Support gnu-dummy
This commit is contained in:
Mingshen Sun
parent
84b1c07f64
commit
f4f038375b
4 changed files with 11 additions and 94 deletions
|
|
@ -1,86 +0,0 @@
|
|||
--- go/src/github.com/ProtonMail/gopenpgp/vendor/golang.org/x/crypto/openpgp/s2k/s2k.go 2019-07-20 15:43:48.000000000 -0700
|
||||
+++ go/src/github.com/ProtonMail/gopenpgp/vendor/golang.org/x/crypto/openpgp/s2k/s2k.go 2019-07-20 15:53:58.000000000 -0700
|
||||
@@ -121,6 +121,53 @@
|
||||
}
|
||||
}
|
||||
|
||||
+func parseGNUExtensions(r io.Reader) (f func(out, in []byte), err error) {
|
||||
+ var buf [9]byte
|
||||
+
|
||||
+ // A three-byte string identifier
|
||||
+ _, err = io.ReadFull(r, buf[:3])
|
||||
+ if err != nil {
|
||||
+ return
|
||||
+ }
|
||||
+ gnuExt := string(buf[:3])
|
||||
+
|
||||
+ if gnuExt != "GNU" {
|
||||
+ return nil, errors.UnsupportedError("Malformed GNU extension: " + gnuExt)
|
||||
+ }
|
||||
+ _, err = io.ReadFull(r, buf[:1])
|
||||
+ if err != nil {
|
||||
+ return
|
||||
+ }
|
||||
+ gnuExtType := int(buf[0])
|
||||
+ switch gnuExtType {
|
||||
+ case 1:
|
||||
+ return nil, nil
|
||||
+ case 2:
|
||||
+ // Read a serial number, which is prefixed by a 1-byte length.
|
||||
+ // The maximum length is 16.
|
||||
+ var lenBuf [1]byte
|
||||
+ _, err = io.ReadFull(r, lenBuf[:])
|
||||
+ if err != nil {
|
||||
+ return
|
||||
+ }
|
||||
+
|
||||
+ maxLen := 16
|
||||
+ ivLen := int(lenBuf[0])
|
||||
+ if ivLen > maxLen {
|
||||
+ ivLen = maxLen
|
||||
+ }
|
||||
+ ivBuf := make([]byte, ivLen)
|
||||
+ // For now we simply discard the IV
|
||||
+ _, err = io.ReadFull(r, ivBuf)
|
||||
+ if err != nil {
|
||||
+ return
|
||||
+ }
|
||||
+ return nil, nil
|
||||
+ default:
|
||||
+ return nil, errors.UnsupportedError("unknown S2K GNU protection mode: " + strconv.Itoa(int(gnuExtType)))
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
// Iterated writes to out the result of computing the Iterated and Salted S2K
|
||||
// function (RFC 4880, section 3.7.1.3) using the given hash, input passphrase,
|
||||
// salt and iteration count.
|
||||
@@ -167,6 +214,12 @@
|
||||
return
|
||||
}
|
||||
|
||||
+ // GNU Extensions; handle them before we try to look for a hash, which won't
|
||||
+ // be needed in most cases anyway.
|
||||
+ if buf[0] == 101 {
|
||||
+ return parseGNUExtensions(r)
|
||||
+ }
|
||||
+
|
||||
hash, ok := HashIdToHash(buf[1])
|
||||
if !ok {
|
||||
return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(buf[1])))
|
||||
|
||||
--- go/src/github.com/ProtonMail/gopenpgp/vendor/golang.org/x/crypto/openpgp/packet/private_key.go 2019-07-20 15:43:48.000000000 -0700
|
||||
+++ go/src/github.com/ProtonMail/gopenpgp/vendor/golang.org/x/crypto/openpgp/packet/private_key.go 2019-07-20 16:26:05.000000000 -0700
|
||||
@@ -154,6 +154,13 @@
|
||||
if s2kType == 254 {
|
||||
pk.sha1Checksum = true
|
||||
}
|
||||
+ // S2K == nil implies that we got a "GNU Dummy" S2K. For instance,
|
||||
+ // because our master secret key is on a USB key in a vault somewhere.
|
||||
+ // In that case, there is no further data to consume here.
|
||||
+ if pk.s2k == nil {
|
||||
+ pk.Encrypted = false
|
||||
+ return
|
||||
+ }
|
||||
default:
|
||||
return errors.UnsupportedError("deprecated s2k function in private key")
|
||||
}
|
||||
|
|
@ -2,20 +2,23 @@
|
|||
|
||||
set -euox pipefail
|
||||
|
||||
mkdir -p go
|
||||
export GOPATH="$(pwd)/go"
|
||||
export PATH="$PATH:$GOPATH/bin"
|
||||
|
||||
go get -u golang.org/x/mobile/cmd/gomobile || true
|
||||
gomobile init
|
||||
go get -u github.com/ProtonMail/gopenpgp || true
|
||||
go get -u github.com/mssun/gopenpgp || true
|
||||
|
||||
PACKAGE_PATH="github.com/ProtonMail/gopenpgp"
|
||||
GOPENPGP_REVISION="v2.0.0"
|
||||
PACKAGE_PATH="github.com/mssun/gopenpgp"
|
||||
mkdir -p $GOPATH/src/github.com/ProtonMail
|
||||
GOPENPGP_REVISION="gnu-dummy"
|
||||
ln -s $GOPATH/src/github.com/mssun/gopenpgp $GOPATH/src/github.com/ProtonMail/gopenpgp
|
||||
|
||||
( cd "$GOPATH/src/$PACKAGE_PATH" && git checkout "$GOPENPGP_REVISION" && GO111MODULE=on go mod vendor )
|
||||
#patch -p0 < $GOPATH/crypto.patch
|
||||
|
||||
OUTPUT_PATH="$GOPATH/dist"
|
||||
mkdir -p "$OUTPUT_PATH"
|
||||
|
||||
"$GOPATH/bin/gomobile" bind -v -ldflags="-s -w" -target ios -o "${OUTPUT_PATH}/Crypto.framework" \
|
||||
"$PACKAGE_PATH"/{crypto,armor,constants,models,subtle}
|
||||
|
|
|
|||
|
|
@ -39,9 +39,9 @@ class CryptoFrameworkTest: XCTestCase {
|
|||
try [
|
||||
RSA2048,
|
||||
RSA4096,
|
||||
//RSA2048_SUB,
|
||||
RSA2048_SUB,
|
||||
ED25519,
|
||||
//ED25519_SUB,
|
||||
ED25519_SUB,
|
||||
].forEach { keyTriple in
|
||||
var error: NSError?
|
||||
guard let publicKey = CryptoNewKeyFromArmored(keyTriple.publicKey, &error),
|
||||
|
|
|
|||
|
|
@ -42,9 +42,9 @@ class PGPAgentTest: XCTestCase {
|
|||
try [
|
||||
RSA2048,
|
||||
RSA4096,
|
||||
//RSA2048_SUB,
|
||||
RSA2048_SUB,
|
||||
ED25519,
|
||||
//ED25519_SUB,
|
||||
ED25519_SUB,
|
||||
].forEach { keyTriple in
|
||||
let keychain = DictBasedKeychain()
|
||||
let pgpAgent = PGPAgent(keyStore: keychain)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue