jarno
/
hydroxide-push
1
0
Fork 0
Code Issues Pull Requests Wiki Activity

protonmail: make SRP modulus signature failures a warning 

Temporarily make signature errors non-fatal because the Go OpenPGP library is
missing some features we need:

    openpgp: unsupported feature: public key algorithm 22

This doesn't really weaken our security since we weren't checking the signature
key anyway. To completely fix this issue, we need to upstream the required
key algorithm.

Fixes https://github.com/emersion/hydroxide/issues/46
This commit is contained in:
Simon Ser 2019-04-13 13:58:21 +03:00
parent 8f167410be
commit 93c8007937
No known key found for this signature in database
GPG Key ID: 0FDE7BE0E88F5E48
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
protonmail/srp.go
View File

@ -7,6 +7,7 @@ import (
"encoding/base64" "encoding/base64"
"errors" "errors"
"io" "io"
"log"
"math/big" "math/big"
"golang.org/x/crypto/openpgp" "golang.org/x/crypto/openpgp"
@ -22,10 +23,11 @@ func decodeModulus(msg string) ([]byte, error) {
return nil, errors.New("invalid modulus signed PGP block") return nil, errors.New("invalid modulus signed PGP block")
} }
// TODO: check signature key // TODO: check signature and signature key
_, err := openpgp.CheckDetachedSignature(nil, bytes.NewReader(block.Plaintext), block.ArmoredSignature.Body) _, err := openpgp.CheckDetachedSignature(nil, bytes.NewReader(block.Plaintext), block.ArmoredSignature.Body)
if err != nil && err != openpgperrors.ErrUnknownIssuer { if err != nil && err != openpgperrors.ErrUnknownIssuer {
return nil, err //return nil, fmt.Errorf("failed to decode modulus: %v", err)
log.Println("warning: failed to check SRP modulus signature:", err)
} }
return base64.StdEncoding.DecodeString(string(block.Plaintext)) return base64.StdEncoding.DecodeString(string(block.Plaintext))