-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decryption no longer works with Yubikey Neo: SecureMessagingException #2049
Comments
Wait, Google Play Store tricked me, the version shown there in the permissions window is the latest available version, not the version I have installed (I consider that a UI bug). I'm using version But the problem remains the same. |
@af-anssi Can you look into this? |
I can confirm that it works with |
I'm bisecting now. |
BTW: Before releasing the changes of @af-anssi I tested with YubiKey NEO and Fidesmo card, but maybe I missed a special version or corner case. |
It seems like the commit I suspected isn't the culprit, but we'll know in a couple minutes when the bisect is done. It's being made a bit harder due to non-compiling commits in the history like |
Commit ee8cd38 |
I've manually confirmed that this commit is indeed what breaks it. |
Are you sure that this produces the same exception? |
No, and I think it can't, because that exception was introduced later.
|
In the commit before it which works, it prints:
(no difference in output). |
On that commit, I can't
|
@dschuermann Does that happen for you too? |
I have no Yubikey Neo to try to reproduce this issue. The stack trace related to secure messaging is surprising as I didn't know Yubikey Neo was using it... Nevertheless, it is not the cause of the problem since the exception is handled properly and execution continues as if there were no secure messaging available. |
@af-anssi I can order you one if you're up for it! Email me at the address written on nh2.me |
Thank you, but I think we can first try to work with some more log. Could you post a more complete log related to OpenKeychain (grep Keychain on the logcat output) when the bug arises ? |
BTW: I wasn't able to reproduce this with my YubiKey NEOs. @nh2 Are you using a special setup/applet? When have you bought the YubiKey? Do you know the OpenPGP applet version? |
@af-anssi I think I copied all The OpenPGP applet has version The key's firmware version is The connection mode is set to OTP+U2F+CCID (if that has any effect on the PGP applet). |
@af-anssi this is happening to me too, AFAICT the output in the issue description is all that there is to show for
That's what it says when I try to import the key on a new device. |
This is really strange. This code can be triggered only when the "secure messaging" bit is set in the "extended capabilities" retrieved from the token. There are only two reasons for this bit to be set: the implementation is really capable of secure messaging which is curious as I found no information on that, or this bit is used for another purpose in this implementation which makes it not compliant with the OpenPGP card specification. Did you set some specific features during the personnalization of your token(s) ? |
@af-anssi I don't know if that helps, but here's the screenshot from the personalisation GUI: I'm happy to provide other info that might be useful. |
Actually I was wrong about the implementation used in Yubikey Neo: it supports secure messaging with DES as described in OpenPGP specification v2.x. I have fixed the code not to trigger the SmartPGP secure messaging code in case the implemented secure messaging relies on DES. This is a temporary workaround to fix the regression I introduced (sorry). I will have to find a better way to detect SmartPGP secure messaging... |
I would like to try this out, but can't build it due to #2124 |
Just hold your yubikey to your phone while OpenKeychain is open :) |
Haha, oh man. This makes zero sense to me :) I changed the branch structure a bit, can you bisect the bunch of commits to see which one actually fixes this? Really curious about what caused this. |
I meant I split up this commit, please update the branch ( |
Ah, sorry, I thought you were referring to the refactorings in #2252. I'll let you know in a couple minutes. |
the one before:
So looks like this is our contender for the fix: public CommandApdu createDecipherCommand(byte[] data) {
- return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data,
- MAX_APDU_NE_EXT);
+ return CommandApdu.create(CLA, INS_PERFORM_SECURITY_OPERATION, P1_PSO_DECIPHER, P2_PSO_DECIPHER, data);
} |
Does it work with that one plus 02e677d? |
@Valodim Yes. |
Heh, this makes no sense :) What we currently have is perfectly compliant to the spec. But -- I guess we'll just change our behavior here, if it increases compatibility and doesn't break anything else. We'll publish this in a beta sometime soon (sign up for our beta channel, if you haven't already). Thanks for your super thorough bug reporting! |
This is slightly more compliant to spec. OpenPGP-Applet implementations I've looked at don't seem to care, but for some reason this still improves compatibility. See #2049
This is slightly more compliant to spec. OpenPGP-Applet implementations I've looked at don't seem to care, but for some reason this still improves compatibility. See #2049
@nh2 The patch is in the beta that was released today. Please test and report 👍 |
I can confirm that it's working fine with the beta, 4.9 (49001) for me. Thanks everyone for the hard work on this. |
Well, this is awkward. So in commit 1c8cc99 I removed the Le field, which was required for some reason for @nh2's Yubikey. Testing with an OpenPGP card v3.3 however, the field needs to be set to the actually expected size or the maximum size, or decryption won't work :\ The spec on page 59 clearly says the Le value should be 0. Setting it to 0 doesn't work for me with the openpgp card, neither does leaving it out. So basically we have four options:
It's also worth pointing out that most cards don't seem to care whether the field is present and what its value is. I guess we can do what GnuPG does (as opposed to what's in the spec), and hope that this yields the best compatibility? |
@Valodim I'm happy to try out versions for those options where you don't know yet where Yubikeys like mine would react, if that helps. |
Thanks! I made an experimental branch, please check out #2298. I tested this with a Yubikey Neo, Nitrokey Pro, Gnuk, and OpenPGP card v3.3. |
|
From #2298 (comment):
|
When I try to decrypt with my Yubikey Neo over NFC (which in the past, worked fine at some point), I get an error. For example, when using the decrypt-from-clipboard feature, or when using another program like android-password-store/Android-Password-Store#271.
Expected Behavior
Decryption succeeds.
Current Behavior
I now get
Error: Transceive failed
in the UI and the following stack trace inadb logcat
:Possible Solution
Not sure, but this is definitely a regression, it worked in the past.
I wonder if it was this commit that broke it -- simply by the fact that it was the last one touching the code that raises the above exception.
Steps to Reproduce (for bugs)
Your Environment
The text was updated successfully, but these errors were encountered: