mirror of
https://github.com/kepler155c/opus
synced 2025-01-19 03:42:51 +00:00
security update round 2
This commit is contained in:
parent
d90aa0e2fd
commit
00293033c8
@ -71,6 +71,7 @@ local function run(env, ...)
|
|||||||
tProgramStack[#tProgramStack + 1] = path
|
tProgramStack[#tProgramStack + 1] = path
|
||||||
end
|
end
|
||||||
|
|
||||||
|
env[ "arg" ] = { [0] = path, table.unpack(args) }
|
||||||
local r = { fn(table.unpack(args)) }
|
local r = { fn(table.unpack(args)) }
|
||||||
|
|
||||||
tProgramStack[#tProgramStack] = nil
|
tProgramStack[#tProgramStack] = nil
|
||||||
|
@ -7,5 +7,6 @@ if fs.exists('sys/network') then fs.delete('sys/network') end
|
|||||||
if fs.exists('startup') then fs.delete('startup') end
|
if fs.exists('startup') then fs.delete('startup') end
|
||||||
|
|
||||||
if fs.exists('sys/autorun/gps.lua') then fs.delete('sys/autorun/gps.lua') end
|
if fs.exists('sys/autorun/gps.lua') then fs.delete('sys/autorun/gps.lua') end
|
||||||
|
if fs.exists('sys/autorun/gpsHost.lua') then fs.delete('sys/autorun/gpsHost.lua') end
|
||||||
if fs.exists('sys/apps/network/redserver.lua') then fs.delete('sys/apps/network/redserver.lua') end
|
if fs.exists('sys/apps/network/redserver.lua') then fs.delete('sys/apps/network/redserver.lua') end
|
||||||
if fs.exists('sys/apis') then fs.delete('sys/apis') end
|
if fs.exists('sys/apis') then fs.delete('sys/apis') end
|
||||||
|
@ -1,68 +1,28 @@
|
|||||||
-- Loads the Opus environment regardless if the file system is local or not
|
local fs = _G.fs
|
||||||
local fs = _G.fs
|
|
||||||
local http = _G.http
|
|
||||||
|
|
||||||
_G.OPUS_BRANCH = 'develop-1.8'
|
|
||||||
local GIT_REPO = 'kepler155c/opus/' .. _G.OPUS_BRANCH
|
|
||||||
local BASE = 'https://raw.githubusercontent.com/' .. GIT_REPO
|
|
||||||
|
|
||||||
local sandboxEnv = setmetatable({ }, { __index = _G })
|
local sandboxEnv = setmetatable({ }, { __index = _G })
|
||||||
for k,v in pairs(_ENV) do
|
for k,v in pairs(_ENV) do
|
||||||
sandboxEnv[k] = v
|
sandboxEnv[k] = v
|
||||||
end
|
end
|
||||||
|
|
||||||
_G._syslog = function() end
|
local function run(file, ...)
|
||||||
|
|
||||||
local function makeEnv()
|
|
||||||
local env = setmetatable({ }, { __index = _G })
|
local env = setmetatable({ }, { __index = _G })
|
||||||
for k,v in pairs(sandboxEnv) do
|
for k,v in pairs(sandboxEnv) do
|
||||||
env[k] = v
|
env[k] = v
|
||||||
end
|
end
|
||||||
return env
|
|
||||||
end
|
|
||||||
|
|
||||||
local function run(file, ...)
|
local s, m = loadfile(file, env)
|
||||||
local s, m = loadfile(file, makeEnv())
|
|
||||||
if s then
|
if s then
|
||||||
return s(...)
|
return s(...)
|
||||||
end
|
end
|
||||||
error('Error loading ' .. file .. '\n' .. m)
|
error('Error loading ' .. file .. '\n' .. m)
|
||||||
end
|
end
|
||||||
|
|
||||||
local function runUrl(file, ...)
