Use Protonmail fork of golang.org/x/crypto
Adds support for ed25519 (termed State-of-the-art by PM) private keys. SRP modulus signature verification segfaults, so I commented it out.
This commit is contained in:
parent
246e71fbfe
commit
c483823b5c
2
go.mod
2
go.mod
|
@ -19,3 +19,5 @@ require (
|
||||||
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae // indirect
|
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae // indirect
|
||||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
|
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
|
||||||
)
|
)
|
||||||
|
|
||||||
|
replace golang.org/x/crypto => github.com/ProtonMail/crypto v0.0.0-20200605105621-11f6ee2dd602
|
||||||
|
|
8
go.sum
8
go.sum
|
@ -1,3 +1,7 @@
|
||||||
|
github.com/ProtonMail/crypto v0.0.0-20200416114516-1fa7f403fb9c h1:DAvlgde2Stu18slmjwikiMPs/CKPV35wSvmJS34z0FU=
|
||||||
|
github.com/ProtonMail/crypto v0.0.0-20200416114516-1fa7f403fb9c/go.mod h1:Pxr7w4gA2ikI4sWyYwEffm+oew1WAJHzG1SiDpQMkrI=
|
||||||
|
github.com/ProtonMail/crypto v0.0.0-20200605105621-11f6ee2dd602 h1:ainph8zAAGO7yqxvgyiZhV/kzDL/l5bXmhePsEuhKSA=
|
||||||
|
github.com/ProtonMail/crypto v0.0.0-20200605105621-11f6ee2dd602/go.mod h1:Pxr7w4gA2ikI4sWyYwEffm+oew1WAJHzG1SiDpQMkrI=
|
||||||
github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
|
github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
|
||||||
github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
|
github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
|
||||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||||
|
@ -43,11 +47,7 @@ github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0
|
||||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||||
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
|
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
|
||||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
|
||||||
golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d h1:1ZiEyfaQIg3Qh0EoqpwAakHVhecoE5wlSg5GjnafJGw=
|
|
||||||
golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
|
||||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
|
||||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae h1:/WDfKMnPU+m5M4xB+6x4kaepxRw6jWvR5iDRdvjHgy8=
|
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae h1:/WDfKMnPU+m5M4xB+6x4kaepxRw6jWvR5iDRdvjHgy8=
|
||||||
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
|
|
@ -164,7 +164,7 @@ func (r *detachedSignatureReader) Read(p []byte) (n int, err error) {
|
||||||
n, err = r.body.Read(p)
|
n, err = r.body.Read(p)
|
||||||
if err == io.EOF && !r.eof {
|
if err == io.EOF && !r.eof {
|
||||||
// Check signature
|
// Check signature
|
||||||
signer, signatureError := openpgp.CheckArmoredDetachedSignature(r.keyring, &r.signed, r.signature)
|
signer, signatureError := openpgp.CheckArmoredDetachedSignature(r.keyring, &r.signed, r.signature, nil)
|
||||||
r.md.IsSigned = true
|
r.md.IsSigned = true
|
||||||
r.md.SignatureError = signatureError
|
r.md.SignatureError = signatureError
|
||||||
if signer != nil {
|
if signer != nil {
|
||||||
|
@ -190,7 +190,7 @@ func (card *ContactCard) Read(keyring openpgp.KeyRing) (*openpgp.MessageDetails,
|
||||||
|
|
||||||
signed := strings.NewReader(card.Data)
|
signed := strings.NewReader(card.Data)
|
||||||
signature := strings.NewReader(card.Signature)
|
signature := strings.NewReader(card.Signature)
|
||||||
signer, err := openpgp.CheckArmoredDetachedSignature(keyring, signed, signature)
|
signer, err := openpgp.CheckArmoredDetachedSignature(keyring, signed, signature, nil)
|
||||||
md.IsSigned = true
|
md.IsSigned = true
|
||||||
md.SignatureError = err
|
md.SignatureError = err
|
||||||
if signer != nil {
|
if signer != nil {
|
||||||
|
|
|
@ -36,7 +36,7 @@ func encryptionKey(e *openpgp.Entity, now time.Time) (openpgp.Key, bool) {
|
||||||
if subkey.Sig.FlagsValid &&
|
if subkey.Sig.FlagsValid &&
|
||||||
subkey.Sig.FlagEncryptCommunications &&
|
subkey.Sig.FlagEncryptCommunications &&
|
||||||
subkey.PublicKey.PubKeyAlgo.CanEncrypt() &&
|
subkey.PublicKey.PubKeyAlgo.CanEncrypt() &&
|
||||||
!subkey.Sig.KeyExpired(now) &&
|
!subkey.PublicKey.KeyExpired(subkey.Sig, now) &&
|
||||||
(maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) {
|
(maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) {
|
||||||
candidateSubkey = i
|
candidateSubkey = i
|
||||||
maxTime = subkey.Sig.CreationTime
|
maxTime = subkey.Sig.CreationTime
|
||||||
|
@ -53,7 +53,7 @@ func encryptionKey(e *openpgp.Entity, now time.Time) (openpgp.Key, bool) {
|
||||||
// assume that the primary key is ok. Or, if the primary key is
|
// assume that the primary key is ok. Or, if the primary key is
|
||||||
// marked as ok to encrypt to, then we can obviously use it.
|
// marked as ok to encrypt to, then we can obviously use it.
|
||||||
i := primaryIdentity(e)
|
i := primaryIdentity(e)
|
||||||
if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagEncryptCommunications && e.PrimaryKey.PubKeyAlgo.CanEncrypt() && !i.SelfSignature.KeyExpired(now) {
|
if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagEncryptCommunications && e.PrimaryKey.PubKeyAlgo.CanEncrypt() && !i.SelfSignature.SigExpired(now) {
|
||||||
return openpgp.Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true
|
return openpgp.Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -70,7 +70,7 @@ func signingKey(e *openpgp.Entity, now time.Time) (openpgp.Key, bool) {
|
||||||
if subkey.Sig.FlagsValid &&
|
if subkey.Sig.FlagsValid &&
|
||||||
subkey.Sig.FlagSign &&
|
subkey.Sig.FlagSign &&
|
||||||
subkey.PublicKey.PubKeyAlgo.CanSign() &&
|
subkey.PublicKey.PubKeyAlgo.CanSign() &&
|
||||||
!subkey.Sig.KeyExpired(now) {
|
!subkey.PublicKey.KeyExpired(subkey.Sig, now) {
|
||||||
candidateSubkey = i
|
candidateSubkey = i
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
@ -84,7 +84,7 @@ func signingKey(e *openpgp.Entity, now time.Time) (openpgp.Key, bool) {
|
||||||
// If we have no candidate subkey then we assume that it's ok to sign
|
// If we have no candidate subkey then we assume that it's ok to sign
|
||||||
// with the primary key.
|
// with the primary key.
|
||||||
i := primaryIdentity(e)
|
i := primaryIdentity(e)
|
||||||
if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagSign && !i.SelfSignature.KeyExpired(now) {
|
if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagSign && !i.SelfSignature.SigExpired(now) {
|
||||||
return openpgp.Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true
|
return openpgp.Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,19 +1,17 @@
|
||||||
package protonmail
|
package protonmail
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/subtle"
|
"crypto/subtle"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
// "log"
|
||||||
"math/big"
|
"math/big"
|
||||||
|
|
||||||
"golang.org/x/crypto/openpgp"
|
|
||||||
"golang.org/x/crypto/openpgp/clearsign"
|
"golang.org/x/crypto/openpgp/clearsign"
|
||||||
openpgperrors "golang.org/x/crypto/openpgp/errors"
|
// openpgperrors "golang.org/x/crypto/openpgp/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
var randReader io.Reader = rand.Reader
|
var randReader io.Reader = rand.Reader
|
||||||
|
@ -25,11 +23,12 @@ func decodeModulus(msg string) ([]byte, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: check signature and signature key
|
// TODO: check signature and signature key
|
||||||
_, err := openpgp.CheckDetachedSignature(nil, bytes.NewReader(block.Plaintext), block.ArmoredSignature.Body)
|
// FIXME: segfaults
|
||||||
if err != nil && err != openpgperrors.ErrUnknownIssuer {
|
// _, err := block.VerifySignature(nil, nil)
|
||||||
|
// if err != nil && err != openpgperrors.ErrUnknownIssuer {
|
||||||
//return nil, fmt.Errorf("failed to decode modulus: %v", err)
|
//return nil, fmt.Errorf("failed to decode modulus: %v", err)
|
||||||
log.Println("warning: failed to check SRP modulus signature:", err)
|
// log.Println("warning: failed to check SRP modulus signature:", err)
|
||||||
}
|
//}
|
||||||
|
|
||||||
b, err := base64.StdEncoding.DecodeString(string(block.Plaintext))
|
b, err := base64.StdEncoding.DecodeString(string(block.Plaintext))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in New Issue