[OpenBIOS] r692 - cpu/x86/pc/olpc

svn at openbios.org svn at openbios.org
Sat Oct 20 11:10:34 CEST 2007


Author: wmb
Date: 2007-10-20 11:10:33 +0200 (Sat, 20 Oct 2007)
New Revision: 692

Modified:
   cpu/x86/pc/olpc/security.fth
Log:
OLPC trac #4336 - Fixed bug in signature parsing for developer keys.



Modified: cpu/x86/pc/olpc/security.fth
===================================================================
--- cpu/x86/pc/olpc/security.fth	2007-10-20 09:06:33 UTC (rev 691)
+++ cpu/x86/pc/olpc/security.fth	2007-10-20 09:10:33 UTC (rev 692)
@@ -146,13 +146,13 @@
 : invalid?  ( data$ sig01$ exp-hashname$ -- error? )
    2>r
    parse-sig  if
-      ." Bad signature format in "  bundle-name$ type  cr
+      ." Bad signature format"  cr
       2r> 2drop  true exit
    then                                     ( data$ hashname$ sig$ r: exp$ )
 
    \ Check for duplicate hashname attacks
    2swap 2dup 2r>  $=  0=  if               ( data$ sig$ hashname$ )
-      ." Wrong hash name in "  bundle-name$ type  cr
+      ." Wrong hash name" cr
       4drop 2drop true exit
    then                                     ( data$ sig$ hashname$ )
 
@@ -164,24 +164,22 @@
    then
 ;
 
+: our-pubkey?  ( sig01$ -- flag )
+   bl left-parse-string  " sig01:" $=  0=  if  2drop false exit  then  ( rem$ )
+   bl left-parse-string 2drop    \ Discard hash name            ( rem$ )
+   bl left-parse-string 2nip     \ Get key signature            ( key$ )
+   /sig 2* min  hex-decode  if  2drop false exit  then          ( binary-key$ )
+   pubkey$  dup 3 pick -  0 max /string   $=                    ( flag )
+;
+
 \ Look for a line that starts with "sig01: " and whose key signature
 \ matches the trailing bytes of our currently-selected public key.
 : next-sig01$  ( sig$ -- true | rem$ sig01$ false )
-   begin  dup  while                   ( rem$ )
-      newline left-parse-string        ( rem$' line$ )
-      2dup                                     ( rem$' line$ line$ )
-      bl left-parse-string  " sig01:" $=  if   ( rem$' line$ rem1$ )
-         bl left-parse-string 2drop            ( rem$' line$ rem1$ )  \ Discard hash name
-         bl left-parse-string                  ( rem$' line$ rem1$ key$ )
-         /sig 2* min  hex-decode  0=  if       ( rem$' line$ rem1$ keyb$ )
-            pubkey$  dup 3 pick -  0 max /string   ( rem$' line$ rem1$ keyb$ pubkey$' )
-            $=  if                             ( rem$' line$ rem1$ )
-               2drop false exit
-            then                               ( rem$' line$ rem1$ )
-         then                                  ( rem$' line$ rem1$ )
-      then                                     ( rem$ line$ $ )
-      4drop                            ( rem$ )
-   repeat                              ( rem$ )
+   begin  dup  while                          ( rem$ )
+      newline left-parse-string               ( rem$' line$ )
+      2dup our-pubkey?  if  false exit  then  ( rem$  line$ )
+      2drop                                   ( rem$ )
+   repeat                                     ( rem$ )
    2drop true
 ;
 
@@ -364,13 +362,17 @@
 \ check-machine-signature verifies the signed object consisting
 \ of the machine identification info (SN + UUID) plus the expiration
 \ time "expiration$" against the crypto signature string sig$,
-\ returning 1 if valid, -1 if invalid.  (The unusual return value
-\ encoding is because the caller of check-machine-signature returns
-\ a tree-state flag; see check-lease.)
+\ returning 1 if valid, -1 if invalid, 0 if the key signature
+\ doesn't match our pubkey.
 
 : check-machine-signature  ( sig$ expiration$ -- -1|1 )
-   machine-id-buf d# 51 +  swap  move  ( sig$ )
-   machine-id-buf d# 67  2swap  " sha256" invalid?  if  -1  else  1  then
+   2over  our-pubkey?   if                              ( sig$ exp$ )
+      machine-id-buf d# 51 +  swap  move                ( sig$ )
+      machine-id-buf d# 67  2swap                       ( id$ sig$ )
+      " sha256" invalid?  if  -1  else  1  then         ( -1|1 )
+   else                                                 ( sig$ exp$ )
+      4drop 0                                           ( 0 )
+   then                                                 ( -1|0|1 )
 ;
 
 : set-disposition  ( adr -- )  c@  machine-id-buf d# 49 + c!  ;
@@ -407,7 +409,7 @@
       " expired" ?lease-debug-cr
       4drop -1 exit
    then                                    ( sig$ expiration$ )
-   check-machine-signature                 ( -1|1 )
+   check-machine-signature                 ( -1|0|1 )
 ;
 
 \ lease-valid? tries to read a lease file from the currently-selected
@@ -569,8 +571,9 @@
    bl left-parse-string  1 <>  if  3drop -1 exit  then  ( rem$ disp-adr )
    set-disposition                                      ( rem$ )
 
-   develkey$ to pubkey$
-   " 00000000T000000Z"  check-machine-signature
+   develkey$ to pubkey$                                 ( rem$ )
+   bl left-parse-string                                 ( sig01$ exp$ )
+   check-machine-signature                              ( -1|0|1 )
 ;
 
 \ has-developer-key? searches for a valid developer key on the




More information about the OpenBIOS mailing list