From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1c7hqz-0002o9-4y
	for mharc-grub-devel@gnu.org; Fri, 18 Nov 2016 07:01:13 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39879)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ignat@cloudflare.com>) id 1c7hqu-0002o0-It
	for grub-devel@gnu.org; Fri, 18 Nov 2016 07:01:12 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ignat@cloudflare.com>) id 1c7hqq-0006bB-EU
	for grub-devel@gnu.org; Fri, 18 Nov 2016 07:01:08 -0500
Received: from mail-wj0-x22a.google.com ([2a00:1450:400c:c01::22a]:35030)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ignat@cloudflare.com>)
	id 1c7hqq-0006Zv-7b
	for grub-devel@gnu.org; Fri, 18 Nov 2016 07:01:04 -0500
Received: by mail-wj0-x22a.google.com with SMTP id v7so896341wjy.2
	for <grub-devel@gnu.org>; Fri, 18 Nov 2016 04:01:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=cloudflare.com; s=google;
	h=from:to:cc:subject:date:message-id;
	bh=ciYMrByiBxJKrJVYJ554wwmsvDW8pTbhpOlYWDHiHoA=;
	b=MMx7SVBazrOY1uhqZBHBgluD8SYdUgnwxtWy44zvbwsvXYwvvFywOxl0SOENqomWAb
	OgDS9v8Lux1NaefqNcW3KWC5BJYOcjGCjxNvYEyef558BoeBKi4SnJJ3Bg7PHqfpwaEz
	iiC687dZmIWLXUFedtalFRdJiNfkJCuVN5BN0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=ciYMrByiBxJKrJVYJ554wwmsvDW8pTbhpOlYWDHiHoA=;
	b=X9AuF+FketAU5pGf7kYozZK1p4cRJWp6o/bBkaKQ5FTVoOlOgngl1d0kVVWEoQaM0G
	/B8MD5TGPdbnHGMB/i1zbGuiV/fIyIaYVv19oTt2AbHPv1LIm2/9Pva9Z4Gl5+SJGnT+
	Uu+wkNw5ZHsRTQjEe/VWGuclru0ziY9wOLi60p/erRqawjJX5ftoHSs2IFa5jk38Kfne
	licM0vULhs4I79OJ1/BIaWbeiJ1bTF5CnhCyVhqM/EI5td4+A8Rif2JG+9YXy2ww/bZy
	mar20Odwkqy1V5DLMf+Flwpdu52hBuDTzgnskpWAlFc6Ub2MxzA5vUrzp1P2VjiayYvc
	yu2w==
X-Gm-Message-State: AKaTC00XW05gE3APeFXFeyRYOoAihu7MJApQrDcK3VcaUoxCcqSfugsfPX41UyWYruAIMni2
X-Received: by 10.195.30.165 with SMTP id kf5mr5420994wjd.41.1479470462435;
	Fri, 18 Nov 2016 04:01:02 -0800 (PST)
Received: from debmicro.secboot ([185.122.0.240])
	by smtp.gmail.com with ESMTPSA id
	l187sm3035027wml.6.2016.11.18.04.01.01
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 18 Nov 2016 04:01:01 -0800 (PST)
From: Ignat Korchagin <ignat@cloudflare.com>
To: grub-devel@gnu.org
Cc: Ignat Korchagin <ignat@cloudflare.com>
Subject: [PATCH] verify: search keyid in hashed signature subpackets (repost)
Date: Fri, 18 Nov 2016 12:00:08 +0000
Message-Id: <1479470408-33746-1-git-send-email-ignat@cloudflare.com>
X-Mailer: git-send-email 2.1.4
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2a00:1450:400c:c01::22a
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2016 12:01:12 -0000

Reposting this, as requested by Daniel and rebasing on current tree.

Currently GRUB2 verify logic searches PGP keyid only in unhashed subpackets of PGP signature packet. As a result, signatures generated with GoLang openpgp package (https://godoc.org/golang.org/x/crypto/openpgp) could not be verified, because this package puts keyid in hashed subpackets and GRUB code never initializes the keyid variable, therefore is not able to find "verification key" with id 0x0.

Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
---
 grub-core/commands/verify.c | 115 +++++++++++++++++++++++++++++---------------
 1 file changed, 76 insertions(+), 39 deletions(-)

diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c
index 67cb1c7..1b628b2 100644
--- a/grub-core/commands/verify.c
+++ b/grub-core/commands/verify.c
@@ -445,6 +445,38 @@ rsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval,
   return ret;
 }
 
+static grub_uint64_t
+grub_subpacket_keyid_search (const grub_uint8_t * sub, grub_ssize_t sub_len)
+{
+  const grub_uint8_t *ptr;
+  grub_uint32_t l;
+  grub_uint64_t keyid = 0;
+
+  for (ptr = sub; ptr < sub + sub_len; ptr += l)
+    {
+      if (*ptr < 192)
+        l = *ptr++;
+      else if (*ptr < 255)
+        {
+          if (ptr + 1 >= sub + sub_len)
+            break;
+          l = (((ptr[0] & ~192) << GRUB_CHAR_BIT) | ptr[1]) + 192;
+          ptr += 2;
+        }
+      else
+        {
+          if (ptr + 5 >= sub + sub_len)
+            break;
+          l = grub_be_to_cpu32 (grub_get_unaligned32 (ptr + 1));
+          ptr += 5;
+        }
+      if (*ptr == 0x10 && l >= 8)
+        keyid = grub_get_unaligned64 (ptr + 1);
+    }
+
+  return keyid;
+}
+
 static grub_err_t
 grub_verify_signature_real (char *buf, grub_size_t size,
 			    grub_file_t f, grub_file_t sig,
@@ -529,20 +561,31 @@ grub_verify_signature_real (char *buf, grub_size_t size,
 	    break;
 	  hash->write (context, readbuf, r);
 	}
+    grub_free (readbuf);
+
+    readbuf = grub_malloc (rem);
+    if (!readbuf)
+      goto fail;
 
     hash->write (context, &v, sizeof (v));
     hash->write (context, &v4, sizeof (v4));
-    while (rem)
+
+    r = 0;
+    while (r < rem)
       {
-	r = grub_file_read (sig, readbuf,
-			    rem < READBUF_SIZE ? rem : READBUF_SIZE);
-	if (r < 0)
-	  goto fail;
-	if (r == 0)
+        grub_ssize_t rr = grub_file_read (sig, readbuf + r, rem - r);
+        if (rr < 0)
+          goto fail;
+        if (rr == 0)
 	  break;
-	hash->write (context, readbuf, r);
-	rem -= r;
+        r += rr;
       }
+    if (r != rem)
+      goto fail;
+    hash->write (context, readbuf, rem);
+    keyid = grub_subpacket_keyid_search (readbuf, rem);
+    grub_free (readbuf);
+
     hash->write (context, &v, sizeof (v));
     s = 0xff;
     hash->write (context, &s, sizeof (s));
@@ -550,40 +593,34 @@ grub_verify_signature_real (char *buf, grub_size_t size,
     r = grub_file_read (sig, &unhashed_sub, sizeof (unhashed_sub));
     if (r != sizeof (unhashed_sub))
       goto fail;
-    {
-      grub_uint8_t *ptr;
-      grub_uint32_t l;
-      rem = grub_be_to_cpu16 (unhashed_sub);
-      if (rem > READBUF_SIZE)
-	goto fail;
-      r = grub_file_read (sig, readbuf, rem);
-      if (r != rem)
-	goto fail;
-      for (ptr = readbuf; ptr < readbuf + rem; ptr += l)
-	{
-	  if (*ptr < 192)
-	    l = *ptr++;
-	  else if (*ptr < 255)
-	    {
-	      if (ptr + 1 >= readbuf + rem)
-		break;
-	      l = (((ptr[0] & ~192) << GRUB_CHAR_BIT) | ptr[1]) + 192;
-	      ptr += 2;
-	    }
-	  else
-	    {
-	      if (ptr + 5 >= readbuf + rem)
-		break;
-	      l = grub_be_to_cpu32 (grub_get_unaligned32 (ptr + 1));
-	      ptr += 5;
-	    }
-	  if (*ptr == 0x10 && l >= 8)
-	    keyid = grub_get_unaligned64 (ptr + 1);
-	}
-    }
+    rem = grub_be_to_cpu16 (unhashed_sub);
+    readbuf = grub_malloc (rem);
+    if (!readbuf)
+      goto fail;
+
+    r = 0;
+    while (r < rem)
+      {
+        grub_ssize_t rr = grub_file_read (sig, readbuf + r, rem - r);
+        if (rr < 0)
+          goto fail;
+        if (rr == 0)
+          break;
+        r += rr;
+      }
+    if (r != rem)
+      goto fail;
+
+    if (keyid == 0)
+      keyid = grub_subpacket_keyid_search (readbuf, rem);
+    grub_free (readbuf);
 
     hash->final (context);
 
+    readbuf = grub_zalloc (READBUF_SIZE);
+    if (!readbuf)
+      goto fail;
+
     grub_dprintf ("crypt", "alive\n");
 
     hval = hash->read (context);
-- 
2.1.4