From owner-freebsd-hackers Fri Sep 8 12:38:36 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from mass.osd.bsdi.com (mass.osd.bsdi.com [204.216.28.234]) by hub.freebsd.org (Postfix) with ESMTP id 6D02A37B43E for ; Fri, 8 Sep 2000 12:38:19 -0700 (PDT) Received: from mass.osd.bsdi.com (localhost [127.0.0.1]) by mass.osd.bsdi.com (8.9.3/8.9.3) with ESMTP id UAA00713; Thu, 7 Sep 2000 20:37:20 -0700 (PDT) (envelope-from msmith@mass.osd.bsdi.com) Message-Id: <200009080337.UAA00713@mass.osd.bsdi.com> X-Mailer: exmh version 2.1.1 10/15/1999 To: Mathew KANNER Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: md5 in boot loader In-reply-to: Your message of "Thu, 07 Sep 2000 23:16:42 EDT." <20000907231642.B25604@cs.mcgill.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 07 Sep 2000 20:37:18 -0700 From: Mike Smith Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Hello, > What about md5 in the boot loader. I've included a patch to > src/sys/boot/ficl/words.c No doubt with lots of little errors. I > added this after concerns while working on PXE booting. > I'm looking for a sense of direction... Is using MD5 better > than just a clear text password or am I wasting my time adding a > roll-bar to a little red wagon? It's not enough. If you're concerned about diskless booting (a good thing to worry about), you want to look at BIS (bootstrap integrity services) which interacts with PXE and should address most of your concerns. (Making it work will involve some code, mostly on the server side. If you're interested in getting involved in the PXE deal in general, there are several openings for some useful work to be done... > --Mat > > bash-2.03# ./testmain > ficl Version 2.03 > Sep 7 2000 > 32 allocate drop dup s" asd" rot md5 32 cr type cr > > 7815696ecbf1c96e6894b779456d330e > ok> > bash-2.03# md5 -s "asd" > MD5 ("asd") = 7815696ecbf1c96e6894b779456d330e > bash-2.03# > > > --- words.c Mon Jun 12 12:46:28 2000 > +++ words-md5.c Thu Sep 7 23:01:35 2000 > @@ -17,6 +17,7 @@ > #else > #include > #endif > +#include > #include > #include "ficl.h" > #include "math64.h" > @@ -1207,7 +1208,33 @@ > return; > } > > - > +/* > +** md5 ( s-addr slen d-addr -- ) > +** calculate md5 hash of s-addr, stores in d-addr which must be at least > +** 32 bytes longs. > +*/ > +static void md5(FICL_VM *pVM) > +{ > + STRINGINFO si2; > + STRINGINFO si1; > + MD5_CTX ctx; > + static const char hex[]="0123456789abcdef"; > + unsigned char final[16]; > + int i; > + > + SI_SETPTR(si1, stackPopPtr(pVM->pStack)); > + SI_SETLEN(si2, stackPopUNS(pVM->pStack)); > + SI_SETPTR(si2, stackPopPtr(pVM->pStack)); > + MD5Init(&ctx); > + MD5Update(&ctx, si2.cp, si2.count); > + MD5Final(final,&ctx); > + for(i=0; i<16; i++) { > + si1.cp[i+i] = hex[final[i] >> 4]; > + si1.cp[i+i+1] = hex[final[i] & 0x0f]; > + final[i]=0; > + } > + return; > +} > /************************************************************************** > i n t e r p r e t > ** This is the "user interface" of a Forth. It does the following: > @@ -4979,6 +5006,7 @@ > dictAppendWord(dp, "forget-wid",forgetWid, FW_DEFAULT); > dictAppendWord(dp, "hash", hash, FW_DEFAULT); > dictAppendWord(dp, "number?", ficlIsNum, FW_DEFAULT); > + dictAppendWord(dp, "md5", md5, FW_DEFAULT); > dictAppendWord(dp, "parse-word",parseNoCopy, FW_DEFAULT); > dictAppendWord(dp, "sliteral", sLiteralCoIm, FW_COMPIMMED); /* STRING */ > dictAppendWord(dp, "wid-set-super", > > > -- > Mathew Kanner , SOCS McGill University > Obtuse quote: He [not me] understands: "This field of perception > is void of perception of man." -- The Quintessence of Buddhism > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message