x15ThpCredentialResp\
+    \x12\x1e\n\ncredential\x18\x03\x20\x01(\x0cR\ncredential\"p\n\x15ThpCred\
-    onse\x120\n\x14trezor_static_pubkey\x18\x01\x20\x02(\x0cR\x12trezorStati\
+    entialResponse\x127\n\x18trezor_static_public_key\x18\x01\x20\x02(\x0cR\
-    cPubkey\x12\x1e\n\ncredential\x18\x02\x20\x02(\x0cR\ncredential\"\x0f\n\
+    \x15trezorStaticPublicKey\x12\x1e\n\ncredential\x18\x02\x20\x02(\x0cR\nc\
-    \rThpEndRequest\"\x10\n\x0eThpEndResponse\"\\\n\x15ThpCredentialMetadata\
+    redential\"\x0f\n\rThpEndRequest\"\x10\n\x0eThpEndResponse\"\\\n\x15ThpC\
-    \x12\x1b\n\thost_name\x18\x01\x20\x01(\tR\x08hostName\x12\x20\n\x0bautoc\
+    redentialMetadata\x12\x1b\n\thost_name\x18\x01\x20\x01(\tR\x08hostName\
-    onnect\x18\x02\x20\x01(\x08R\x0bautoconnect:\x04\x98\xb2\x19\x01\"\x82\
+    \x12\x20\n\x0bautoconnect\x18\x02\x20\x01(\x08R\x0bautoconnect:\x04\x98\
-    \x01\n\x14ThpPairingCredential\x12R\n\rcred_metadata\x18\x01\x20\x02(\
+    \xb2\x19\x01\"\x82\x01\n\x14ThpPairingCredential\x12R\n\rcred_metadata\
-    \x0b2-.hw.trezor.messages.thp.ThpCredentialMetadataR\x0ccredMetadata\x12\
+    \x18\x01\x20\x02(\x0b2-.hw.trezor.messages.thp.ThpCredentialMetadataR\
-    \x10\n\x03mac\x18\x02\x20\x02(\x0cR\x03mac:\x04\x98\xb2\x19\x01\"\xa8\
+    \x0ccredMetadata\x12\x10\n\x03mac\x18\x02\x20\x02(\x0cR\x03mac:\x04\x98\
-    \x01\n\x1eThpAuthenticatedCredentialData\x12,\n\x12host_static_pubkey\
+    \xb2\x19\x01\"\xaf\x01\n\x1eThpAuthenticatedCredentialData\x123\n\x16hos\
-    \x18\x01\x20\x02(\x0cR\x10hostStaticPubkey\x12R\n\rcred_metadata\x18\x02\
+    t_static_public_key\x18\x01\x20\x02(\x0cR\x13hostStaticPublicKey\x12R\n\
-    \x20\x02(\x0b2-.hw.trezor.messages.thp.ThpCredentialMetadataR\x0ccredMet\
+    \rcred_metadata\x18\x02\x20\x02(\x0b2-.hw.trezor.messages.thp.ThpCredent\
-    adata:\x04\x98\xb2\x19\x01*\xcd\x06\n\x0eThpMessageType\x12\x19\n\x15Thp\
+    ialMetadataR\x0ccredMetadata:\x04\x98\xb2\x19\x01*\xcd\x06\n\x0eThpMessa\
-    MessageType_Cancel\x10\x14\x12\x20\n\x1cThpMessageType_ButtonRequest\x10\
+    geType\x12\x19\n\x15ThpMessageType_Cancel\x10\x14\x12\x20\n\x1cThpMessag\
-    \x1a\x12%\n\x20ThpMessageType_ThpPairingRequest\x10\xee\x07\x12-\n(ThpMe\
+    eType_ButtonRequest\x10\x1a\x12%\n\x20ThpMessageType_ThpPairingRequest\
-    ssageType_ThpPairingRequestApproved\x10\xef\x07\x12#\n\x1eThpMessageType\
+    \x10\xee\x07\x12-\n(ThpMessageType_ThpPairingRequestApproved\x10\xef\x07\
-    _ThpSelectMethod\x10\xf0\x07\x122\n-ThpMessageType_ThpPairingPreparation\
+    \x12#\n\x1eThpMessageType_ThpSelectMethod\x10\xf0\x07\x122\n-ThpMessageT\
-    sFinished\x10\xf1\x07\x12(\n#ThpMessageType_ThpCredentialRequest\x10\xf2\