|
_G._syslog = function() end
|
||||||
local url = BASE .. '/' .. file
|
_G.OPUS_BRANCH = 'develop-1.8'
|
||||||
|
|
||||||
local u = http.get(url)
|
|
||||||
if u then
|
|
||||||
local fn = load(u.readAll(), url, nil, makeEnv())
|
|
||||||
u.close()
|
|
||||||
if fn then
|
|
||||||
return fn(...)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
error('Failed to download ' .. url)
|
|
||||||
end
|
|
||||||
|
|
||||||
-- Install require shim
|
-- Install require shim
|
||||||
if fs.exists('sys/modules/opus/injector.lua') then
|
_G.requireInjector = run('sys/modules/opus/injector.lua')
|
||||||
_G.requireInjector = run('sys/modules/opus/injector.lua')
|
|
||||||
else
|
|
||||||
-- not local, run the file system directly from git
|
|
||||||
if package and package.path then
|
|
||||||
package.path = package.path .. ';' .. BASE .. '/sys/modules/opus'
|
|
||||||
else
|
|
||||||
sandboxEnv.package = {
|
|
||||||
path = BASE .. '/sys/modules/opus'
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
_G.requireInjector = runUrl('sys/modules/opus/injector.lua')
|
|
||||||
|
|
||||||
runUrl('sys/init/2.vfs.lua')
|
|
||||||
|
|
||||||
-- install file system
|
|
||||||
fs.mount('', 'gitfs', GIT_REPO)
|
|
||||||
end
|
|
||||||
|
|
||||||
local s, m = pcall(run, 'sys/apps/shell.lua', 'sys/kernel.lua', ...)
|
local s, m = pcall(run, 'sys/apps/shell.lua', 'sys/kernel.lua', ...)
|
||||||
|
|
||||||
|
@ -115,6 +115,7 @@ local function crypt(data, key, nonce, cntr, round)
|
|||||||
cntr = tonumber(cntr) or 1
|
cntr = tonumber(cntr) or 1
|
||||||
round = tonumber(round) or 20
|
round = tonumber(round) or 20
|
||||||
|
|
||||||
|
local throttle = util.throttle()
|
||||||
local out = {}
|
local out = {}
|
||||||
local state = initState(key, nonce, cntr)
|
local state = initState(key, nonce, cntr)
|
||||||
local blockAmt = math.floor(#data/64)
|
local blockAmt = math.floor(#data/64)
|
||||||
@ -131,8 +132,9 @@ local function crypt(data, key, nonce, cntr, round)
|
|||||||
end
|
end
|
||||||
|
|
||||||
if i % 1000 == 0 then
|
if i % 1000 == 0 then
|
||||||
os.queueEvent("")
|
throttle()
|
||||||
os.pullEvent("")
|
--os.queueEvent("")
|
||||||
|
--os.pullEvent("")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
return setmetatable(out, mt)
|
return setmetatable(out, mt)
|
||||||
|
@ -162,12 +162,25 @@ local function hmac(data, key)
|
|||||||
return digest(padded_key)
|
return digest(padded_key)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
local function throttler()
|
||||||
|
local ts = os.clock()
|
||||||
|
local timeout = .095
|
||||||
|
return function()
|
||||||
|
local nts = os.clock()
|
||||||
|
if nts > ts + timeout then
|
||||||
|
os.sleep(0)
|
||||||
|
ts = os.clock()
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
local function pbkdf2(pass, salt, iter, dklen)
|
local function pbkdf2(pass, salt, iter, dklen)
|
||||||
salt = type(salt) == "table" and salt or {tostring(salt):byte(1,-1)}
|
salt = type(salt) == "table" and salt or {tostring(salt):byte(1,-1)}
|
||||||
local hashlen = 32
|
local hashlen = 32
|
||||||
dklen = dklen or 32
|
dklen = dklen or 32
|
||||||
local block = 1
|
local block = 1
|
||||||
local out = {}
|
local out = {}
|
||||||
|
local throttle = throttler()
|
||||||
|
|
||||||
while dklen > 0 do
|
while dklen > 0 do
|
||||||
local ikey = {}
|
local ikey = {}
|
||||||
@ -182,7 +195,10 @@ local function pbkdf2(pass, salt, iter, dklen)
|
|||||||
for j = 1, iter do
|
for j = 1, iter do
|
||||||
isalt = hmac(isalt, pass)
|
isalt = hmac(isalt, pass)
|
||||||
for k = 1, clen do ikey[k] = bxor(isalt[k], ikey[k] or 0) end
|
for k = 1, clen do ikey[k] = bxor(isalt[k], ikey[k] or 0) end
|
||||||
if j % 200 == 0 then os.queueEvent("PBKDF2", j) coroutine.yield("PBKDF2") end
|
if j % 200 == 0 then
|
||||||
|
throttle()
|
||||||
|
--os.queueEvent("PBKDF2", j) coroutine.yield("PBKDF2")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
dklen = dklen - clen
|
dklen = dklen - clen
|
||||||
block = block+1
|
block = block+1
|
||||||
|
@ -1,6 +1,3 @@
|
|||||||
local PASTEBIN_URL = 'http://pastebin.com/raw'
|
|
||||||
local GIT_URL = 'https://raw.githubusercontent.com'
|
|
||||||
|
|
||||||
local function split(str, pattern)
|
local function split(str, pattern)
|
||||||
local t = { }
|
local t = { }
|
||||||
local function helper(line) table.insert(t, line) return "" end
|
local function helper(line) table.insert(t, line) return "" end
|
||||||
@ -11,7 +8,7 @@ end
|
|||||||
local hasMain
|
local hasMain
|
||||||
local luaPaths = package and package.path and split(package.path, '(.-);') or { }
|
local luaPaths = package and package.path and split(package.path, '(.-);') or { }
|
||||||
for i = 1, #luaPaths do
|
for i = 1, #luaPaths do
|
||||||
if luaPaths[i] == '?' or luaPaths[i] == '?.lua' then
|
if luaPaths[i] == '?' or luaPaths[i] == '?.lua' or luaPaths[i] == '?/init.lua' then
|
||||||
luaPaths[i] = nil
|
luaPaths[i] = nil
|
||||||
elseif string.find(luaPaths[i], '/rom/modules/main') then
|
elseif string.find(luaPaths[i], '/rom/modules/main') then
|
||||||
hasMain = true
|
hasMain = true
|
||||||
@ -22,70 +19,20 @@ table.insert(luaPaths, 1, '?.lua')
|
|||||||
table.insert(luaPaths, 2, '?/init.lua')
|
table.insert(luaPaths, 2, '?/init.lua')
|
||||||
table.insert(luaPaths, 3, '/usr/modules/?.lua')
|
table.insert(luaPaths, 3, '/usr/modules/?.lua')
|
||||||
table.insert(luaPaths, 4, '/usr/modules/?/init.lua')
|
table.insert(luaPaths, 4, '/usr/modules/?/init.lua')
|
||||||
table.insert(luaPaths, 5, '/sys/modules/?.lua')
|
if not hasMain then
|
||||||
table.insert(luaPaths, 6, '/sys/modules/?/init.lua')
|
table.insert(luaPaths, 5, '/rom/modules/main/?')
|
||||||
|
table.insert(luaPaths, 6, '/rom/modules/main/?.lua')
|
||||||
|
table.insert(luaPaths, 7, '/rom/modules/main/?/init.lua')
|
||||||
|
end
|
||||||
|
table.insert(luaPaths, '/sys/modules/?.lua')
|
||||||
|
table.insert(luaPaths, '/sys/modules/?/init.lua')
|
||||||
|
|
||||||
local DEFAULT_PATH = table.concat(luaPaths, ';')
|
local DEFAULT_PATH = table.concat(luaPaths, ';')
|
||||||
if not hasMain then
|
|
||||||
DEFAULT_PATH = DEFAULT_PATH .. ';/rom/modules/main/?;/rom/modules/main/?.lua;/rom/modules/main/?/init.lua'
|
|
||||||
end
|
|
||||||
|
|
||||||
local fs = _G.fs
|
local fs = _G.fs
|
||||||
local http = _G.http
|
|
||||||
local os = _G.os
|
local os = _G.os
|
||||||
local string = _G.string
|
local string = _G.string
|
||||||
|
|
||||||
--[[
|
|
||||||
if not http._patched then
|
|
||||||
-- fix broken http get (http.get is not coroutine safe)
|
|
||||||
local syncLocks = { }
|
|
||||||
|
|
||||||
local function sync(obj, fn)
|
|
||||||
local key = tostring(obj)
|
|
||||||
if syncLocks[key] then
|
|
||||||
local cos = tostring(coroutine.running())
|
|
||||||
table.insert(syncLocks[key], cos)
|
|
||||||
repeat
|
|
||||||
local _, co = os.pullEvent('sync_lock')
|
|
||||||
until co == cos
|
|
||||||
else
|
|
||||||
syncLocks[key] = { }
|
|
||||||
end
|
|
||||||
fn()
|
|
||||||
local co = table.remove(syncLocks[key], 1)
|
|
||||||
if co then
|
|
||||||
os.queueEvent('sync_lock', co)
|
|
||||||
else
|
|
||||||
syncLocks[key] = nil
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
-- todo -- completely replace http.get with function that
|
|
||||||
-- checks for success on permanent redirects (minecraft 1.75 bug)
|
|
||||||
|
|
||||||
http._patched = http.get
|
|
||||||
function http.get(url, headers)
|
|
||||||
local s, m
|
|
||||||
sync(url, function()
|
|
||||||
s, m = http._patched(url, headers)
|
|
||||||
end)
|
|
||||||
return s, m
|
|
||||||
end
|
|
||||||
end
|
|
||||||
--]]
|
|
||||||
|
|
||||||
local function loadUrl(url)
|
|
||||||
local c
|
|
||||||
local h = http.get(url)
|
|
||||||
if h then
|
|
||||||
c = h.readAll()
|
|
||||||
h.close()
|
|
||||||
end
|
|
||||||
if c and #c > 0 then
|
|
||||||
return c
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
-- Add require and package to the environment
|
-- Add require and package to the environment
|
||||||
return function(env)
|
return function(env)
|
||||||
local function preloadSearcher(modname)
|
local function preloadSearcher(modname)
|
||||||
@ -118,45 +65,14 @@ return function(env)
|
|||||||
local sPath = string.gsub(pattern, "%?", fname)
|
local sPath = string.gsub(pattern, "%?", fname)
|
||||||
-- TODO: if there's no shell, we should not be checking relative paths below
|
-- TODO: if there's no shell, we should not be checking relative paths below
|
||||||
-- as they will resolve to root directory
|
-- as they will resolve to root directory
|
||||||
if sPath:match("^(https?:)") then
|
if env.shell and
|
||||||
local c = loadUrl(sPath)
|
type(env.shell.getRunningProgram) == 'function' and
|
||||||
if c then
|
sPath:sub(1, 1) ~= "/" then
|
||||||
return load(c, modname, nil, env)
|
|
||||||
end
|
|
||||||
else
|
|
||||||
if env.shell and
|
|
||||||
type(env.shell.getRunningProgram) == 'function' and
|
|
||||||
sPath:sub(1, 1) ~= "/" then
|
|
||||||
|
|
||||||
sPath = fs.combine(fs.getDir(env.shell.getRunningProgram() or ''), sPath)
|
sPath = fs.combine(fs.getDir(env.shell.getRunningProgram() or ''), sPath)
|
||||||
end
|
|
||||||
if fs.exists(sPath) and not fs.isDir(sPath) then
|
|
||||||
return loadfile(sPath, env)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
if fs.exists(sPath) and not fs.isDir(sPath) then
|
||||||
end
|
return loadfile(sPath, env)
|
||||||
|
|
||||||
-- require('BniCQPVf')
|
|
||||||
local function pastebinSearcher(modname)
|
|
||||||
if #modname == 8 and not modname:match('%W') then
|
|
||||||
local url = PASTEBIN_URL .. '/' .. modname
|
|
||||||
local c = loadUrl(url)
|
|
||||||
if c then
|
|
||||||
return load(c, modname, nil, env)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
-- require('kepler155c.opus.master.sys.apis.util')
|
|
||||||
local function gitSearcher(modname)
|
|
||||||
local fname = modname:gsub('%.', '/') .. '.lua'
|
|
||||||
local _, count = fname:gsub("/", "")
|
|
||||||
if count >= 3 then
|
|
||||||
local url = GIT_URL .. '/' .. fname
|
|
||||||
local c = loadUrl(url)
|
|
||||||
if c then
|
|
||||||
return load(c, modname, nil, env)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@ -178,8 +94,6 @@ return function(env)
|
|||||||
preloadSearcher,
|
preloadSearcher,
|
||||||
loadedSearcher,
|
loadedSearcher,
|
||||||
pathSearcher,
|
pathSearcher,
|
||||||
pastebinSearcher,
