Skip signature verification in most parts

2026-06-12 15:56:37 -04:00 · 2023-08-02 18:20:56 +02:00
parent b52f839b20
commit e054c27a8f
11 changed files with 70 additions and 67 deletions
--- a/cache.go
+++ b/cache.go
@@ -157,7 +157,7 @@ func (protonDrive *ProtonDrive) _getLinkKRByID(ctx context.Context, linkID strin
 /* The original non-caching version, which resolves the keyring recursively */
 func (protonDrive *ProtonDrive) _getLinkKR(ctx context.Context, link *proton.Link) (*crypto.KeyRing, error) {
 	if link.ParentLinkID == "" { // link is rootLink
-		nodeKR, err := link.GetKeyRing(protonDrive.MainShareKR, protonDrive.AddrKR)
+		nodeKR, err := link.GetKeyRing(protonDrive.MainShareKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 		if err != nil {
 			return nil, err
 		}
@@ -176,7 +176,7 @@ func (protonDrive *ProtonDrive) _getLinkKR(ctx context.Context, link *proton.Lin
 		return nil, err
 	}

-	nodeKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR)
+	nodeKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return nil, err
 	}
@@ -228,10 +228,11 @@ func (protonDrive *ProtonDrive) getLinkKR(ctx context.Context, link *proton.Link
 			return nil, err
 		}

-		kr, err := data.link.GetKeyRing(parentNodeKR, protonDrive.AddrKR)
+		kr, err := data.link.GetKeyRing(parentNodeKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 		if err != nil {
 			return nil, err
 		}
+
 		data.kr = kr
 		return data.kr, nil
 	}
--- a/crypto.go
+++ b/crypto.go
@@ -1,9 +1,7 @@
 package proton_api_bridge

 import (
-	"crypto/sha256"
 	"encoding/base64"
-	"io"

 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/gopenpgp/v2/helper"
@@ -94,7 +92,7 @@ func reencryptKeyPacket(srcKR, dstKR, addrKR *crypto.KeyRing, passphrase string)
 	return newSplitMessage.GetArmored()
 }

-func getKeyRing(kr, addrKR *crypto.KeyRing, key, passphrase, passphraseSignature string) (*crypto.KeyRing, error) {
+func getKeyRing(kr, addrKR *crypto.KeyRing, key, passphrase, passphraseSignature string, skipSignatureVerifications bool) (*crypto.KeyRing, error) {
 	enc, err := crypto.NewPGPMessageFromArmored(passphrase)
 	if err != nil {
 		return nil, err
@@ -110,8 +108,10 @@ func getKeyRing(kr, addrKR *crypto.KeyRing, key, passphrase, passphraseSignature
 		return nil, err
 	}

-	if err := addrKR.VerifyDetached(dec, sig, crypto.GetUnixTime()); err != nil {
-		return nil, err
+	if !skipSignatureVerifications {
+		if err := addrKR.VerifyDetached(dec, sig, crypto.GetUnixTime()); err != nil {
+			return nil, err
+		}
 	}

 	lockedKey, err := crypto.NewKeyFromArmored(key)
@@ -126,43 +126,3 @@ func getKeyRing(kr, addrKR *crypto.KeyRing, key, passphrase, passphraseSignature

 	return crypto.NewKeyRing(unlockedKey)
 }
-
-func decryptBlockIntoBuffer(sessionKey *crypto.SessionKey, addrKR, nodeKR *crypto.KeyRing, originalHash, encSignature string, buffer io.ReaderFrom, block io.ReadCloser) error {
-	data, err := io.ReadAll(block)
-	if err != nil {
-		return err
-	}
-
-	plainMessage, err := sessionKey.Decrypt(data)
-	if err != nil {
-		return err
-	}
-
-	encSignatureArm, err := crypto.NewPGPMessageFromArmored(encSignature)
-	if err != nil {
-		return err
-	}
-
-	err = addrKR.VerifyDetachedEncrypted(plainMessage, encSignatureArm, nodeKR, crypto.GetUnixTime())
-	if err != nil {
-		return err
-	}
-
-	_, err = buffer.ReadFrom(plainMessage.NewReader())
-	if err != nil {
-		return err
-	}
-
-	h := sha256.New()
-	h.Write(data)
-	hash := h.Sum(nil)
-	base64Hash := base64.StdEncoding.EncodeToString(hash)
-	if err != nil {
-		return err
-	}
-	if base64Hash != originalHash {
-		return ErrDownloadedBlockHashVerificationFailed
-	}
-
-	return nil
-}
--- a/drive.go
+++ b/drive.go
@@ -124,7 +124,7 @@ func NewProtonDrive(ctx context.Context, config *common.Config, authHandler prot
 	addrKR := addrKRs[mainShare.AddressID]
 	// log.Println("addrKR CountDecryptionEntities", addrKR.CountDecryptionEntities())

-	mainShareKR, err := mainShare.GetKeyRing(addrKR)
+	mainShareKR, err := mainShare.GetKeyRing(addrKR, config.SkipSignatureVerifications)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/file_download.go
+++ b/file_download.go
@@ -3,6 +3,8 @@ package proton_api_bridge
 import (
 	"bytes"
 	"context"
+	"crypto/sha256"
+	"encoding/base64"
 	"io"
 	"log"

@@ -78,6 +80,46 @@ func (reader *FileDownloadReader) populateBufferOnRead() error {
 	return nil
 }

+func decryptBlockIntoBuffer(sessionKey *crypto.SessionKey, addrKR, nodeKR *crypto.KeyRing, originalHash, encSignature string, buffer io.ReaderFrom, block io.ReadCloser) error {
+	data, err := io.ReadAll(block)
+	if err != nil {
+		return err
+	}
+
+	plainMessage, err := sessionKey.Decrypt(data)
+	if err != nil {
+		return err
+	}
+
+	encSignatureArm, err := crypto.NewPGPMessageFromArmored(encSignature)
+	if err != nil {
+		return err
+	}
+
+	err = addrKR.VerifyDetachedEncrypted(plainMessage, encSignatureArm, nodeKR, crypto.GetUnixTime())
+	if err != nil {
+		return err
+	}
+
+	_, err = buffer.ReadFrom(plainMessage.NewReader())
+	if err != nil {
+		return err
+	}
+
+	h := sha256.New()
+	h.Write(data)
+	hash := h.Sum(nil)
+	base64Hash := base64.StdEncoding.EncodeToString(hash)
+	if err != nil {
+		return err
+	}
+	if base64Hash != originalHash {
+		return ErrDownloadedBlockHashVerificationFailed
+	}
+
+	return nil
+}
+
 func (protonDrive *ProtonDrive) DownloadFileByID(ctx context.Context, linkID string, offset int64) (io.ReadCloser, int64, *FileSystemAttrs, error) {
 	/* It's like event system, we need to get the latest information before creating the move request! */
 	protonDrive.removeLinkIDFromCache(linkID, false)
@@ -100,7 +142,7 @@ func (protonDrive *ProtonDrive) DownloadFile(ctx context.Context, link *proton.L
 		return nil, 0, nil, err
 	}

-	nodeKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR)
+	nodeKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return nil, 0, nil, err
 	}
--- a/file_upload.go
+++ b/file_upload.go
@@ -108,12 +108,12 @@ func (protonDrive *ProtonDrive) createFileUploadDraft(ctx context.Context, paren
 		return "", "", nil, nil, err
 	}

-	parentHashKey, err := parentLink.GetHashKey(parentNodeKR)
+	parentHashKey, err := parentLink.GetHashKey(parentNodeKR, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return "", "", nil, nil, err
 	}

-	newNodeKR, err := getKeyRing(parentNodeKR, protonDrive.AddrKR, newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature)
+	newNodeKR, err := getKeyRing(parentNodeKR, protonDrive.AddrKR, newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return "", "", nil, nil, err
 	}
@@ -197,7 +197,7 @@ func (protonDrive *ProtonDrive) createFileUploadDraft(ctx context.Context, paren
 		if err != nil {
 			return "", "", nil, nil, err
 		}
-		newNodeKR, err = link.GetKeyRing(parentNodeKR, protonDrive.AddrKR)
+		newNodeKR, err = link.GetKeyRing(parentNodeKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 		if err != nil {
 			return "", "", nil, nil, err
 		}
--- a/folder.go
+++ b/folder.go
@@ -34,7 +34,7 @@ func (protonDrive *ProtonDrive) ListDirectory(
 			if err != nil {
 				return nil, err
 			}
-			folderLinkKR, err := folderLink.GetKeyRing(folderParentKR, protonDrive.AddrKR)
+			folderLinkKR, err := folderLink.GetKeyRing(folderParentKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 			if err != nil {
 				return nil, err
 			}
@@ -44,7 +44,7 @@ func (protonDrive *ProtonDrive) ListDirectory(
 					continue
 				}

-				name, err := childrenLinks[i].GetName(folderLinkKR, protonDrive.AddrKR)
+				name, err := childrenLinks[i].GetName(folderLinkKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 				if err != nil {
 					return nil, err
 				}
@@ -104,7 +104,7 @@ func (protonDrive *ProtonDrive) CreateNewFolder(ctx context.Context, parentLink
 		return "", err
 	}

-	parentHashKey, err := parentLink.GetHashKey(parentNodeKR)
+	parentHashKey, err := parentLink.GetHashKey(parentNodeKR, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return "", err
 	}
@@ -113,7 +113,7 @@ func (protonDrive *ProtonDrive) CreateNewFolder(ctx context.Context, parentLink
 		return "", err
 	}

-	newNodeKR, err := getKeyRing(parentNodeKR, protonDrive.AddrKR, newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature)
+	newNodeKR, err := getKeyRing(parentNodeKR, protonDrive.AddrKR, newNodeKey, newNodePassphraseEnc, newNodePassphraseSignature, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return "", err
 	}
@@ -205,7 +205,7 @@ func (protonDrive *ProtonDrive) moveLink(ctx context.Context, srcLink *proton.Li
 		return err
 	}

-	dstParentHashKey, err := dstParentLink.GetHashKey(dstParentKR)
+	dstParentHashKey, err := dstParentLink.GetHashKey(dstParentKR, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return err
 	}
--- a/folder_recursive.go
+++ b/folder_recursive.go
@@ -31,7 +31,7 @@ func (protonDrive *ProtonDrive) listDirectoriesRecursively(
 	var currentPath = ""

 	if !(excludeRoot && curDepth == 0) {
-		name, err := link.GetName(parentNodeKR, protonDrive.AddrKR)
+		name, err := link.GetName(parentNodeKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 		if err != nil {
 			return err
 		}
@@ -88,7 +88,7 @@ func (protonDrive *ProtonDrive) listDirectoriesRecursively(

 			if childrenLinks != nil {
 				// get current node's keyring
-				linkKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR)
+				linkKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 				if err != nil {
 					return err
 				}
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.18
 require (
 	github.com/ProtonMail/gluon v0.17.1-0.20230724134000-308be39be96e
 	github.com/ProtonMail/gopenpgp/v2 v2.7.2
-	github.com/henrybear327/go-proton-api v0.0.0-20230802152927-59db7bb18c64
+	github.com/henrybear327/go-proton-api v0.0.0-20230802163738-2539e3d6e690
 	github.com/relvacode/iso8601 v1.3.0
 	golang.org/x/sync v0.3.0
 )
--- a/go.sum
+++ b/go.sum
@@ -49,8 +49,8 @@ github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSM
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/henrybear327/go-proton-api v0.0.0-20230802152927-59db7bb18c64 h1:s+tcvtvssdVK09u1fSBDk0g6F6fzPz+qDmPg+5kcU3c=
-github.com/henrybear327/go-proton-api v0.0.0-20230802152927-59db7bb18c64/go.mod h1:w63MZuzufKcIZ93pwRgiOtxMXYafI8H74D77AxytOBc=
+github.com/henrybear327/go-proton-api v0.0.0-20230802163738-2539e3d6e690 h1:AW2p1djlmA2S7ss6hVj+TcEwtKdIOphFL4SpaOVHwfE=
+github.com/henrybear327/go-proton-api v0.0.0-20230802163738-2539e3d6e690/go.mod h1:w63MZuzufKcIZ93pwRgiOtxMXYafI8H74D77AxytOBc=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
--- a/search.go
+++ b/search.go
@@ -51,12 +51,12 @@ func (protonDrive *ProtonDrive) SearchByNameInActiveFolder(
 		return nil, err
 	}

-	folderLinkKR, err := folderLink.GetKeyRing(parentNodeKR, protonDrive.AddrKR)
+	folderLinkKR, err := folderLink.GetKeyRing(parentNodeKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return nil, err
 	}

-	folderHashKey, err := folderLink.GetHashKey(folderLinkKR)
+	folderHashKey, err := folderLink.GetHashKey(folderLinkKR, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return nil, err
 	}
--- a/search_recursive.go
+++ b/search_recursive.go
@@ -73,7 +73,7 @@ func (protonDrive *ProtonDrive) performSearchByNameRecursively(
 		return nil, nil
 	}

-	name, err := link.GetName(parentNodeKR, protonDrive.AddrKR)
+	name, err := link.GetName(parentNodeKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 	if err != nil {
 		return nil, err
 	}
@@ -90,7 +90,7 @@ func (protonDrive *ProtonDrive) performSearchByNameRecursively(
 		// log.Printf("childrenLinks len = %v, %#v", len(childrenLinks), childrenLinks)

 		// get current node's keyring
-		linkKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR)
+		linkKR, err := link.GetKeyRing(parentNodeKR, protonDrive.AddrKR, protonDrive.Config.SkipSignatureVerifications)
 		if err != nil {
 			return nil, err
 		}