Mirrors/trezor-suite
2
0
Fork 0
mirror of https://github.com/trezor/trezor-suite.git synced 2026-03-06 23:39:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: add try_to_unlock to handshake hash

Browse Source
This commit is contained in:
M1nd3r
2025-10-03 11:41:55 +02:00
committed by Marek Polák
parent a8aff3e3f8
commit 64eeb31575
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packages/connect/src/device/thp/handshake.ts
View File

@@ -68,7 +68,7 @@ export const createThpChannel = async (device: Device) => {
// State HH1 and HH2
// TODO: link-to-public-docs
// https://www.notion.so/satoshilabs/THP-Specification-2-1-203dc5260606804192aecaa58fb961ca
export const thpHandshake = async (device: Device) => {
export const thpHandshake = async (device: Device, unlockPin = false) => {
const thpState = device.getThpState();
if (!thpState?.handshakeCredentials) {
throw ERRORS.TypedError('Device_ThpStateMissing');
@@ -84,6 +84,7 @@ export const thpHandshake = async (device: Device) => {
const knownCredentials = (settings?.knownCredentials || []).sort(cre =>
cre.autoconnect ? -1 : 1,
);
const tryToUnlock = unlockPin ? 1 : 0;
// 1. Generate a new ephemeral X25519 key pair (host_ephemeral_privkey, host_ephemeral_pubkey).
const hostEphemeralKeys = protocolThp.getCurve25519KeyPair(randomBytes(32));
@@ -91,7 +92,7 @@ export const thpHandshake = async (device: Device) => {
// 2. Send the message HandshakeInitiationReq(host_ephemeral_pubkey) to the host.
const handshakeInit = await thpCall(device, 'ThpHandshakeInitRequest', {
key: hostEphemeralKeys.publicKey,
tryToUnlock: 0,
tryToUnlock,
});
const { trezorEncryptedStaticPubkey } = handshakeInit.message;
@@ -103,6 +104,7 @@ export const thpHandshake = async (device: Device) => {
hostStaticKeys,
hostEphemeralKeys,
knownCredentials,
tryToUnlock,
protobufEncoder: (name, data) => encodeMessage(device.transport.getMessages(), name, data),
});

6
packages/protocol/src/protocol-thp/crypto/pairing.ts
View File

@@ -56,6 +56,7 @@ export const handleHandshakeInit = ({
knownCredentials,
hostStaticKeys,
hostEphemeralKeys,
tryToUnlock,
protobufEncoder,
}: {
handshakeInitResponse: ThpHandshakeInitResponse;
@@ -63,6 +64,7 @@ export const handleHandshakeInit = ({
knownCredentials: ThpCredentialResponse[];
hostEphemeralKeys: Curve25519KeyPair;
hostStaticKeys: Curve25519KeyPair;
tryToUnlock: 0 | 1;
protobufEncoder: (name: string, data: Record<string, unknown>) => { message: Buffer };
}) => {
if (!thpState.handshakeCredentials) {
@@ -82,8 +84,8 @@ export const handleHandshakeInit = ({
h = handshakeHash;
// 2. Set h = SHA-256(h || host_ephemeral_pubkey).
h = hashOfTwo(h, hostEphemeralKeys.publicKey);
// 3. Set h = SHA-256(h).
h = hashOfTwo(h, Buffer.alloc(0));
// 3. Set h = SHA-256(h || try_to_unlock).
h = hashOfTwo(h, Buffer.from([tryToUnlock]));
// 4. Set h = SHA-256(h || trezor_ephemeral_pubkey).
h = hashOfTwo(h, trezorEphemeralPubkey);
// 5. Set ck, k = HKDF(protocol_name, X25519(host_ephemeral_privkey, trezor_ephemeral_pubkey)).