sosthene-nitrokey
commented
1 year ago Close #20
Closed sosthene-nitrokey closed 1 year ago
sosthene-nitrokey
commented
1 year ago Close #20
szszszsz
commented
1 year ago What's the ETA on this?
sosthene-nitrokey
commented
1 year ago Only needs review
sosthene-nitrokey
commented
1 year ago Ok, I'll make delete_all_pins only delete pins, and add two syscall:
sosthene-nitrokey
commented
1 year ago Hurh, trussed's filestore doesn't have a remove_dir_all_where
sosthene-nitrokey
commented
1 year ago And now I'm finding bugs in the littlefs bindings and trussed
sosthene-nitrokey
commented
1 year ago See https://github.com/trussed-dev/littlefs2/pull/36#pullrequestreview-1380850782, which is required to properly implement remove_dir_all_where in the filestore which is required for this.
But this also mean we will have to have a new release of littlefs2 and merge https://github.com/trussed-dev/trussed/pull/96 to benefit from it
robin-nitrokey
commented
1 year ago We’re still using a patched littlefs2 in nitrokey-3-firmware so we should be able to cherry-pick the fix for our fork:
https://github.com/Nitrokey/littlefs2 https://github.com/Nitrokey/nitrokey-3-firmware/blob/edfeef921c951ec00e97513f0d4e74e9c70f8406/Cargo.toml#L16
szszszsz
commented
1 year ago @sosthene-nitrokey @robin-nitrokey Can you prepare version handles to use in Cargo.toml to develop against in the meantime? Is only the littlefs update needed?
szszszsz
commented
1 year ago Just tested and now it works, without changing anything additionally, specifically littlefs dep.
See below for my use case:
This method is meant to encrypt data stored on the external flash so that it can't be accessed just but plugging into it. Multiple keys can be obtained with an
infoparameter.This adds one step after the
get_app_keystep described in #10 to add a per-application salt and an info parameter:HMAC(application_key, application_salt || len(info) || info). With theapplication_keybeing the result ofget_app_keyand the salt being a per-application salt, that is deleted withdelete_all_pins, so that the keys change.