package hw.trezor.messages.thp

Get desktop application:
View/edit binary Protocol Buffers messages

* Only for internal use. @embed

required bytes host_static_public_key = 1
Host's static public key used in the handshake
required ThpCredentialMetadata cred_metadata = 2
Credential metadata

message ThpCodeEntryChallenge

messages-thp.proto:140

* Response: Host responds to Trezor's Code Entry commitment with a challenge. @next ThpCodeEntryCpaceTrezor

required bytes challenge = 1
Host's random 32-byte challenge

message ThpCodeEntryCommitment

messages-thp.proto:132

* Response: If Code Entry is an allowed pairing option, Trezor responds with a commitment. @next ThpCodeEntryChallenge

required bytes commitment = 1
SHA-256 of Trezor's random 32-byte secret

message ThpCodeEntryCpaceHostTag

messages-thp.proto:156

* Request: User selected Code Entry option in Host. Host starts CPACE protocol with Trezor. @next ThpCodeEntrySecret

required bytes cpace_host_public_key = 1
Host's ephemeral CPace public key
required bytes tag = 2
SHA-256 of shared secret

message ThpCodeEntryCpaceTrezor

messages-thp.proto:148

* Response: Trezor continues with the CPACE protocol. @next ThpCodeEntryCpaceHostTag

required bytes cpace_trezor_public_key = 1
Trezor's ephemeral CPace public key

message ThpCodeEntrySecret

messages-thp.proto:166

* Response: Trezor finishes the CPACE protocol. @next ThpCredentialRequest @next ThpEndRequest

required bytes secret = 1
Trezor's secret

* Request: Ask device for a new session with given passphrase. @start @next Success

optional string passphrase = 1
optional bool on_device = 2
User wants to enter passphrase on the device
optional bool derive_cardano = 3
If True, Cardano keys will be derived. Ignored with BTC-only

* Only for internal use. @embed

Used in: ThpAuthenticatedCredentialData, ThpPairingCredential

required string host_name = 1
Human-readable host name (browser name for web apps)
optional bool autoconnect = 2
Whether host is allowed to autoconnect without user confirmation
required string app_name = 3
Human-readable application name

* Request: Host requests issuance of a new pairing credential. @start @next ThpCredentialResponse

required bytes host_static_public_key = 1
Host's static public key identifying the credential.
optional bool autoconnect = 2
Whether host wants to autoconnect without user confirmation
optional bytes credential = 3
Host's previous credential

* Response: Trezor issues a new pairing credential. @next ThpCredentialRequest @next ThpEndRequest

required bytes trezor_static_public_key = 1
Trezor's static public key used in the handshake.
required bytes credential = 2
The pairing credential issued by the Trezor to the host.

* @embed

required string internal_model = 1
Internal model name, e.g. "T2B1".
optional uint32 model_variant = 2
Encodes the device properties such as color.
required uint32 protocol_version_major = 3
The major version of the communication protocol
required uint32 protocol_version_minor = 4
used by the firmware.
The minor version of the communication protocol
repeated ThpPairingMethod pairing_methods = 5
used by the firmware.
Pairing methods supported by the Trezor.

* Request: Host requests transition to the encrypted traffic phase. @start @next ThpEndResponse

(message has no fields)

* Response: Trezor approves transition to the encrypted traffic phase @end

(message has no fields)

* @embed

optional bytes host_pairing_credential = 1
Host's pairing credential

enum ThpMessageType

messages-thp.proto:16

* Mapping between Trezor wire identifier (uint) and a Thp protobuf message

ThpMessageType_Cancel = 20
ThpMessageType_ButtonRequest = 26
ThpMessageType_ButtonAck = 27
ThpMessageType_ThpPairingRequest = 1008
ThpMessageType_ThpPairingRequestApproved = 1009
ThpMessageType_ThpSelectMethod = 1010
ThpMessageType_ThpPairingPreparationsFinished = 1011
ThpMessageType_ThpCredentialRequest = 1016
ThpMessageType_ThpCredentialResponse = 1017
ThpMessageType_ThpEndRequest = 1018
ThpMessageType_ThpEndResponse = 1019
ThpMessageType_ThpCodeEntryCommitment = 1024
ThpMessageType_ThpCodeEntryChallenge = 1025
ThpMessageType_ThpCodeEntryCpaceTrezor = 1026
ThpMessageType_ThpCodeEntryCpaceHostTag = 1027
ThpMessageType_ThpCodeEntrySecret = 1028
ThpMessageType_ThpQrCodeTag = 1032
ThpMessageType_ThpQrCodeSecret = 1033
ThpMessageType_ThpNfcTagHost = 1040
ThpMessageType_ThpNfcTagTrezor = 1041

* Request: User selected Unidirectional NFC pairing option. Host sends an Unidirectional NFC Tag. @next ThpNfcTagTrezor

required bytes tag = 1
Host's tag

* Response: Trezor sends the Unidirectioal NFC secret. @next ThpCredentialRequest @next ThpEndRequest

required bytes tag = 1
Trezor's tag

* Recent THP paired hosts. Only for internal use. @embed

repeated ThpPairedCache.ThpPairedCacheEntry entries = 1

message ThpPairedCache.ThpPairedCacheEntry

messages-thp.proto:282

* Only for internal use. @embed

Used in: ThpPairedCache

required bytes mac_addr = 1
6-byte MAC address
required string host_name = 2
Human-readable host name (≤32 bytes)
required string app_name = 3
Human-readable application name (≤32 bytes)

