[draft] THP

ci/build.yml

@@ -307,6 +307,7 @@ core unix frozen debug build:
   needs: []
   variables:
     PYOPT: "0"
+    THP: "1"
   script:
     - $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
   artifacts:

common/protob/messages-common.proto

@@ -39,6 +39,8 @@ message Failure {
         Failure_PinMismatch = 12;
         Failure_WipeCodeMismatch = 13;
         Failure_InvalidSession = 14;
+        Failure_ThpUnallocatedSession=15;
+        Failure_InvalidProtocol=16;
         Failure_FirmwareError = 99;
     }
 }

common/protob/messages-debug.proto

@@ -51,7 +51,7 @@ message DebugLinkDecision {
 
     optional uint32 x = 4;                             // touch X coordinate
     optional uint32 y = 5;                             // touch Y coordinate
-    optional bool wait = 6;                            // wait for layout change
+    optional bool wait = 6 [deprecated=true];          // wait for layout change
     optional uint32 hold_ms = 7;                       // touch hold duration
     optional DebugPhysicalButton physical_button = 8;  // physical button press
 }
@@ -61,6 +61,7 @@ message DebugLinkDecision {
  * @end
  */
 message DebugLinkLayout {
+    option deprecated = true;
     repeated string tokens = 1;
 }
 
@@ -89,9 +90,28 @@ message DebugLinkRecordScreen {
  * @next DebugLinkState
  */
 message DebugLinkGetState {
-    optional bool wait_word_list = 1;  // Trezor T only - wait until mnemonic words are shown
-    optional bool wait_word_pos = 2;   // Trezor T only - wait until reset word position is requested
-    optional bool wait_layout = 3;     // wait until current layout changes
+    /// Wait behavior of the call.
+    enum DebugWaitType {
+        /// Respond immediately. If no layout is currently displayed, the layout
+        /// response will be empty.
+        IMMEDIATE = 0;
+        /// Wait for next layout. If a layout is displayed, waits for it to change.
+        /// If no layout is displayed, waits for one to come up.
+        NEXT_LAYOUT = 1;
+        /// Return current layout. If no layout is currently displayed, waits for
+        /// one to come up.
+        CURRENT_LAYOUT = 2;
+    }
+
+    // Trezor T < 2.6.0 only - wait until mnemonic words are shown
+    optional bool wait_word_list = 1 [deprecated=true];
+    // Trezor T < 2.6.0 only - wait until reset word position is requested
+    optional bool wait_word_pos = 2  [deprecated=true];
+    // trezor-core only - wait until current layout changes
+    // changed in 2.6.4: multiple wait types instead of true/false.
+    optional DebugWaitType wait_layout = 3 [default=IMMEDIATE];
+
+    optional bytes thp_channel_id=4;  // THP only - used to get information from particular channel
 }
 
 /**
@@ -112,6 +132,9 @@ message DebugLinkState {
     optional uint32 reset_word_pos = 11;                    // index of mnemonic word the device is expecting during ResetDevice workflow
     optional management.BackupType mnemonic_type = 12;      // current mnemonic type (BIP-39/SLIP-39)
     repeated string tokens = 13;                            // current layout represented as a list of string tokens
+    optional uint32 thp_pairing_code_entry_code = 14;
+    optional bytes thp_pairing_code_qr_code = 15;
+    optional bytes thp_pairing_code_nfc_unidirectional = 16;
 }
 
 /**
@@ -192,6 +215,7 @@ message DebugLinkEraseSdCard {
  * @next Success
  */
 message DebugLinkWatchLayout {
+    option deprecated = true;
     optional bool watch = 1;  // if true, start watching layout.
                               // if false, stop.
 }
@@ -203,6 +227,7 @@ message DebugLinkWatchLayout {
  * @next Success
  */
 message DebugLinkResetDebugEvents {
+    option deprecated = true;
 }
 
 

common/protob/messages-thp.proto

@@ -9,6 +9,189 @@ option (include_in_bitcoin_only) = true;
 
 import "messages.proto";
 
