protonmail: make SRP modulus signature failures a warning

Temporarily make signature errors non-fatal because the Go OpenPGP library is missing some features we need: openpgp: unsupported feature: public key algorithm 22 This doesn't really weaken our security since we weren't checking the signature key anyway. To completely fix this issue, we need to upstream the required key algorithm. Fixes #46
emersion · Apr 13, 2019 · 93c8007 · 93c8007
1 parent 8f16741
commit 93c8007
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/protonmail/srp.go b/protonmail/srp.go
@@ -7,6 +7,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"io"
+	"log"
 	"math/big"
 
 	"golang.org/x/crypto/openpgp"
@@ -22,10 +23,11 @@ func decodeModulus(msg string) ([]byte, error) {
 		return nil, errors.New("invalid modulus signed PGP block")
 	}
 
-	// TODO: check signature key
+	// TODO: check signature and signature key
 	_, err := openpgp.CheckDetachedSignature(nil, bytes.NewReader(block.Plaintext), block.ArmoredSignature.Body)
 	if err != nil && err != openpgperrors.ErrUnknownIssuer {
-		return nil, err
+		//return nil, fmt.Errorf("failed to decode modulus: %v", err)
+		log.Println("warning: failed to check SRP modulus signature:", err)
 	}
 
 	return base64.StdEncoding.DecodeString(string(block.Plaintext))