limeth/acid
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Derive correct salt for encryption key

Browse source
This commit is contained in:
Jakub Hlusička 2026-01-22 22:57:43 +01:00
parent 299a1195f1
commit 2a5779ffcf
10 changed files with 100 additions and 9333 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
firmware/.gitignore vendored
View file

@ -1 +1,2 @@
/.cargo
/.zed

29
firmware/Cargo.lock generated
View file

@ -13,6 +13,7 @@ dependencies = [
"cfg-if",
"const-gen",
"critical-section",
"data-encoding-macro",
"embassy-embedded-hal",
"embassy-executor",
"embassy-sync 0.7.2",
@ -1332,6 +1333,32 @@ dependencies = [
"parking_lot_core",
]
[[package]]
name = "data-encoding"
version = "2.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea"
[[package]]
name = "data-encoding-macro"
version = "0.1.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8142a83c17aa9461d637e649271eae18bf2edd00e91f2e105df36c3c16355bdb"
dependencies = [
"data-encoding",
"data-encoding-macro-internal",
]
[[package]]
name = "data-encoding-macro-internal"
version = "0.1.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ab67060fc6b8ef687992d439ca0fa36e7ed17e9a0b16b25b601e8757df720de"
dependencies = [
"data-encoding",
"syn 2.0.114",
]
[[package]]
name = "data-url"
version = "0.3.2"
@ -5365,6 +5392,7 @@ name = "password-hash"
version = "0.1.0"
dependencies = [
"argon2",
"byteorder",
"itertools 0.14.0",
"scrypt",
"spectre-api-sys",
@ -6780,6 +6808,7 @@ name = "spectre-api-sys"
version = "0.1.0"
dependencies = [
"bindgen",
"cc",
"duct",
]

1
firmware/acid-firmware/.cargo/config.toml
View file

@ -18,6 +18,7 @@ rustflags = [
[env]
EXPLICITLY_INCLUDE_DEFAULT_DIRS = "true"
LIBXKBCOMMON_BUILD_DIR = "../libxkbcommon/build"
SPECTRE_API_BUILD_DIR = "../spectre-api-c/build-esp32s3"
SPECTRE_API_SYS_CC = "xtensa-esp32s3-elf-cc.exe"

8708
firmware/acid-firmware/Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

1
firmware/acid-firmware/Cargo.toml
View file

@ -75,6 +75,7 @@ spectre-api-sys = { git = "https://github.com/Limeth/spectre-api-sys" }
sha2 = { version = "0.10.9", default-features = false }
password-hash = { path = "../password-hash", default-features = false }
hmac = "0.12.1"
data-encoding-macro = "0.1.19"
# Crates for serial UART CLI
embedded-cli = { version = "0.2.1", default-features = false, features = ["help", "macros"] }

20
firmware/acid-firmware/src/ffi/crypto.rs
View file

@ -3,6 +3,7 @@ use core::{
ffi::{c_char, c_int, c_size_t, c_uchar, c_ulonglong},
};
use data_encoding_macro::hexlower;
use embassy_sync::blocking_mutex::{self, raw::CriticalSectionRawMutex};
use hmac::{
Hmac, SimpleHmac,
@ -51,21 +52,24 @@ unsafe extern "C" fn __spre_crypto_pwhash_scryptsalsa208sha256_ll(
output: NonNullPtr<*mut u8>,
output_len: c_size_t,
) -> c_int {
assert_eq!(output_len, 64);
// TODO: Implement account storage. This is just a key for test:test.
const ENCRYPTED_USER_KEY: [u8; 64] = hexlower!(
"e338e425b4f8d17ac6c349f7ec84087d59a56b6850bcfe950de1af3f04a609d9b1490479086360a38dc209070213c7915e91733a07eced2cec4c6356e050c2be"
);
unsafe {
let password: &[u8] = core::slice::from_raw_parts(password, password_len);
let salt: &[u8] = core::slice::from_raw_parts(salt, salt_len);
let output: &mut [u8] = core::slice::from_raw_parts_mut(output, output_len);
let purpose = spectre_purpose_scope(SpectreKeyPurpose::Authentication);
let result = password_hash::derive_encryption_key(salt, password, &PSRAM_ALLOCATOR);
let encryption_key = password_hash::derive_encryption_key(salt, password, &PSRAM_ALLOCATOR);
let mut user_key = ENCRYPTED_USER_KEY;
assert_eq!(
output.len(),
result.len(),
"Derived invalid encryption key."
);
output.copy_from_slice(&result);
password_hash::decrypt_with(&mut user_key, &encryption_key);
output.copy_from_slice(&user_key);
}
0

