From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1al7zi-00028G-TO
	for mharc-grub-devel@gnu.org; Wed, 30 Mar 2016 00:44:38 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41758)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1al7zf-00027R-UH
	for grub-devel@gnu.org; Wed, 30 Mar 2016 00:44:36 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1al7zc-0003fs-ND
	for grub-devel@gnu.org; Wed, 30 Mar 2016 00:44:35 -0400
Received: from mail-lf0-x22f.google.com ([2a00:1450:4010:c07::22f]:33608)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1al7zc-0003el-AB
	for grub-devel@gnu.org; Wed, 30 Mar 2016 00:44:32 -0400
Received: by mail-lf0-x22f.google.com with SMTP id g124so24824272lfg.0
	for <grub-devel@gnu.org>; Tue, 29 Mar 2016 21:44:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=subject:to:references:from:message-id:date:user-agent:mime-version
	:in-reply-to:content-transfer-encoding;
	bh=yvQdvlhKI1EhFC/whb3jZseS5PB/Q/tJHaSdkrslum4=;
	b=XzsDzp+uActu+sqz03Y9B+72eNrr4wfEB1yKqatVwRLcbLM8kuosk5emALiBasd5h+
	9PfSMb3aCMdcbG2aywnGRr1kD7/xV1niuh507zjXn7V1aCJ7v2PIWnJTwSmNv8H/ymYX
	1cZWmTD8Xuqnv9/J+ejxAv4tp3+gQW+DemG4Irlr6yuO81fhUOwRPId0wtY/vgCfZZW7
	7j1b0aUn3YU3URnkCq6IsdZqOmuzg+xVlwl9XYxhpU4fQbZfxV/WViyqX0bOKfU3NZkY
	/80NtvLWuHGz/y/PQfqZDjdeKW9K/V9MyWR3BdMdEQfZThh252UeaBgGLaHANONcglo8
	bAaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:subject:to:references:from:message-id:date
	:user-agent:mime-version:in-reply-to:content-transfer-encoding;
	bh=yvQdvlhKI1EhFC/whb3jZseS5PB/Q/tJHaSdkrslum4=;
	b=OqB3x89fY3aNimuFVKLuGXTXxIVczUjPH7tTUt0R2watUrhNCSfOKZ3mmyr7ZYWl5u
	UApJAuJA5hhgWzC1NWB+Ib7WTxu5l1cBYAlMwOsQPWnM2x9vwcI7zq6g4abipIOmzMQj
	QU6xLqY0SnLgtfKgHev5rY4xfeDM33ciXkcGvpi8BxG+LJEhSh6Nt6dJV3hm4yaYi1CT
	E4XY1pKlh7Oj0tbfDh6+TGfTHtZeCQxhRM3F23B3+NstKfUSF266GuE28aOd3Ianp7vn
	teL7ROzUZX8vOfA7J49jAxt104f5i8YfI3x/XokEWqQh0oJyoiWpetqEc6h06gW9wSad
	RQtw==
X-Gm-Message-State: AD7BkJKVkcUhAA9vITiWZFnrT7yS8Y4DFslyf1T/hUbWVOsEnhyUAzxa5AsuQqltMo/nMQ==
X-Received: by 10.25.160.79 with SMTP id j76mr2842339lfe.83.1459313071160;
	Tue, 29 Mar 2016 21:44:31 -0700 (PDT)
Received: from [192.168.1.42] (ppp109-252-76-159.pppoe.spdop.ru.
	[109.252.76.159])
	by smtp.gmail.com with ESMTPSA id n66sm291673lfb.33.2016.03.29.21.44.29
	for <grub-devel@gnu.org> (version=TLSv1/SSLv3 cipher=OTHER);
	Tue, 29 Mar 2016 21:44:30 -0700 (PDT)
Subject: Re: [PATCH] verify: search keyid in hashed signature subpackets
To: The development of GNU GRUB <grub-devel@gnu.org>
References: <C91F0381-2C9A-4A8A-AEE4-4743F238D34B@cloudflare.com>
From: Andrei Borzenkov <arvidjaar@gmail.com>
Message-ID: <56FB59AD.9020804@gmail.com>
Date: Wed, 30 Mar 2016 07:44:29 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
	Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <C91F0381-2C9A-4A8A-AEE4-4743F238D34B@cloudflare.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2a00:1450:4010:c07::22f
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2016 04:44:37 -0000

