[openfirmware] r1085 - cpu/x86/pc/olpc

svn at openfirmware.info svn at openfirmware.info
Wed Jan 28 17:08:33 CET 2009


Author: wmb
Date: 2009-01-28 17:08:32 +0100 (Wed, 28 Jan 2009)
New Revision: 1085

Modified:
   cpu/x86/pc/olpc/security.fth
Log:
OLPC multiple key security - allow augmenting 0-suffix keys.


Modified: cpu/x86/pc/olpc/security.fth
===================================================================
--- cpu/x86/pc/olpc/security.fth	2009-01-28 00:17:24 UTC (rev 1084)
+++ cpu/x86/pc/olpc/security.fth	2009-01-28 16:08:32 UTC (rev 1085)
@@ -101,7 +101,7 @@
 : PN  pn-buf count  ;
 previous definitions
 
-0 0 2value pubkeylist$  \ adr,len of a concatenated sequence of keys 
+0 0 2value pubkey$      \ adr,len of a concatenated sequence of keys 
 0 value pubkeylen       \ Length of each key in the list
 
 \ Copy a string to allocated memory
@@ -117,12 +117,15 @@
 2 buffer: tagname
 : find-key-tag  ( n -- false | value$ true )
    [char] 0 +  tagname 1+ c!
-   tagname 2  find-tag
-;
-
-: ?bad-tag-len  ( explen actlen -- )
-   <>  if
-      ." Warning - override key length mismatch for tag " tagname 2 type cr
+   tagname 2  find-tag  if   ( value$ )
+      dup pubkeylen <>  if   ( value$ )
+         ." Warning - ignoring key with bad length: " tagname 2 type cr
+         2drop false         ( false )
+      else                   ( value$ )
+         true                ( true )
+      then
+   else                      ( )
+      false                  ( false )
    then
 ;
 
@@ -131,8 +134,7 @@
 : #augment-keys  ( keylen -- n )
    0  d# 10 1  do                 ( len n )
       i find-key-tag  if          ( len n value$ )
-         nip 2 pick ?bad-tag-len  ( len n )
-         1+                       ( len n' )
+         2drop 1+                 ( len n' )
       then                        ( len n )
    loop                           ( len n )
    nip
@@ -142,32 +144,33 @@
 \ manufacturing data.
 
 : augment-key$  ( olpc-key$ mfg-data$ -- key$' )
-   tagname swap move            ( key$ )
+   tagname swap move            ( olpc-key$ )
 
-   0  find-key-tag  if          ( key$ value$ )
-      \ If we have an override key with tag suffix 0, replace the OLPC key
-      2 pick over ?bad-tag-len  ( key$ value$ )
+   \ Determine how much memory to allocate
 
-      2swap free-mem            ( value$ )
-      preserve$                 ( key$' )
-      exit
-   then                         ( key$ )
+   dup #augment-keys 1+         ( olpc-key$ #extra )
+   over *  dup alloc-mem swap   ( olpc-key$ list$ )
 
-   \ Otherwise add augment keys to the list  ( key$ )
-   \ First determine how much memory to allocate
-   dup #augment-keys 1+         ( key$ #extra )
-   over *  dup alloc-mem swap   ( key$ total$ )
-   2over  2over drop            ( key$ total$ key$ total-adr )
-   swap move                    ( key$ total$ )
-   2swap tuck free-mem          ( total$ keylen )
-   2 pick over +                ( total$ keylen curadr )
-   d# 10 1  do                  ( total$ keylen curadr )
-      i find-key-tag  if        ( total$ keylen curadr value$ )
-         drop over 3 pick move  ( total$ keylen curadr )
-         over +                 ( total$ keylen curadr' )
-      then                      ( total$ keylen curadr )
-   loop                         ( total$ keylen curadr )
-   2drop                        ( total$ )
+   \ If there is an override key, use it instead of the OLPC key
+   0  find-key-tag  0=  if      ( olpc-key$ list$ )
+      2over                     ( olpc-key$ list$ first-key$ )
+   then                         ( olpc-key$ list$ first-key$ )
+
+   \ Install the first key in the list
+   3 pick swap move             ( olpc-key$ list$ )
+
+   \ Free the memory used by olpc-key$ (it came from find-drop-in)
+   2swap free-mem               ( list$ )
+
+   \ Add additional keys to the list
+   over  pubkeylen tuck +       ( list$ keylen curadr )
+   d# 10 1  do                  ( list$ keylen curadr )
+      i find-key-tag  if        ( list$ keylen curadr value$ )
+         drop over 3 pick move  ( list$ keylen curadr )
+         over +                 ( list$ keylen curadr' )
+      then                      ( list$ keylen curadr )
+   loop                         ( list$ keylen curadr )
+   2drop                        ( list$ )
 ;
 
 \ key: is a defining word whose children return key strings.
@@ -207,10 +210,10 @@
 " develpubkey,d"  key: develkey$
 " leasepubkey,a"  key: leasekey$
 
-\ pubkey$ is a global variable that points to the currently-selected
+\ thiskey$ is a global variable that points to the currently-selected
 \ public key string.  It simplifies the stack manipulations for other
 \ words, since the same key string is often used multiple times.
-0 0 2value pubkey$
+0 0 2value thiskey$
 
 \ sig-buf is used for storing the binary version of signature strings
 \ that have been decoded from the hex representation.
@@ -291,7 +294,7 @@
 \ attacks based on reuse of the same (presumably compromized) hash.
 
