mirror of
https://github.com/kepler155c/opus
synced 2025-10-29 06:37:40 +00:00
security updates
This commit is contained in:
kepler155c@gmail.com
@@ -137,10 +137,14 @@ end
|
||||
]]
|
||||
|
||||
function page.ports.grid:update()
|
||||
local transport = network:getTransport()
|
||||
|
||||
local function findConnection(port)
|
||||
for _,socket in pairs(_G.transport.sockets) do
|
||||
if socket.sport == port then
|
||||
return socket
|
||||
if transport then
|
||||
for _,socket in pairs(transport.sockets) do
|
||||
if socket.sport == port then
|
||||
return socket
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -14,6 +14,7 @@ if not device.wireless_modem then
|
||||
end
|
||||
|
||||
print('Net daemon starting')
|
||||
device.wireless_modem.closeAll()
|
||||
|
||||
for _,file in pairs(fs.list('sys/apps/network')) do
|
||||
local fn, msg = Util.run(_ENV, 'sys/apps/network/' .. file)
|
||||
|
||||
39
sys/apps/network/keygen.lua
Normal file
39
sys/apps/network/keygen.lua
Normal file
@@ -0,0 +1,39 @@
|
||||
local ECC = require('opus.crypto.ecc')
|
||||
local Event = require('opus.event')
|
||||
local Util = require('opus.util')
|
||||
|
||||
local network = _G.network
|
||||
local os = _G.os
|
||||
|
||||
local keyPairs = { }
|
||||
|
||||
local function generateKeyPair()
|
||||
local key = { }
|
||||
for _ = 1, 32 do
|
||||
table.insert(key, ("%02x"):format(math.random(0, 0xFF)))
|
||||
end
|
||||
local privateKey = Util.hexToByteArray(table.concat(key))
|
||||
return privateKey, ECC.publicKey(privateKey)
|
||||
end
|
||||
|
||||
getmetatable(network).__index.getKeyPair = function()
|
||||
local keys = table.remove(keyPairs)
|
||||
os.queueEvent('generate_keypair')
|
||||
if not keys then
|
||||
return generateKeyPair()
|
||||
end
|
||||
return table.unpack(keys)
|
||||
end
|
||||
|
||||
-- Generate key pairs in the background as this is a time-consuming process
|
||||
Event.on('generate_keypair', function()
|
||||
while true do
|
||||
os.sleep(5)
|
||||
local timer = Util.timer()
|
||||
table.insert(keyPairs, { generateKeyPair() })
|
||||
_G._syslog('Generated keypair in ' .. timer())
|
||||
if #keyPairs >= 3 then
|
||||
break
|
||||
end
|
||||
end
|
||||
end)
|
||||
@@ -6,7 +6,9 @@
|
||||
]]--
|
||||
|
||||
local Event = require('opus.event')
|
||||
local SHA = require('opus.crypto.sha2')
|
||||
|
||||
local network = _G.network
|
||||
local os = _G.os
|
||||
|
||||
local computerId = os.getComputerID()
|
||||
@@ -15,7 +17,10 @@ local transport = {
|
||||
sockets = { },
|
||||
UID = 0,
|
||||
}
|
||||
_G.transport = transport
|
||||
|
||||
getmetatable(network).__index.getTransport = function()
|
||||
return transport
|
||||
end
|
||||
|
||||
function transport.open(socket)
|
||||
transport.UID = transport.UID + 1
|
||||
@@ -33,19 +38,11 @@ function transport.read(socket)
|
||||
end
|
||||
|
||||
function transport.write(socket, data)
|
||||
--_syslog('>> ' .. Util.tostring({ type = 'DATA', seq = socket.wseq }))
|
||||
socket.transmit(socket.dport, socket.dhost, data)
|
||||
|
||||
--local timerId = os.startTimer(3)
|
||||
|
||||
--transport.timers[timerId] = socket
|
||||
--socket.timers[socket.wseq] = timerId
|
||||
|
||||
socket.wseq = socket.wseq + 1
|
||||
socket.wseq = SHA.digest(socket.wseq):toHex()
|
||||
end
|
||||
|
||||
function transport.ping(socket)
|
||||
--_syslog('>> ' .. Util.tostring({ type = 'DATA', seq = socket.wseq }))
|
||||
if os.clock() - socket.activityTimer > 10 then
|
||||
socket.activityTimer = os.clock()
|
||||
socket.transmit(socket.dport, socket.dhost, {
|
||||
@@ -53,7 +50,7 @@ function transport.ping(socket)
|
||||
seq = -1,
|
||||
})
|
||||
|
||||
local timerId = os.startTimer(5)
|
||||
local timerId = os.startTimer(3)
|
||||
transport.timers[timerId] = socket
|
||||
socket.timers[-1] = timerId
|
||||
end
|
||||
@@ -78,18 +75,19 @@ Event.on('modem_message', function(_, _, dport, dhost, msg, distance)
