# AUTH

This driver provides details about the currently installed operating system.

## Details

##### define I_AUTH_START

This provides a random token exchange. The caller provides a 128-bit random number token (left justified)

The auth device populates the remaining 128-bits of the random number. The result is used with the secret key I_AUTH_FINISH.

##### define I_AUTH_GETTOKEN

This will calculate the final token if the caller already has the secret key.

Storing the secret key inside an unencrypted application binary is a big security risk.

They key and randome number are passed. The final token is returned.

##### define I_AUTH_FINISH

This finishes the authentication.

Once the calling thread is authenticated, it will be placed in root access mode.

Executing I_AUTH_FINISH with an invalid value will remove root access mode from the calling thread.

The system must set the SYS_FLAG_IS_KEYED flag and appened a secret key to the end of the binary. Without both of these, all calls to I_AUTH will result in the calling thread having root access.

The authorization goes like this:

#include <unistd.h>
#include <fcntl.h>
#include <sos/dev/auth.h>

int main(int argc, char * argv[]){
int fd = open("/dev/auth", O_RDWR);

auth_token_t token;

//populate token.data[0 to 15] with random bits

ioctl(fdm, I_AUTH_START, &auth);

//all 256 bits of auth.token are now populated
//This token can be sent to an external program to populate next auth token
//the next auth token should be the SHA256 of the secret key and random bits token

//if this program has access to the secret key -- the next token can be calculated using:
auth_key_token_t key_token;
//poplate key_token.key;
key_token.token = token;
ioctl(fd, I_AUTH_GETTOKEN, &key_token);

if( ioctl(fd, I_AUTH_FINISH, &auth) == 0 ){
//calling task now has root privileges
}

//now final auth token is SHA256 of the random token and secret key
//this can be sent to the authorizing entity to validate the /auth/dev driver

if( ioctl(fd, I_AUTH_START, 0) == 0 ){
//calling task no longer has root privileges
}
}


X