Mailing List Archive

gpgsm: decrypting session key failed: Invalid session key
Hi,

this is a bug report email, at least i expect it is a bug.

An increasing amount of x509 encrypted email i receive can not be
decrypted with gpgsm anymore. At first i assumed that the senders keys
would be somehow different and trigger the bug in gpgsm. Later i found
that it could also be their mail client, but whatever it is on the remote
end i expect it to be a bug in gpgsm.
The same files can be decrypted with openssl just fine.

Affected versions: gpgsm <= latest master (gnupg-2.2.7-609-g4195ce15f)
Platform Linux: x86_64

Expected result:
Mail can be decrypted and read.

Actual result:
Decryption fails with "gpgsm: decrypting session key failed: Invalid
session key"

Details: (from latest git build)
$ /foo/gnupg/sm/gpgsm --debug-level guru --decrypt smime_bad.p7m
...
gpgsm: DBG: chan_5 -> PKDECRYPT
gpgsm: DBG: chan_5 <- S INQUIRE_MAXLEN 4096
gpgsm: DBG: chan_5 <- INQUIRE CIPHERTEXT
gpgsm: DBG: chan_5 -> [. 44 20 28 37 3a 65 6e 63 2d 76 61 6c 28 33 3a 72 ...(273 byte(s) skipped) ]
gpgsm: DBG: chan_5 -> END
Vim: Reading from stdin...
gpgsm: DBG: chan_5 <- S PADDING 0
gpgsm: DBG: chan_5 <- [. 44 20 28 35 3a 76 61 6c 75 65 33 32 3a e5 ff cd ...(31 byte(s) skipped) ]
gpgsm: DBG: chan_5 <- OK
gpgsm: DBG: pkcs1 encoded session key: e5ffcd51107897682fc0d805173d85ce7088fddabda33ac74da73b0813c04593
gpgsm: decrypting session key failed: Invalid session key
gpgsm: message decryption failed: Invalid session key <GpgSM>


Hope that helps. I would be happy to provide more information. I have
many of those _bad.p7m files.

regards,
Henning

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: gpgsm: decrypting session key failed: Invalid session key [ In reply to ]
Should i rather open an issue on https://dev.gnupg.org/. I think i read
somewhere that this list can be/is used for reporting bugs.

regards,
Henning

Am Thu, 18 Jul 2019 16:58:20 +0200
schrieb Henning Schild via Gnupg-devel <gnupg-devel@gnupg.org>:

> Hi,
>
> this is a bug report email, at least i expect it is a bug.
>
> An increasing amount of x509 encrypted email i receive can not be
> decrypted with gpgsm anymore. At first i assumed that the senders keys
> would be somehow different and trigger the bug in gpgsm. Later i found
> that it could also be their mail client, but whatever it is on the
> remote end i expect it to be a bug in gpgsm.
> The same files can be decrypted with openssl just fine.
>
> Affected versions: gpgsm <= latest master (gnupg-2.2.7-609-g4195ce15f)
> Platform Linux: x86_64
>
> Expected result:
> Mail can be decrypted and read.
>
> Actual result:
> Decryption fails with "gpgsm: decrypting session key failed: Invalid
> session key"
>
> Details: (from latest git build)
> $ /foo/gnupg/sm/gpgsm --debug-level guru --decrypt smime_bad.p7m
> ...
> gpgsm: DBG: chan_5 -> PKDECRYPT
> gpgsm: DBG: chan_5 <- S INQUIRE_MAXLEN 4096
> gpgsm: DBG: chan_5 <- INQUIRE CIPHERTEXT
> gpgsm: DBG: chan_5 -> [. 44 20 28 37 3a 65 6e 63 2d 76 61 6c 28 33 3a
> 72 ...(273 byte(s) skipped) ] gpgsm: DBG: chan_5 -> END
> Vim: Reading from stdin...
> gpgsm: DBG: chan_5 <- S PADDING 0
> gpgsm: DBG: chan_5 <- [. 44 20 28 35 3a 76 61 6c 75 65 33 32 3a e5 ff
> cd ...(31 byte(s) skipped) ] gpgsm: DBG: chan_5 <- OK
> gpgsm: DBG: pkcs1 encoded session key:
> e5ffcd51107897682fc0d805173d85ce7088fddabda33ac74da73b0813c04593
> gpgsm: decrypting session key failed: Invalid session key gpgsm:
> message decryption failed: Invalid session key <GpgSM>
>
>
> Hope that helps. I would be happy to provide more information. I have
> many of those _bad.p7m files.
>
> regards,
> Henning
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: gpgsm: decrypting session key failed: Invalid session key [ In reply to ]
Henning Schild via Gnupg-devel <gnupg-devel@gnupg.org> wrote:
> An increasing amount of x509 encrypted email i receive can not be
> decrypted with gpgsm anymore.

