[OpenBIOS] r671 - cpu/x86/pc/olpc
svn at openbios.org
svn at openbios.org
Wed Oct 10 02:15:02 CEST 2007
Author: wmb
Date: 2007-10-10 02:15:02 +0200 (Wed, 10 Oct 2007)
New Revision: 671
Modified:
cpu/x86/pc/olpc/security.fth
Log:
OLPC security - When processing signature blobs, search for sig01:
lines, ignoring others, thus paving the way for new formats in the future.
Modified: cpu/x86/pc/olpc/security.fth
===================================================================
--- cpu/x86/pc/olpc/security.fth 2007-10-10 00:10:18 UTC (rev 670)
+++ cpu/x86/pc/olpc/security.fth 2007-10-10 00:15:02 UTC (rev 671)
@@ -163,14 +163,35 @@
" Signature valid" ?lease-debug-cr
then
;
-: sha-valid? ( data$ sig01$ -- okay? ) " sha256" invalid? 0= ;
-: fw-valid? ( data$ 2*sig$ -- okay? )
- 2swap 2>r ( 2*sig$ r: data$ )
- newline left-parse-string ( rmd-sig$ sha-sig$ r: data$ )
- 2r@ 2swap sha-valid? 0= if ( rmd-sig$ r: data$ )
+
+\ Look for a line that starts with "sig01: "
+: next-sig01$ ( sig$ -- true | rem$ sig01$ false )
+ begin dup while ( rem$ )
+ newline left-parse-string ( rem$' line$ )
+ 2dup 7 min " sig01: " $= if ( rem$ line$ )
+ false exit
+ then ( rem$ line$ )
+ 2drop ( rem$ )
+ repeat ( rem$ )
+ 2drop true
+;
+
+\ Find a sig01: line and check its sha256/rsa signature
+: sha-valid? ( data$ sig01$ -- okay? )
+ next-sig01$ if 2drop false exit then ( data$ rem$ sig01$ )
+ 2nip " sha256" invalid? 0=
+;
+
+\ Find two sig01: lines, the first with sha256 and the seconcd with rmd160,
+\ and check their signatures
+: fw-valid? ( data$ sig$ -- okay? )
+ 2swap 2>r ( sig$ r: data$ )
+ next-sig01$ if 2r> 2drop false exit then ( rem$ sig01$ )
+ 2r@ 2swap sha-valid? 0= if ( rem$ r: data$ )
2r> 4drop false exit
- then ( rmd-sig$ r: data$ )
- 2r> 2swap " rmd160" invalid? 0=
+ then ( rmd-sig$ r: data$ )
+ next-sig01$ if 2r> 2drop false exit then ( rem$ sig01$ )
+ 2nip 2r> 2swap " rmd160" invalid? 0=
;
\ earliest is the earliest acceptable date value (in seconds).
More information about the OpenBIOS
mailing list