Re: Grub verify module failed to verify a signed file

[Andrey Borzenkov <arvidjaar@gmail.com>]

В Thu, 28 Mar 2013 16:15:09 -0700
Wei Hu <whu@mokafive.com> пишет:

> Hi,
> 
> I am trying to use the grub verify module to verify a detached signature I signed using gpg on Linux. I did two different signings. Both of them failed, but at the different places in grub_verify_signature(). I am wonder if I did something wrong or the module has some bugs in it. Let me detail my procedure here. The text file, signature file and my public key are all attached.
> 
> Signing Approach 1
> -----------------------
> 
> On my Ubuntu system, say I want to detached sign myfile.txt
> 
> > gpg --detach-sign myfile.txt
> 
> It creates the signature file myfile.txt.sig. I noticed it uses ripemd160 hash algorithm. Then I export my public key as
> 
> > gpg --output my.pubkey --export 'whu@moka5.com'
> 
> The my.pubkey file contains my public key.  Then I create a grub rescue cd image with all these three file myfile.txt myfile.txt.sig and my.pubkey.
> 
> > grub-mkrescue -o image.iso ./myfile.txt ./myfile.txt.sig ./my.pubkey
> 
> After this, I booted the image and at the grub prompt I did
> 
> grub > verify_detached /myfile.txt /myfile.txt.sig /my.pubkey
> 
> It returns bad signature in grub_verify_signature() after following line:
>    ...
>     hash->final (context);
>     grub_dprintf ("crypt", "alive\n");
>     hval = hash->read (context);
>     if (grub_file_read (sig, hash_start, sizeof (hash_start)) != sizeof (hash_start))
>          return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));      
>     if (grub_memcmp (hval, hash_start, sizeof (hash_start)) != 0)
>       return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));         <-- - failed here
> 
> My understanding is it calls ripemd160 algorithm to verify a two byte hash value and it failed.

Yes, fails here as well. Adding debug output, it reads correct bytes at
correct offset from signature, but the first two bytes of hval differ.

> So I try to change the algorithm using in gpg for hashing as follows:
> 
> Signing Approch 2
> ---------------------
> 
> I just sign the myfile.txt with sha512 like this:
> 
> > gpg --digest-algo sha512 --detach-sign myfile.txt
> 
> It creates a myfile.txt.sig file. Then a created the iso image and boot just as in approach 1.
> 
> grub > verify_detached /myfile.txt /myfile.txt.sig /my.pubkey
> 
> This time I went much further in grub_verify_signature(). It seem failed at last when calling dsa verify routine:
> 
>     unsigned nbits = gcry_mpi_get_nbits (sk->mpis[1]);
>     grub_dprintf ("crypt", "must be %u bits got %d bits\n", nbits,
>                   (int)(8 * hash->mdlen));                                                   <---- Here debug output is: must be 17 bits got 512 bits
>    ....
>     if (!grub_crypto_pk_dsa)
>       return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("module `%s' isn't loaded"), "gcry_dsa");
>     if (grub_crypto_pk_dsa->verify (0, hmpi, mpis, sk->mpis, 0, 0))                                 <------ failed here.
>       return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));                           
> 
> So I guess I was not doing right somewhere? Have you tested this verification module? The grub_dprintf() output (expecting 17bits but got 512 bits) is very suspicious.
> 
> For this Verify module to work, what tool and what procedure should I follow to sign a file?
> 
> Thanks so much,
> 
> Wei