diff options
| author | Matthew Garrett <mjg@redhat.com> | 2012-10-24 01:05:45 -0400 |
|---|---|---|
| committer | Matthew Garrett <mjg@redhat.com> | 2012-10-24 01:05:45 -0400 |
| commit | 8a1690683f2d5691e3a58bef2a24f347d762f91d (patch) | |
| tree | e69f506e164ef08147be7f302c4d85458575fe21 /MokManager.c | |
| parent | 832e5161b5bf9bba3e46ee203d5a131fc8b087c8 (diff) | |
| download | efi-boot-shim-8a1690683f2d5691e3a58bef2a24f347d762f91d.tar.gz efi-boot-shim-8a1690683f2d5691e3a58bef2a24f347d762f91d.zip | |
Improve signature validation enable/disable
The logic used in checking the signature validation password was a bit
ugly. Improve that so it behaves rather more as expected.
Diffstat (limited to 'MokManager.c')
| -rw-r--r-- | MokManager.c | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/MokManager.c b/MokManager.c index f9acb0c5..2fbda848 100644 --- a/MokManager.c +++ b/MokManager.c @@ -696,13 +696,12 @@ static INTN mok_sb_prompt (void *MokSB, void *data2, void *data3) { EFI_STATUS efi_status; UINTN MokSBSize = (UINTN)data2; MokSBvar *var = MokSB; - CHAR16 password[1]; - UINT8 correct = 0, fail_count = 0; - UINT8 hash[SHA256_DIGEST_SIZE]; + CHAR16 pass1, pass2, pass3; + UINT8 fail_count = 0; UINT32 length; CHAR16 line[1]; UINT8 sbval = 1; - UINT8 pos; + UINT8 pos1, pos2, pos3; LibDeleteVariable(L"MokSB", &shim_lock_guid); @@ -713,23 +712,37 @@ static INTN mok_sb_prompt (void *MokSB, void *data2, void *data3) { uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); - while (correct < 3) { - RandomBytes (&pos, sizeof(pos)); + while (fail_count < 3) { + RandomBytes (&pos1, sizeof(pos1)); + pos1 = (pos1 % var->PWLen); + + do { + RandomBytes (&pos2, sizeof(pos2)); + pos2 = (pos2 % var->PWLen); + } while (pos2 == pos1); + + do { + RandomBytes (&pos3, sizeof(pos3)); + pos3 = (pos3 % var->PWLen) ; + } while (pos3 == pos2 || pos3 == pos1); - pos = pos % var->PWLen; + Print(L"Enter password character %d: ", pos1 + 1); + get_line(&length, &pass1, 1, 0); - Print(L"Enter password character %d: ", pos + 1); - get_line(&length, password, 1, 0); + Print(L"Enter password character %d: ", pos2 + 1); + get_line(&length, &pass2, 1, 0); - if (password[0] != var->Password[pos]) { + Print(L"Enter password character %d: ", pos3 + 1); + get_line(&length, &pass3, 1, 0); + + if (pass1 != var->Password[pos1] || + pass2 != var->Password[pos2] || + pass3 != var->Password[pos3]) { Print(L"Invalid character\n"); fail_count++; } else { - correct++; - } - - if (fail_count >= 3) break; + } } if (fail_count >= 3) { |