|
|
||||||
gitSearcher,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -13,13 +13,28 @@ function Security.hasPassword()
|
|||||||
return not not Security.getPassword()
|
return not not Security.getPassword()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
local function genKey()
|
||||||
|
local key = { }
|
||||||
|
for _ = 1, 32 do
|
||||||
|
table.insert(key, ("%02x"):format(math.random(0, 0xFF)))
|
||||||
|
end
|
||||||
|
return table.concat(key)
|
||||||
|
end
|
||||||
|
|
||||||
|
function Security.generateKeyPair()
|
||||||
|
local privateKey = Util.hexToByteArray(genKey())
|
||||||
|
return privateKey, ECC.publicKey(privateKey)
|
||||||
|
end
|
||||||
|
|
||||||
|
function Security.getIdentifier()
|
||||||
|
return Security.geetPublicKey()
|
||||||
|
end
|
||||||
|
|
||||||
|
-- deprecate - will use getIdentifier
|
||||||
function Security.getSecretKey()
|
function Security.getSecretKey()
|
||||||
local config = Config.load('os')
|
local config = Config.load('os')
|
||||||
if not config.secretKey then
|
if not config.secretKey then
|
||||||
config.secretKey = ""
|
config.secretKey = genKey()
|
||||||
for _ = 1, 32 do
|
|
||||||
config.secretKey = config.secretKey .. ("%02x"):format(math.random(0, 0xFF))
|
|
||||||
end
|
|
||||||
Config.update('os', config)
|
Config.update('os', config)
|
||||||
end
|
end
|
||||||
return Util.hexToByteArray(config.secretKey)
|
return Util.hexToByteArray(config.secretKey)
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
local Crypto = require('opus.crypto.chacha20')
|
local Crypto = require('opus.crypto.chacha20')
|
||||||
|
local ECC = require('opus.crypto.ecc')
|
||||||
local Security = require('opus.security')
|
local Security = require('opus.security')
|
||||||
|
local SHA = require('opus.crypto.sha2')
|
||||||
local Util = require('opus.util')
|
local Util = require('opus.util')
|
||||||
|
|
||||||
local device = _G.device
|
local device = _G.device
|
||||||
@ -60,6 +62,14 @@ function socketClass:ping()
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function socketClass:setupEncryption()
|
||||||
|
self.sharedKey = ECC.exchange(self.privKey, self.remotePubKey)
|
||||||
|
self.enckey = SHA.pbkdf2(self.sharedKey, "1enc", 1)
|
||||||
|
self.hmackey = SHA.pbkdf2(self.sharedKey, "2hmac", 1)
|
||||||
|
self.rseed = SHA.pbkdf2(self.sharedKey, "3rseed", 1)
|
||||||
|
self.wseed = SHA.pbkdf2(self.sharedKey, "4sseed", 1)
|
||||||
|
end
|
||||||
|
|
||||||
function socketClass:close()
|
function socketClass:close()
|
||||||
if self.connected then
|
if self.connected then
|
||||||
self.transmit(self.dport, self.dhost, {
|
self.transmit(self.dport, self.dhost, {
|
||||||
@ -110,14 +120,20 @@ function Socket.connect(host, port)
|
|||||||
|
|
||||||
local socket = newSocket(host == os.getComputerID())
|
local socket = newSocket(host == os.getComputerID())
|
||||||
socket.dhost = tonumber(host)
|
socket.dhost = tonumber(host)
|
||||||
|
socket.privKey, socket.pubKey = Security.generateKeyPair()
|
||||||
|
|
||||||
socket.transmit(port, socket.sport, {
|
socket.transmit(port, socket.sport, {
|
||||||
type = 'OPEN',
|
type = 'OPEN',
|
||||||
shost = socket.shost,
|
shost = socket.shost,
|
||||||
dhost = socket.dhost,
|
dhost = socket.dhost,
|
||||||
t = Crypto.encrypt({ ts = os.time(), seq = socket.seq, nts = os.epoch('utc') }, Security.getPublicKey()),
|
|
||||||
rseq = socket.wseq,
|
rseq = socket.wseq,
|
||||||
wseq = socket.rseq,
|
wseq = socket.rseq,
|
||||||
|
t = Crypto.encrypt({
|
||||||
|
ts = os.time(),
|
||||||
|
seq = socket.seq,
|
||||||
|
nts = os.epoch('utc'),
|
||||||
|
pk = Util.byteArrayToHex(socket.pubKey),
|
||||||
|
}, Security.getPublicKey()),
|
||||||
})
|
})
|
||||||
|
|
||||||
local timerId = os.startTimer(3)
|
local timerId = os.startTimer(3)
|
||||||
@ -133,6 +149,8 @@ function Socket.connect(host, port)
|
|||||||
if msg.type == 'CONN' then
|
if msg.type == 'CONN' then
|
||||||
socket.dport = dport
|
socket.dport = dport
|
||||||
socket.connected = true
|
socket.connected = true
|
||||||
|
socket.remotePubKey = Util.hexToByteArray(msg.pk)
|
||||||
|
socket:setupEncryption()
|
||||||
-- Logger.log('socket', 'connection established to %d %d->%d',
|
-- Logger.log('socket', 'connection established to %d %d->%d',
|
||||||
-- host, socket.sport, socket.dport)
|
-- host, socket.sport, socket.dport)
|
||||||
_G.transport.open(socket)
|
_G.transport.open(socket)
|
||||||
@ -153,7 +171,7 @@ function Socket.connect(host, port)
|
|||||||
return false, 'Connection timed out', 'TIMEOUT'
|
return false, 'Connection timed out', 'TIMEOUT'
|
||||||
end
|
end
|
||||||
|
|
||||||
local function trusted(msg, port)
|
local function trusted(socket, msg, port)
|
||||||
if port == 19 or msg.shost == os.getComputerID() then
|
if port == 19 or msg.shost == os.getComputerID() then
|
||||||
-- no auth for trust server or loopback
|
-- no auth for trust server or loopback
|
||||||
return true
|
return true
|
||||||
@ -168,11 +186,12 @@ local function trusted(msg, port)
|
|||||||
local pubKey = trustList[msg.shost]
|
local pubKey = trustList[msg.shost]
|
||||||
|
|
||||||
if pubKey and msg.t then
|
if pubKey and msg.t then
|
||||||
pubKey = Util.hexToByteArray(pubKey)
|
local data = Crypto.decrypt(msg.t, Util.hexToByteArray(pubKey))
|
||||||
local data = Crypto.decrypt(msg.t, pubKey)
|
|
||||||
|
|
||||||
if data and data.nts then -- upgraded security
|
if data and data.nts then -- upgraded security
|
||||||
return data.nts and tonumber(data.nts) and math.abs(os.epoch('utc') - data.nts) < 1024
|
if data.nts and tonumber(data.nts) and math.abs(os.epoch('utc') - data.nts) < 1024 then
|
||||||
|
socket.remotePubKey = Util.hexToByteArray(data.pk)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
--local sharedKey = modexp(pubKey, exchange.secretKey, public.primeMod)
|
--local sharedKey = modexp(pubKey, exchange.secretKey, public.primeMod)
|
||||||
@ -207,13 +226,17 @@ function Socket.server(port)
|
|||||||
})
|
})
|
||||||
socket:close()
|
socket:close()
|
||||||
|
|
||||||
elseif trusted(msg, port) then
|
elseif trusted(socket, msg, port) then
|
||||||
socket.connected = true
|
socket.connected = true
|
||||||
|
socket.privKey, socket.pubKey = Security.generateKeyPair()
|
||||||
|
socket:setupEncryption()
|
||||||
socket.transmit(socket.dport, socket.sport, {
|
socket.transmit(socket.dport, socket.sport, {
|
||||||
type = 'CONN',
|
type = 'CONN',
|
||||||
dhost = socket.dhost,
|
dhost = socket.dhost,
|
||||||
shost = socket.shost,
|
shost = socket.shost,
|
||||||
|
pk = Util.byteArrayToHex(socket.pubKey),
|
||||||
})
|
})
|
||||||
|
|
||||||
-- Logger.log('socket', 'Connection established %d->%d', socket.sport, socket.dport)
|
-- Logger.log('socket', 'Connection established %d->%d', socket.sport, socket.dport)
|
||||||
|
|
||||||
_G.transport.open(socket)
|
_G.transport.open(socket)
|
||||||
|
Loading…
Reference in New Issue
Block a user