29.03.2016 22:02, Ignat Korchagin пишет:
> Currently GRUB2 verify logic searches PGP keyid only in unhashed subpackets of PGP signature packet. As a result, signatures generated with GoLang openpgp package (https://godoc.org/golang.org/x/crypto/openpgp) could not be verified, because this package puts keyid in hashed subpackets and GRUB code never initializes the keyid variable, therefore is not able to find "verification key" with id 0x0.
> 
> diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c
> index 166d0aa..dde37c4 100644
> --- a/grub-core/commands/verify.c
> +++ b/grub-core/commands/verify.c
> @@ -532,33 +532,15 @@
>  
>      hash->write (context, &v, sizeof (v));
>      hash->write (context, &v4, sizeof (v4));
> -    while (rem)
> -      {
> -	r = grub_file_read (sig, readbuf,
> -			    rem < READBUF_SIZE ? rem : READBUF_SIZE);
> -	if (r < 0)
> -	  goto fail;
> -	if (r == 0)
> -	  break;
> -	hash->write (context, readbuf, r);
> -	rem -= r;
> -      }
> -    hash->write (context, &v, sizeof (v));
> -    s = 0xff;
> -    hash->write (context, &s, sizeof (s));
> -    hash->write (context, &headlen, sizeof (headlen));
> -    r = grub_file_read (sig, &unhashed_sub, sizeof (unhashed_sub));
> -    if (r != sizeof (unhashed_sub))
> +    if (rem > READBUF_SIZE)
> +      goto fail;

This changes behavior. It accepted hashed subpackets of arbitrary length
before. If this was not appropriate, please explain why.

> +    r = grub_file_read (sig, readbuf, rem);
> +    if (r != rem)
>        goto fail;
>      {
>        grub_uint8_t *ptr;
>        grub_uint32_t l;
> -      rem = grub_be_to_cpu16 (unhashed_sub);
> -      if (rem > READBUF_SIZE)
> -	goto fail;
> -      r = grub_file_read (sig, readbuf, rem);
> -      if (r != rem)
> -	goto fail;
> +
>        for (ptr = readbuf; ptr < readbuf + rem; ptr += l)
>  	{
>  	  if (*ptr < 192)
> @@ -581,6 +563,46 @@
>  	    keyid = grub_get_unaligned64 (ptr + 1);
>  	}
>      }
> +    hash->write (context, readbuf, r);
> +    hash->write (context, &v, sizeof (v));
> +    s = 0xff;
> +    hash->write (context, &s, sizeof (s));
> +    hash->write (context, &headlen, sizeof (headlen));
> +    r = grub_file_read (sig, &unhashed_sub, sizeof (unhashed_sub));
> +    if (r != sizeof (unhashed_sub))
> +      goto fail;
> +    if (keyid == 0)
> +      {
> +        grub_uint8_t *ptr;
> +        grub_uint32_t l;
> +        rem = grub_be_to_cpu16 (unhashed_sub);
> +        if (rem > READBUF_SIZE)
> +	  goto fail;
> +        r = grub_file_read (sig, readbuf, rem);
> +        if (r != rem)
> +	  goto fail;
> +        for (ptr = readbuf; ptr < readbuf + rem; ptr += l)
> +	  {
> +	    if (*ptr < 192)
> +	      l = *ptr++;
> +	    else if (*ptr < 255)
> +	      {
> +	        if (ptr + 1 >= readbuf + rem)
> +		  break;
> +	        l = (((ptr[0] & ~192) << GRUB_CHAR_BIT) | ptr[1]) + 192;
> +	        ptr += 2;
> +	      }
> +	    else
> +	      {
> +	        if (ptr + 5 >= readbuf + rem)
> +		  break;
> +	        l = grub_be_to_cpu32 (grub_get_unaligned32 (ptr + 1));
> +	        ptr += 5;
> +	      }
> +	    if (*ptr == 0x10 && l >= 8)
> +	      keyid = grub_get_unaligned64 (ptr + 1);
> +	  }
> +      }
>  
>      hash->final (context);
>  
> 
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>