search

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird
https://www.rnpgp.org
Other
202 stars 55 forks source link

Investigate possible AEAD-OCB password-based encryption issue. #2274

Open ni4 opened 2 months ago

ni4 commented 2 months ago

Description

In MSYS runner, test test_sym_encryption__rnp_aead() failed with the following log. This could just a random glitch or some rarely happening issue:

2024-09-23T09:57:35.1420046Z D:/a/rnp/rnp/build/src/rnp/rnp.exe rnp.exe --homedir D:\a\_temp\msys64\tmp\rnpctmpuvroe659\.rnp --pass-fd 4 --decrypt D:\a\_temp\msys64\tmp\rnpctmpuvroe659\cleartext.enc --output D:\a\_temp\msys64\tmp\rnpctmpuvroe659\cleartext.rnp
2024-09-23T09:57:35.1420173Z Working directory: D:\a\rnp\rnp\build\src\tests
2024-09-23T09:57:35.1420177Z 
2024-09-23T09:57:35.1420181Z 
2024-09-23T09:57:35.1421465Z D:/a/rnp/rnp/build/src/rnp/rnp.exe rnp.exe --homedir D:\a\_temp\msys64\tmp\rnpctmpuvroe659\.rnp --bzip2 --aead --aead-chunk-bits=2 --cipher CAMELLIA128 --pass-fd 4 --passwords 1 -c D:\a\_temp\msys64\tmp\rnpctmpuvroe659\cleartext.txt --output D:\a\_temp\msys64\tmp\rnpctmpuvroe659\cleartext.enc
2024-09-23T09:57:35.1421662Z Working directory: D:\a\rnp\rnp\build\src\tests
2024-09-23T09:57:35.1421666Z 
2024-09-23T09:57:35.1421670Z 
2024-09-23T09:57:35.1422702Z D:/a/rnp/rnp/build/src/rnp/rnp.exe rnp.exe --homedir D:\a\_temp\msys64\tmp\rnpctmpuvroe659\.rnp --pass-fd 4 --decrypt D:\a\_temp\msys64\tmp\rnpctmpuvroe659\cleartext.enc --output D:\a\_temp\msys64\tmp\rnpctmpuvroe659\cleartext.rnp
2024-09-23T09:57:35.1422830Z Working directory: D:\a\rnp\rnp\build\src\tests
2024-09-23T09:57:35.1422834Z 
2024-09-23T09:57:35.1422837Z 
2024-09-23T09:57:35.1424202Z D:/a/_temp/msys64/usr/bin/gpg.exe gpg.exe --display-charset UTF-8 --homedir /D/a/_temp/msys64/tmp/rnpctmpuvroe659/.gpg --pinentry-mode=loopback --batch --yes --passphrase password --trust-model always -o /D/a/_temp/msys64/tmp/rnpctmpuvroe659/cleartext.rnp -d /D/a/_temp/msys64/tmp/rnpctmpuvroe659/cleartext.enc
2024-09-23T09:57:35.1424328Z Working directory: D:\a\rnp\rnp\build\src\tests
2024-09-23T09:57:35.1424459Z gpg: CAMELLIA128.OCB encrypted session key
2024-09-23T09:57:35.1424562Z gpg: encrypted with 1 passphrase
2024-09-23T09:57:35.1424738Z gpg: gcry_cipher_checktag (final) failed: Checksum error
2024-09-23T09:57:35.1425020Z gpg: block_filter 0x0000000a000076d0: read error (size=1260,a->size=484)
2024-09-23T09:57:35.1425153Z gpg: bz2lib inflate problem: rc=-4
2024-09-23T09:57:35.1425158Z 
2024-09-23T09:57:35.1425251Z gpg decryption failed
2024-09-23T09:57:35.1425371Z gpg: CAMELLIA128.OCB encrypted session key
2024-09-23T09:57:35.1425478Z gpg: encrypted with 1 passphrase
2024-09-23T09:57:35.1425643Z gpg: gcry_cipher_checktag (final) failed: Checksum error
2024-09-23T09:57:35.1425922Z gpg: block_filter 0x0000000a000076d0: read error (size=1260,a->size=484)
2024-09-23T09:57:35.1426044Z gpg: bz2lib inflate problem: rc=-4
2024-09-23T09:57:35.1426116Z ERROR

GPG version information:

