From 1db1b415881faadf9b57a4aa98c3b2041a48ec88 Mon Sep 17 00:00:00 2001 From: Aron Wussler Date: Thu, 11 Nov 2021 16:36:44 +0100 Subject: [PATCH 1/3] Fix unlocking and locking keys --- crypto/key.go | 18 +++++++++------ crypto/message_test.go | 48 +++++++++++++++++++++++++++++++++++++++ crypto/testdata/key_dummy | 45 ++++++++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+), 7 deletions(-) create mode 100644 crypto/testdata/key_dummy diff --git a/crypto/key.go b/crypto/key.go index 8a76107..a02f01a 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -114,13 +114,15 @@ func (key *Key) Lock(passphrase []byte) (*Key, error) { return lockedKey, nil } - err = lockedKey.entity.PrivateKey.Encrypt(passphrase) - if err != nil { - return nil, errors.Wrap(err, "gopenpgp: error in locking key") + if lockedKey.entity.PrivateKey != nil && !lockedKey.entity.PrivateKey.Dummy() { + err = lockedKey.entity.PrivateKey.Encrypt(passphrase) + if err != nil { + return nil, errors.Wrap(err, "gopenpgp: error in locking key") + } } for _, sub := range lockedKey.entity.Subkeys { - if sub.PrivateKey != nil { + if sub.PrivateKey != nil && !sub.PrivateKey.Dummy() { if err := sub.PrivateKey.Encrypt(passphrase); err != nil { return nil, errors.Wrap(err, "gopenpgp: error in locking sub key") } @@ -157,9 +159,11 @@ func (key *Key) Unlock(passphrase []byte) (*Key, error) { return nil, err } - err = unlockedKey.entity.PrivateKey.Decrypt(passphrase) - if err != nil { - return nil, errors.Wrap(err, "gopenpgp: error in unlocking key") + if unlockedKey.entity.PrivateKey != nil && !unlockedKey.entity.PrivateKey.Dummy() { + err = unlockedKey.entity.PrivateKey.Decrypt(passphrase) + if err != nil { + return nil, errors.Wrap(err, "gopenpgp: error in unlocking key") + } } for _, sub := range unlockedKey.entity.Subkeys { diff --git a/crypto/message_test.go b/crypto/message_test.go index c0de997..392e2c0 100644 --- a/crypto/message_test.go +++ b/crypto/message_test.go @@ -214,6 +214,54 @@ func TestIssue11(t *testing.T) { assert.Exactly(t, "message from sender", plainMessage.GetString()) } + +func TestDummy(t *testing.T) { + pgp.latestServerTime = 1636644417 + defer func() { pgp.latestServerTime = testTime }() + + dummyKey, err := NewKeyFromArmored(readTestFile("key_dummy", false)) + if err != nil { + t.Fatal("Expected no error while unarmoring public keyring, got:", err) + } + + unlockedDummyKey, err := dummyKey.Unlock([]byte("golang")) + if err != nil { + t.Fatal("Expected no error while unlocking private key, got:", err) + } + + _, err = unlockedDummyKey.Lock([]byte("golang")) + if err != nil { + t.Fatal("Expected no error while unlocking private key, got:", err) + } + + dummyKeyRing, err := NewKeyRing(unlockedDummyKey) + if err != nil { + t.Fatal("Expected no error while building private keyring, got:", err) + } + + var message = NewPlainMessageFromString( + "The secret code is... 1, 2, 3, 4, 5. I repeat: the secret code is... 1, 2, 3, 4, 5", + ) + + ciphertext, err := dummyKeyRing.Encrypt(message, nil) + if err != nil { + t.Fatal("Expected no error when encrypting, got:", err) + } + + split, err := ciphertext.SeparateKeyAndData(1024, 