603
firmware/password-hash/Cargo.lock generated
View file

@ -1,603 +0,0 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 4
[[package]]
name = "aho-corasick"
version = "1.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301"
dependencies = [
"memchr",
]
[[package]]
name = "argon2"
version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072"
dependencies = [
"base64ct",
"blake2",
"cpufeatures",
"password-hash 0.5.0",
]
[[package]]
name = "base64ct"
version = "1.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06"
[[package]]
name = "bindgen"
version = "0.72.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895"
dependencies = [
"bitflags",
"cexpr",
"clang-sys",
"itertools 0.13.0",
"log",
"prettyplease",
"proc-macro2",
"quote",
"regex",
"rustc-hash",
"shlex",
"syn",
]
[[package]]
name = "bitflags"
version = "2.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3"
[[package]]
name = "blake2"
version = "0.10.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
dependencies = [
"digest",
]
[[package]]
name = "block-buffer"
version = "0.10.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
dependencies = [
"generic-array",
]
[[package]]
name = "cexpr"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
dependencies = [
"nom",
]
[[package]]
name = "cfg-if"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
[[package]]
name = "cipher"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
dependencies = [
"crypto-common",
"inout",
]
[[package]]
name = "clang-sys"
version = "1.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
dependencies = [
"glob",
"libc",
"libloading",
]
[[package]]
name = "cpufeatures"
version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
dependencies = [
"libc",
]
[[package]]
name = "crypto-common"
version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
dependencies = [
"generic-array",
"typenum",
]
[[package]]
name = "digest"
version = "0.10.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
dependencies = [
"block-buffer",
"crypto-common",
"subtle",
]
[[package]]
name = "duct"
version = "1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e66e9c0c03d094e1a0ba1be130b849034aa80c3a2ab8ee94316bc809f3fa684"
dependencies = [
"libc",
"os_pipe",
"shared_child",
"shared_thread",
]
[[package]]
name = "either"
version = "1.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
[[package]]
name = "errno"
version = "0.3.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
dependencies = [
"libc",
"windows-sys 0.61.2",
]
[[package]]
name = "generic-array"
version = "0.14.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
dependencies = [
"typenum",
"version_check",
]
[[package]]
name = "glob"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
[[package]]
name = "hmac"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
dependencies = [
"digest",
]
[[package]]
name = "inout"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01"
dependencies = [
"generic-array",
]
[[package]]
name = "itertools"
version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
dependencies = [
"either",
]
[[package]]
name = "itertools"
version = "0.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2b192c782037fadd9cfa75548310488aabdbf3d2da73885b31bd0abd03351285"
dependencies = [
"either",
]
[[package]]
name = "libc"
version = "0.2.180"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc"
[[package]]
name = "libloading"
version = "0.8.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55"
dependencies = [
"cfg-if",
"windows-link",
]
[[package]]
name = "log"
version = "0.4.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
[[package]]
name = "memchr"
version = "2.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273"
[[package]]
name = "minimal-lexical"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]]
name = "nom"
version = "7.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
dependencies = [
"memchr",
"minimal-lexical",
]
[[package]]
name = "os_pipe"
version = "1.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d8fae84b431384b68627d0f9b3b1245fcf9f46f6c0e3dc902e9dce64edd1967"
dependencies = [
"libc",
"windows-sys 0.61.2",
]
[[package]]
name = "password-hash"
version = "0.1.0"
dependencies = [
"argon2",
"itertools 0.14.0",
"scrypt",
"spectre-api-sys",
]
[[package]]
name = "password-hash"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166"
dependencies = [
"base64ct",
"rand_core",
"subtle",
]
[[package]]
name = "pbkdf2"
version = "0.12.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
dependencies = [
"digest",
"hmac",
]
[[package]]
name = "prettyplease"
version = "0.2.37"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
dependencies = [
"proc-macro2",
"syn",
]
[[package]]
name = "proc-macro2"
version = "1.0.105"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "535d180e0ecab6268a3e718bb9fd44db66bbbc256257165fc699dadf70d16fe7"
