Skip to content

keystore: fewer securechip calls when checking password #1619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

keystore: fewer securechip calls when checking password #1619

wants to merge 4 commits into from

Conversation

benma
Copy link
Collaborator

@benma benma commented Oct 2, 2025
edited
Loading

The sanity check to see if the seed has changed does not need a securechip operation, it can use the retained seed hash instead, same as unlock_bip39(). This reduces the number of securechip operations needed to do a password check, which reduces the risk of running into the Optiga throttling security mechanism.

This is based on #1621 so the reduction can be seen in the show_mnemonic unit test too

@benma benma requested a review from NickeZ October 2, 2025 08:01
@benma benma force-pushed the sc-events branch 2 times, most recently from 8e21085 to e741db0 Compare October 2, 2025 08:10
benma added 4 commits October 2, 2025 12:00
@benma
workflows: use HAL for showing mnemonic and mnemonic quiz
d67b75c 
`show_and_confirm_mnemonic(hal: ...)` did not use the HAL for all UI:
show_mnemonic and confirm_mnemonic directly used the BitBox02 menu
workflow without going through HAL. Can't use `hal().ui().menu(...)`,
becaus:

- these functions bolt a cancel prompt on top
- show_mnemonic is not a normal menu where one can pick an entry, it's
  just a scroll-through for displaying the mnemonic

This should make it possible to mock/fake/test the mneomnic workflow
functions, and provide different implementations for them in future
BitBox hardware.
@benma
hal: add show_and_confirm_mnemonic to HAL
2b77bd6 
The default implementation is in terms of other HAL/UI functions. For
unit tests (e.g. in show_mnemonic.rs or bip85.rs), it is useful to be
able to skip over the implementation details, so the tests don't have
to mock selecting the right words in the quiz.
@benma
api/show_mnemonic: add unit tests
28976d7 
This also allows us to keep track of the number of secure chip
operations in all the scenarios.
@benma
keystore: fewer securechip calls when checking password
4132672 
The sanity check to see if the seed has changed does not need a
securechip operation, it can use the retained seed hash instead, same
as `unlock_bip39()`. This reduces the number of securechip operations
needed to do a password check, which reduces the risk of running into
the Optiga throttling security mechanism.
@benma benma mentioned this pull request Oct 4, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NickeZ NickeZ Awaiting requested review from NickeZ

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@benma