AUTH

This driver provides details about the currently installed operating system.

Details

define AUTH_VERSION

define AUTH_IOC_CHAR

define I_AUTH_GETVERSION

define I_AUTH_START

This provides a random token exchange. The caller provides a 128-bit random number token (left justified)

The auth device populates the remaining 128-bits of the random number. The result is used with the secret key I_AUTH_FINISH.


define I_AUTH_GETTOKEN

This will calculate the final token if the caller already has the secret key.

Storing the secret key inside an unencrypted application binary is a big security risk.

They key and randome number are passed. The final token is returned.


define I_AUTH_FINISH

This finishes the authentication.

Once the calling thread is authenticated, it will be placed in root access mode.

Executing I_AUTH_FINISH with an invalid value will remove root access mode from the calling thread.

The system must set the SYS_FLAG_IS_KEYED flag and appened a secret key to the end of the binary. Without both of these, all calls to I_AUTH will result in the calling thread having root access.

The authorization goes like this:

#include <unistd.h>
#include <fcntl.h>
#include <sos/dev/auth.h>

int main(int argc, char * argv[]){
  int fd = open("/dev/auth", O_RDWR);

  auth_token_t token;

  //populate token.data[0 to 15] with random bits

  ioctl(fdm, I_AUTH_START, &auth);

  //all 256 bits of auth.token are now populated
  //This token can be sent to an external program to populate next auth token
  //the next auth token should be the SHA256 of the secret key and random bits token

    //if this program has access to the secret key -- the next token can be calculated using:
  auth_key_token_t key_token;
  //poplate key_token.key;
  key_token.token = token;
  ioctl(fd, I_AUTH_GETTOKEN, &key_token);

  if( ioctl(fd, I_AUTH_FINISH, &auth) == 0 ){
    //calling task now has root privileges
  }

  //now final auth token is SHA256 of the random token and secret key
  //this can be sent to the authorizing entity to validate the /auth/dev driver

 if( ioctl(fd, I_AUTH_START, 0) == 0 ){
    //calling task no longer has root privileges
  }
}

struct::auth_token_t

u8 data

struct::auth_key_token_t

auth_token_t key

auth_token_t token

X

Thanks for Coming!

Subscribe to news and updates