|
||||
local socket = transport.sockets[dport]
|
||||
if socket and socket.connected then
|
||||
|
||||
--if msg.type then _syslog('<< ' .. Util.tostring(msg)) end
|
||||
if socket.co and coroutine.status(socket.co) == 'dead' then
|
||||
_G._syslog('socket coroutine dead')
|
||||
socket:close()
|
||||
|
||||
elseif msg.type == 'DISC' then
|
||||
-- received disconnect from other end
|
||||
if socket.connected then
|
||||
os.queueEvent('transport_' .. socket.uid)
|
||||
if msg.seq == socket.rseq then
|
||||
if socket.connected then
|
||||
os.queueEvent('transport_' .. socket.uid)
|
||||
end
|
||||
socket.connected = false
|
||||
socket:close()
|
||||
end
|
||||
socket.connected = false
|
||||
socket:close()
|
||||
|
||||
elseif msg.type == 'ACK' then
|
||||
local ackTimerId = socket.timers[msg.seq]
|
||||
@@ -108,28 +106,19 @@ Event.on('modem_message', function(_, _, dport, dhost, msg, distance)
|
||||
})
|
||||
|
||||
elseif msg.type == 'DATA' and msg.data then
|
||||
socket.activityTimer = os.clock()
|
||||
if msg.seq ~= socket.rseq then
|
||||
print('transport seq error - closing socket ' .. socket.sport)
|
||||
_syslog(msg.data)
|
||||
_syslog('current ' .. socket.rseq)
|
||||
_syslog('expected ' .. msg.seq)
|
||||
-- socket:close()
|
||||
-- os.queueEvent('transport_' .. socket.uid)
|
||||
_syslog('expected ' .. socket.rseq)
|
||||
_syslog('got ' .. msg.seq)
|
||||
else
|
||||
socket.rseq = socket.rseq + 1
|
||||
socket.activityTimer = os.clock()
|
||||
socket.rseq = SHA.digest(socket.rseq):toHex()
|
||||
table.insert(socket.messages, { msg.data, distance })
|
||||
|
||||
-- use resume instead ??
|
||||
if not socket.messages[2] then -- table size is 1
|
||||
os.queueEvent('transport_' .. socket.uid)
|
||||
end
|
||||
|
||||
--_syslog('>> ' .. Util.tostring({ type = 'ACK', seq = msg.seq }))
|
||||
--socket.transmit(socket.dport, socket.dhost, {
|
||||
-- type = 'ACK',
|
||||
-- seq = msg.seq,
|
||||
--})
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -4,6 +4,8 @@ local Security = require('opus.security')
|
||||
local Socket = require('opus.socket')
|
||||
local Util = require('opus.util')
|
||||
|
||||
local trustId = '01c3ba27fe01383a03a1785276d99df27c3edcef68fbf231ca'
|
||||
|
||||
local function trustConnection(socket)
|
||||
local data = socket:read(2)
|
||||
if data then
|
||||
@@ -14,7 +16,7 @@ local function trustConnection(socket)
|
||||
data = Crypto.decrypt(data, password)
|
||||
if data and data.pk and data.dh == socket.dhost then
|
||||
local trustList = Util.readTable('usr/.known_hosts') or { }
|
||||
trustList[data.dh] = Util.byteArrayToHex(data.pk)
|
||||
trustList[data.dh] = data.pk
|
||||
Util.writeTable('usr/.known_hosts', trustList)
|
||||
|
||||
socket:write({ success = true, msg = 'Trust accepted' })
|
||||
@@ -29,7 +31,7 @@ Event.addRoutine(function()
|
||||
print('trust: listening on port 19')
|
||||
|
||||
while true do
|
||||
local socket = Socket.server(19)
|
||||
local socket = Socket.server(19, { identifier = trustId })
|
||||
|
||||
print('trust: connection from ' .. socket.dhost)
|
||||
|
||||
|
||||
@@ -27,15 +27,16 @@ if not password then
|
||||
end
|
||||
|
||||
print('connecting...')
|
||||
local socket, msg = Socket.connect(remoteId, 19)
|
||||
local trustId = '01c3ba27fe01383a03a1785276d99df27c3edcef68fbf231ca'
|
||||
local socket, msg = Socket.connect(remoteId, 19, { identifier = trustId })
|
||||
|
||||
if not socket then
|
||||
error(msg)
|
||||
end
|
||||
|
||||
local publicKey = Security.getPublicKey()
|
||||
local identifier = Security.getIdentifier()
|
||||
|
||||
socket:write(Crypto.encrypt({ pk = publicKey, dh = os.getComputerID() }, SHA.compute(password)))
|
||||
socket:write(Crypto.encrypt({ pk = identifier, dh = os.getComputerID() }, SHA.compute(password)))
|
||||
|
||||
local data = socket:read(2)
|
||||
socket:close()
|
||||
|
||||
Reference in New Issue
Block a user