Blog: Update flash filesystem encryption

2026-06-14 21:40:19 +02:00 · 2026-06-14 21:40:19 +02:00 · e9a1608a8f
commit e9a1608a8f
parent 9304677aa0
7 changed files with 165 additions and 20 deletions
--- a/config.toml
+++ b/config.toml
@ -32,7 +32,7 @@ header_reads = "Reads"
 blog_published_on_date = "Posted by a human on"
 footer_mail = "Electronic missive:<br/>tuxmain ât zettascript ðøt org"
 footer_hosted = "Hosted in Bordeaux, France."
-footer_generated = "Site generated with"
+footer_generated = "Site written by a human and generated with"

 [extra.tr.eo]
 sitename = "txmn.tk"
@ -43,7 +43,7 @@ header_reads = "Legaĵoj"
 blog_published_on_date = "Publikiĝita home je la"
 footer_mail = "Retadreso:<br/>tuxmain ĉe zettascript punkto org"
 footer_hosted = "Gastigata en Bordozo, en Francujo."
-footer_generated = "Retejo konstruita per"
+footer_generated = "Retejo home skribita kaj konstruita per"

 [extra.tr.fr]
 sitename = "txmn.tk"
@ -54,7 +54,7 @@ header_reads = "Lectures"
 blog_published_on_date = "Publié par un humain le"
 footer_mail = "Courrier électronique&nbsp;:<br/>tuxmain çhĕz zettascript pøiñt org"
 footer_hosted = "Hébergé à Bordeaux en France."
-footer_generated = "Site généré avec"
+footer_generated = "Site écrit par un humain et généré avec"

 [languages.en]
 generate_feeds = true
--- a/content/blog/flash-filesystem-encryption/cbc.svg
+++ b/content/blog/flash-filesystem-encryption/cbc.svg
@ -1,5 +1,5 @@
 <svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="372" height="172" viewBox="0 0 372 172">
-	<!-- Generated by https://txmn.tk/blog/flash-filesystem-encryption/graph.py -->
+	<!-- Generated by https://txmn.tk/blog/flash-filesystem-encryption/diagram.py -->
 	<!-- Image released under license CC0 (public domain) -->
 	<title>CBC</title>
 	<style>
@ -16,7 +16,7 @@
 			stroke-width: 2px;
 			fill: none;
 		}
-		path.f {
+		path.f, circle.f {
 			stroke: none;
 			fill: #000;
 		}
@ -28,7 +28,7 @@
 			circle, line, rect, path.s {
 				stroke: #ddd;
 			}
-			path.f {
+			path.f, circle.f {
 				fill: #ddd;
 			}
 		}
--- a/content/blog/flash-filesystem-encryption/ctr.svg
+++ b/content/blog/flash-filesystem-encryption/ctr.svg
@ -1,5 +1,5 @@
 <svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="288" height="172" viewBox="0 0 288 172">
-	<!-- Generated by https://txmn.tk/blog/flash-filesystem-encryption/graph.py -->
+	<!-- Generated by https://txmn.tk/blog/flash-filesystem-encryption/diagram.py -->
 	<!-- Image released under license CC0 (public domain) -->
 	<title>CTR</title>
 	<style>
@ -16,7 +16,7 @@
 			stroke-width: 2px;
 			fill: none;
 		}
-		path.f {
+		path.f, circle.f {
 			stroke: none;
 			fill: #000;
 		}
@ -28,7 +28,7 @@
 			circle, line, rect, path.s {
 				stroke: #ddd;
 			}
-			path.f {
+			path.f, circle.f {
 				fill: #ddd;
 			}
 		}
--- a/content/blog/flash-filesystem-encryption/diagram.py
+++ b/content/blog/flash-filesystem-encryption/diagram.py
@ -31,7 +31,7 @@ SVG = """\
 			stroke-width: 2px;
 			fill: none;
 		}}
-		path.f {{
+		path.f, circle.f {{
 			stroke: none;
 			fill: {BLACK};
 		}}
@ -43,7 +43,7 @@ SVG = """\
 			circle, line, rect, path.s {{
 				stroke: {WHITE};
 			}}
-			path.f {{
+			path.f, circle.f {{
 				fill: {WHITE};
 			}}
 		}}
@ -89,6 +89,43 @@ class Svg:
 		"""
 		return Block(self, x, y, XOR_R)

