From cc4f8a0afc1b4304aae92b4d1c40de61f7f862d9 Mon Sep 17 00:00:00 2001 From: "kepler155c@gmail.com" Date: Fri, 5 May 2017 07:34:20 -0400 Subject: [PATCH] security start --- apps/password.lua | 18 ++++++++++++++ apps/trust.lua | 56 +++++++++++++++++++++++++++++++++++++++++++ sys/apis/socket.lua | 41 ++++++++++++++++++++++++++----- sys/extensions/os.lua | 15 ++++++++++-- sys/network/trust.lua | 26 ++++++++++++++++++++ 5 files changed, 148 insertions(+), 8 deletions(-) create mode 100644 apps/password.lua create mode 100644 apps/trust.lua create mode 100644 sys/network/trust.lua diff --git a/apps/password.lua b/apps/password.lua new file mode 100644 index 0000000..c6d1baf --- /dev/null +++ b/apps/password.lua @@ -0,0 +1,18 @@ +require = requireInjector(getfenv(1)) +local Config = require('config') +local SHA1 = require('sha1') + +local config = { + enable = false, + pocketId = 10, + distance = 8, +} + +Config.load('os', config) + +print('Enter new password') +local password = read() + +config.password = SHA1.sha1(password) + +Config.update('os', config) diff --git a/apps/trust.lua b/apps/trust.lua new file mode 100644 index 0000000..1ad04c7 --- /dev/null +++ b/apps/trust.lua @@ -0,0 +1,56 @@ +require = requireInjector(getfenv(1)) +local Socket = require('socket') +local SHA1 = require('sha1') + +local remoteId +local args = { ... } +local exchange = { + base = 11, + primeMod = 625210769 +} + +if #args == 1 then + remoteId = tonumber(args[1]) +else + print('Enter host ID') + remoteId = tonumber(read()) +end + +if not remoteId then + error('Syntax: trust ') +end + +print('Password') +local password = read() + +print('connecting...') +local socket = Socket.connect(remoteId, 19) + +if not socket then + error('Unable to connect to ' .. remoteId .. ' on port 19') +end + +local function modexp(base, exponent, modulo) + local remainder = base + + for i = 1, exponent-1 do + remainder = remainder * remainder + if remainder >= modulo then + remainder = remainder % modulo + end + end + + return remainder +end + +local secretKey = os.getSecretKey() +local publicKey = modexp(exchange.base, secretKey, exchange.primeMod) + +socket:write({ + password = SHA1.sha1(password), + publicKey = publicKey, +}) + +print(socket:read(2) or 'No response') + +socket:close() diff --git a/sys/apis/socket.lua b/sys/apis/socket.lua index a7e8bae..1913d49 100644 --- a/sys/apis/socket.lua +++ b/sys/apis/socket.lua @@ -1,7 +1,28 @@ local Logger = require('logger') local socketClass = { } -local trustList = Util.readTable('.known_hosts') +local trustList = Util.readTable('.known_hosts') or { } + +local exchange = { + base = 11, + primeMod = 625210769 +} + +local function modexp(base, exponent, modulo) + local remainder = base + + for i = 1, exponent-1 do + remainder = remainder * remainder + if remainder >= modulo then + remainder = remainder % modulo + end + end + + return remainder +end + +exchange.secretKey = os.getSecretKey() +exchange.publicKey = modexp(exchange.base, exchange.secretKey, exchange.primeMod) function socketClass:read(timeout) @@ -148,6 +169,7 @@ function Socket.connect(host, port) type = 'OPEN', shost = socket.shost, dhost = socket.dhost, + sharedKey = exchange.publicKey, }) local timerId = os.startTimer(3) @@ -175,11 +197,18 @@ function Socket.connect(host, port) socket:close() end -function trusted(msg) - if trustList then - return trustList[msg.shost] +function trusted(msg, port) + + if port == 19 then -- no auth for trust server + return true + end + + local pubKey = trustList[msg.shost] + + if pubKey then + --local sharedKey = modexp(pubKey, exchange.secretKey, public.primeMod) + return pubKey == msg.sharedKey end - return true end function Socket.server(port, keepAlive) @@ -195,7 +224,7 @@ function Socket.server(port, keepAlive) msg.dhost == os.getComputerID() and msg.type == 'OPEN' then - if trusted(msg) then + if trusted(msg, port) then local socket = newSocket(msg.shost == os.getComputerID()) socket.dport = dport socket.dhost = msg.shost diff --git a/sys/extensions/os.lua b/sys/extensions/os.lua index 1f0950c..ccb7775 100644 --- a/sys/extensions/os.lua +++ b/sys/extensions/os.lua @@ -7,8 +7,6 @@ local config = { distance = 8, } -Config.load('lock', config) - local lockId function lockScreen() @@ -40,6 +38,7 @@ function lockScreen() function page:eventHandler(event) if event.type == 'key' and event.key == 'enter' then + Config.load('os', config) if SHA1.sha1(self.password.value) == config.password then os.locked = false Event.exitPullEvents() @@ -56,6 +55,18 @@ function lockScreen() Event.pullEvents() end +function os.verifyPassword(password) + Config.load('os', config) + return config.password and password == config.password +end + +function os.getSecretKey() + if not fs.exists('.secret') then + Util.writeFile('.secret', math.random(100000, 999999)) + end + return Util.readFile('.secret') +end + os.lock = function() --os.locked = true diff --git a/sys/network/trust.lua b/sys/network/trust.lua new file mode 100644 index 0000000..08142a5 --- /dev/null +++ b/sys/network/trust.lua @@ -0,0 +1,26 @@ +local Socket = require('socket') +local process = require('process') + +process:newThread('trust_server', function() + + print('trust: listening on port 19') + while true do + local socket = Socket.server(19) + + print('trust: connection from ' .. socket.dhost) + + local data = socket:read(2) + if data then + if os.verifyPassword(data.password) then + local trustList = Util.readTable('.known_hosts') or { } + trustList[socket.dhost] = data.publicKey + Util.writeTable('.known_hosts', trustList) + + socket:write('Trust accepted') + else + socket:write('Invalid password or password is not set') + end + end + socket:close() + end +end)