Restrict host key-writes to user ECC slots (block reserved 117-132, keep backup)#29
Open
0c-coder wants to merge 1 commit into
Conversation
Host OKSETPRIV requests may only target user slots (RSA 1-4, ECC 101-116). Reserved ECC slots 117-132 are rejected EXCEPT the designated backup key (slot 131 with the 0x80 backup-type flag), which the app sets via setBackupPassphrase. HMAC (129/130, YUBIAUTH/feature-report) and derivation (128/132, internal) use other paths that call set_private() directly and bypass this dispatch, so they remain unaffected.
84e8f31 to
2ca6f14
Compare
Author
|
Host-side counterpart: trustcrypto/python-onlykey#90 — the age plugin now writes post-quantum keys only to user ECC slots 101–116 (and reads/decaps there), which this PR enforces on-device. These two should land together. |
Author
|
Web app PQC counterpart: onlykey/onlykey.github.io#39 (ML-KEM-768 / X-Wing support in the OnlyKey web app). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Restrict host key-writes to user ECC slots (block reserved 117–132, keep backup)
Problem
ECC key slots split into user slots 101–116 and reserved slots 117–132
(128 web-derivation, 129/130 HMAC, 131 backup, 132 derivation; 117–127 held in
reserve). The
OKSETPRIVhost message takes the target slot directly from thehost (
recv_buffer[5]), and the handler did not restrict it — so a host couldwrite a key (RSA, ECC, or an ML-KEM/X-Wing seed) into a reserved slot and
overwrite an internal key.
Fix
Guard the host dispatch in
recvmsg’scase OKSETPRIVso a host-specifiedslot must be a user slot, with one carve-out for the backup key:
Result:
0x80backup-type flag) isstill allowed — this is what the OnlyKey app sends from
setBackupPassphrase.Why this does not break HMAC / backup / derivation
These were checked against both the firmware call graph and the OnlyKey app:
setBackupPassphrase()→setPrivateKey(slot=131, type=0xA1)→OKSETPRIV. This does hit the guarded dispatch, so it isexplicitly carved out (slot 131 + backup flag).
setYubiAuth()sends the dedicatedYUBIAUTHmessage, handled by the feature-report path (process_setreport),which calls
set_private()directly and never enters this dispatch. Slots129/130 unaffected.
derivation handlers via direct
set_private()calls. Unaffected.else ifbranch(
recv_buffer[6] > 0x80 && initialized == false), not the guarded path.The guard lives at the host dispatch precisely because every internal/reserved
write path calls
set_private()directly and bypasses it.Compatibility / risk
python-onlykeyage-plugin host change, which already limitsPQ key slots to 101–116.
Testing
Requires the firmware build/flash toolchain (not run in this change). Verify:
OKSETPRIVwith a non-backup key type and slot 117–132 →Error cannot set key in reserved slot (117-132); nothing written.OKSETPRIVto user slots 101–116 and RSA 1–4 → unchanged, all keytypes.