+    ype_ThpPairingPreparationsFinished\x10\xf1\x07\x12(\n#ThpMessageType_Thp\
-    \x07\x12)\n$ThpMessageType_ThpCredentialResponse\x10\xf3\x07\x12!\n\x1cT\
+    CredentialRequest\x10\xf2\x07\x12)\n$ThpMessageType_ThpCredentialRespons\
-    hpMessageType_ThpEndRequest\x10\xf4\x07\x12\"\n\x1dThpMessageType_ThpEnd\
+    e\x10\xf3\x07\x12!\n\x1cThpMessageType_ThpEndRequest\x10\xf4\x07\x12\"\n\
-    Response\x10\xf5\x07\x12*\n%ThpMessageType_ThpCodeEntryCommitment\x10\
+    \x1dThpMessageType_ThpEndResponse\x10\xf5\x07\x12*\n%ThpMessageType_ThpC\
-    \xf8\x07\x12)\n$ThpMessageType_ThpCodeEntryChallenge\x10\xf9\x07\x12+\n&\
+    odeEntryCommitment\x10\xf8\x07\x12)\n$ThpMessageType_ThpCodeEntryChallen\
-    ThpMessageType_ThpCodeEntryCpaceTrezor\x10\xfa\x07\x12,\n'ThpMessageType\
+    ge\x10\xf9\x07\x12+\n&ThpMessageType_ThpCodeEntryCpaceTrezor\x10\xfa\x07\
-    _ThpCodeEntryCpaceHostTag\x10\xfb\x07\x12&\n!ThpMessageType_ThpCodeEntry\
+    \x12,\n'ThpMessageType_ThpCodeEntryCpaceHostTag\x10\xfb\x07\x12&\n!ThpMe\
-    Secret\x10\xfc\x07\x12\x20\n\x1bThpMessageType_ThpQrCodeTag\x10\x80\x08\
+    ssageType_ThpCodeEntrySecret\x10\xfc\x07\x12\x20\n\x1bThpMessageType_Thp\
-    \x12#\n\x1eThpMessageType_ThpQrCodeSecret\x10\x81\x08\x12!\n\x1cThpMessa\
+    QrCodeTag\x10\x80\x08\x12#\n\x1eThpMessageType_ThpQrCodeSecret\x10\x81\
-    geType_ThpNfcTagHost\x10\x88\x08\x12#\n\x1eThpMessageType_ThpNfcTagTrezo\
+    \x08\x12!\n\x1cThpMessageType_ThpNfcTagHost\x10\x88\x08\x12#\n\x1eThpMes\
-    r\x10\x89\x08\x1a\x04\xd0\xf3\x18\x01\"\x04\x08\0\x10\x13\"\x04\x08\x15\
+    sageType_ThpNfcTagTrezor\x10\x89\x08\x1a\x04\xd0\xf3\x18\x01\"\x04\x08\0\
-    \x10\x19\"\x05\x08\x1b\x10\xe7\x07\"\x06\x08\xe8\x07\x10\xe8\x07\"\x06\
+    \x10\x13\"\x04\x08\x15\x10\x19\"\x05\x08\x1b\x10\xe7\x07\"\x06\x08\xe8\
-    \x08\xe9\x07\x10\xed\x07\"\x06\x08\xf6\x07\x10\xf7\x07\"\x06\x08\xfd\x07\
+    \x07\x10\xe8\x07\"\x06\x08\xe9\x07\x10\xed\x07\"\x06\x08\xf6\x07\x10\xf7\
-    \x10\xff\x07\"\x06\x08\x82\x08\x10\x87\x08\"\t\x08\xcc\x08\x10\xff\xff\
+    \x07\"\x06\x08\xfd\x07\x10\xff\x07\"\x06\x08\x82\x08\x10\x87\x08\"\t\x08\
-    \xff\xff\x07*G\n\x10ThpPairingMethod\x12\x0f\n\x0bSkipPairing\x10\x01\
+    \xcc\x08\x10\xff\xff\xff\xff\x07*G\n\x10ThpPairingMethod\x12\x0f\n\x0bSk\
-    \x12\r\n\tCodeEntry\x10\x02\x12\n\n\x06QrCode\x10\x03\x12\x07\n\x03NFC\
+    ipPairing\x10\x01\x12\r\n\tCodeEntry\x10\x02\x12\n\n\x06QrCode\x10\x03\
-    \x10\x04B;\n#com.satoshilabs.trezor.lib.protobufB\x10TrezorMessageThp\
+    \x12\x07\n\x03NFC\x10\x04B;\n#com.satoshilabs.trezor.lib.protobufB\x10Tr\
-    \x80\xa6\x1d\x01\
+    ezorMessageThp\x80\xa6\x1d\x01\
 ";
 
