luajitos

README.md (6819B)

---

 # Administrative Password Prompt
 
 Secure password verification system for LuajitOS that provides admin-level permission and path access control.
 
 ## Features
 
 - **Overlay Authentication**: Password prompt draws on top of all windows (including taskbar)
 - **Argon2id Hashing**: Uses Argon2id for secure password hashing
 - **Permission Requests**: Allows apps to request additional permissions at runtime
 - **Path Access Requests**: Allows apps to request additional filesystem paths at runtime
 
 ## Setup
 
 ### 1. Generate Password Hash
 
 You need to create `/os/password.hash` with a base64-encoded Argon2id hash of your admin password.
 
 To generate the hash, boot into LuajitOS and run:
 
 ```lua
 -- In the shell or a test app:
 local password = "admin"  -- Change this to your desired password
 local salt = "LuajitOS-AdminSalt-v1"
 
 -- Use the crypto library
 local hash = crypto.Argon2id(password, salt)
 
 -- Encode to base64
 local function base64_encode(data)
     local b64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
     if not data or #data == 0 then return "" end
     local result = {}
     for i = 1, #data, 3 do
         local b1 = string.byte(data, i)
         local b2 = string.byte(data, i + 1) or 0
         local b3 = string.byte(data, i + 2) or 0
         local n = b1 * 65536 + b2 * 256 + b3
         local c1 = bit.band(bit.rshift(n, 18), 63) + 1
         local c2 = bit.band(bit.rshift(n, 12), 63) + 1
         local c3 = bit.band(bit.rshift(n, 6), 63) + 1
         local c4 = bit.band(n, 63) + 1
         table.insert(result, b64chars:sub(c1, c1))
         table.insert(result, b64chars:sub(c2, c2))
         if i + 1 <= #data then table.insert(result, b64chars:sub(c3, c3)) else table.insert(result, '=') end
         if i + 2 <= #data then table.insert(result, b64chars:sub(c4, c4)) else table.insert(result, '=') end
     end
     return table.concat(result)
 end
 
 local hash_b64 = base64_encode(hash)
 print("Password hash (base64): " .. hash_b64)
 
 -- Write to file (requires filesystem permission)
 -- fs:write("/os/password.hash", hash_b64)
 ```
 
 Or use the crypto CLI app:
 
 ```bash
 # This will show you the hash
 crypto Argon2id "admin" -salt "LuajitOS-AdminSalt-v1" -b64
 ```
 
 Then manually create the file with that hash.
 
 ### 2. Create Password File
 
 Create `/os/password.hash` in the ISO directory before building:
 
 ```bash
 echo "YOUR_HASH_HERE" > iso_includes/os/password.hash
 ```
 
 **Default Test Password**: For testing purposes, you can use password `"admin"` with this hash:
 ```
 # This is a placeholder - generate the actual hash using the method above
 ```
 
 ## Usage
 
 ### For App Developers
 
 #### Request Additional Permission
 
 ```lua
 -- Import the passprompt app exports
 local passprompt = apps["com.luajitos.passprompt"]
 
 if passprompt and passprompt.exports["admin.requestPermission"] then
     local requestPerm = passprompt.exports["admin.requestPermission"].func
 
     -- Request network permission for current app
     requestPerm(app.pid, "network", function(granted)
         if granted then
             print("Permission granted!")
             -- Now you can use network APIs
         else
             print("Permission denied")
         end
     end)
 end
 ```
 
 #### Request Additional Path Access
 
 ```lua
 -- Import the passprompt app exports
 local passprompt = apps["com.luajitos.passprompt"]
 
 if passprompt and passprompt.exports["admin.requestPath"] then
     local requestPath = passprompt.exports["admin.requestPath"].func
 
     -- Request access to system logs
     requestPath(app.pid, "/var/log/*", function(granted)
         if granted then
             print("Path access granted!")
             -- Now you can read/write to /var/log/*
         else
             print("Path access denied")
         end
     end)
 end
 ```
 
 ## Security Considerations
 
 ### Password Storage
 - Password hash is stored in `/os/password.hash` as base64-encoded Argon2id output
 - Uses fixed salt `"LuajitOS-AdminSalt-v1"` (for verification purposes)
 - **Production**: Should use per-installation random salt stored separately
 
 ### Hashing Algorithm
 - **Argon2id**: Memory-hard function resistant to GPU/ASIC attacks
 - Default parameters: 3 iterations, 64MB memory (from `crypto.Argon2id`)
 
 ### Permissions Required
 The passprompt app requires:
 - `"draw"` - Display password prompt window
 - `"filesystem"` - Read `/os/password.hash`
 - `"crypto"` - Access Argon2id hashing
 - `"system-all"` - Call `sys.ADMIN_AppAddPermission` and `sys.ADMIN_AppAddPath`
 - `"export"` - Export request functions to other apps
 
 ### Attack Vectors to Consider
 
 1. **Password File Access**: `/os/password.hash` should be read-only
 2. **Timing Attacks**: Hash comparison uses simple string equality (could leak timing info)
 3. **Brute Force**: No rate limiting on password attempts
 4. **UI Spoofing**: `alwaysOnTop` prevents most spoofing, but not all
 5. **Memory Inspection**: Password stored in plaintext memory during verification
 
 ### Improvements for Production
 
 1. **Rate Limiting**: Implement exponential backoff after failed attempts
 2. **Constant-Time Comparison**: Use constant-time string comparison
 3. **Random Salt**: Generate unique salt per installation
 4. **Audit Logging**: Log all permission grant attempts
 5. **Session Timeout**: Auto-lock after period of inactivity
 6. **Secure Memory**: Clear password from memory after verification
 7. **Challenge-Response**: Use challenge-response instead of direct password entry
 
 ## Architecture
 
 ### Window Properties
 - `alwaysOnTop = true`: Ensures overlay draws above all other windows
 - `noTaskbar = true`: Doesn't appear in taskbar list
 - `resizable = false`: Fixed size for consistent UI
 
 ### Flow
 
 1. App calls `admin.requestPermission(pid, permission, callback)` or `admin.requestPath(pid, path, callback)`
 2. Password prompt window displays (blocking all input)
 3. User enters password
 4. Password hashed with Argon2id + fixed salt
 5. Hash compared to stored hash in `/os/password.hash`
 6. On success:
    - Calls `sys.ADMIN_AppAddPermission(pid, permission)` or `sys.ADMIN_AppAddPath(pid, path)`
    - Invokes callback with `true`
    - Closes window
 7. On failure:
    - Shows error message
    - Clears password field
    - Invokes callback with `false` (on cancel)
 
 ## Testing
 
 1. Build the OS with passprompt app included
 2. Create password hash file
 3. Boot into LuajitOS
 4. Run passprompt app (it stays in background)
 5. From another app, call the exported functions
 6. Verify password prompt appears on top
 7. Test correct and incorrect passwords
 8. Verify permissions/paths are actually granted
 
 ## Debug Output
 
 The app logs to serial console (`osprint`) for debugging:
 - Password hash attempts (base64)
 - Stored hash comparison
 - Permission/path grant operations
 - Function call parameters
 
 To view debug output, connect to serial console or check boot logs.