2024-09-23T09:57:34.9533383Z D:/a/_temp/msys64/usr/bin/gpg.exe gpg.exe --version
2024-09-23T09:57:34.9534188Z Working directory: D:\a\rnp\rnp\build\src\tests
2024-09-23T09:57:34.9534674Z 
2024-09-23T09:57:34.9534863Z gpg (GnuPG) 2.4.5
2024-09-23T09:57:34.9535282Z libgcrypt 1.11.0-unknown
2024-09-23T09:57:34.9535627Z Copyright (C) 2024 g10 Code GmbH
2024-09-23T09:57:34.9536216Z License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
2024-09-23T09:57:34.9536868Z This is free software: you are free to change and redistribute it.
2024-09-23T09:57:34.9537425Z There is NO WARRANTY, to the extent permitted by law.
2024-09-23T09:57:34.9537770Z 
2024-09-23T09:57:34.9537908Z Home: /home/runneradmin/.gnupg
2024-09-23T09:57:34.9538244Z Supported algorithms:
2024-09-23T09:57:34.9538570Z Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
2024-09-23T09:57:34.9539073Z Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
2024-09-23T09:57:34.9539586Z         CAMELLIA128, CAMELLIA192, CAMELLIA256
2024-09-23T09:57:34.9540042Z Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
2024-09-23T09:57:34.9540498Z Compression: Uncompressed, ZIP, ZLIB, BZIP2
2024-09-23T09:57:34.9541151Z D:/a/_temp/msys64/usr/bin/gpg.exe gpg.exe --with-colons --list-config curve
2024-09-23T09:57:34.9541704Z Working directory: D:\a\rnp\rnp\build\src\tests
2024-09-23T09:57:34.9541988Z 
2024-09-23T09:57:34.9542766Z cfg:curve:cv25519;ed25519;cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;brainpoolP256r1;brainpoolP384r1;brainpoolP512r1;secp256k1
ni4 commented 2 months ago

Seems to be reproducible via windows-2022 runner, with gpg 2.4.5 and 2-bit chunk size:

2024-09-24T14:34:00.2243804Z D:/a/rnp/rnp/build/src/rnp/rnp.exe rnp.exe --homedir C:\Users\RUNNER~1\AppData\Local\Temp\rnpctmpzfgywivg\.rnp --bzip2 --aead --aead-chunk-bits=2 --cipher CAMELLIA128 --pass-fd 4 --passwords 1 -c C:\Users\RUNNER~1\AppData\Local\Temp\rnpctmpzfgywivg\cleartext.txt --output C:\Users\RUNNER~1\AppData\Local\Temp\rnpctmpzfgywivg\cleartext.enc
2024-09-24T14:34:00.2244261Z Working directory: D:\a\rnp\rnp\build\src\tests
2024-09-24T14:34:00.2244283Z 
2024-09-24T14:34:00.2244298Z 
2024-09-24T14:34:00.2247452Z D:/a/rnp/rnp/build/src/rnp/rnp.exe rnp.exe --homedir C:\Users\RUNNER~1\AppData\Local\Temp\rnpctmpzfgywivg\.rnp --pass-fd 4 --decrypt C:\Users\RUNNER~1\AppData\Local\Temp\rnpctmpzfgywivg\cleartext.enc --output C:\Users\RUNNER~1\AppData\Local\Temp\rnpctmpzfgywivg\cleartext.rnp
2024-09-24T14:34:00.2247760Z Working directory: D:\a\rnp\rnp\build\src\tests
2024-09-24T14:34:00.2247772Z 
2024-09-24T14:34:00.2247778Z 
2024-09-24T14:34:00.2252853Z C:/Program Files/Git/usr/bin/gpg.exe gpg.exe --display-charset UTF-8 --homedir /C/Users/RUNNER~1/AppData/Local/Temp/rnpctmpzfgywivg/.gpg --pinentry-mode=loopback --batch --yes --passphrase password --trust-model always -o /C/Users/RUNNER~1/AppData/Local/Temp/rnpctmpzfgywivg/cleartext.rnp -d /C/Users/RUNNER~1/AppData/Local/Temp/rnpctmpzfgywivg/cleartext.enc
2024-09-24T14:34:00.2255855Z Working directory: D:\a\rnp\rnp\build\src\tests
2024-09-24T14:34:00.2256133Z gpg: CAMELLIA128.OCB encrypted session key
2024-09-24T14:34:00.2256341Z gpg: encrypted with 1 passphrase
2024-09-24T14:34:00.2256654Z gpg: gcry_cipher_checktag (final) failed: Checksum error
2024-09-24T14:34:00.2257216Z gpg: block_filter 0x0000000a000079c0: read error (size=1260,a->size=479)
2024-09-24T14:34:00.2257471Z gpg: bz2lib inflate problem: rc=-4