+	def plus(self, x, y):
+		xl = x-XOR_R
+		xr = x+XOR_R
+		yt = y-XOR_R
+		yb = y+XOR_R
+		size = XOR_R * 2
+		self.t += f"""\
+			<rect x="{xl}" y="{yt}" width="{size}" height="{size}"/>
+			<line x1="{xl}" y1="{y}" x2="{xr}" y2="{y}"/>
+			<line x1="{x}" y1="{yt}" x2="{x}" y2="{yb}"/>
+		"""
+		return Block(self, x, y, XOR_R)
+
+	def minus(self, x, y):
+		xl = x-XOR_R
+		xr = x+XOR_R
+		yt = y-XOR_R
+		size = XOR_R * 2
+		self.t += f"""\
+			<rect x="{xl}" y="{yt}" width="{size}" height="{size}"/>
+			<line x1="{xl}" y1="{y}" x2="{xr}" y2="{y}"/>
+		"""
+		return Block(self, x, y, XOR_R)
+
+	def rotl(self, x, y, t):
+		xl = x-XOR_R
+		yt = y-XOR_R
+		ymt = y-XOR_R/2
+		ymb = y+XOR_R/2
+		size = XOR_R * 2
+		self.t += f"""\
+			<rect x="{xl}" y="{yt}" width="{size}" height="{size}"/>
+			<text class="t" x="{x}" y="{ymt}">&lt;&lt;&lt;</text>
+			<text class="t" x="{x}" y="{ymb}">{t}</text>
+		"""
+		return Block(self, x, y, XOR_R)
+
 	def encrypt(self, x, y):
 		xl = x-ENCRYPT_SIZE//2
 		yt = y-ENCRYPT_SIZE//2
@ -113,6 +150,28 @@ class Svg:
 		"""
 		return Block(self, x, y, ENCRYPT_SIZE//2)

+	def block(self, x, y, wcells, hcells, texts, borders):
+		cell_w = ENCRYPT_SIZE
+		cell_h = ENCRYPT_SIZE//2
+		w = cell_w * wcells
+		h = cell_h * hcells
+		xl = x-w//2
+		yt = y-h//2
+		self.t += f"""\
+			<rect x="{xl}" y="{yt}" width="{w}" height="{h}"/>
+		"""
+		for (tx, ty, t) in texts:
+			tx_ = (tx+0.5)*cell_w+xl
+			ty_ = (ty+0.5)*cell_h+yt
+			self.t += f"""<text class="t" x="{tx_}" y="{ty_}">{t}</text>\n"""
+		return Block(self, x, y, ENCRYPT_SIZE//2)
+
+	def knot(self, x, y):
+		self.t += f"""\
+			<circle class="f" r="4px" cx="{x}" cy="{y}"/>
+		"""
+		return Block(self, x, y, 0)
+
 ARROW_TIP_START = 8
 ARROW_TIP_BACK = 12
 ARROW_TIP_R = 6
@ -244,6 +303,91 @@ def xts():
 	
 	return SVG.format(body=s.t, title="XTS", w=372, h=192, **ARGS)

+# ChaCha Quarter Round
+def chacha_qr():
+	ax = 16 + 64*0
+	bx = 16 + 64*1
+	cx = 16 + 64*2
+	dx = 16 + 64*3
+	y = [64 + 32*i for i in range(12)]
+
+	s = Svg()
+	a1 = s.text(ax, 16, "a")
+	b1 = s.text(bx, 16, "b")
+	c1 = s.text(cx, 16, "c")
+	d1 = s.text(dx, 16, "d")
+	P1 = s.plus(ax, y[0])
+	N1 = s.knot(bx, y[0])
+	N2 = s.knot(ax, y[1])
+	X1 = s.xor(dx, y[1])
+	R1 = s.rotl(dx, y[2], "16")
+	N3 = s.knot(dx, y[3])
+	P2 = s.plus(cx, y[3])
+	N4 = s.knot(cx, y[4])
+	X2 = s.xor(bx, y[4])
+	R2 = s.rotl(bx, y[5], "12")
+	N5 = s.knot(bx, y[6])
+	P3 = s.plus(ax, y[6])
+	N6 = s.knot(ax, y[7])
+	X3 = s.xor(dx, y[7])
+	R3 = s.rotl(dx, y[8], "8")
+	N7 = s.knot(dx, y[9])
+	P4 = s.plus(cx, y[9])
+	N8 = s.knot(cx, y[10])
+	X4 = s.xor(bx, y[10])
+	R4 = s.rotl(bx, y[11], "7")
+	a2 = s.text(ax, y[-1]+48, "a")
+	b2 = s.text(bx, y[-1]+48, "b")
+	c2 = s.text(cx, y[-1]+48, "c")
+	d2 = s.text(dx, y[-1]+48, "d")
+
+	a1.to(P1)
+	P1.to(P3)
+	P3.to(a2)
+
+	b1.to(X2)
+	X2.to(R2)
+	R2.to(X4)
+	X4.to(R4)
+	R4.to(b2)
+
+	c1.to(P2)
+	P2.to(P4)
+	P4.to(c2)
+
+	d1.to(X1)
+	X1.to(R1)
+	R1.to(X3)
+	X3.to(R3)
+	R3.to(d2)
+
+	N1.to(P1)
+	N2.to(X1)
+	N3.to(P2)
+	N4.to(X2)
+	N5.to(P3)
+	N6.to(X3)
+	N7.to(P4)
+	N8.to(X4)
+	
+	return SVG.format(body=s.t, title="ChaCha Quarter Round", w=372, h=y[-1]+64, **ARGS)
+
+def chacha_encryption():
+	s = Svg()
+	B = s.block(64, 32, 4, 4, [
+		(1.5, 0, "const"),
+		(1.5, 1.5, "K"),
+		(0.5, 3, "count"),
+		(2.5, 3, "nonce"),
+	],
+	[])
+	P = s.text(16, 144, "P")
+	E = s.encrypt(64, 96)
+	X = s.xor(64, 144)
+	C = s.text(64, 180, "C")
+	
+	return SVG.format(body=s.t, title="ChaCha Encryption", w=372, h=192, **ARGS)
+
 def save(name, data):
 	f = open(f"{name}.svg", "w")
 	f.write(data)
@ -254,3 +398,4 @@ if __name__ == "__main__":
 	save("ctr", ctr())
 	save("cbc", cbc())
 	save("xts", xts())
+	save("../flash-filesystem-encryption-2/chacha-encryption", chacha_encryption())
--- a/content/blog/flash-filesystem-encryption/ecb.svg
+++ b/content/blog/flash-filesystem-encryption/ecb.svg
@ -1,5 +1,5 @@
 <svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="288" height="128" viewBox="0 0 288 128">
-	<!-- Generated by https://txmn.tk/blog/flash-filesystem-encryption/graph.py -->
+	<!-- Generated by https://txmn.tk/blog/flash-filesystem-encryption/diagram.py -->
 	<!-- Image released under license CC0 (public domain) -->
 	<title>ECB</title>
 	<style>
@ -16,7 +16,7 @@
 			stroke-width: 2px;
 			fill: none;
 		}
-		path.f {
+		path.f, circle.f {
 			stroke: none;
 			fill: #000;
 		}
@ -28,7 +28,7 @@
 			circle, line, rect, path.s {
 				stroke: #ddd;
 			}
-			path.f {
+			path.f, circle.f {
 				fill: #ddd;
 			}
 		}
--- a/content/blog/flash-filesystem-encryption/index.md
+++ b/content/blog/flash-filesystem-encryption/index.md
@ -200,7 +200,7 @@ Sectors must not be too long, however, as random access to block j needs computi

 AES128 needs 128 bits of key, however the user will only remember ASCII words, not fully random bytes. We need something to derive a key from a variable-length password. We could just compute a hash of the password, as the ESP32 provides a hardware implementation of SHA2, but for storing passwords it is better to use a dedicated function that is fast enough to run once but hard to bruteforce efficiently on optimized systems.

-[PBKDF2](https://fr.wikipedia.org/wiki/PBKDF2) chains thousands of calls to a hash function, each one depending on the previous one, so it is impossible to parallelize. However an attacker can run thousands of instances in parallel on a GPU or cryptocurrency-mining chip.
+[PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) chains thousands of calls to a hash function, each one depending on the previous one, so it is impossible to parallelize. However an attacker can run thousands of instances in parallel on a GPU or cryptocurrency-mining chip.

 A popular choice as of today is [Argon2](https://en.wikipedia.org/wiki/Argon2), which is memory-hard: one instance requires efficient access to a big amoung of memory, potentially megabytes or even gigabytes, so it is difficult to optimize even on dedicated hardware. Problems are that its implementation is quite complicated (it will take too much ROM) and its specs are not even complete.

@ -210,7 +210,7 @@ The benefit of password hashing functions on the ESP32 is a bit disappointing, w

 ### Storing the key

-It can be useful to use two keys: the first one, derived from the password, is used to encrypt the second key, which is written to the storage. The second key is use to encrypt the filesystem. This way, the password can be changed, as the second key does not depend on it. If you have to destroy the data in a hurry and you have a reason to think someone with a gun may force you to hand over the password, you just have to erase the stored key.
+It can be useful to use two keys: the first one, derived from the password, is used to encrypt the second key, which is written to the storage. The second key is use to encrypt the filesystem. This way, the password can be changed, as the second key does not depend on it. If you have to destroy the data in a hurry and you have a reason to think someone with a gun may force you to hand over the password, you just have to erase the stored key (however, in the case the attacker with a gun is a policeperson, erasing the key may be considered as destruction of evidence hence illegal).

 ## Active attacks and authentication

--- a/content/blog/flash-filesystem-encryption/xts.svg
+++ b/content/blog/flash-filesystem-encryption/xts.svg
@ -1,5 +1,5 @@
 <svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="372" height="192" viewBox="0 0 372 192">
-	<!-- Generated by https://txmn.tk/blog/flash-filesystem-encryption/graph.py -->
+	<!-- Generated by https://txmn.tk/blog/flash-filesystem-encryption/diagram.py -->
 	<!-- Image released under license CC0 (public domain) -->
 	<title>XTS</title>
 	<style>
@ -16,7 +16,7 @@
 			stroke-width: 2px;
 			fill: none;
 		}
-		path.f {
+		path.f, circle.f {
 			stroke: none;
 			fill: #000;
 		}
@ -28,7 +28,7 @@
 			circle, line, rect, path.s {
 				stroke: #ddd;
 			}
-			path.f {
+			path.f, circle.f {
 				fill: #ddd;
 			}
 		}