mirrors/opus
1
0
Fork 0
mirror of https://github.com/kepler155c/opus synced 2025-01-28 08:04:46 +00:00
Code Issues Releases Wiki Activity

Add a one-time password system (#47)

Browse Source 
This commit adds a one-time password system. Users can generate
passwords by using the `genotp` command (or manually queuing a set_otp
event with the SHA-256 hash of the one-time password they want to set)
and these passwords will be valid, along with the normal password,
either until the computer shuts down (or the net daemon is killed), a
new one-time password is generated, or the one-time password is used.
This commit is contained in:
Kan18 2020-08-24 01:20:42 -04:00 committed by GitHub
parent 01d8d65178
commit a77deb72ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/apps/genotp.lua Normal file
View File

@ -0,0 +1,14 @@
local SHA = require("opus.crypto.sha2")
local acceptableCharacters = {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"}
local acceptableCharactersLen = #acceptableCharacters
local password = ""
for _i = 1, 8 do
password = password .. acceptableCharacters[math.random(acceptableCharactersLen)]
end
os.queueEvent("set_otp", SHA.compute(password))
print("Your one-time password is: " .. password)

48
sys/apps/network/trust.lua
View File

@ -6,6 +6,22 @@ local Util = require('opus.util')
local trustId = '01c3ba27fe01383a03a1785276d99df27c3edcef68fbf231ca' local trustId = '01c3ba27fe01383a03a1785276d99df27c3edcef68fbf231ca'
local oneTimePassword -- nil by default
local function validateData(data, password, dhost)
local s
s, data = pcall(Crypto.decrypt, data, password)
if s and data and type(data) == "table" and data.pk and data.dh == dhost then
local trustList = Util.readTable('usr/.known_hosts') or { }
trustList[data.dh] = data.pk
Util.writeTable('usr/.known_hosts', trustList)
return true
else
return false
end
end
local function trustConnection(socket) local function trustConnection(socket)
local data = socket:read(2) local data = socket:read(2)
if data then if data then
@ -13,17 +29,22 @@ local function trustConnection(socket)
if not password then if not password then
socket:write({ msg = 'No password has been set' }) socket:write({ msg = 'No password has been set' })
else else
local s if validateData(data, password, socket.dhost) then
s, data = pcall(Crypto.decrypt, data, password) print("Accepted trust from " .. socket.dhost)
if s and data and data.pk and data.dh == socket.dhost then
local trustList = Util.readTable('usr/.known_hosts') or { }
trustList[data.dh] = data.pk
Util.writeTable('usr/.known_hosts', trustList)
socket:write({ success = true, msg = 'Trust accepted' }) socket:write({ success = true, msg = 'Trust accepted' })
else return
socket:write({ msg = 'Invalid password' })
end end
if oneTimePassword then
if validateData(data, oneTimePassword, socket.dhost) then
print("Accepted trust from " .. socket.dhost .. "using one-time password")
socket:write({ success = true, msg = 'Trust accepted - this one-time password will not be usable again' })
oneTimePassword = nil -- Make sure nobody can use the one-time password again
return
end
end
socket:write({ msg = 'Invalid password' })
end end
end end
end end
@ -44,3 +65,12 @@ Event.addRoutine(function()
end end
end end
end) end)
Event.addRoutine(function()
while true do
local _event, password = os.pullEvent("set_otp")
oneTimePassword = password
print("got new one-time password")
end
end)