+/**
+ * Numeric identifiers of pairing methods.
+ * @embed
+ */
+enum ThpPairingMethod {
+    NoMethod = 1;             // Trust without MITM protection.
+    CodeEntry = 2;            // User types code diplayed on Trezor into the host application.
+    QrCode = 3;               // User scans code displayed on Trezor into host application.
+    NFC_Unidirectional = 4;   // Trezor transmits an authentication key to the host device via NFC.
+}
+
+/**
+ * @embed
+ */
+message ThpDeviceProperties {
+    optional string internal_model = 1;               // Internal model name e.g. "T2B1".
+    optional uint32 model_variant = 2;                // Encodes the device properties such as color.
+    optional bool bootloader_mode = 3;                // Indicates whether the device is in bootloader or firmware mode.
+    optional uint32 protocol_version = 4;             // The communication protocol version supported by the firmware.
+    repeated ThpPairingMethod pairing_methods = 5;    // The pairing methods supported by the Trezor.
+}
+
+/**
+ * @embed
+ */
+message ThpHandshakeCompletionReqNoisePayload {
+    optional bytes host_pairing_credential = 1;       // Host's pairing credential
+    repeated ThpPairingMethod pairing_methods = 2;    // The pairing methods chosen by the host
+}
+
+/**
+ * Request: Ask device for a new session with given passphrase.
+ * @start
+ * @next ThpNewSession
+ */
+message ThpCreateNewSession{
+    optional string passphrase = 1;
+    optional bool on_device = 2;       // User wants to enter passphrase on the device
+    optional bool derive_cardano = 3;  // If True, Cardano keys will be derived. Ignored with BTC-only
+}
+
+/**
+ * Response: Contains session_id of the newly created session.
+ * @end
+ */
+message ThpNewSession{
+    optional uint32 new_session_id = 1;
+}
+
+/**
+ * Request: Start pairing process.
+ * @start
+ * @next ThpCodeEntryCommitment
+ * @next ThpPairingPreparationsFinished
+ */
+message ThpStartPairingRequest{
+    optional string host_name = 1;      // Human-readable host name
+}
+
+/**
+ * Response: Pairing is ready for user input / OOB communication.
+ * @next ThpCodeEntryCpace
+ * @next ThpQrCodeTag
+ * @next ThpNfcUnidirectionalTag
+ */
+ message ThpPairingPreparationsFinished{
+}
+
+/**
+ * Response: If Code Entry is an allowed pairing option, Trezor responds with a commitment.
+ * @next ThpCodeEntryChallenge
+ */
+message ThpCodeEntryCommitment {
+    optional bytes commitment = 1;     // SHA-256 of Trezor's random 32-byte secret
+}
+
+/**
+ * Response: Host responds to Trezor's Code Entry commitment with a challenge.
+ * @next ThpPairingPreparationsFinished
+ */
+message ThpCodeEntryChallenge {
+    optional bytes challenge = 1;      // host's random 32-byte challenge
+}
+
+/**
+ * Request: User selected Code Entry option in Host. Host starts CPACE protocol with Trezor.
+ * @next ThpCodeEntryCpaceTrezor
+ */
+message ThpCodeEntryCpaceHost {
+    optional bytes cpace_host_public_key = 1;    // Host's ephemeral CPace public key
+}
+
+/**
+ * Response: Trezor continues with the CPACE protocol.
+ * @next ThpCodeEntryTag
+ */
+message ThpCodeEntryCpaceTrezor {
+    optional bytes cpace_trezor_public_key = 1;  // Trezor's ephemeral CPace public key
+}
+
+/**
+ * Response: Host continues with the CPACE protocol.
+ * @next ThpCodeEntrySecret
+ */
+message ThpCodeEntryTag {
+    optional bytes tag = 2;       // SHA-256 of shared secret
+}
+
+/**
+ * Response: Trezor finishes the CPACE protocol.
+ * @next ThpCredentialRequest
+ * @next ThpEndRequest
+ */
+message ThpCodeEntrySecret {
+    optional bytes secret = 1;    // Trezor's secret
+}
+
+/**
+ * Request: User selected QR Code pairing option. Host sends a QR Tag.
+ * @next ThpQrCodeSecret
+ */
+message ThpQrCodeTag {
+    optional bytes tag = 1;       // SHA-256 of shared secret
+}
+
+/**
+ * Response: Trezor sends the QR secret.
+ * @next ThpCredentialRequest
+ * @next ThpEndRequest
+ */
+message ThpQrCodeSecret {
+    optional bytes secret = 1;    // Trezor's secret
+}
+
+/**
+ * Request: User selected Unidirectional NFC pairing option. Host sends an Unidirectional NFC Tag.
+ * @next ThpNfcUnidirectionalSecret
+ */
+message ThpNfcUnidirectionalTag {
+    optional bytes tag = 1;       // SHA-256 of shared secret
+}
+
+/**
+ * Response: Trezor sends the Unidirectioal NFC secret.
+ * @next ThpCredentialRequest
+ * @next ThpEndRequest
+ */
+message ThpNfcUnidirectionalSecret {
+    optional bytes secret = 1;    // Trezor's secret
+}
+
+/**
+ * Request: Host requests issuance of a new pairing credential.
+ * @start
+ * @next ThpCredentialResponse
+ */
+message ThpCredentialRequest {
+    optional bytes host_static_pubkey = 1;       // Host's static public key used in the handshake.
+}
+
+/**
+ * Response: Trezor issues a new pairing credential.
+ * @next ThpCredentialRequest
+ * @next ThpEndRequest
+ */
+message ThpCredentialResponse {
+    optional bytes trezor_static_pubkey = 1;     // Trezor's static public key used in the handshake.
+    optional bytes credential = 2;               // The pairing credential issued by the Trezor to the host.
+}
+
+/**
+ * Request: Host requests transition to the encrypted traffic phase.
+ * @start
+ * @next ThpEndResponse
+ */
+message ThpEndRequest {}
+
+/**
+ * Response: Trezor approves transition to the encrypted traffic phase
+ * @end
+ */
+message ThpEndResponse {}
+
 /**
  * Only for internal use.
  * @embed

