diff --git a/cache.go b/cache.go index 8f65099..e9532e2 100644 --- a/cache.go +++ b/cache.go @@ -157,7 +157,11 @@ func (protonDrive *ProtonDrive) _getLinkKRByID(ctx context.Context, linkID strin /* The original non-caching version, which resolves the keyring recursively */ func (protonDrive *ProtonDrive) _getLinkKR(ctx context.Context, link *proton.Link) (*crypto.KeyRing, error) { if link.ParentLinkID == "" { // link is rootLink - nodeKR, err := link.GetKeyRing(protonDrive.MainShareKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.SignatureEmail}) + if err != nil { + return nil, err + } + nodeKR, err := link.GetKeyRing(protonDrive.MainShareKR, signatureVerificationKR) if err != nil { return nil, err } @@ -176,7 +180,11 @@ func (protonDrive *ProtonDrive) _getLinkKR(ctx context.Context, link *proton.Lin return nil, err } - nodeKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.SignatureEmail}) + if err != nil { + return nil, err + } + nodeKR, err := link.GetKeyRing(parentNodeKR, signatureVerificationKR) if err != nil { return nil, err } @@ -228,7 +236,11 @@ func (protonDrive *ProtonDrive) getLinkKR(ctx context.Context, link *proton.Link return nil, err } - kr, err := data.link.GetKeyRing(parentNodeKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{data.link.SignatureEmail}) + if err != nil { + return nil, err + } + kr, err := data.link.GetKeyRing(parentNodeKR, signatureVerificationKR) if err != nil { return nil, err } diff --git a/common/config.go b/common/config.go index 46712fb..b75e83d 100644 --- a/common/config.go +++ b/common/config.go @@ -1,7 +1,6 @@ package common import ( - "log" "os" "runtime" ) @@ -44,8 +43,6 @@ type ReusableCredentialData struct { } func NewConfigWithDefaultValues() *Config { - log.Println("Number of CPUs", runtime.GOMAXPROCS(0)) - return &Config{ AppVersion: "", UserAgent: "", @@ -77,8 +74,6 @@ func NewConfigWithDefaultValues() *Config { } func NewConfigForIntegrationTests() *Config { - log.Println("Number of CPUs", runtime.GOMAXPROCS(0)) - appVersion := os.Getenv("PROTON_API_BRIDGE_APP_VERSION") userAgent := os.Getenv("PROTON_API_BRIDGE_USER_AGENT") diff --git a/common/keyring.go b/common/keyring.go index e7ecb14..6867851 100644 --- a/common/keyring.go +++ b/common/keyring.go @@ -19,7 +19,7 @@ The address keyrings are encrypted with the primary user keyring at the time. The primary address key is used to create (encrypt) and retrieve (decrypt) data, e.g. shares */ -func getAccountKRs(ctx context.Context, c *proton.Client, keyPass, saltedKeyPass []byte) (*crypto.KeyRing, map[string]*crypto.KeyRing, []proton.Address, []byte, error) { +func getAccountKRs(ctx context.Context, c *proton.Client, keyPass, saltedKeyPass []byte) (*crypto.KeyRing, map[string]*crypto.KeyRing, map[string]proton.Address, []byte, error) { /* Code taken and modified from proton-bridge */ user, err := c.GetUser(ctx) @@ -28,7 +28,7 @@ func getAccountKRs(ctx context.Context, c *proton.Client, keyPass, saltedKeyPass } // log.Printf("user %#v", user) - addr, err := c.GetAddresses(ctx) + addrsArr, err := c.GetAddresses(ctx) if err != nil { return nil, nil, nil, nil, err } @@ -56,7 +56,7 @@ func getAccountKRs(ctx context.Context, c *proton.Client, keyPass, saltedKeyPass // log.Printf("saltedKeyPass ok") } - userKR, addrKRs, err := proton.Unlock(user, addr, saltedKeyPass, nil) + userKR, addrKRs, err := proton.Unlock(user, addrsArr, saltedKeyPass, nil) if err != nil { return nil, nil, nil, nil, err @@ -66,5 +66,10 @@ func getAccountKRs(ctx context.Context, c *proton.Client, keyPass, saltedKeyPass } } - return userKR, addrKRs, addr, saltedKeyPass, nil + addrs := make(map[string]proton.Address) + for _, addr := range addrsArr { + addrs[addr.Email] = addr + } + + return userKR, addrKRs, addrs, saltedKeyPass, nil } diff --git a/common/user.go b/common/user.go index 39c74da..7a56bac 100644 --- a/common/user.go +++ b/common/user.go @@ -47,12 +47,12 @@ Log in methods Keyring decryption The password will be salted, and then used to decrypt the keyring. The salted password needs to be and can be cached, so the keyring can be re-decrypted when needed */ -func Login(ctx context.Context, config *Config, authHandler proton.AuthHandler, deAuthHandler proton.Handler) (*proton.Manager, *proton.Client, *ProtonDriveCredential, *crypto.KeyRing, map[string]*crypto.KeyRing, []proton.Address, error) { +func Login(ctx context.Context, config *Config, authHandler proton.AuthHandler, deAuthHandler proton.Handler) (*proton.Manager, *proton.Client, *ProtonDriveCredential, *crypto.KeyRing, map[string]*crypto.KeyRing, map[string]proton.Address, error) { var c *proton.Client var auth proton.Auth var userKR *crypto.KeyRing var addrKRs map[string]*crypto.KeyRing - var addr []proton.Address + var addrs map[string]proton.Address // get manager m := getProtonManager(config.AppVersion, config.UserAgent) @@ -71,12 +71,12 @@ func Login(ctx context.Context, config *Config, authHandler proton.AuthHandler, if err != nil { return nil, nil, nil, nil, nil, nil, err } - userKR, addrKRs, addr, _, err = getAccountKRs(ctx, c, nil, SaltedKeyPassByteArr) + userKR, addrKRs, addrs, _, err = getAccountKRs(ctx, c, nil, SaltedKeyPassByteArr) if err != nil { return nil, nil, nil, nil, nil, nil, err } - return m, c, nil, userKR, addrKRs, addr, nil + return m, c, nil, userKR, addrKRs, addrs, nil } else { username := config.FirstLoginCredential.Username password := config.FirstLoginCredential.Password @@ -119,7 +119,7 @@ func Login(ctx context.Context, config *Config, authHandler proton.AuthHandler, // decrypt keyring var saltedKeyPassByteArr []byte - userKR, addrKRs, addr, saltedKeyPassByteArr, err = getAccountKRs(ctx, c, keyPass, nil) + userKR, addrKRs, addrs, saltedKeyPassByteArr, err = getAccountKRs(ctx, c, keyPass, nil) if err != nil { return nil, nil, nil, nil, nil, nil, err } @@ -140,7 +140,7 @@ func Login(ctx context.Context, config *Config, authHandler proton.AuthHandler, AccessToken: auth.AccessToken, RefreshToken: auth.RefreshToken, SaltedKeyPass: saltedKeyPass, - }, userKR, addrKRs, addr, nil + }, userKR, addrKRs, addrs, nil } } diff --git a/drive.go b/drive.go index d9e2723..d410947 100644 --- a/drive.go +++ b/drive.go @@ -15,8 +15,8 @@ type ProtonDrive struct { MainShare *proton.Share RootLink *proton.Link - MainShareKR *crypto.KeyRing - AddrKR *crypto.KeyRing + MainShareKR *crypto.KeyRing + DefaultAddrKR *crypto.KeyRing Config *common.Config @@ -24,7 +24,7 @@ type ProtonDrive struct { m *proton.Manager userKR *crypto.KeyRing addrKRs map[string]*crypto.KeyRing - addrData []proton.Address + addrData map[string]proton.Address signatureAddress string cache *cache @@ -121,10 +121,10 @@ func NewProtonDrive(ctx context.Context, config *common.Config, authHandler prot // log.Printf("rootLink %#v", rootLink) // log.Printf("addrKRs %#v", addrKRs)= - addrKR := addrKRs[mainShare.AddressID] + mainShareAddrKR := addrKRs[mainShare.AddressID] // log.Println("addrKR CountDecryptionEntities", addrKR.CountDecryptionEntities()) - mainShareKR, err := mainShare.GetKeyRing(addrKR) + mainShareKR, err := mainShare.GetKeyRing(mainShareAddrKR) if err != nil { return nil, nil, err } @@ -134,8 +134,8 @@ func NewProtonDrive(ctx context.Context, config *common.Config, authHandler prot MainShare: mainShare, RootLink: &rootLink, - MainShareKR: mainShareKR, - AddrKR: addrKR, + MainShareKR: mainShareKR, + DefaultAddrKR: mainShareAddrKR, Config: config, @@ -168,3 +168,40 @@ func (protonDrive *ProtonDrive) About(ctx context.Context) (*proton.User, error) func (protonDrive *ProtonDrive) GetLink(ctx context.Context, linkID string) (*proton.Link, error) { return protonDrive.getLink(ctx, linkID) } + +func addKeysFromKR(kr *crypto.KeyRing, newKRs ...*crypto.KeyRing) error { + for i := range newKRs { + for _, key := range newKRs[i].GetKeys() { + err := kr.AddKey(key) + if err != nil { + return err + } + } + } + + return nil +} + +func (protonDrive *ProtonDrive) getSignatureVerificationKeyring(emailAddresses []string, verificationAddrKRs ...*crypto.KeyRing) (*crypto.KeyRing, error) { + ret, err := crypto.NewKeyRing(nil) + if err != nil { + return nil, err + } + + for _, emailAddress := range emailAddresses { + if addr, ok := protonDrive.addrData[emailAddress]; ok { + if err := addKeysFromKR(ret, protonDrive.addrKRs[addr.ID]); err != nil { + return nil, err + } + } + } + + if err := addKeysFromKR(ret, verificationAddrKRs...); err != nil { + return nil, err + } + + if ret.CountEntities() == 0 { + return nil, ErrNoKeyringForSignatureVerification + } + return ret, nil +} diff --git a/error.go b/error.go index 43bae74..85fddae 100644 --- a/error.go +++ b/error.go @@ -20,4 +20,5 @@ var ( ErrWrongUsageOfGetLinkKR = errors.New("internal error for GetLinkKR - nil passed in for link") ErrWrongUsageOfGetLink = errors.New("internal error for getLink - empty linkID passed in") ErrSeekOffsetAfterSkippingBlocks = errors.New("internal error for download seek - the offset after skipping blocks is wrong") + ErrNoKeyringForSignatureVerification = errors.New(("internal error for signature verification - no keyring is generated")) ) diff --git a/file.go b/file.go index 268e3c1..d045d81 100644 --- a/file.go +++ b/file.go @@ -62,7 +62,11 @@ func (protonDrive *ProtonDrive) GetActiveRevisionAttrs(ctx context.Context, link return nil, err } - revisionXAttrCommon, err := revisionsMetadata[0].GetDecXAttrString(protonDrive.AddrKR, nodeKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.FileProperties.ActiveRevision.SignatureEmail}) + if err != nil { + return nil, err + } + revisionXAttrCommon, err := revisionsMetadata[0].GetDecXAttrString(signatureVerificationKR, nodeKR) if err != nil { return nil, err } @@ -115,7 +119,11 @@ func (protonDrive *ProtonDrive) GetActiveRevisionWithAttrs(ctx context.Context, return nil, nil, err } - revisionXAttrCommon, err := revision.GetDecXAttrString(protonDrive.AddrKR, nodeKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.FileProperties.ActiveRevision.SignatureEmail}) + if err != nil { + return nil, nil, err + } + revisionXAttrCommon, err := revision.GetDecXAttrString(signatureVerificationKR, nodeKR) if err != nil { return nil, nil, err } diff --git a/file_download.go b/file_download.go index dba79e4..6684a9f 100644 --- a/file_download.go +++ b/file_download.go @@ -14,6 +14,7 @@ type FileDownloadReader struct { protonDrive *ProtonDrive ctx context.Context + link *proton.Link data *bytes.Buffer nodeKR *crypto.KeyRing sessionKey *crypto.SessionKey @@ -67,7 +68,11 @@ func (reader *FileDownloadReader) populateBufferOnRead() error { } defer blockReader.Close() - err = decryptBlockIntoBuffer(reader.sessionKey, reader.protonDrive.AddrKR, reader.nodeKR, reader.revision.Blocks[i].Hash, reader.revision.Blocks[i].EncSignature, reader.data, blockReader) + signatureVerificationKR, err := reader.protonDrive.getSignatureVerificationKeyring([]string{reader.link.SignatureEmail}, reader.nodeKR) + if err != nil { + return err + } + err = decryptBlockIntoBuffer(reader.sessionKey, signatureVerificationKR, reader.nodeKR, reader.revision.Blocks[i].Hash, reader.revision.Blocks[i].EncSignature, reader.data, blockReader) if err != nil { return err } @@ -100,7 +105,11 @@ func (protonDrive *ProtonDrive) DownloadFile(ctx context.Context, link *proton.L return nil, 0, nil, err } - nodeKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.SignatureEmail}) + if err != nil { + return nil, 0, nil, err + } + nodeKR, err := link.GetKeyRing(parentNodeKR, signatureVerificationKR) if err != nil { return nil, 0, nil, err } @@ -119,6 +128,7 @@ func (protonDrive *ProtonDrive) DownloadFile(ctx context.Context, link *proton.L protonDrive: protonDrive, ctx: ctx, + link: link, data: bytes.NewBuffer(nil), nodeKR: nodeKR, sessionKey: sessionKey, diff --git a/file_upload.go b/file_upload.go index 320c432..60f845c 100644 --- a/file_upload.go +++ b/file_upload.go @@ -80,7 +80,11 @@ func (protonDrive *ProtonDrive) createFileUploadDraft(ctx context.Context, paren return "", "", nil, nil, err } - newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature, err := generateNodeKeys(parentNodeKR, protonDrive.AddrKR) + /* + Encryption: parent link's node key + Signature: share's signature address keys + */ + newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature, err := generateNodeKeys(parentNodeKR, protonDrive.DefaultAddrKR) if err != nil { return "", "", nil, nil, err } @@ -102,27 +106,47 @@ func (protonDrive *ProtonDrive) createFileUploadDraft(ctx context.Context, paren SignatureAddress: protonDrive.signatureAddress, // Signature email address used to sign passphrase and name } - /* Name is encrypted using the parent's keyring, and signed with address key */ - err = createFileReq.SetName(filename, protonDrive.AddrKR, parentNodeKR) + /* + Encryption: parent link's node key + Signature: share's signature address keys + */ + err = createFileReq.SetName(filename, protonDrive.DefaultAddrKR, parentNodeKR) if err != nil { return "", "", nil, nil, err } - parentHashKey, err := parentLink.GetHashKey(parentNodeKR) - if err != nil { - return "", "", nil, nil, err - } - - newNodeKR, err := getKeyRing(parentNodeKR, protonDrive.AddrKR, newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature) + /* + Encryption: parent link's node key + Signature: parent link's node key + */ + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{parentLink.SignatureEmail}, parentNodeKR) + if err != nil { + return "", "", nil, nil, err + } + parentHashKey, err := parentLink.GetHashKey(parentNodeKR, signatureVerificationKR) if err != nil { return "", "", nil, nil, err } + /* Use parent's hash key */ err = createFileReq.SetHash(filename, parentHashKey) if err != nil { return "", "", nil, nil, err } + /* + Encryption: parent link's node key + Signature: share's signature address keys + */ + newNodeKR, err := getKeyRing(parentNodeKR, protonDrive.DefaultAddrKR, newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature) + if err != nil { + return "", "", nil, nil, err + } + + /* + Encryption: current link's node key + Signature: share's signature address keys + */ newSessionKey, err := createFileReq.SetContentKeyPacketAndSignature(newNodeKR) if err != nil { return "", "", nil, nil, err @@ -192,12 +216,16 @@ func (protonDrive *ProtonDrive) createFileUploadDraft(ctx context.Context, paren if link != nil { linkID = link.LinkID - // get original newSessionKey and newNodeKR + // get original sessionKey and nodeKR for the current link parentNodeKR, err = protonDrive.getLinkKRByID(ctx, link.ParentLinkID) if err != nil { return "", "", nil, nil, err } - newNodeKR, err = link.GetKeyRing(parentNodeKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.SignatureEmail}) + if err != nil { + return "", "", nil, nil, err + } + newNodeKR, err = link.GetKeyRing(parentNodeKR, signatureVerificationKR) if err != nil { return "", "", nil, nil, err } @@ -308,14 +336,18 @@ func (protonDrive *ProtonDrive) uploadAndCollectBlockData(ctx context.Context, n sha1Digests.Write(data) blockSizes = append(blockSizes, int64(readBytes)) - // encrypt data + // encrypt block data + /* + Encryption: current link's session key + Signature: share's signature address keys + */ dataPlainMessage := crypto.NewPlainMessage(data) encData, err := newSessionKey.Encrypt(dataPlainMessage) if err != nil { return nil, 0, nil, "", err } - encSignature, err := protonDrive.AddrKR.SignDetachedEncrypted(dataPlainMessage, newNodeKR) + encSignature, err := protonDrive.DefaultAddrKR.SignDetachedEncrypted(dataPlainMessage, newNodeKR) if err != nil { return nil, 0, nil, "", err } @@ -354,7 +386,7 @@ func (protonDrive *ProtonDrive) uploadAndCollectBlockData(ctx context.Context, n } func (protonDrive *ProtonDrive) commitNewRevision(ctx context.Context, nodeKR *crypto.KeyRing, xAttrCommon *proton.RevisionXAttrCommon, manifestSignatureData []byte, linkID, revisionID string) error { - manifestSignature, err := protonDrive.AddrKR.SignDetached(crypto.NewPlainMessage(manifestSignatureData)) + manifestSignature, err := protonDrive.DefaultAddrKR.SignDetached(crypto.NewPlainMessage(manifestSignatureData)) if err != nil { return err } @@ -368,7 +400,7 @@ func (protonDrive *ProtonDrive) commitNewRevision(ctx context.Context, nodeKR *c SignatureAddress: protonDrive.signatureAddress, } - err = commitRevisionReq.SetEncXAttrString(protonDrive.AddrKR, nodeKR, xAttrCommon) + err = commitRevisionReq.SetEncXAttrString(protonDrive.DefaultAddrKR, nodeKR, xAttrCommon) if err != nil { return err } diff --git a/folder.go b/folder.go index d90c5db..5b83a3d 100644 --- a/folder.go +++ b/folder.go @@ -34,7 +34,11 @@ func (protonDrive *ProtonDrive) ListDirectory( if err != nil { return nil, err } - folderLinkKR, err := folderLink.GetKeyRing(folderParentKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{folderLink.SignatureEmail}) + if err != nil { + return nil, err + } + folderLinkKR, err := folderLink.GetKeyRing(folderParentKR, signatureVerificationKR) if err != nil { return nil, err } @@ -44,7 +48,11 @@ func (protonDrive *ProtonDrive) ListDirectory( continue } - name, err := childrenLinks[i].GetName(folderLinkKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{childrenLinks[i].NameSignatureEmail, childrenLinks[i].SignatureEmail}) + if err != nil { + return nil, err + } + name, err := childrenLinks[i].GetName(folderLinkKR, signatureVerificationKR) if err != nil { return nil, err } @@ -78,7 +86,7 @@ func (protonDrive *ProtonDrive) CreateNewFolder(ctx context.Context, parentLink return "", err } - newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature, err := generateNodeKeys(parentNodeKR, protonDrive.AddrKR) + newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature, err := generateNodeKeys(parentNodeKR, protonDrive.DefaultAddrKR) if err != nil { return "", err } @@ -99,12 +107,16 @@ func (protonDrive *ProtonDrive) CreateNewFolder(ctx context.Context, parentLink } /* Name is encrypted using the parent's keyring, and signed with address key */ - err = createFolderReq.SetName(folderName, protonDrive.AddrKR, parentNodeKR) + err = createFolderReq.SetName(folderName, protonDrive.DefaultAddrKR, parentNodeKR) if err != nil { return "", err } - parentHashKey, err := parentLink.GetHashKey(parentNodeKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{parentLink.SignatureEmail}, parentNodeKR) + if err != nil { + return "", err + } + parentHashKey, err := parentLink.GetHashKey(parentNodeKR, signatureVerificationKR) if err != nil { return "", err } @@ -113,7 +125,7 @@ func (protonDrive *ProtonDrive) CreateNewFolder(ctx context.Context, parentLink return "", err } - newNodeKR, err := getKeyRing(parentNodeKR, protonDrive.AddrKR, newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature) + newNodeKR, err := getKeyRing(parentNodeKR, protonDrive.DefaultAddrKR, newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature) if err != nil { return "", err } @@ -200,12 +212,16 @@ func (protonDrive *ProtonDrive) moveLink(ctx context.Context, srcLink *proton.Li return err } - err = req.SetName(dstName, protonDrive.AddrKR, dstParentKR) + err = req.SetName(dstName, protonDrive.DefaultAddrKR, dstParentKR) if err != nil { return err } - dstParentHashKey, err := dstParentLink.GetHashKey(dstParentKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{dstParentLink.SignatureEmail}, dstParentKR) + if err != nil { + return err + } + dstParentHashKey, err := dstParentLink.GetHashKey(dstParentKR, signatureVerificationKR) if err != nil { return err } @@ -218,7 +234,7 @@ func (protonDrive *ProtonDrive) moveLink(ctx context.Context, srcLink *proton.Li if err != nil { return err } - nodePassphrase, err := reencryptKeyPacket(srcParentKR, dstParentKR, protonDrive.AddrKR, srcLink.NodePassphrase) + nodePassphrase, err := reencryptKeyPacket(srcParentKR, dstParentKR, protonDrive.DefaultAddrKR, srcLink.NodePassphrase) if err != nil { return err } diff --git a/folder_recursive.go b/folder_recursive.go index 74923f5..add73df 100644 --- a/folder_recursive.go +++ b/folder_recursive.go @@ -31,7 +31,11 @@ func (protonDrive *ProtonDrive) listDirectoriesRecursively( var currentPath = "" if !(excludeRoot && curDepth == 0) { - name, err := link.GetName(parentNodeKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.NameSignatureEmail, link.SignatureEmail}) + if err != nil { + return err + } + name, err := link.GetName(parentNodeKR, signatureVerificationKR) if err != nil { return err } @@ -88,7 +92,11 @@ func (protonDrive *ProtonDrive) listDirectoriesRecursively( if childrenLinks != nil { // get current node's keyring - linkKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.SignatureEmail}) + if err != nil { + return err + } + linkKR, err := link.GetKeyRing(parentNodeKR, signatureVerificationKR) if err != nil { return err } diff --git a/go.mod b/go.mod index 9e28028..dad290e 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/ProtonMail/gluon v0.17.1-0.20230724134000-308be39be96e github.com/ProtonMail/gopenpgp/v2 v2.7.3 - github.com/henrybear327/go-proton-api v0.0.0-20230905210903-1d7952498156 + github.com/henrybear327/go-proton-api v0.0.0-20230907193451-e563407504ce github.com/relvacode/iso8601 v1.3.0 golang.org/x/sync v0.3.0 ) diff --git a/go.sum b/go.sum index e86ca1f..d7e3df9 100644 --- a/go.sum +++ b/go.sum @@ -50,8 +50,8 @@ github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSM github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/henrybear327/go-proton-api v0.0.0-20230905210903-1d7952498156 h1:4AneKd+c3c1Jq9X5FRrbJwqhn5M0lkc38xDuP+nl8M8= -github.com/henrybear327/go-proton-api v0.0.0-20230905210903-1d7952498156/go.mod h1:w63MZuzufKcIZ93pwRgiOtxMXYafI8H74D77AxytOBc= +github.com/henrybear327/go-proton-api v0.0.0-20230907193451-e563407504ce h1:n1URi7VYiwX/3akX51keQXi6Huy4lJdVc4biJHYk3iw= +github.com/henrybear327/go-proton-api v0.0.0-20230907193451-e563407504ce/go.mod h1:w63MZuzufKcIZ93pwRgiOtxMXYafI8H74D77AxytOBc= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= diff --git a/mail.go b/mail.go index 3e60bcf..bf45cf5 100644 --- a/mail.go +++ b/mail.go @@ -79,7 +79,7 @@ func (protonDrive *ProtonDrive) createDraft(ctx context.Context, config *MailSen }, } - createDraftResp, err := protonDrive.c.CreateDraft(ctx, protonDrive.AddrKR, createDraftReq) + createDraftResp, err := protonDrive.c.CreateDraft(ctx, protonDrive.DefaultAddrKR, createDraftReq) if err != nil { return nil, err } @@ -96,7 +96,7 @@ func (protonDrive *ProtonDrive) getAttachmentSessionKeyMap(attachments []*proton return nil, err } - key, err := protonDrive.AddrKR.DecryptSessionKey(keyPacket) + key, err := protonDrive.DefaultAddrKR.DecryptSessionKey(keyPacket) if err != nil { return nil, err } @@ -127,7 +127,7 @@ func (protonDrive *ProtonDrive) uploadAttachments(ctx context.Context, createDra Body: fileByteArray, } - uploadAttachmentResp, err := protonDrive.c.UploadAttachment(ctx, protonDrive.AddrKR, req) + uploadAttachmentResp, err := protonDrive.c.UploadAttachment(ctx, protonDrive.DefaultAddrKR, req) if err != nil { return nil, err } @@ -172,7 +172,7 @@ func (protonDrive *ProtonDrive) sendDraft(ctx context.Context, messageID string, } // for each of the recipient, we encrypt body for them - if err = sendReq.AddTextPackage(protonDrive.AddrKR, + if err = sendReq.AddTextPackage(protonDrive.DefaultAddrKR, string(htmlTemplate), rfc822.TextHTML, map[string]proton.SendPreferences{config.RecipientEmailAddress: { diff --git a/search.go b/search.go index f7ab08e..04eb72c 100644 --- a/search.go +++ b/search.go @@ -51,12 +51,20 @@ func (protonDrive *ProtonDrive) SearchByNameInActiveFolder( return nil, err } - folderLinkKR, err := folderLink.GetKeyRing(parentNodeKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{folderLink.SignatureEmail}) + if err != nil { + return nil, err + } + folderLinkKR, err := folderLink.GetKeyRing(parentNodeKR, signatureVerificationKR) if err != nil { return nil, err } - folderHashKey, err := folderLink.GetHashKey(folderLinkKR) + signatureVerificationKR, err = protonDrive.getSignatureVerificationKeyring([]string{folderLink.SignatureEmail}, folderLinkKR) + if err != nil { + return nil, err + } + folderHashKey, err := folderLink.GetHashKey(folderLinkKR, signatureVerificationKR) if err != nil { return nil, err } diff --git a/search_recursive.go b/search_recursive.go index 5f323b7..8d9a60a 100644 --- a/search_recursive.go +++ b/search_recursive.go @@ -73,7 +73,11 @@ func (protonDrive *ProtonDrive) performSearchByNameRecursively( return nil, nil } - name, err := link.GetName(parentNodeKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.NameSignatureEmail, link.SignatureEmail}) + if err != nil { + return nil, err + } + name, err := link.GetName(parentNodeKR, signatureVerificationKR) if err != nil { return nil, err } @@ -90,7 +94,11 @@ func (protonDrive *ProtonDrive) performSearchByNameRecursively( // log.Printf("childrenLinks len = %v, %#v", len(childrenLinks), childrenLinks) // get current node's keyring - linkKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR) + signatureVerificationKR, err := protonDrive.getSignatureVerificationKeyring([]string{link.SignatureEmail}) + if err != nil { + return nil, err + } + linkKR, err := link.GetKeyRing(parentNodeKR, signatureVerificationKR) if err != nil { return nil, err }