Is there any change of cipher used?

> Details: (from latest git build)
> $ /foo/gnupg/sm/gpgsm --debug-level guru --decrypt smime_bad.p7m
> ...
> gpgsm: DBG: chan_5 -> PKDECRYPT
> gpgsm: DBG: chan_5 <- S INQUIRE_MAXLEN 4096
> gpgsm: DBG: chan_5 <- INQUIRE CIPHERTEXT
> gpgsm: DBG: chan_5 -> [. 44 20 28 37 3a 65 6e 63 2d 76 61 6c 28 33 3a 72 ...(273 byte(s) skipped) ]
> gpgsm: DBG: chan_5 -> END
> Vim: Reading from stdin...
> gpgsm: DBG: chan_5 <- S PADDING 0
> gpgsm: DBG: chan_5 <- [. 44 20 28 35 3a 76 61 6c 75 65 33 32 3a e5 ff cd ...(31 byte(s) skipped) ]
> gpgsm: DBG: chan_5 <- OK
> gpgsm: DBG: pkcs1 encoded session key: e5ffcd51107897682fc0d805173d85ce7088fddabda33ac74da73b0813c04593
> gpgsm: decrypting session key failed: Invalid session key
> gpgsm: message decryption failed: Invalid session key <GpgSM>

The encoded session key is 32-byte, which looks like a key of AES-256.

My guess is, this is the point where we need a fix:

diff --git a/sm/decrypt.c b/sm/decrypt.c
index ec9800840..af509fea1 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -75,7 +75,7 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
log_printhex (seskey, seskeylen, "pkcs1 encoded session key:");

n=0;
- if (seskeylen == 24 || seskeylen == 16)
+ if (seskeylen == 32 || seskeylen == 24 || seskeylen == 16)
{
/* Smells like a 3-DES or AES-128 key. This might happen
* because a SC has already done the unpacking. A better
--

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: gpgsm: decrypting session key failed: Invalid session key [ In reply to ]
Am Fri, 26 Jul 2019 11:43:38 +0900
schrieb NIIBE Yutaka <gniibe@fsij.org>:

> Henning Schild via Gnupg-devel <gnupg-devel@gnupg.org> wrote:
> > An increasing amount of x509 encrypted email i receive can not be
> > decrypted with gpgsm anymore.
>
> Is there any change of cipher used?

I did not analyze further. It seems to be newer versions of Outlook
that produce mail i can not decrypt anymore.

> > Details: (from latest git build)
> > $ /foo/gnupg/sm/gpgsm --debug-level guru --decrypt smime_bad.p7m
> > ...
> > gpgsm: DBG: chan_5 -> PKDECRYPT
> > gpgsm: DBG: chan_5 <- S INQUIRE_MAXLEN 4096
> > gpgsm: DBG: chan_5 <- INQUIRE CIPHERTEXT
> > gpgsm: DBG: chan_5 -> [. 44 20 28 37 3a 65 6e 63 2d 76 61 6c 28 33
> > 3a 72 ...(273 byte(s) skipped) ] gpgsm: DBG: chan_5 -> END
> > Vim: Reading from stdin...
> > gpgsm: DBG: chan_5 <- S PADDING 0
> > gpgsm: DBG: chan_5 <- [. 44 20 28 35 3a 76 61 6c 75 65 33 32 3a e5
> > ff cd ...(31 byte(s) skipped) ] gpgsm: DBG: chan_5 <- OK
> > gpgsm: DBG: pkcs1 encoded session key:
> > e5ffcd51107897682fc0d805173d85ce7088fddabda33ac74da73b0813c04593
> > gpgsm: decrypting session key failed: Invalid session key gpgsm:
> > message decryption failed: Invalid session key <GpgSM>
>
> The encoded session key is 32-byte, which looks like a key of AES-256.
>
> My guess is, this is the point where we need a fix:

Sweet, that simple change did the trick! Do you know how to turn that
into an upstream patch. My guess is that we are still talking about a
dirty hack here and some documentation, test-cases need to updated.
Maybe even more code to deal with AES-256 will be required?

regards,
Henning

> diff --git a/sm/decrypt.c b/sm/decrypt.c
> index ec9800840..af509fea1 100644
> --- a/sm/decrypt.c
> +++ b/sm/decrypt.c
> @@ -75,7 +75,7 @@ prepare_decryption (ctrl_t ctrl, const char
> *hexkeygrip, const char *desc, log_printhex (seskey, seskeylen,
> "pkcs1 encoded session key:");
> n=0;
> - if (seskeylen == 24 || seskeylen == 16)
> + if (seskeylen == 32 || seskeylen == 24 || seskeylen == 16)
> {
> /* Smells like a 3-DES or AES-128 key. This might happen
> * because a SC has already done the unpacking. A better


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel