5,579
edits
Changes
ββTechnical explanation: renaming in the code, and left a marker where the bug is (I also almost fixed the signing bug in that code, oops)
Line 12:
Line 12:
};
};
βstruct tmd {
+struct tmdview {
char issuer[0x40];
char issuer[0x40];
// more metadata...
// more metadata...
Line 19:
Line 19:
}
}
βstruct signed_tmd {
+struct tmd {
struct rsa_cert cert;
struct rsa_cert cert;
β struct tmd tmd;
+ struct tmdview view;
}
}
βint verify_tmd (struct signed_tmd stmd) {
+int verify_tmd (struct tmd stmd) {
char decrypted_sig[256] = RSA_DecryptSig(CA_public_key, stmd.cert.rsa_signature);
char decrypted_sig[256] = RSA_DecryptSig(CA_public_key, stmd.cert.rsa_signature);
char sig_hash = decrypted_sig[256-SHA1_LENGTH:256];
char sig_hash = decrypted_sig[256-SHA1_LENGTH:256];
β char payload_hash[SHA1_LENGTH] = SHA1(stmd.tmd);
+ char payload_hash[SHA1_LENGTH] = SHA1(stmd.view);
β if (strncmp(payload_hash, sig_hash, SHA1_LENGTH) == 0) {
+ if (strncmp(payload_hash, sig_hash, SHA1_LENGTH) == 0) { // bug here!
return SIG_OK;
return SIG_OK;
} else {
} else {
Line 36:
Line 36:
}
}
βint is_a_valid_disc(struct signed_tmd stmd, char *disc_hash) {
+int is_a_valid_disc(struct tmd stmd, char *disc_hash) {
if(verify_tmd(stmd) == SIG_BAD) {
if(verify_tmd(stmd) == SIG_BAD) {
return DISC_BAD;
return DISC_BAD;
}
}
β if(memcmp(stmd.tmd.content_hash, disc_hash, SHA1_LENGTH) != 0) {
+ if(memcmp(stmd.view.content_hash, disc_hash, SHA1_LENGTH) != 0) {
return DISC_BAD;
return DISC_BAD;
}
}