Skip to content

Add post-quantum (age ML-KEM-768 / X-Wing) scaffold for WebCrypt/onlyagent#39

Open
0c-coder wants to merge 3 commits into
onlykey:heroku-deployfrom
0c-coder:pqc-age-pr
Open

Add post-quantum (age ML-KEM-768 / X-Wing) scaffold for WebCrypt/onlyagent#39
0c-coder wants to merge 3 commits into
onlykey:heroku-deployfrom
0c-coder:pqc-age-pr

Conversation

@0c-coder

Copy link
Copy Markdown

Host-side post-quantum KEM scaffold for the WebCrypt/onlyagent app, mirroring the age PQC support in python-onlykey#90 + firmware libraries#29 (ML-KEM-768 = keytype 5, X-Wing = keytype 6).

New files only, no edits to existing files:

  • src/onlykey-fido2/onlykey/xwing.js -- ML-KEM-768 / X-Wing encapsulation + age stanza helpers (host side)
    • src/onlykey-fido2/onlykey/onlykey-pqc.js -- device getPubKey / decapsulate over the existing OKCONNECT derive flow (DERIVE_PUBLIC_KEY / DERIVE_SHARED_SECRET), keyed by derivation label (no slots)
    • src/plugins/age/age-pqc.js -- age encrypt/decrypt plugin
    • src/plugins/age/INTEGRATION.md -- wiring (plugin.js DI, package.json deps), keytype map, and remaining TODO(verify) items
      Design: the web path has no key slots -- keys are derived per-identity from the reserved web-derivation key. The 32-byte derived secret feeds X-Wing directly (its private key is a 32-byte seed) and expands to ML-KEM's (d,z). Only the keytype byte (5/6) is added to the derive request.

Compatibility with #38 (OnlyAgent reskin): disjoint file sets. #38 only touches src/app-src.html, src/index-src.html, and two asset files; this only adds device-layer JS and a new src/plugins/age/ folder. They merge cleanly in either order, and the reskin's app_pages loop auto-styles the new age plugin page.

Status: scaffold / WIP. Encapsulation and the derive-flow shape are real; the TODO(verify) items in INTEGRATION.md (identity->keyhandle encoding, decaps op, ML-KEM seed expansion, age stanza/HPKE) must be matched byte-for-byte against python-onlykey#90 (tests/test_age_wire.py) before interop.

@0c-coder

Copy link
Copy Markdown
Author

Related post-quantum (ML-KEM-768 / X-Wing) work across the stack:

- xwing.js: verified split-decaps crypto (mlkem seed expansion, recipient build,
  encapsulate, xwingSplitDecapsulate) against @noble/post-quantum
- onlykey-pqc.js: 64-byte derive wrappers (getRecipient / decapsulate) over the
  existing FIDO2 derive flow; device returns [ss_X|mlkem_seed], sk_X never leaves
- age-pqc.js: recipient/encrypt/decrypt wired to the verified KEM (age container
  framing left as scoped TODOs to byte-match the age mlkem768x25519 format)
- INTEGRATION.md: pinned spec (HKDF domain separation, 64-byte layout, combiner)
- test/xwing-split.test.mjs: proves split decaps == standard encaps shared secret
@0c-coder

0c-coder commented Jul 1, 2026

Copy link
Copy Markdown
Author

Firmware counterpart (the 64-byte derive response, UNTESTED): trustcrypto/libraries#30.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants