protonmail: improve errors

2019-04-14 19:07:03 +03:00 · 2019-04-14 19:07:03 +03:00 · fc1618d086
parent ff4f1f7876
commit fc1618d086
3 changed files with 17 additions and 10 deletions
--- a/protonmail/auth.go
+++ b/protonmail/auth.go
@ -280,7 +280,7 @@ func (c *Client) Unlock(auth *Auth, passphrase string) (openpgp.EntityList, erro
 		for _, key := range addr.Keys {
 			entity, err := key.Entity()
 			if err != nil {
-				return nil, err
+				return nil, fmt.Errorf("failed to read key %q: %v", addr.Email, err)
 			}

 			found := false
@ -295,7 +295,7 @@ func (c *Client) Unlock(auth *Auth, passphrase string) (openpgp.EntityList, erro
 			}

 			if err := unlockKey(entity, passphraseBytes); err != nil {
-				log.Printf("warning: failed to unlock key %v: %v", entity.PrimaryKey.KeyIdString(), err)
+				log.Printf("warning: failed to unlock key %q %v: %v", addr.Email, entity.PrimaryKey.KeyIdString(), err)
 				continue
 			}

--- a/protonmail/keys.go
+++ b/protonmail/keys.go
@ -2,6 +2,7 @@ package protonmail

 import (
 	"errors"
+	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
@ -29,7 +30,7 @@ type PrivateKey struct {
 func (priv *PrivateKey) Entity() (*openpgp.Entity, error) {
 	keyRing, err := openpgp.ReadArmoredKeyRing(strings.NewReader(priv.PrivateKey))
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to read private key: %v", err)
 	}
 	if len(keyRing) == 0 {
 		return nil, errors.New("private key is empty")
@ -58,7 +59,7 @@ type PublicKey struct {
 func (pub *PublicKey) Entity() (*openpgp.Entity, error) {
 	keyRing, err := openpgp.ReadArmoredKeyRing(strings.NewReader(pub.PublicKey))
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to read public key: %v", err)
 	}
 	if len(keyRing) == 0 {
 		return nil, errors.New("public key is empty")
--- a/protonmail/srp.go
+++ b/protonmail/srp.go
@ -6,6 +6,7 @@ import (
 	"crypto/subtle"
 	"encoding/base64"
 	"errors"
+	"fmt"
 	"io"
 	"log"
 	"math/big"
@ -20,7 +21,7 @@ var randReader io.Reader = rand.Reader
 func decodeModulus(msg string) ([]byte, error) {
 	block, _ := clearsign.Decode([]byte(msg))
 	if block == nil {
-		return nil, errors.New("invalid modulus signed PGP block")
+		return nil, errors.New("invalid SRP modulus signed PGP block")
 	}

 	// TODO: check signature and signature key
@ -30,7 +31,12 @@ func decodeModulus(msg string) ([]byte, error) {
 		log.Println("warning: failed to check SRP modulus signature:", err)
 	}

-	return base64.StdEncoding.DecodeString(string(block.Plaintext))
+	b, err := base64.StdEncoding.DecodeString(string(block.Plaintext))
+	if err != nil {
+		return nil, fmt.Errorf("malformed SRP modulus: %v", err)
+	}
+
+	return b, nil
 }

 func reverse(b []byte) {
@ -140,11 +146,11 @@ func generateProofs(l int, hash func([]byte) []byte, modulusBytes, hashedBytes,
 func (p *proofs) VerifyServerProof(serverProofString string) error {
 	serverProof, err := base64.StdEncoding.DecodeString(serverProofString)
 	if err != nil {
-		return err
+		return fmt.Errorf("malformed SRP server proof: %v", err)
 	}

 	if subtle.ConstantTimeCompare(p.expectedServerProof, serverProof) != 1 {
-		return errors.New("invalid server proof")
+		return errors.New("invalid SRP server proof")
 	}
 	return nil
 }
@ -158,12 +164,12 @@ func srp(password []byte, info *AuthInfo) (*proofs, error) {

 	serverEphemeral, err := base64.StdEncoding.DecodeString(info.serverEphemeral)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("malformed SRP server ephemeral: %v", err)
 	}

 	salt, err := base64.StdEncoding.DecodeString(info.salt)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("malformed SRP salt: %v", err)
 	}

 	hashed, err := hashPassword(info.version, password, salt, modulus)