* Only for internal use. @embed

required ThpCredentialMetadata cred_metadata = 1
Credential metadata
required bytes mac = 2
Message authentication code generated by the Trezor

* Numeric identifiers of pairing methods. @embed

Used in: ThpDeviceProperties, ThpSelectMethod

SkipPairing = 1
Trust without MITM protection.
CodeEntry = 2
User rewrites code displayed on Trezor into the host application.
QrCode = 3
User scans QR-code displayed on Trezor into the host application.
NFC = 4
Trezor and host application exchange authentication secrets via NFC.

* Response: Pairing is ready for user input / OOB communication. @next ThpCodeEntryCpace @next ThpQrCodeTag @next ThpNfcTagHost

(message has no fields)

* Request: Start pairing process. @start @next ThpPairingRequestApproved

required string host_name = 1
Human-readable host name (browser name for web apps)
required string app_name = 2
Human-readable application name

* Response: Host is allowed to start pairing process. @start @next ThpSelectMethod

(message has no fields)

* Response: Trezor sends the QR secret. @next ThpCredentialRequest @next ThpEndRequest

required bytes secret = 1
Trezor's secret

* Request: User selected QR Code pairing option. Host sends a QR Tag. @next ThpQrCodeSecret

required bytes tag = 1
SHA-256 of shared secret

* Request: Start pairing using the method selected. @start @next ThpPairingPreparationsFinished @next ThpCodeEntryCommitment

required ThpPairingMethod selected_pairing_method = 1

package hw.trezor.messages.thp

message ThpAuthenticatedCredentialData

required bytes host_static_public_key = 1

required ThpCredentialMetadata cred_metadata = 2

message ThpCodeEntryChallenge

required bytes challenge = 1

message ThpCodeEntryCommitment

required bytes commitment = 1

message ThpCodeEntryCpaceHostTag

required bytes cpace_host_public_key = 1

required bytes tag = 2

message ThpCodeEntryCpaceTrezor

required bytes cpace_trezor_public_key = 1

message ThpCodeEntrySecret

required bytes secret = 1

message ThpCreateNewSession

optional string passphrase = 1

optional bool on_device = 2

optional bool derive_cardano = 3

message ThpCredentialMetadata

required string host_name = 1

optional bool autoconnect = 2

required string app_name = 3

message ThpCredentialRequest

required bytes host_static_public_key = 1

optional bool autoconnect = 2

optional bytes credential = 3

message ThpCredentialResponse

required bytes trezor_static_public_key = 1

required bytes credential = 2

message ThpDeviceProperties

required string internal_model = 1

optional uint32 model_variant = 2

required uint32 protocol_version_major = 3

required uint32 protocol_version_minor = 4

repeated ThpPairingMethod pairing_methods = 5

message ThpEndRequest

message ThpEndResponse

message ThpHandshakeCompletionReqNoisePayload

optional bytes host_pairing_credential = 1

enum ThpMessageType

ThpMessageType_Cancel = 20

ThpMessageType_ButtonRequest = 26

ThpMessageType_ButtonAck = 27

ThpMessageType_ThpPairingRequest = 1008

ThpMessageType_ThpPairingRequestApproved = 1009

ThpMessageType_ThpSelectMethod = 1010

ThpMessageType_ThpPairingPreparationsFinished = 1011

ThpMessageType_ThpCredentialRequest = 1016

ThpMessageType_ThpCredentialResponse = 1017

ThpMessageType_ThpEndRequest = 1018

ThpMessageType_ThpEndResponse = 1019

ThpMessageType_ThpCodeEntryCommitment = 1024

ThpMessageType_ThpCodeEntryChallenge = 1025

ThpMessageType_ThpCodeEntryCpaceTrezor = 1026

ThpMessageType_ThpCodeEntryCpaceHostTag = 1027

ThpMessageType_ThpCodeEntrySecret = 1028

ThpMessageType_ThpQrCodeTag = 1032

ThpMessageType_ThpQrCodeSecret = 1033

ThpMessageType_ThpNfcTagHost = 1040

ThpMessageType_ThpNfcTagTrezor = 1041

message ThpNfcTagHost

required bytes tag = 1

message ThpNfcTagTrezor

required bytes tag = 1

message ThpPairedCache

repeated ThpPairedCache.ThpPairedCacheEntry entries = 1

message ThpPairedCache.ThpPairedCacheEntry

required bytes mac_addr = 1

required string host_name = 2

required string app_name = 3

message ThpPairingCredential

required ThpCredentialMetadata cred_metadata = 1

required bytes mac = 2

enum ThpPairingMethod

SkipPairing = 1

CodeEntry = 2

QrCode = 3

NFC = 4

message ThpPairingPreparationsFinished