Add trustKey to password update and implement getTrustKey function for ChaCha20 protocol

2026-03-22 11:21:02 -04:00
parent 9e06241ac3
commit 4a233b1c55
1 changed files with 12 additions and 0 deletions
--- a/sys/modules/opus/security.lua
+++ b/sys/modules/opus/security.lua
@@ -64,6 +64,7 @@ function Security.updatePassword(password)
 		hash = derived:toHex(),
 		salt = salt,
 		iter = PBKDF2_ITERATIONS,
+		trustKey = SHA.compute(password),
 	}
 	Config.update('os', config)
 end
@@ -72,4 +73,15 @@ function Security.getPassword()
 	return Config.load('os').password
 end

+-- Returns the trust key for ChaCha20-based trust protocol.
+-- Compatible with both new (PBKDF2 table) and legacy (SHA-256 string) formats.
+function Security.getTrustKey()
+	local stored = Security.getPassword()
+	if type(stored) == 'table' then
+		return stored.trustKey
+	end
+	-- Legacy: the stored string IS the SHA-256 hex
+	return stored
+end
+
 return Security