common/protob/messages.proto

@@ -42,6 +42,10 @@ extend google.protobuf.EnumValueOptions {
     optional bool wire_tiny = 50006;            // message is handled by Trezor when the USB stack is in tiny mode
     optional bool wire_bootloader = 50007;      // message is only handled by Trezor Bootloader
     optional bool wire_no_fsm = 50008;          // message is not handled by Trezor unless the USB stack is in tiny mode
+    optional bool channel_in = 50009;
+    optional bool channel_out = 50010;
+    optional bool pairing_in = 50011;
+    optional bool pairing_out = 50012;
 
     optional bool bitcoin_only = 60000;         // enum value is available on BITCOIN_ONLY build
                                                 // (messages not marked bitcoin_only will be EXCLUDED)
@@ -376,4 +380,26 @@ enum MessageType {
     MessageType_SolanaAddress = 903 [(wire_out) = true];
     MessageType_SolanaSignTx = 904 [(wire_in) = true];
     MessageType_SolanaTxSignature = 905 [(wire_out) = true];
+
+    // THP
+    MessageType_ThpCreateNewSession = 1000[(bitcoin_only)=true, (channel_in) = true];
+    MessageType_ThpNewSession = 1001[(bitcoin_only)=true, (channel_out) = true];
+    MessageType_ThpStartPairingRequest = 1008 [(bitcoin_only) = true, (pairing_in) = true];
+    MessageType_ThpPairingPreparationsFinished = 1009 [(bitcoin_only) = true, (pairing_out) = true];
+    MessageType_ThpCredentialRequest = 1010 [(bitcoin_only) = true, (pairing_in) = true];
+    MessageType_ThpCredentialResponse = 1011 [(bitcoin_only) = true, (pairing_out) = true];
+    MessageType_ThpEndRequest = 1012 [(bitcoin_only) = true, (pairing_in) = true];
+    MessageType_ThpEndResponse = 1013[(bitcoin_only) = true, (pairing_out) = true];
+    MessageType_ThpCodeEntryCommitment = 1016[(bitcoin_only)=true, (pairing_out) = true];
+    MessageType_ThpCodeEntryChallenge = 1017[(bitcoin_only)=true, (pairing_in) = true];
+    MessageType_ThpCodeEntryCpaceHost = 1018[(bitcoin_only)=true, (pairing_in) = true];
+    MessageType_ThpCodeEntryCpaceTrezor = 1019[(bitcoin_only)=true, (pairing_out) = true];
+    MessageType_ThpCodeEntryTag = 1020[(bitcoin_only)=true, (pairing_in) = true];
+    MessageType_ThpCodeEntrySecret = 1021[(bitcoin_only)=true, (pairing_out) = true];
+    MessageType_ThpQrCodeTag = 1024[(bitcoin_only)=true, (pairing_in) = true];
+    MessageType_ThpQrCodeSecret = 1025[(bitcoin_only)=true, (pairing_out) = true];
+    MessageType_ThpNfcUnidirectionalTag = 1032[(bitcoin_only)=true, (pairing_in) = true];
+    MessageType_ThpNfcUnidirectionalSecret = 1033[(bitcoin_only)=true, (pairing_in) = true];
 }
+
+

common/protob/pb2py

@@ -558,6 +558,8 @@ class RustBlobRenderer:
         enums = []
         cursor = 0
         for enum in sorted(self.descriptor.enums, key=lambda e: e.name):
+            if enum.name == "MessageType":
+                continue
             self.enum_map[enum.name] = cursor
             enum_blob = ENUM_ENTRY.build(sorted(v.number for v in enum.value))
             enums.append(enum_blob)

core/.changelog.d/2299.changed

@@ -0,0 +1 @@
+Improve UI synchronization, ordering, and responsiveness (Global Layout project).