 \ invalid? checks the validity of data$ against the ASCII signature
-\ record sig01$, using the public key that pubkey$ points to.
+\ record sig01$, using the public key that thiskey$ points to.
 \ It also verifies that the hashname contained in sig01$ is the
 \ expected one.
 
@@ -308,7 +311,7 @@
       4drop 2drop true exit
    then                                     ( data$ sig$ hashname$ )
 
-   pubkey$  2swap  signature-bad?  ( error? )
+   thiskey$  2swap  signature-bad?  ( error? )
    dup  if
       "   Signature invalid" ?lease-error-cr
    else
@@ -338,15 +341,15 @@
 \ True if short$ matches the end of long$ 
 : tail$=  ( short$ long$ -- flag )  2 pick  - +  swap comp 0=  ;
 
-: key-in-list?  ( key$ -- flag )  \ Sets pubkey$ as an important side effect
+: key-in-list?  ( key$ -- flag )  \ Sets thiskey$ as an important side effect
    2>r                                   ( r: key$ )
-   pubkeylist$  begin  dup  while        ( rem$  r: key$ )
-      pubkeylen break$                   ( rem$' pubkey$  r: key$ )
-      2r@ 2over tail$=  if               ( rem$ pubkey$  r: key$ )
-         to pubkey$                      ( rem$  r: key$ )
+   pubkey$  begin  dup  while            ( rem$  r: key$ )
+      pubkeylen break$                   ( rem$' thiskey$  r: key$ )
+      2r@ 2over tail$=  if               ( rem$ thiskey$  r: key$ )
+         to thiskey$                     ( rem$  r: key$ )
          2r> 4drop  true                 ( true )
          exit
-      then                               ( rem$' pubkey$  r: key$ )
+      then                               ( rem$' thiskey$  r: key$ )
       2drop                              ( rem$'  r: key$ )
    repeat                                ( rem$'  r: key$ )
    2r> 4drop false
@@ -359,7 +362,7 @@
 
 : our-pubkey?  ( sig01$ -- flag )
    sig01$>key$  if  false exit  then    ( key$ )
-   pubkey$  tail$=                      ( flag )
+   thiskey$  tail$=                     ( flag )
 ;
 
 \ Look for a line that starts with "sig01: " whose key signature
@@ -607,7 +610,7 @@
    " lease.sig"  open-security?  if  drop false exit  then   >r   ( r: ih )
    "   Lease " ?lease-debug
    load-started
-   leasekey$ to pubkeylist$
+   leasekey$ to pubkey$
    begin
       sec-line-buf /sec-line-max r@ read-line  if  ( actual -eof? )
          2drop  r> close-file drop  false exit
@@ -743,7 +746,7 @@
    " develop.sig" open-security?  if  drop false exit  then   >r   ( r: ih )
    "   Devel key " ?lease-debug
    load-started
-   develkey$ to pubkeylist$
+   develkey$ to pubkey$
    begin
       sec-line-buf /sec-line-max r@ read-line  if  ( actual -eof? )
          2drop  r> close-file drop  false exit
@@ -843,11 +846,11 @@
 
 : ?disable-indexed-io  ( -- )
    debug-security? >r  false to debug-security?
-   pubkeylist$ 2>r  fwkey$ to pubkeylist$
+   pubkey$ 2>r  fwkey$ to pubkey$
 
    img$  sig$  fw-valid?  0=  if  ec-indexed-io-off  then
 
-   2r> to pubkeylist$
+   2r> to pubkey$
    r> to debug-security?
 ;
 
@@ -864,7 +867,7 @@
       else
          " minus" show-icon
          " new - " ?lease-debug
-         fwkey$ to pubkeylist$
+         fwkey$ to pubkey$
          img$  sig$  fw-valid?  if
             img$  do-firmware-update
          then
@@ -878,7 +881,7 @@
    d# 16 0  +icon-xy  show-dot
    " os" bundle-present?  if
       "   OS found - " ?lease-debug
-      oskey$ to pubkeylist$
+      oskey$ to pubkey$
       img$  sig$  sha-valid?  if
 \        ?disable-indexed-io
          img$ tuck load-base swap move  !load-size




More information about the openfirmware mailing list