Grub verify module failed to verify a signed file

grub-devel.gnu.org archive mirror
 help / color / mirror / Atom feed

* Grub verify module failed to verify a signed file
@ 2013-03-28 23:15 Wei Hu
  2013-03-30 12:14 ` Andrey Borzenkov
  2013-03-31 12:25 ` Vladimir 'φ-coder/phcoder' Serbinenko
  0 siblings, 2 replies; 5+ messages in thread
From: Wei Hu @ 2013-03-28 23:15 UTC (permalink / raw)
  To: grub-devel@gnu.org

[-- Attachment #1: Type: text/plain, Size: 3106 bytes --]

Hi,

I am trying to use the grub verify module to verify a detached signature I signed using gpg on Linux. I did two different signings. Both of them failed, but at the different places in grub_verify_signature(). I am wonder if I did something wrong or the module has some bugs in it. Let me detail my procedure here. The text file, signature file and my public key are all attached.

Signing Approach 1
-----------------------

On my Ubuntu system, say I want to detached sign myfile.txt

> gpg --detach-sign myfile.txt

It creates the signature file myfile.txt.sig. I noticed it uses ripemd160 hash algorithm. Then I export my public key as

> gpg --output my.pubkey --export 'whu@moka5.com'

The my.pubkey file contains my public key.  Then I create a grub rescue cd image with all these three file myfile.txt myfile.txt.sig and my.pubkey.

> grub-mkrescue -o image.iso ./myfile.txt ./myfile.txt.sig ./my.pubkey

After this, I booted the image and at the grub prompt I did

grub > verify_detached /myfile.txt /myfile.txt.sig /my.pubkey

It returns bad signature in grub_verify_signature() after following line:
   ...
    hash->final (context);
    grub_dprintf ("crypt", "alive\n");
    hval = hash->read (context);
    if (grub_file_read (sig, hash_start, sizeof (hash_start)) != sizeof (hash_start))
         return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));      
    if (grub_memcmp (hval, hash_start, sizeof (hash_start)) != 0)
      return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));         <-- - failed here

My understanding is it calls ripemd160 algorithm to verify a two byte hash value and it failed. So I try to change the algorithm using in gpg for hashing as follows:

Signing Approch 2
---------------------

I just sign the myfile.txt with sha512 like this:

> gpg --digest-algo sha512 --detach-sign myfile.txt

It creates a myfile.txt.sig file. Then a created the iso image and boot just as in approach 1.

grub > verify_detached /myfile.txt /myfile.txt.sig /my.pubkey

This time I went much further in grub_verify_signature(). It seem failed at last when calling dsa verify routine:

    unsigned nbits = gcry_mpi_get_nbits (sk->mpis[1]);
    grub_dprintf ("crypt", "must be %u bits got %d bits\n", nbits,
                  (int)(8 * hash->mdlen));                                                   <---- Here debug output is: must be 17 bits got 512 bits
   ....
    if (!grub_crypto_pk_dsa)
      return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("module `%s' isn't loaded"), "gcry_dsa");
    if (grub_crypto_pk_dsa->verify (0, hmpi, mpis, sk->mpis, 0, 0))                                 <------ failed here.
      return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));                           

So I guess I was not doing right somewhere? Have you tested this verification module? The grub_dprintf() output (expecting 17bits but got 512 bits) is very suspicious.

For this Verify module to work, what tool and what procedure should I follow to sign a file?

Thanks so much,

Wei

[-- Attachment #2: myfile.txt --]
[-- Type: text/plain, Size: 17 bytes --]

This is my file.

[-- Attachment #3: myfile.txt.sha512.sig --]
[-- Type: application/octet-stream, Size: 287 bytes --]

[-- Attachment #4: myfile.txt.ripemd160.sig --]
[-- Type: application/octet-stream, Size: 287 bytes --]

[-- Attachment #5: my.pubkey --]
[-- Type: application/octet-stream, Size: 1203 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Grub verify module failed to verify a signed file
  2013-03-28 23:15 Grub verify module failed to verify a signed file Wei Hu
@ 2013-03-30 12:14 ` Andrey Borzenkov
  2013-03-31 12:25 ` Vladimir 'φ-coder/phcoder' Serbinenko
  1 sibling, 0 replies; 5+ messages in thread
From: Andrey Borzenkov @ 2013-03-30 12:14 UTC (permalink / raw)
  To: grub-devel

В Thu, 28 Mar 2013 16:15:09 -0700
Wei Hu <whu@mokafive.com> пишет:

> Hi,
> 
> I am trying to use the grub verify module to verify a detached signature I signed using gpg on Linux. I did two different signings. Both of them failed, but at the different places in grub_verify_signature(). I am wonder if I did something wrong or the module has some bugs in it. Let me detail my procedure here. The text file, signature file and my public key are all attached.
> 
> Signing Approach 1
> -----------------------
> 
> On my Ubuntu system, say I want to detached sign myfile.txt
> 
> > gpg --detach-sign myfile.txt
> 
> It creates the signature file myfile.txt.sig. I noticed it uses ripemd160 hash algorithm. Then I export my public key as
> 
> > gpg --output my.pubkey --export 'whu@moka5.com'
> 
> The my.pubkey file contains my public key.  Then I create a grub rescue cd image with all these three file myfile.txt myfile.txt.sig and my.pubkey.
> 
> > grub-mkrescue -o image.iso ./myfile.txt ./myfile.txt.sig ./my.pubkey
> 
> After this, I booted the image and at the grub prompt I did
> 
> grub > verify_detached /myfile.txt /myfile.txt.sig /my.pubkey
> 
> It returns bad signature in grub_verify_signature() after following line:
>    ...
>     hash->final (context);
>     grub_dprintf ("crypt", "alive\n");
>     hval = hash->read (context);
>     if (grub_file_read (sig, hash_start, sizeof (hash_start)) != sizeof (hash_start))
>          return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));      
>     if (grub_memcmp (hval, hash_start, sizeof (hash_start)) != 0)
>       return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));         <-- - failed here
> 
> My understanding is it calls ripemd160 algorithm to verify a two byte hash value and it failed.

Yes, fails here as well. Adding debug output, it reads correct bytes at
correct offset from signature, but the first two bytes of hval differ.

> So I try to change the algorithm using in gpg for hashing as follows:
> 
> Signing Approch 2
> ---------------------
> 
> I just sign the myfile.txt with sha512 like this:
> 
> > gpg --digest-algo sha512 --detach-sign myfile.txt
> 
> It creates a myfile.txt.sig file. Then a created the iso image and boot just as in approach 1.
> 
> grub > verify_detached /myfile.txt /myfile.txt.sig /my.pubkey
> 
> This time I went much further in grub_verify_signature(). It seem failed at last when calling dsa verify routine:
> 
>     unsigned nbits = gcry_mpi_get_nbits (sk->mpis[1]);
>     grub_dprintf ("crypt", "must be %u bits got %d bits\n", nbits,
>                   (int)(8 * hash->mdlen));                                                   <---- Here debug output is: must be 17 bits got 512 bits
>    ....
>     if (!grub_crypto_pk_dsa)
>       return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("module `%s' isn't loaded"), "gcry_dsa");
>     if (grub_crypto_pk_dsa->verify (0, hmpi, mpis, sk->mpis, 0, 0))                                 <------ failed here.
>       return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));                           
> 
> So I guess I was not doing right somewhere? Have you tested this verification module? The grub_dprintf() output (expecting 17bits but got 512 bits) is very suspicious.
> 
> For this Verify module to work, what tool and what procedure should I follow to sign a file?
> 
> Thanks so much,
> 
> Wei


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Grub verify module failed to verify a signed file
  2013-03-28 23:15 Grub verify module failed to verify a signed file Wei Hu
  2013-03-30 12:14 ` Andrey Borzenkov
@ 2013-03-31 12:25 ` Vladimir 'φ-coder/phcoder' Serbinenko
  2013-03-31 13:38   ` Andrey Borzenkov
  1 sibling, 1 reply; 5+ messages in thread
From: Vladimir 'φ-coder/phcoder' Serbinenko @ 2013-03-31 12:25 UTC (permalink / raw)
  To: The development of GNU GRUB

[-- Attachment #1: Type: text/plain, Size: 54 bytes --]

Only DSA is supported for now and your key is RSA.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 294 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Grub verify module failed to verify a signed file
  2013-03-31 12:25 ` Vladimir 'φ-coder/phcoder' Serbinenko
@ 2013-03-31 13:38   ` Andrey Borzenkov
  2013-03-31 14:02     ` [PATCH] " Andrey Borzenkov
  0 siblings, 1 reply; 5+ messages in thread
From: Andrey Borzenkov @ 2013-03-31 13:38 UTC (permalink / raw)
  To: grub-devel

[-- Attachment #1: Type: text/plain, Size: 1169 bytes --]

В Sun, 31 Mar 2013 14:25:35 +0200
Vladimir 'φ-coder/phcoder' Serbinenko <phcoder@gmail.com> пишет:

> Only DSA is supported for now and your key is RSA.
> 

I have exactly the same problem with DSA key:

bor@opensuse:~> gpg --list-keys DA5DF78C 
pub   1024D/DA5DF78C 2002-02-07
uid                  Andrey Borzenkov <arvidjaar@gmail.com>
uid                  Andrey Borzenkov <arvidjaar@newmail.ru>
uid                  Andrey Borzenkov <arvidjaar@mail.ru>
uid                  Andrej Borsenkow <arvidjaar@mail.ru>
sub   1024g/3C88F322 2002-02-07
bor@opensuse:~> LC_ALL=C gpg --verify --verbose /tmp/test/myfile.txt.sig
gpg: assuming signed data in `/tmp/test/myfile.txt'
gpg: Signature made Sat Mar 30 17:23:57 2013 MSK using DSA key ID DA5DF78C
gpg: using classic trust model
gpg: Good signature from "Andrey Borzenkov <arvidjaar@gmail.com>"
gpg:                 aka "Andrey Borzenkov <arvidjaar@newmail.ru>"
gpg:                 aka "Andrey Borzenkov <arvidjaar@mail.ru>"
gpg:                 aka "Andrej Borsenkow <arvidjaar@mail.ru>"
gpg: binary signature, digest algorithm SHA1

This file and signature fail verification in grub.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] Re: Grub verify module failed to verify a signed file
  2013-03-31 13:38   ` Andrey Borzenkov
@ 2013-03-31 14:02     ` Andrey Borzenkov
  0 siblings, 0 replies; 5+ messages in thread
From: Andrey Borzenkov @ 2013-03-31 14:02 UTC (permalink / raw)
  To: Andrey Borzenkov

[-- Attachment #1: Type: text/plain, Size: 2752 bytes --]

В Sun, 31 Mar 2013 17:38:58 +0400
Andrey Borzenkov <arvidjaar@gmail.com> пишет:

> В Sun, 31 Mar 2013 14:25:35 +0200
> Vladimir 'φ-coder/phcoder' Serbinenko <phcoder@gmail.com> пишет:
> 
> > Only DSA is supported for now and your key is RSA.
> > 
> 
> I have exactly the same problem with DSA key:
> 
> bor@opensuse:~> gpg --list-keys DA5DF78C 
> pub   1024D/DA5DF78C 2002-02-07
> uid                  Andrey Borzenkov <arvidjaar@gmail.com>
> uid                  Andrey Borzenkov <arvidjaar@newmail.ru>
> uid                  Andrey Borzenkov <arvidjaar@mail.ru>
> uid                  Andrej Borsenkow <arvidjaar@mail.ru>
> sub   1024g/3C88F322 2002-02-07
> bor@opensuse:~> LC_ALL=C gpg --verify --verbose /tmp/test/myfile.txt.sig
> gpg: assuming signed data in `/tmp/test/myfile.txt'
> gpg: Signature made Sat Mar 30 17:23:57 2013 MSK using DSA key ID DA5DF78C
> gpg: using classic trust model
> gpg: Good signature from "Andrey Borzenkov <arvidjaar@gmail.com>"
> gpg:                 aka "Andrey Borzenkov <arvidjaar@newmail.ru>"
> gpg:                 aka "Andrey Borzenkov <arvidjaar@mail.ru>"
> gpg:                 aka "Andrej Borsenkow <arvidjaar@mail.ru>"
> gpg: binary signature, digest algorithm SHA1
> 
> This file and signature fail verification in grub.

Fixed with patch below. BTW, while testing I noticed that gcry_dsa is
not autoloaded when running verify_detached. Need to look into it.


From: Andrey Borzenkov <arvidjaar@gmail.com>
Subject: [PATCH] fix hash numbers in verify.c

Hash numbers start with 1, not with 0. Make numbers explicit like
the rest.

Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>

---
 ChangeLog                   | 5 +++++
 grub-core/commands/verify.c | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 58c2242..672aa74 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-03-31  Andrey Borzenkov <arvidjaar@gmail.com>
+
+	* grub-core/commands/verify.c: Fix hash algorithms values for
+	the first three hashes - they start with 1, not with 0.
+
 2013-03-26  Vladimir Serbinenko  <phcoder@gmail.com>
 
 	* grub-core/kern/efi/mm.c (grub_efi_finish_boot_services):
diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c
index 6c0b580..b4d5e7b 100644
--- a/grub-core/commands/verify.c
+++ b/grub-core/commands/verify.c
@@ -123,7 +123,9 @@ struct signature_v4_header
 } __attribute__ ((packed));
 
 const char *hashes[] = {
-  "md5", "sha1", "ripemd160",
+  [0x01] = "md5",
+  [0x02] = "sha1",
+  [0x03] = "ripemd160",
   [0x08] = "sha256",
   [0x09] = "sha384",
   [0x0a] = "sha512",
-- 
tg: (c643afe..) u/hash-numbers (depends on: master)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2013-03-31 14:04 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-03-28 23:15 Grub verify module failed to verify a signed file Wei Hu
2013-03-30 12:14 ` Andrey Borzenkov
2013-03-31 12:25 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-03-31 13:38   ` Andrey Borzenkov
2013-03-31 14:02     ` [PATCH] " Andrey Borzenkov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).