!boards/nsh: Replace TEA password storage with PBKDF2-HMAC-SHA256 hashing #19209
!boards/nsh: Replace TEA password storage with PBKDF2-HMAC-SHA256 hashing #19209Abhishekmishra2808 wants to merge 4 commits into
Conversation
|
@acassis, Checks are failing because the password is currently empty, and CI expects some passwd value. |
f4a6ce2 to
aeec705
Compare
aeec705 to
084e043
Compare
14e477a to
08bd6bb
Compare
Add standalone host PBKDF2-HMAC-SHA256 mkpasswd, board_romfs_mkpasswd.sh, and promptpasswd.sh with confirm-password support. Integrate ROMFS passwd generation in Board.mk and CMake. Drop TEA key checks from passwd_keys.mk. Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
Migrate moxa:nsh from fixed telnet password to build-time ROMFS /etc/passwd with PBKDF2-HMAC-SHA256 and cryptodev. Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
26eec91 to
f83759c
Compare
Migrate passwd encrypt/verify to PBKDF2 modular crypt format using kernel cryptodev (CRYPTO_PBKDF2_HMAC_SHA256 via /dev/crypto). Add passwd_pbkdf2 wrapper, base64url helpers, complexity validation, and pbkdf2_test for RFC 6070 vector coverage. FSUTILS_PASSWD selects CRYPTO, ALLOW_BSD_COMPONENTS, and CRYPTO_CRYPTODEV so existing sim defconfigs keep building. Change NSH_LOGIN_USERNAME default to root and remove fixed-login password defaults. BREAKING CHANGE: TEA-encoded /etc/passwd entries no longer verify. Regenerate each entry after upgrading. Pair with the nuttx host mkpasswd changes in apache/nuttx#19209. Boards must enable the appropriate software or hardware crypto backend for PBKDF2 at runtime. When CONFIG_NSH_LOGIN_FIXED=y, set CONFIG_NSH_LOGIN_PASSWORD in the board defconfig or menuconfig; there is no default password. Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
f83759c to
18a493e
Compare
Update login and mkpasswd documentation for PBKDF2, root password terminology, and NUTTX_ROMFS_PASSWD_PASSWORD. Set CI sim/login test password to NuttXSim1!. Restore sim lely docs dropped during rebase. Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
Avoid base64 symbol collision with Dropbear libtomcrypt at link time. Signed-off-by: Abhishek Mishra <mishra.abhishek2808@gmail.com>
f0a2a54 to
a4c807a
Compare
|
@acassis, @xiaoxiang781216 PTAL ! |
|
@Abhishekmishra2808 why did you disable the Crypto for Dropbear? I think @FelipeMdeO is already fixing this issue. @FelipeMdeO is it ok for you to let disable it? |
|
They caused base64 symbol collisions with libtomcrypt at link time, so I reverted only the CODECS/CRYPTO lines I'd added for Kconfig deps. Dropbear still uses I think I should coordinate with @FelipeMdeO for this. |
Hello @Abhishekmishra2808 , I cannot access my environment now, but more late I will take a look and ping you. |
|
Hello @acassis , @Abhishekmishra2808 , sorry, combining your 2 PR will "crash" dropbear. After build, you will see: So the dropbear was silently disabled. |
|
Hello @Abhishekmishra2808 . Please revert commit a4c807a (your last commit), the base64/ecc collision it worked around is already handled by the symbol renaming in netutils/dropbear/Makefile, so the strip is redundant. When restoring the lines, also add CONFIG_CRYPTO_CRYPTODEV_SOFTWARE_CRYPTO=y (+ CONFIG_CRYPTO_SW_AES=y), or /dev/crypto won't have the swcr_pbkdf2 backend and PBKDF2 login fails at runtime. Look for git diff from your last commit: PS: You changed the password policy, right? I don't have relevant background on this point, could you give your opinion, @acassis , @xiaoxiang781216 , @ThePassionate ? I took some time to get issue when I tested dropbear after your change, the current output for password out of policy is: |
Summary
Replace reversible TEA password storage in
/etc/passwdwith one-way PBKDF2-HMAC-SHA256 hashing in modular crypt format (MCF):$pbkdf2-sha256$<iterations>$<base64url-salt>$<base64url-hash>BREAKING CHANGE: TEA-encoded /etc/passwd entries no longer verify.
Regenerate with tools/mkpasswd or NSH passwd/useradd after upgrading nuttx-apps.
Changes:
apps/crypto/pbkdf2(PBKDF2-HMAC-SHA256; Mbed TLS backend when available, self-contained SHA-256 fallback otherwise)passwd_encrypt.c/passwd_verify.cto use PBKDF2 andtimingsafe_bcmp()for verificationpasswd_base64.cfor base64url encode/decodetesting/pbkdf2(RFC 6070 vectors + passwd round-trip test)Companion nuttx PR (host
mkpasswdtool and ROMFS build integration): apache/nuttx-apps#3557Impact
Security
/etc/passwd.Compatibility (breaking)
/etc/passwdentries will not verify. Users must regenerate passwords with NSHpasswd/useraddor build-timemkpasswdafter upgrading.Build
CRYPTO_PBKDF2automatically whenFSUTILS_PASSWDis enabled.Runtime
CONFIG_FSUTILS_PASSWD_PBKDF2_ITERATIONS).Testing
Host: WSL2 Linux, x86_64
Sim (
sim:nshor login-enabled config)FSUTILS_PASSWDandTESTING_PBKDF2ESP32-C3 (
esp32c3-devkit:login, local test config, not in this PR)/etc/passwdwith PBKDF2 hash/dev/ttyACM0) succeeds with configured password; wrong password rejectedManual verification
useradd/passwdreject weak passwords (no special char, too short)$pbkdf2-sha256$...hash in/etc/passwd