[OpenBIOS] r692 - cpu/x86/pc/olpc
svn at openbios.org
svn at openbios.org
Sat Oct 20 11:10:34 CEST 2007
Author: wmb
Date: 2007-10-20 11:10:33 +0200 (Sat, 20 Oct 2007)
New Revision: 692
Modified:
cpu/x86/pc/olpc/security.fth
Log:
OLPC trac #4336 - Fixed bug in signature parsing for developer keys.
Modified: cpu/x86/pc/olpc/security.fth
===================================================================
--- cpu/x86/pc/olpc/security.fth 2007-10-20 09:06:33 UTC (rev 691)
+++ cpu/x86/pc/olpc/security.fth 2007-10-20 09:10:33 UTC (rev 692)
@@ -146,13 +146,13 @@
: invalid? ( data$ sig01$ exp-hashname$ -- error? )
2>r
parse-sig if
- ." Bad signature format in " bundle-name$ type cr
+ ." Bad signature format" cr
2r> 2drop true exit
then ( data$ hashname$ sig$ r: exp$ )
\ Check for duplicate hashname attacks
2swap 2dup 2r> $= 0= if ( data$ sig$ hashname$ )
- ." Wrong hash name in " bundle-name$ type cr
+ ." Wrong hash name" cr
4drop 2drop true exit
then ( data$ sig$ hashname$ )
@@ -164,24 +164,22 @@
then
;
+: our-pubkey? ( sig01$ -- flag )
+ bl left-parse-string " sig01:" $= 0= if 2drop false exit then ( rem$ )
+ bl left-parse-string 2drop \ Discard hash name ( rem$ )
+ bl left-parse-string 2nip \ Get key signature ( key$ )
+ /sig 2* min hex-decode if 2drop false exit then ( binary-key$ )
+ pubkey$ dup 3 pick - 0 max /string $= ( flag )
+;
+
\ Look for a line that starts with "sig01: " and whose key signature
\ matches the trailing bytes of our currently-selected public key.
: next-sig01$ ( sig$ -- true | rem$ sig01$ false )
- begin dup while ( rem$ )
- newline left-parse-string ( rem$' line$ )
- 2dup ( rem$' line$ line$ )
- bl left-parse-string " sig01:" $= if ( rem$' line$ rem1$ )
- bl left-parse-string 2drop ( rem$' line$ rem1$ ) \ Discard hash name
- bl left-parse-string ( rem$' line$ rem1$ key$ )
- /sig 2* min hex-decode 0= if ( rem$' line$ rem1$ keyb$ )
- pubkey$ dup 3 pick - 0 max /string ( rem$' line$ rem1$ keyb$ pubkey$' )
- $= if ( rem$' line$ rem1$ )
- 2drop false exit
- then ( rem$' line$ rem1$ )
- then ( rem$' line$ rem1$ )
- then ( rem$ line$ $ )
- 4drop ( rem$ )
- repeat ( rem$ )
+ begin dup while ( rem$ )
+ newline left-parse-string ( rem$' line$ )
+ 2dup our-pubkey? if false exit then ( rem$ line$ )
+ 2drop ( rem$ )
+ repeat ( rem$ )
2drop true
;
@@ -364,13 +362,17 @@
\ check-machine-signature verifies the signed object consisting
\ of the machine identification info (SN + UUID) plus the expiration
\ time "expiration$" against the crypto signature string sig$,
-\ returning 1 if valid, -1 if invalid. (The unusual return value
-\ encoding is because the caller of check-machine-signature returns
-\ a tree-state flag; see check-lease.)
+\ returning 1 if valid, -1 if invalid, 0 if the key signature
+\ doesn't match our pubkey.
: check-machine-signature ( sig$ expiration$ -- -1|1 )
- machine-id-buf d# 51 + swap move ( sig$ )
- machine-id-buf d# 67 2swap " sha256" invalid? if -1 else 1 then
+ 2over our-pubkey? if ( sig$ exp$ )
+ machine-id-buf d# 51 + swap move ( sig$ )
+ machine-id-buf d# 67 2swap ( id$ sig$ )
+ " sha256" invalid? if -1 else 1 then ( -1|1 )
+ else ( sig$ exp$ )
+ 4drop 0 ( 0 )
+ then ( -1|0|1 )
;
: set-disposition ( adr -- ) c@ machine-id-buf d# 49 + c! ;
@@ -407,7 +409,7 @@
" expired" ?lease-debug-cr
4drop -1 exit
then ( sig$ expiration$ )
- check-machine-signature ( -1|1 )
+ check-machine-signature ( -1|0|1 )
;
\ lease-valid? tries to read a lease file from the currently-selected
@@ -569,8 +571,9 @@
bl left-parse-string 1 <> if 3drop -1 exit then ( rem$ disp-adr )
set-disposition ( rem$ )
- develkey$ to pubkey$
- " 00000000T000000Z" check-machine-signature
+ develkey$ to pubkey$ ( rem$ )
+ bl left-parse-string ( sig01$ exp$ )
+ check-machine-signature ( -1|0|1 )
;
\ has-developer-key? searches for a valid developer key on the
More information about the OpenBIOS
mailing list