dependencies = [
"unicode-ident",
]
[[package]]
name = "quote"
version = "1.0.43"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dc74d9a594b72ae6656596548f56f667211f8a97b3d4c3d467150794690dc40a"
dependencies = [
"proc-macro2",
]
[[package]]
name = "rand_core"
version = "0.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
[[package]]
name = "regex"
version = "1.12.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "843bc0191f75f3e22651ae5f1e72939ab2f72a4bc30fa80a066bd66edefc24d4"
dependencies = [
"aho-corasick",
"memchr",
"regex-automata",
"regex-syntax",
]
[[package]]
name = "regex-automata"
version = "0.4.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5276caf25ac86c8d810222b3dbb938e512c55c6831a10f3e6ed1c93b84041f1c"
dependencies = [
"aho-corasick",
"memchr",
"regex-syntax",
]
[[package]]
name = "regex-syntax"
version = "0.8.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a2d987857b319362043e95f5353c0535c1f58eec5336fdfcf626430af7def58"
[[package]]
name = "rustc-hash"
version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d"
[[package]]
name = "salsa20"
version = "0.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "97a22f5af31f73a954c10289c93e8a50cc23d971e80ee446f1f6f7137a088213"
dependencies = [
"cipher",
]
[[package]]
name = "scrypt"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f"
dependencies = [
"pbkdf2",
"salsa20",
"sha2",
]
[[package]]
name = "sha2"
version = "0.10.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
dependencies = [
"cfg-if",
"cpufeatures",
"digest",
]
[[package]]
name = "shared_child"
version = "1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e362d9935bc50f019969e2f9ecd66786612daae13e8f277be7bfb66e8bed3f7"
dependencies = [
"libc",
"sigchld",
"windows-sys 0.60.2",
]
[[package]]
name = "shared_thread"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "52b86057fcb5423f5018e331ac04623e32d6b5ce85e33300f92c79a1973928b0"
[[package]]
name = "shlex"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
[[package]]
name = "sigchld"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "47106eded3c154e70176fc83df9737335c94ce22f821c32d17ed1db1f83badb1"
dependencies = [
"libc",
"os_pipe",
"signal-hook",
]
[[package]]
name = "signal-hook"
version = "0.3.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d881a16cf4426aa584979d30bd82cb33429027e42122b169753d6ef1085ed6e2"
dependencies = [
"libc",
"signal-hook-registry",
]
[[package]]
name = "signal-hook-registry"
version = "1.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b"
dependencies = [
"errno",
"libc",
]
[[package]]
name = "spectre-api-sys"
version = "0.1.0"
dependencies = [
"bindgen",
"duct",
]
[[package]]
name = "subtle"
version = "2.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
[[package]]
name = "syn"
version = "2.0.114"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d4d107df263a3013ef9b1879b0df87d706ff80f65a86ea879bd9c31f9b307c2a"
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
[[package]]
name = "typenum"
version = "1.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb"
[[package]]
name = "unicode-ident"
version = "1.0.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5"
[[package]]
name = "version_check"
version = "0.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
[[package]]
name = "windows-link"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
[[package]]
name = "windows-sys"
version = "0.60.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"
dependencies = [
"windows-targets",
]
[[package]]
name = "windows-sys"
version = "0.61.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
dependencies = [
"windows-link",
]
[[package]]
name = "windows-targets"
version = "0.53.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3"
dependencies = [
"windows-link",
"windows_aarch64_gnullvm",
"windows_aarch64_msvc",
"windows_i686_gnu",
"windows_i686_gnullvm",
"windows_i686_msvc",
"windows_x86_64_gnu",
"windows_x86_64_gnullvm",
"windows_x86_64_msvc",
]
[[package]]
name = "windows_aarch64_gnullvm"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53"
[[package]]
name = "windows_aarch64_msvc"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006"
[[package]]
name = "windows_i686_gnu"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3"
[[package]]
name = "windows_i686_gnullvm"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c"
[[package]]
name = "windows_i686_msvc"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2"
[[package]]
name = "windows_x86_64_gnu"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499"
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1"
[[package]]
name = "windows_x86_64_msvc"
version = "0.53.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650"
[[patch.unused]]
name = "rmk"
version = "0.8.2"
[[patch.unused]]
name = "scrypt"
version = "0.12.0-rc.8"
[[patch.unused]]
name = "xkbcommon"
version = "0.9.0"

3
firmware/password-hash/Cargo.toml
View file

@ -15,12 +15,13 @@ required-features = ["cmd"]
[features]
default = ["cmd"]
std = []
cmd = ["std", "dep:scrypt", "dep:itertools", "dep:spectre-api-sys"]
cmd = ["std", "dep:scrypt", "dep:itertools", "dep:spectre-api-sys", "dep:byteorder"]
[dependencies]
argon2 = { version = "0.5.3", default-features = false, features = ["alloc"] }
itertools = { version = "0.14.0", optional = true }
scrypt = { version = "0.11.0", default-features = false, optional = true }
spectre-api-sys = { git = "https://github.com/Limeth/spectre-api-sys", optional = true }
byteorder = { version = "1.5.0", optional = true }
# TODO: Why is this unable to provide the symbols for spectre-api-sys?
# libsodium-sys-stable = { version = "1.23.2", optional = true }

57
firmware/password-hash/src/bin.rs
View file

@ -2,14 +2,14 @@
use std::{
alloc::Global,
ffi::CString,
io::{Write, stdin},
iter::zip,
ffi::{CStr, CString},
io::{Cursor, Write, stdin},
str::FromStr,
};
use byteorder::{BigEndian, WriteBytesExt};
use itertools::Itertools;
use password_hash::derive_encryption_key;
use password_hash::{Key, derive_encryption_key, encrypt_with};
use spectre_api_sys::SpectreAlgorithm;
macro_rules! read_line {
@ -29,29 +29,60 @@ macro_rules! read_line {
}
fn main() {
let print_secrets = std::env::args().contains("--print-secrets");
let mut lines = stdin().lines();
let username = read_line!(lines, "username");
let secret = read_line!(lines, "secret");
let user_key = unsafe {
let user_key: Key = unsafe {
&*spectre_api_sys::spectre_user_key(
username.as_ptr(),
secret.as_ptr(),
SpectreAlgorithm::Current,
)
};
let salt = username.as_bytes(); // TODO: Derive the same salt that spectre passes to scrypt.
let encryption_key = derive_encryption_key(salt, secret.as_bytes(), Global);
let mut encrypted_user_key = encryption_key;
}
.bytes;
let user_key_id = unsafe { spectre_api_sys::spectre_id_buf(user_key.as_ptr(), user_key.len()) };
let salt = derive_user_key_salt(&username);
let encryption_key = derive_encryption_key(&salt, secret.as_bytes(), Global);
assert_eq!(encrypted_user_key.len(), user_key.bytes.len());
for (dst_byte, user_byte) in zip(&mut encrypted_user_key, &user_key.bytes) {
*dst_byte ^= *user_byte;
if print_secrets {
println!("\nUser Key (SECRET):\n{:02x}", user_key.iter().format(""));
println!(
"\nEncryption Key (SECRET):\n{:02x}",
encryption_key.iter().format("")
);
}
let mut encrypted_user_key = user_key;
encrypt_with(&mut encrypted_user_key, &encryption_key);
println!(
"\nUser Key ID:\n{:02x}",
user_key_id.bytes.iter().format("")
);
println!(
"\nEncrypted User Key:\n{:02x}",
encrypted_user_key.iter().format("")
);
}
// Copied from the body of the `spectre_user_key_v3` function.
fn derive_user_key_salt(username: &CStr) -> Vec<u8> {
use spectre_api_sys::*;
let mut salt = Cursor::new(Vec::new());
unsafe {
let key_scope: &'static CStr =
CStr::from_ptr(spectre_purpose_scope(SpectreKeyPurpose::Authentication));
salt.write_all(key_scope.to_bytes()).unwrap();
salt.write_u32::<BigEndian>(username.count_bytes() as u32)
.unwrap();
salt.write_all(username.to_bytes()).unwrap();
}
salt.into_inner()
}

10
firmware/password-hash/src/lib.rs
View file

@ -57,3 +57,13 @@ pub fn derive_encryption_key(
key
}
pub fn decrypt_with(data: &mut Key, key: &Key) {
for (dst_byte, user_byte) in core::iter::zip(data.iter_mut(), key.iter()) {
*dst_byte ^= *user_byte;
}
}
pub fn encrypt_with(data: &mut Key, key: &Key) {
decrypt_with(data, key);
}