protonmail: make SRP modulus signature failures fatal
In 93c8007, SRP signature errors were made non-fatal because many
users got the following error:
openpgp: unsupported feature: public key algorithm 22
This is because Protonmail started signing these messages with an
EDDSA key, an algorithm which the Go OpenPGP library does not
support. The switch to github.com/protonmail/crypto introduces this
algorithm, so messages that haven't been tampered with should pass
the verification.
This commit is contained in:
Daniel Bertalan
Simon Ser
parent
06f6d5b8e9
commit
fe6f0a620f
|
|
@ -8,12 +8,10 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"math/big"
|
||||
|
||||
"golang.org/x/crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp/clearsign"
|
||||
openpgperrors "golang.org/x/crypto/openpgp/errors"
|
||||
)
|
||||
|
||||
var randReader io.Reader = rand.Reader
|
||||
|
|
@ -45,9 +43,8 @@ func decodeModulus(msg string) ([]byte, error) {
|
|||
}
|
||||
|
||||
_, err = openpgp.CheckDetachedSignature(modulusKeyring, bytes.NewReader(block.Bytes), block.ArmoredSignature.Body, nil)
|
||||
if err != nil && err != openpgperrors.ErrUnknownIssuer {
|
||||
//return nil, fmt.Errorf("failed to decode modulus: %v", err)
|
||||
log.Println("warning: failed to check SRP modulus signature:", err)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to check modulus signature: %v", err)
|
||||
}
|
||||
|
||||
b, err := base64.StdEncoding.DecodeString(string(block.Plaintext))
|
||||
|
|
|
|||
Loading…
Reference in New Issue