Author: wmb Date: Fri Mar 2 23:20:59 2012 New Revision: 2888 URL: http://tracker.coreboot.org/trac/openfirmware/changeset/2888
Log: OLPC - change hex-decode to store the decoded information in-place, thus eliminating the need for auxiliary buffers.
Modified: cpu/x86/pc/olpc/security.fth
Modified: cpu/x86/pc/olpc/security.fth ============================================================================== --- cpu/x86/pc/olpc/security.fth Wed Feb 29 23:45:54 2012 (r2887) +++ cpu/x86/pc/olpc/security.fth Fri Mar 2 23:20:59 2012 (r2888) @@ -193,18 +193,26 @@ d# 256 constant /sig /sig buffer: sig-buf
-\ hex-decode decodes a hexadecimal signature string, storing it in -\ binary form at sig-buf. It returns the adr,len of the binary string. +h# 10e constant /key +/key buffer: key-buf
-: hex-decode ( hex$ -- true | sig$ false ) - sig-buf -rot ( adr hex$ ) - bounds ?do ( adr ) - i 2 push-hex $number pop-base if ( adr ) - 2drop true unloop exit - then ( adr n ) - over c! 1+ ( adr' ) - 2 +loop ( adr ) - sig-buf tuck - false ( sig$ false ) +\ $hex-decode decodes a hexadecimal signature string, storing it in +\ binary form at adr, returning adr,len of the binary string and false. +\ It returns true if hex$ is too long for the binary buffer length +\ maxlen or if hex$ contains a non-hexadecimal character. + +: $hex-decode ( hex$ adr maxlen -- true | binary$ false ) + 2* third < if ( hex$ adr ) + 3drop true exit ( -- true ) + then ( hex$ adr ) + dup 2swap ( adr adr hex$ ) + bounds ?do ( adr nextadr ) + i 2 push-hex $number pop-base if ( adr nextadr ) + 2drop true unloop exit ( -- true ) + then ( adr nextadr n ) + over c! 1+ ( adr nextadr' ) + 2 +loop ( adr nextadr ) + over - false ( binary$ false ) ;
\ cut$ splits a string into an initial substring of length n @@ -230,11 +238,8 @@ then ( rem$ ) bl left-parse-string 2drop ( rem$ ) \ Discard hash name bl left-parse-string 2nip ( key$ ) \ Get key signature - /sig 2* min hex-decode if ( key$ ) - 2drop true ( true ) - exit - then ( binary-key$ ) - false ( binary-key$ false ) + + key-buf /key $hex-decode ( true | binary-key$ false ) ;
\ True if short$ matches the end of long$ @@ -472,13 +477,14 @@
\ Check that the keyid matches our pubkey bl left-parse-string ( line$' keyid$ ) - /sig 2* min hex-decode if ( line$ ) + key-buf /key $hex-decode if ( line$ ) 2drop false exit - then ( line$ binary-key$ ) + then ( line$ binary-keyid$ )
key-in-list? 0= if ( line$ ) 2drop false exit then ( line$ ) + \ Now thiskey$ contains the full key$ that was matched by keyid$
\ Check that the signature occupies the rest of the line bl left-parse-string ( line$' sig$ ) @@ -487,21 +493,18 @@ 2drop false exit then ( sig$ )
- dup /sig 2* <> if ( sig$ ) - 2drop false exit - then ( sig$ ) - - hex-decode if ( ) + sig-buf /sig $hex-decode if ( ) false exit then ( binary-sig$ )
+ dup /sig <> if ( binary-sig$ ) + 2drop false exit + then ( binary-sig$ ) + \ Cryptographically verify the data against the signature 2>r 0 signed-data$ 2r> thiskey$ exp-hashname$ signature-bad? 0= ;
-h# 10e constant /key -/key buffer: keybuf - 0 0 2value sig02-key$
0 0 2value expiry$ @@ -517,17 +520,14 @@ \ Check that the keyid matches our pubkey, but only if it's \ the first one bl left-parse-string ( line$' pubkey$ ) - hex-decode if ( line$ ) - 2drop false unloop exit + + key-buf /key $hex-decode if ( line$ ) + 2drop false unloop exit ( -- false ) then ( line$ binary-key$ )
- i if ( line$ binary-key$ ) - dup /key <> if ( line$ binary-key$ ) - 4drop false unloop exit - then ( line$ binary-key$ ) - tuck keybuf swap move ( line$ binary-keylen ) - keybuf swap ( line$ binary-key$' ) - else ( line$ binary-keyid$ ) + dup /key <> if ( line$ binary-keyid$ ) + \ If the length is shorter than a full key, it's a keyid + \ which we look for in our key list key-in-list? 0= if ( line$ ) 2drop false unloop exit then ( line$ ) @@ -544,14 +544,14 @@ \ Get the signature bl left-parse-string ( line$ sig$)
- dup /sig 2* <> if ( line$ sig$ ) - 4drop false unloop exit - then ( line sig$ ) - - hex-decode if ( line$ ) - 2drop false unloop exit + sig-buf /sig $hex-decode if ( line$ ) + 2drop false unloop exit ( -- false ) then ( line$ binary-sig$ )
+ dup /sig <> if ( line$ binary-sig$ ) + 4drop false unloop exit + then ( line binary-sig$ ) + 2>r ( line$' r: binary-sig$ )
\ If it's the final signature, check the signed data @@ -1349,6 +1349,19 @@ time&date >iso8601$ " md" $add-tag ;
+\ The following is for compatibility with the script fsverify.fth . +\ fs-verify only needs h#20 bytes, that being the length of a sha256 hash +\ in binary form, but we give it h#100 as that is the previous length of +\ hex-decode's buffer. Since buffer: uses lazy allocation, we won't waste +\ space unless compat-buf is actually used. + +h# 100 constant /compat-buf \ Large enough for sha512 +/compat-buf buffer: compat-buf + +: hex-decode ( hex$ -- true | binary$ false ) + compat-buf /compat-buf $hex-decode +; + \ LICENSE_BEGIN \ Copyright (c) 2007 FirmWorks \
openfirmware@openfirmware.info