0) + if err != nil { + t.Fatal("Expected no error when splitting, got:", err) + } + + assert.Len(t, split.GetBinaryDataPacket(), 133) // Assert uncompressed encrypted body length + + decrypted, err := dummyKeyRing.Decrypt(ciphertext, nil, 0) + if err != nil { + t.Fatal("Expected no error when decrypting, got:", err) + } + assert.Exactly(t, message.GetString(), decrypted.GetString()) +} + func TestSignedMessageDecryption(t *testing.T) { pgpMessage, err := NewPGPMessageFromArmored(readTestFile("message_signed", false)) if err != nil { diff --git a/crypto/testdata/key_dummy b/crypto/testdata/key_dummy new file mode 100644 index 0000000..e3fa805 --- /dev/null +++ b/crypto/testdata/key_dummy @@ -0,0 +1,45 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lQEVBGGNMyQBCACojuo9DE+DzUsShDq74IpQIp8oFJRXyRMMIkdzONjUHl9AEh2c +sBzr4XrtlETWbPwUbxBj1hopzAo+1WHxfF5DI0aoo39GF3w3qq8gBbLscXO4RoCm +QVmtOw/19SHA6z0Kqa5UyVnaIex9RoVBhXp9MUEpph1aXMvManAiD3/Ms4DhgplY +gCD1TgntqInTXiMk7PQuurKAh5GCG82GoIl2lY3dB0XrpuARrsKlaQoTJXNcKvYV +c8bw1mGEA8rShSfRiOZCrFev1EKDgvFtX2f0t651BbGYCHm3CJodO22GqZyRs3RJ +xxWFl2tFbUH3VApMICkLd2B3xdN+Cx2VcqenABEBAAH/AGUAR05VAbQiR29sYW5n +IEdvcGhlciA8Z29sYW5nQGV4YW1wbGUuY29tPokBTgQTAQoAOBYhBF1j6y+c0is1 +5l1jcqvPZFAHgtE4BQJhjTMkAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ +EKvPZFAHgtE4x7IIAKRwpsP++t9UWXw9UiiaHYb3W9e5ftwkkHvWVCeJ3OmnOvMY +ecoEwZYqQpyckWUKKGXm4qnG81uJBHJYFbvrkKjjsM8CzjjkS1dtFyoKy7SGluj6 +xgxQpcTIqT84FBKu4Zjy6cW/Blg7ONXbYXZByL4jen+0s5B4a/w0CTjA2Bo/e1pF +eOfqPSbUL1jp5weW38CSF7Rr+sI1cPY3/GgyE2ov/GqCkKFxaq8lRcXqLsHVOOIo +K9H4Wkrd02RMEs/dHU4dUE1uYVAg4hTEMyew68iatLqaUkROCMRVaFJw/fBlmW4v +Ceup7tMW8DQYdWj8hzEPJlPYhFhO0+6ItearNq2dA8YEYY0zJAEIAO0hBP0CgLFU +caVhNafwaTR0Fgof4mNC0BUuBqNpgUNVr0MHmVrUl05XqeMXiWCrwMNd07sRHi4S +MrTk6dDBvQd12P3zLix+Is4Hib+AN+d9bwuloQbP4Pq9mbFifenVMqwzpwwWaT/q +YVz1Ohh/30tAd9mFypIU78qeqW0EPBv7WjoK8gX/trkbL+SD4EBgqu6wo+WqBtSc +acWTR3IEkJ8cG/NP2jiKnzU3EDVb5vYgDUP5IzxOlJkRxmEbaID5nocvpjH/Hbvz +bb1Ii8lOCN2saQ3zr7Wd41VGzslMzMtVhKx/s7y3uOf6ZNRiOSuCtgHiIHRdQoCH +Xccmm1TGrfMAEQEAAf4HAwIDlxaVYIE7df/Hn2J5RGJ6YaFYCGxxI1j1O5sRHhEf +XJG1Dhuf0uKKNHiAwM05TVoqPSIjBoLML+2rUCwoD3FICFDA2KW7CyjLP4RyVIiD +EMTWWWs7c4pFBbUupcvRMtttYHML5PnL0aIa/FmESmHk/oC4m8FRcKxJ0MfWNI0j +dsubixrm6bFaRpysNy1SzzmKM+lWuKHFpGceU8ltjdEV01cAQNQ+WzLlR48lJDUq +Csmfu6SjQjPRV3ARoSgqtMb4q/Aplq8IxL/KLVWjYkX9lC7btlFnW2Kcp7HWgKGp +I/7GFPT22JINhZWY9LOLoxTRbWlIguGg2TrOe/FMlE09PP2rZMu9MPAg7TkEcxG7 +ZJTJDeU5EN4qF9uWH94wfGTPqTbX7z5Os0jabDxtB832aRVDuOZGyzaa7flzO3qQ +yQhHOQ8iNG67fhMAkjFVeaVyhtEHpQ8ui0GVOyqlDGwKj1U/Xgb8GawDS7FCJdrC +n1bD2Za6YgD1DKtiIQYGUhZI/WQg6Ef6qNQ6znmswEACBn0YQs3sSqjgccpjlTfA +U0V1C3vM3JFTNHWgkyIU+NjgKNFTe4H9778oNupVWB4OpL0lCkQJ/WIKvzEZksMK +xekF/XdCtmWRSQROODNeTMJllwpfJJgvwWU52GOiu+YyqlC2gXMYNN5oSkbPlIB0 +xHsq8iTu41tHpDuIr88Jh9+NiPpg4ll5Gd5pZLgsxkwlElVPkAhwapPVdRuSzkv8 +J3ZIm9BWYFTISCT0ciMOkEvY91aEdkfTw4gr61KHG+z6d78ySPC1uo6vFQWP3G0r +DQCw4jjBznz2XU0l9ZmZ30RrF5pwWwnLO6t7ihDVScjNK+xiC1yNVQUiOpSy5JQX +6BVcxetZGm+k/jTVlaXZdGO1bkk4CUd7NUzjynLKhHxCcqzFTHuJATYEGAEKACAW +IQRdY+svnNIrNeZdY3Krz2RQB4LROAUCYY0zJAIbDAAKCRCrz2RQB4LROGeOCACZ +/tF6F4rYBKtF5OiAwwV+8DjDwwIsQrJ2GF9cmzvY08tTEClSJts5+6p2S1pirleZ +kaSPg51gatZ67OegjN7Mh/o/7sGtKAZydqQfpmnFIndAsQMXmIlUIRYaSwVRbigY +6bWoeKQJVfNXlcEiNO9K6nINUhv8sjTDbogV6o4LP/m2jo5VKn5G6hA9EPKUo6TJ +685PDHomQ37GZnXiyAUKUC0wzPK2Cn0kGOwpVyxopAjMfvZZ1MTg6thc5dP30ObF +WX8GTRXcDOxj0yRjrCbX/IDeJqQ7FL7QD5p28KoIwrMAwh3i46z6I2e303+MPfJR +XGP4suk8zJsKrEscczTb +=HRg1 +-----END PGP PRIVATE KEY BLOCK----- From a0bc8b1af807da9a7cbfb42cdf8618edd24e6293 Mon Sep 17 00:00:00 2001 From: Aron Wussler Date: Thu, 11 Nov 2021 16:38:10 +0100 Subject: [PATCH 2/3] Release 2.2.5 --- CHANGELOG.md | 3 ++- constants/armor.go | 2 +- constants/version.go | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 866ef16..e0629f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [Unreleased] +## [2.2.5] 2021-11-11 ### Fixed - Protect the global `pgp` variable fields with a lock. +- Unlock and lock dummy keys correctly ## [2.2.4] 2021-09-29 ### Fixed diff --git a/constants/armor.go b/constants/armor.go index a526e9d..0ac3e51 100644 --- a/constants/armor.go +++ b/constants/armor.go @@ -3,7 +3,7 @@ package constants // Constants for armored data. const ( - ArmorHeaderVersion = "GopenPGP 2.2.4" + ArmorHeaderVersion = "GopenPGP 2.2.5" ArmorHeaderComment = "https://gopenpgp.org" PGPMessageHeader = "PGP MESSAGE" PGPSignatureHeader = "PGP SIGNATURE" diff --git a/constants/version.go b/constants/version.go index eda7566..25660af 100644 --- a/constants/version.go +++ b/constants/version.go @@ -1,3 +1,3 @@ package constants -const Version = "2.2.4" +const Version = "2.2.5" From 24a754d34ad4f95a2140e5145a1bb59233700dab Mon Sep 17 00:00:00 2001 From: Aron Wussler Date: Thu, 11 Nov 2021 16:42:12 +0100 Subject: [PATCH 3/3] Fix linter --- .github/workflows/ios.yml | 4 ++-- .golangci.yml | 4 +++- crypto/message_test.go | 1 - 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ios.yml b/.github/workflows/ios.yml index bccd223..69cfc01 100644 --- a/.github/workflows/ios.yml +++ b/.github/workflows/ios.yml @@ -12,10 +12,10 @@ jobs: runs-on: macos-latest steps: - - name: Set up xcode 13.0 + - name: Set up xcode 12.2 uses: maxim-lobanov/setup-xcode@v1 with: - xcode-version: 13.0 + xcode-version: 12.2 id: xcode - name: Set up Go 1.x diff --git a/.golangci.yml b/.golangci.yml index 7395bb4..6f032cd 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -41,4 +41,6 @@ linters: - revive # Force CamelCase instead of all caps - nilerr # Force return err when not nil - wrapcheck # Force wrapping of external error TODO: when the bug is fixed update the linter - - gomoddirectives # Prohibits the use of replace statements \ No newline at end of file + - gomoddirectives # Prohibits the use of replace statements + - varnamelen # Forbids short var names + - ireturn # Prevents returning interfaces \ No newline at end of file diff --git a/crypto/message_test.go b/crypto/message_test.go index 392e2c0..f40f6c8 100644 --- a/crypto/message_test.go +++ b/crypto/message_test.go @@ -214,7 +214,6 @@ func TestIssue11(t *testing.T) { assert.Exactly(t, "message from sender", plainMessage.GetString()) } - func TestDummy(t *testing.T) { pgp.latestServerTime = 1636644417 defer func() { pgp.latestServerTime = testTime }()