From 93c8007937e1e3e0c3736a52454a65db3af6c7ec Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Sat, 13 Apr 2019 13:58:21 +0300
Subject: [PATCH] protonmail: make SRP modulus signature failures a warning

Temporarily make signature errors non-fatal because the Go OpenPGP library is
missing some features we need:

    openpgp: unsupported feature: public key algorithm 22

This doesn't really weaken our security since we weren't checking the signature
key anyway. To completely fix this issue, we need to upstream the required
key algorithm.

Fixes https://github.com/emersion/hydroxide/issues/46
---
 protonmail/srp.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/protonmail/srp.go b/protonmail/srp.go
index 74f106d..d45dfdf 100644
--- a/protonmail/srp.go
+++ b/protonmail/srp.go
@@ -7,6 +7,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"io"
+	"log"
 	"math/big"
 
 	"golang.org/x/crypto/openpgp"
@@ -22,10 +23,11 @@ func decodeModulus(msg string) ([]byte, error) {
 		return nil, errors.New("invalid modulus signed PGP block")
 	}
 
-	// TODO: check signature key
+	// TODO: check signature and signature key
 	_, err := openpgp.CheckDetachedSignature(nil, bytes.NewReader(block.Plaintext), block.ArmoredSignature.Body)
 	if err != nil && err != openpgperrors.ErrUnknownIssuer {
-		return nil, err
+		//return nil, fmt.Errorf("failed to decode modulus: %v", err)
+		log.Println("warning: failed to check SRP modulus signature:", err)
 	}
 
 	return base64.StdEncoding.DecodeString(string(block.Plaintext))