gpgsm: decrypting session key failed: Invalid session key

Fri Jul 26 11:28:31 CEST 2019

Am Fri, 26 Jul 2019 11:43:38 +0900
schrieb NIIBE Yutaka <gniibe at fsij.org>:

> Henning Schild via Gnupg-devel <gnupg-devel at gnupg.org> wrote:
> > An increasing amount of x509 encrypted email i receive can not be
> > decrypted with gpgsm anymore.  
> 
> Is there any change of cipher used?

I did not analyze further. It seems to be newer versions of Outlook
that produce mail i can not decrypt anymore.

> > Details: (from latest git build)
> > $ /foo/gnupg/sm/gpgsm --debug-level guru --decrypt smime_bad.p7m
> > ...
> > gpgsm: DBG: chan_5 -> PKDECRYPT
> > gpgsm: DBG: chan_5 <- S INQUIRE_MAXLEN 4096
> > gpgsm: DBG: chan_5 <- INQUIRE CIPHERTEXT
> > gpgsm: DBG: chan_5 -> [ 44 20 28 37 3a 65 6e 63 2d 76 61 6c 28 33
> > 3a 72 ...(273 byte(s) skipped) ] gpgsm: DBG: chan_5 -> END
> > Vim: Reading from stdin...
> > gpgsm: DBG: chan_5 <- S PADDING 0
> > gpgsm: DBG: chan_5 <- [ 44 20 28 35 3a 76 61 6c 75 65 33 32 3a e5
> > ff cd ...(31 byte(s) skipped) ] gpgsm: DBG: chan_5 <- OK
> > gpgsm: DBG: pkcs1 encoded session key:
> > e5ffcd51107897682fc0d805173d85ce7088fddabda33ac74da73b0813c04593
> > gpgsm: decrypting session key failed: Invalid session key gpgsm:
> > message decryption failed: Invalid session key <GpgSM>  
> 
> The encoded session key is 32-byte, which looks like a key of AES-256.
> 
> My guess is, this is the point where we need a fix:

Sweet, that simple change did the trick! Do you know how to turn that
into an upstream patch. My guess is that we are still talking about a
dirty hack here and some documentation, test-cases need to updated.
Maybe even more code to deal with AES-256 will be required?

regards,
Henning

> diff --git a/sm/decrypt.c b/sm/decrypt.c
> index ec9800840..af509fea1 100644
> --- a/sm/decrypt.c
> +++ b/sm/decrypt.c
> @@ -75,7 +75,7 @@ prepare_decryption (ctrl_t ctrl, const char
> *hexkeygrip, const char *desc, log_printhex (seskey, seskeylen,
> "pkcs1 encoded session key:"); 
>    n=0;
> -  if (seskeylen == 24 || seskeylen == 16)
> +  if (seskeylen == 32 || seskeylen == 24 || seskeylen == 16)
>      {
>        /* Smells like a 3-DES or AES-128 key.  This might happen
>         * because a SC has already done the unpacking.  A better