core/.changelog.d/3633.changed

@@ -0,0 +1 @@
+Improved device responsiveness by removing unnecessary screen refreshes.

core/Makefile

@@ -127,6 +127,7 @@ TREZOR_FIDO2_UDP_PORT = 21326
 RUST_TARGET=$(shell rustc -vV | sed -n 's/host: //p')
 
 MULTICORE ?= "auto"
+RANDOM=$(shell python -c 'import random; print(random.randint(0, 1000000))')
 
 ## help commands:
 
@@ -162,7 +163,7 @@ test_emu: ## run selected device tests from python-trezor
 
 test_emu_multicore: ## run device tests using multiple cores
 	$(PYTEST) -n $(MULTICORE) $(TESTPATH)/device_tests $(TESTOPTS) --timeout $(PYTEST_TIMEOUT) \
-		--control-emulators --model=core --random-order-seed=$(shell echo $$RANDOM) \
+		--control-emulators --model=core --random-order-seed=$(RANDOM) \
 		--lang=$(TEST_LANG)
 
 test_emu_monero: ## run selected monero device tests from monero-agent
@@ -198,7 +199,7 @@ test_emu_ui: ## run ui integration tests
 test_emu_ui_multicore: ## run ui integration tests using multiple cores
 	$(PYTEST) -n $(MULTICORE) $(TESTPATH)/device_tests $(TESTOPTS) --timeout $(PYTEST_TIMEOUT) \
 		--ui=test --ui-check-missing --record-text-layout --do-master-diff \
-		--control-emulators --model=core --random-order-seed=$(shell echo $$RANDOM) \
+		--control-emulators --model=core --random-order-seed=$(RANDOM) \
 		--lang=$(TEST_LANG)
 
 test_emu_ui_record: ## record and hash screens for ui integration tests
@@ -297,14 +298,20 @@ build_unix: templates ## build unix port
 	$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) \
 		TREZOR_MODEL="$(TREZOR_MODEL)" CMAKELISTS="$(CMAKELISTS)" THP="$(THP)" \
 		PYOPT="0" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)" \
-		NEW_RENDERING="$(NEW_RENDERING)"
+		NEW_RENDERING="$(NEW_RENDERING)" TREZOR_MEMPERF="$(TREZOR_MEMPERF)"
 
 build_unix_frozen: templates build_cross ## build unix port with frozen modules
 	$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) \
-		TREZOR_MODEL="$(TREZOR_MODEL)" CMAKELISTS="$(CMAKELISTS)" \
+		TREZOR_MODEL="$(TREZOR_MODEL)" CMAKELISTS="$(CMAKELISTS)" THP="$(THP)"\
 		PYOPT="$(PYOPT)" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)" \
 		TREZOR_MEMPERF="$(TREZOR_MEMPERF)" TREZOR_EMULATOR_FROZEN=1 NEW_RENDERING="$(NEW_RENDERING)"
 
+build_unix_frozen_debug: templates build_cross ## build unix port with frozen modules and DEBUG (PYOPT="0")
+	$(SCONS) CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) \
+		TREZOR_MODEL="$(TREZOR_MODEL)" CMAKELISTS="$(CMAKELISTS)" THP="$(THP)"\
+		PYOPT="0" BITCOIN_ONLY="$(BITCOIN_ONLY)" TREZOR_EMULATOR_ASAN="$(ADDRESS_SANITIZER)" \
+		TREZOR_MEMPERF="$(TREZOR_MEMPERF)" TREZOR_EMULATOR_FROZEN=1
+
 build_unix_debug: templates ## build unix port
 	$(SCONS) --max-drift=1 CFLAGS="$(CFLAGS)" $(UNIX_BUILD_DIR)/trezor-emu-core $(UNIX_PORT_OPTS) \
 		TREZOR_MODEL="$(TREZOR_MODEL)" CMAKELISTS="$(CMAKELISTS)" \