Skip to content

Commit

Permalink
Check private key token signatures
Browse files Browse the repository at this point in the history
  • Loading branch information
@emersion
emersion committed Nov 23, 2021
1 parent 5eadb35 commit 3c52837
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions protonmail/auth.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package protonmail

import (
"bytes"
"encoding/base64"
"fmt"
"io/ioutil"
Expand Down Expand Up @@ -273,8 +274,14 @@ func decryptPrivateKeyToken(key *PrivateKey, userKeyRing openpgp.EntityList) ([]
return nil, err
}

// TODO: check key.Signature
return ioutil.ReadAll(md.UnverifiedBody)
b, err := ioutil.ReadAll(md.UnverifiedBody)
if err != nil {
return nil, err
}

// TODO: check signer?
_, err = openpgp.CheckArmoredDetachedSignature(userKeyRing, bytes.NewReader(b), strings.NewReader(key.Signature), nil)
return b, err
}

func unlockPrivateKey(key *PrivateKey, userKeyRing openpgp.EntityList, keySalt []byte, passphraseBytes []byte) (*openpgp.Entity, error) {
Expand Down

0 comments on commit 3c52837

Please sign in to comment.