Date: Thu, 07 Sep 2000 20:37:18 -0700 From: Mike Smith <msmith@freebsd.org> To: Mathew KANNER <mat@cs.mcgill.ca> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: md5 in boot loader Message-ID: <200009080337.UAA00713@mass.osd.bsdi.com> In-Reply-To: Your message of "Thu, 07 Sep 2000 23:16:42 EDT." <20000907231642.B25604@cs.mcgill.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello,
> What about md5 in the boot loader. I've included a patch to
> src/sys/boot/ficl/words.c No doubt with lots of little errors. I
> added this after concerns while working on PXE booting.
> I'm looking for a sense of direction... Is using MD5 better
> than just a clear text password or am I wasting my time adding a
> roll-bar to a little red wagon?
It's not enough. If you're concerned about diskless booting (a good
thing to worry about), you want to look at BIS (bootstrap integrity
services) which interacts with PXE and should address most of your
concerns. (Making it work will involve some code, mostly on the server
side. If you're interested in getting involved in the PXE deal in
general, there are several openings for some useful work to be done...
> --Mat
>
> bash-2.03# ./testmain
> ficl Version 2.03
> Sep 7 2000
> 32 allocate drop dup s" asd" rot md5 32 cr type cr
>
> 7815696ecbf1c96e6894b779456d330e
> ok>
> bash-2.03# md5 -s "asd"
> MD5 ("asd") = 7815696ecbf1c96e6894b779456d330e
> bash-2.03#
>
>
> --- words.c Mon Jun 12 12:46:28 2000
> +++ words-md5.c Thu Sep 7 23:01:35 2000
> @@ -17,6 +17,7 @@
> #else
> #include <stand.h>
> #endif
> +#include <md5.h>
> #include <string.h>
> #include "ficl.h"
> #include "math64.h"
> @@ -1207,7 +1208,33 @@
> return;
> }
>
> -
> +/*
> +** md5 ( s-addr slen d-addr -- )
> +** calculate md5 hash of s-addr, stores in d-addr which must be at least
> +** 32 bytes longs.
> +*/
> +static void md5(FICL_VM *pVM)
> +{
> + STRINGINFO si2;
> + STRINGINFO si1;
> + MD5_CTX ctx;
> + static const char hex[]="0123456789abcdef";
> + unsigned char final[16];
> + int i;
> +
> + SI_SETPTR(si1, stackPopPtr(pVM->pStack));
> + SI_SETLEN(si2, stackPopUNS(pVM->pStack));
> + SI_SETPTR(si2, stackPopPtr(pVM->pStack));
> + MD5Init(&ctx);
> + MD5Update(&ctx, si2.cp, si2.count);
> + MD5Final(final,&ctx);
> + for(i=0; i<16; i++) {
> + si1.cp[i+i] = hex[final[i] >> 4];
> + si1.cp[i+i+1] = hex[final[i] & 0x0f];
> + final[i]=0;
> + }
> + return;
> +}
> /**************************************************************************
> i n t e r p r e t
> ** This is the "user interface" of a Forth. It does the following:
> @@ -4979,6 +5006,7 @@
> dictAppendWord(dp, "forget-wid",forgetWid, FW_DEFAULT);
> dictAppendWord(dp, "hash", hash, FW_DEFAULT);
> dictAppendWord(dp, "number?", ficlIsNum, FW_DEFAULT);
> + dictAppendWord(dp, "md5", md5, FW_DEFAULT);
> dictAppendWord(dp, "parse-word",parseNoCopy, FW_DEFAULT);
> dictAppendWord(dp, "sliteral", sLiteralCoIm, FW_COMPIMMED); /* STRING */
> dictAppendWord(dp, "wid-set-super",
>
>
> --
> Mathew Kanner <mat@CS.McGill.CA>, SOCS McGill University
> Obtuse quote: He [not me] understands: "This field of perception
> is void of perception of man." -- The Quintessence of Buddhism
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
>
--
... every activity meets with opposition, everyone who acts has his
rivals and unfortunately opponents also. But not because people want
to be opponents, rather because the tasks and relationships force
people to take different points of view. [Dr. Fritz Todt]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009080337.UAA00713>