 /// `FileDescriptorProto` object which was a source for this generated file

tests/device_tests/thp/test_pairing.py

@@ -258,10 +258,12 @@ def test_connection_confirmation_cancel(client: Client) -> None:
 
     # Request credential with confirmation after pairing
     randomness_static = os.urandom(32)
-    host_static_privkey = curve25519.get_private_key(randomness_static)
+    host_static_private_key = curve25519.get_private_key(randomness_static)
-    host_static_pubkey = curve25519.get_public_key(host_static_privkey)
+    host_static_public_key = curve25519.get_public_key(host_static_private_key)
     protocol._send_message(
-        ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False)
+        ThpCredentialRequest(
+            host_static_public_key=host_static_public_key, autoconnect=False
+        )
     )
     credential_response = protocol._read_message(ThpCredentialResponse)
 
@@ -300,10 +302,12 @@ def test_autoconnect_credential_request_cancel(client: Client) -> None:
 
     # Request credential with confirmation after pairing
     randomness_static = os.urandom(32)
-    host_static_privkey = curve25519.get_private_key(randomness_static)
+    host_static_private_key = curve25519.get_private_key(randomness_static)
-    host_static_pubkey = curve25519.get_public_key(host_static_privkey)
+    host_static_public_key = curve25519.get_public_key(host_static_private_key)
     protocol._send_message(
-        ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False)
+        ThpCredentialRequest(
+            host_static_public_key=host_static_public_key, autoconnect=False
+        )
     )
     credential_response = protocol._read_message(ThpCredentialResponse)
 
@@ -317,7 +321,9 @@ def test_autoconnect_credential_request_cancel(client: Client) -> None:
         client=client, host_static_randomness=randomness_static, credential=credential
     )
     protocol._send_message(
-        ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=True)
+        ThpCredentialRequest(
+            host_static_public_key=host_static_public_key, autoconnect=True
+        )
     )
     button_req = protocol._read_message(ButtonRequest)
     assert button_req.name == "thp_connection_request"
@@ -337,10 +343,12 @@ def test_credential_phase(client: Client) -> None:
 
     # Request credential with confirmation after pairing
     randomness_static = os.urandom(32)
-    host_static_privkey = curve25519.get_private_key(randomness_static)
+    host_static_private_key = curve25519.get_private_key(randomness_static)
-    host_static_pubkey = curve25519.get_public_key(host_static_privkey)
+    host_static_public_key = curve25519.get_public_key(host_static_private_key)
     protocol._send_message(
-        ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False)
+        ThpCredentialRequest(
+            host_static_public_key=host_static_public_key, autoconnect=False
+        )
     )
     credential_response = protocol._read_message(ThpCredentialResponse)
 
@@ -374,7 +382,9 @@ def test_credential_phase(client: Client) -> None:
     protocol._do_channel_allocation()
     protocol._do_handshake(credential, randomness_static)
     protocol._send_message(
-        ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=True)
+        ThpCredentialRequest(
+            host_static_public_key=host_static_public_key, autoconnect=True
+        )
     )
     # Connection confirmation dialog is shown. (Channel replacement is not triggered.)
     button_req = protocol._read_message(ButtonRequest)
@@ -432,10 +442,12 @@ def test_credential_request_in_encrypted_transport_phase(client: Client) -> None
     _nfc_pairing(client, protocol)
 
     # Request credential with confirmation after pairing
-    host_static_privkey = curve25519.get_private_key(randomness_static)
+    host_static_private_key = curve25519.get_private_key(randomness_static)
-    host_static_pubkey = curve25519.get_public_key(host_static_privkey)
+    host_static_public_key = curve25519.get_public_key(host_static_private_key)
     protocol._send_message(
-        ThpCredentialRequest(host_static_pubkey=host_static_pubkey, autoconnect=False)
+        ThpCredentialRequest(
+            host_static_public_key=host_static_public_key, autoconnect=False
+        )
     )
     credential_response = protocol._read_message(ThpCredentialResponse)
 
@@ -448,7 +460,7 @@ def test_credential_request_in_encrypted_transport_phase(client: Client) -> None
 
     session.call(
         ThpCredentialRequest(
-            host_static_pubkey=host_static_pubkey,
+            host_static_public_key=host_static_public_key,
             autoconnect=True,
             credential=credential,
         ),
@@ -462,10 +474,10 @@ def test_channel_replacement(client: Client) -> None:
 
     host_static_randomness = os.urandom(32)
     host_static_randomness_2 = os.urandom(32)
-    host_static_privkey = curve25519.get_private_key(host_static_randomness)
+    host_static_private_key = curve25519.get_private_key(host_static_randomness)
-    host_static_privkey_2 = curve25519.get_private_key(host_static_randomness_2)
+    host_static_private_key_2 = curve25519.get_private_key(host_static_randomness_2)
 
-    assert host_static_privkey != host_static_privkey_2
+    assert host_static_private_key != host_static_private_key_2
 
     client.protocol = get_encrypted_transport_protocol(client, host_static_randomness)
 
@@ -476,7 +488,7 @@ def test_channel_replacement(client: Client) -> None:
     address_2 = get_test_address(session_2)
     assert address != address_2
 
-    # create new channel using the same host_static_privkey
+    # create new channel using the same host_static_private_key
     client.protocol = get_encrypted_transport_protocol(client, host_static_randomness)
     session_3 = client.get_session(passphrase="OKIDOKI")
     address_3 = get_test_address(session_3)
@@ -488,7 +500,7 @@ def test_channel_replacement(client: Client) -> None:
     new_address_3 = get_test_address(session_3)
     assert address_3 == new_address_3
 
-    # create new channel using different host_static_privkey
+    # create new channel using different host_static_private_key
     client.protocol = get_encrypted_transport_protocol(client, host_static_randomness_2)
     with pytest.raises(exceptions.TrezorFailure) as e_1:
         _ = get_test_address(session)