grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Grub verify module failed to verify a signed file

From: Andrey Borzenkov
Subject: Re: Grub verify module failed to verify a signed file
Date: Sat, 30 Mar 2013 16:14:32 +0400 
В Thu, 28 Mar 2013 16:15:09 -0700
Wei Hu <address@hidden> пишет:

> Hi,
> 
> I am trying to use the grub verify module to verify a detached signature I 
> signed using gpg on Linux. I did two different signings. Both of them failed, 
> but at the different places in grub_verify_signature(). I am wonder if I did 
> something wrong or the module has some bugs in it. Let me detail my procedure 
> here. The text file, signature file and my public key are all attached.
> 
> Signing Approach 1
> -----------------------
> 
> On my Ubuntu system, say I want to detached sign myfile.txt
> 
> > gpg --detach-sign myfile.txt
> 
> It creates the signature file myfile.txt.sig. I noticed it uses ripemd160 
> hash algorithm. Then I export my public key as
> 
> > gpg --output my.pubkey --export 'address@hidden'
> 
> The my.pubkey file contains my public key.  Then I create a grub rescue cd 
> image with all these three file myfile.txt myfile.txt.sig and my.pubkey.
> 
> > grub-mkrescue -o image.iso ./myfile.txt ./myfile.txt.sig ./my.pubkey
> 
> After this, I booted the image and at the grub prompt I did
> 
> grub > verify_detached /myfile.txt /myfile.txt.sig /my.pubkey
> 
> It returns bad signature in grub_verify_signature() after following line:
>    ...
>     hash->final (context);
>     grub_dprintf ("crypt", "alive\n");
>     hval = hash->read (context);
>     if (grub_file_read (sig, hash_start, sizeof (hash_start)) != sizeof 
> (hash_start))
>          return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));     
>  
>     if (grub_memcmp (hval, hash_start, sizeof (hash_start)) != 0)
>       return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));        
>  <-- - failed here
> 
> My understanding is it calls ripemd160 algorithm to verify a two byte hash 
> value and it failed.

Yes, fails here as well. Adding debug output, it reads correct bytes at
correct offset from signature, but the first two bytes of hval differ.

> So I try to change the algorithm using in gpg for hashing as follows:
> 
> Signing Approch 2
> ---------------------
> 
> I just sign the myfile.txt with sha512 like this:
> 
> > gpg --digest-algo sha512 --detach-sign myfile.txt
> 
> It creates a myfile.txt.sig file. Then a created the iso image and boot just 
> as in approach 1.
> 
> grub > verify_detached /myfile.txt /myfile.txt.sig /my.pubkey
> 
> This time I went much further in grub_verify_signature(). It seem failed at 
> last when calling dsa verify routine:
> 
>     unsigned nbits = gcry_mpi_get_nbits (sk->mpis[1]);
>     grub_dprintf ("crypt", "must be %u bits got %d bits\n", nbits,
>                   (int)(8 * hash->mdlen));                                    
>                <---- Here debug output is: must be 17 bits got 512 bits
>    ....
>     if (!grub_crypto_pk_dsa)
>       return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("module `%s' isn't 
> loaded"), "gcry_dsa");
>     if (grub_crypto_pk_dsa->verify (0, hmpi, mpis, sk->mpis, 0, 0))           
>                       <------ failed here.
>       return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));        
>                    
> 
> So I guess I was not doing right somewhere? Have you tested this verification 
> module? The grub_dprintf() output (expecting 17bits but got 512 bits) is very 
> suspicious.
> 
> For this Verify module to work, what tool and what procedure should I follow 
> to sign a file?
> 
> Thanks so much,
> 
> Wei
reply via email to
[Prev in Thread] Current Thread [Next in Thread]