New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/openpgp: decryption fails when using cipher AES-192 #17060
Comments
OpenPGP messages encrypted with AES-192 can't be decrypted with the Go OpenPGP library. See this bug report @upstream: golang/go#17060
/cc @agl |
Issue is caused by this check: https://github.com/golang/crypto/blob/9477e0b78b9ac3d0b03822fd95422e2fe07627cd/openpgp/packet/symmetric_key_encrypted.go#L91-L93 |
As far as I can tell, the RFC doesn't have an answer here. Other libraries implementing this don't seem to check the keysize output of the Encrypted Session Key. The Encrypted Session Key decrypts to a message with the following makeup: There are three things that can happen here:
I think any case other than (2) should throw an error. But I'm not sure about the history on this one, maybe there was a reason for checking if it was a multiple of the blocksize. |
CL https://golang.org/cl/35848 mentions this issue. |
There's probably a good reason for allowing session key sizes that are a multiple of the blocksize vs just checking if it's the same length as cipher keysize. I've updated the CL to check Session Key size is either equal to cipher key size OR is a multiple of cipher block size. Deferring to @agl, as he implemented this code originally and I'm sure has a better understanding of it. |
The existing implementation checks to see if the session key size is a multiple of the cipher blocksize. This fails for AES-192, which has a keysize of 24 bytes and a 16 byte block size. Instead it should simply check to ensure that the Session Key length is equal to the cipher KeySize. Fixes golang/go#17060 Change-Id: I1dc78129f7fb2ca5ec71b650a2adcb3752dca885 Reviewed-on: https://go-review.googlesource.com/35848 Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
The existing implementation checks to see if the session key size is a multiple of the cipher blocksize. This fails for AES-192, which has a keysize of 24 bytes and a 16 byte block size. Instead it should simply check to ensure that the Session Key length is equal to the cipher KeySize. Fixes golang/go#17060 Change-Id: I1dc78129f7fb2ca5ec71b650a2adcb3752dca885 Reviewed-on: https://go-review.googlesource.com/35848 Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
The existing implementation checks to see if the session key size is a multiple of the cipher blocksize. This fails for AES-192, which has a keysize of 24 bytes and a 16 byte block size. Instead it should simply check to ensure that the Session Key length is equal to the cipher KeySize. Fixes golang/go#17060 Change-Id: I1dc78129f7fb2ca5ec71b650a2adcb3752dca885 Reviewed-on: https://go-review.googlesource.com/35848 Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
The existing implementation checks to see if the session key size is a multiple of the cipher blocksize. This fails for AES-192, which has a keysize of 24 bytes and a 16 byte block size. Instead it should simply check to ensure that the Session Key length is equal to the cipher KeySize. Fixes golang/go#17060 Change-Id: I1dc78129f7fb2ca5ec71b650a2adcb3752dca885 Reviewed-on: https://go-review.googlesource.com/35848 Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
The existing implementation checks to see if the session key size is a multiple of the cipher blocksize. This fails for AES-192, which has a keysize of 24 bytes and a 16 byte block size. Instead it should simply check to ensure that the Session Key length is equal to the cipher KeySize. Fixes golang/go#17060 Change-Id: I1dc78129f7fb2ca5ec71b650a2adcb3752dca885 Reviewed-on: https://go-review.googlesource.com/35848 Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
The existing implementation checks to see if the session key size is a multiple of the cipher blocksize. This fails for AES-192, which has a keysize of 24 bytes and a 16 byte block size. Instead it should simply check to ensure that the Session Key length is equal to the cipher KeySize. Fixes golang/go#17060 Change-Id: I1dc78129f7fb2ca5ec71b650a2adcb3752dca885 Reviewed-on: https://go-review.googlesource.com/35848 Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
The existing implementation checks to see if the session key size is a multiple of the cipher blocksize. This fails for AES-192, which has a keysize of 24 bytes and a 16 byte block size. Instead it should simply check to ensure that the Session Key length is equal to the cipher KeySize. Fixes golang/go#17060 Change-Id: I1dc78129f7fb2ca5ec71b650a2adcb3752dca885 Reviewed-on: https://go-review.googlesource.com/35848 Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Please see this script to reproduce the problem:
https://play.golang.org/p/vk58yYArMh
In line 17, set
cipher := "aes128"
/cipher := "aes256"
and decryption will work fine.However, when using
cipher := "aes192"
, decryption will fail.Decrypting the message via
$ gpg --decrypt
works fine for all three AES sizes, so the decryption routing of Go's openpgp package has an issue.The text was updated successfully, but these errors were encountered: