Doesn't support newer protonmail/go-crypto
mdosch opened this issue · 3 comments
I want to update github.com/ProtonMail/go-crypto to version v0.0.0-20220407094043-a94812496cf5 in Debian but unfortunately this breaks go-pgpmail.
go test
go: downloading github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594
--- FAIL: TestEncrypt (0.00s)
writer_test.go:46: Encrypt() =
Content-Type: multipart/encrypted; boundary=foo;
protocol="application/pgp-encrypted"
To: John Doe <john.doe@example.org>
From: John Doe <john.doe@example.org>
--foo
Content-Type: application/pgp-encrypted
Version: 1
--foo
Content-Type: application/octet-stream
-----BEGIN PGP MESSAGE-----
wcBMAxF0jxulHQ8+AQf+MKEqgZA3ZR6K79wGFa67rAxC9NudHUXFaXKAxOZqKmt9
dSH+jIbVrnM/5+/noaHY+3/YbPcow/E0XIfb/G0TDfLI1y5NyLRN5u8ms293ONqL
xbEBp1f/mert3UTvi3ewCd4V/bP7+s2XcwgpRFZE6wYV+iFHS1IgMdqNHR2lNhNW
wszcVy6rRCdhiYsgz56YASPfJmGroPARzh1LIPoTKwXisLnAaM0JUb6f2E2/K2Jp
Z6OMrPfiGPl/XGhr80B9UaQjSkMZx8cH3L7Av3Q+q7llRmBK2Y5Skgl96RDDX0Pr
x/6tBxa96LXINovCGS/BZ1jbv9xL175G7x4iXH9VYNLA7wFm6UvU74osO4hM+lnK
NCsu95V5R1HjltYjoQY7HR4k2KplLD7fqWrm/dj8IrwqSrSa6ZgHZCEpROx/goiQ
oqyhtF3XXohwM0C6Mr+ojdmXbBNdOmv3sm+isdFGCIGgiYhcAyBRDMehx3sBLWLY
8oeqR759MhzKztHC0sZaU8OMeAWpD7XVrVHX1JKxfVxHG8FEE2uKXI2YP5TJNv0N
YZc/QtfY/+X4U70zER1DwZM8ZVIgJrFrhLhFjqYwE3CfKw14GqZxTxxL1VwI3VSJ
/zTsUgrfGoG7JLb3z5sgobN2sNSCWuJMMLZq59vLbOph1/DwHe/E1IzlEb5fmKy8
xqEZwkoLpGhfFKi5Db3l28sxeGqVWTz1INeX8A6yfGgLwXlp3+G/3XgdbU69frH2
TjoTdGoJqOq4o6UMsFYuxXuFe6Z/ncXLHgsDiosBGPEsEbby2SEB3aJyCl5o/Z47
eKc13ezboR8W88a2movSZhFVlGDDyvdgxL9rJPS4K5/sLjmFG9o3xgft9im1QAss
c7eWsEhiiJjje6IIPFa+rYaiNUsy7n2syyFMCocLjAbq
=eow+
-----END PGP MESSAGE-----
--foo--
but want
Content-Type: multipart/encrypted; boundary=foo;
protocol="application/pgp-encrypted"
To: John Doe <john.doe@example.org>
From: John Doe <john.doe@example.org>
--foo
Content-Type: application/pgp-encrypted
Version: 1
--foo
Content-Type: application/octet-stream
-----BEGIN PGP MESSAGE-----
wcBMAxF0jxulHQ8+AQf+MKEqgZA3ZR6K79wGFa67rAxC9NudHUXFaXKAxOZqKmt9
dSH+jIbVrnM/5+/noaHY+3/YbPcow/E0XIfb/G0TDfLI1y5NyLRN5u8ms293ONqL
xbEBp1f/mert3UTvi3ewCd4V/bP7+s2XcwgpRFZE6wYV+iFHS1IgMdqNHR2lNhNW
wszcVy6rRCdhiYsgz56YASPfJmGroPARzh1LIPoTKwXisLnAaM0JUb6f2E2/K2Jp
Z6OMrPfiGPl/XGhr80B9UaQjSkMZx8cH3L7Av3Q+q7llRmBK2Y5Skgl96RDDX0Pr
x/6tBxa96LXINovCGS/BZ1jbv9xL175G7x4iXH9VYNLA7wFm6UvU74osO4hM+lnK
NCsu95V5R1HjltYjoQY7HR4k2KplLD7fqWrm/dj8IrwqSrSa6ZgHZCEpROx/goiQ
oqyhtF3XXohwM0C6Mr+ojdmXbBNdOmv3sm+isdFGCIGgiYhcAyBRDMehx3sBLWLY
8oeqR759MhzKztHC0sZa08OMeIpCEINy4eDEAQdbWDg1l+J9W9Bqd5vqx9FI82np
FMueiumFwi+zjV17M/taOLeLGVJudwsH9eWcX2NdyHvTfNWRfx20Z50GB0nwkb9n
4vTfow0vXbcT+1ajnOyrOljwBGfgvcpBG1/9WEQxMoA5tvH3i7y9T4SxpJ2+DjqG
dxGdo+sj0PiQObhCj3sHVIoRHYSCLWid78VY8GUZrBdBA6NAlxj6Pk36Lkp66/55
JaJo2G7ZVnezLkPlr9gFbdc4kkel5ABAD8/1zLIG4LcrCHBBgH5lIP7uv+dAwtsE
jQfrJzA1FD4ZRprc7qhbcIq6NRBIj8amu/KHvBBi+zNOUW4QtrC23LHOGYldrcu1
o3q42OYigPcRIYlmmqkyBmj16Kj5jPnjDry9iv68Z6ot
=TtuG
-----END PGP MESSAGE-----
--foo--
--- FAIL: TestSign (0.00s)
writer_test.go:78: Encrypt() =
Content-Type: multipart/signed; boundary=foo; micalg=pgp-sha256;
protocol="application/pgp-signature"
To: John Doe <john.doe@example.org>
From: John Doe <john.doe@example.org>
--foo
Content-Type: text/plain
This is a signed message!
--foo
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
wsBzBAEBCAAnBQJeTcwACZAwchXBPfepZBYhBLGoZpNUFTt5nyIXvzByFcE996lk
AAA7mAgAmxg6jbnvME1ndnuI/O6ZF/tzz8iJDPnwMAyCvfyr8+oMwHMcjAIUOoID
KcS8Q3+qcH7g7S9k2KJkXBC1mUUC0EpWO77UeC8JhAsMpnw021v0OnNJsY6YLBf3
HwZzx9Zd960/AMuwtJGApwoKGraYXN8eRjg/8/qoR8qV3k0mSXy3NTg6+tO9UIZb
iOk52p5B9uHbbrA9TAeKw6rWoyt9xn0TfY5xtk3m/jiMv/gbkDPWBqiL5I51bigY
36kH4II2f3V4ddETwScIVEGNqG7NcV5za38DZwZIPyvcmZ0H3i2tw5ybvRUu2X5T
zOT+98ChRnkuEUAH/Stiw2QSbLCMQg==
=QtD4
-----END PGP MESSAGE-----
--foo--
but want
Content-Type: multipart/signed; boundary=foo; micalg=pgp-sha256;
protocol="application/pgp-signature"
To: John Doe <john.doe@example.org>
From: John Doe <john.doe@example.org>
--foo
Content-Type: text/plain
This is a signed message!
--foo
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
wsBzBAEBCAAnBQJeTcwACZAwchXBPfepZBahBLGoZpNUFTt5nyIXvzByFcE996lk
AACmXQgAiu/yJb2o3AX/GYt/GUSEWkYb1GI41ogLpoicrX6UPoUhuIwzNQHvSG62
DDsMrNBKUZfymp6iYFRBEs9Au0o8WwqMFGWWgaDxvI2144gSDN4CDKtyCVRGNcIf
PeL+vfpZIEV1JzzRKLl3nGlFbnSTfpxUg3EYNy51RHNmbvJGRzi43CTYJUp7Lh+/
ibogULsL0ZH3M6QtGhUNcujjqUmVAvAqVxwf7BjBta/G2hOPPCQeVjFsOgcWuIQr
GudsXpoK1FQ+NUrGcXJGgV+bq6r9IGEUafjGJ3087q9hz5drBoUgqlyl62wn7krB
Ql3Afgbl74/eTZO7Mr5cx3us80F3AQ==
=6GTz
-----END PGP MESSAGE-----
--foo--
FAIL
exit status 1
FAIL github.com/emersion/go-pgpmail 0.011s
One would need to look at the generated encrypted/signed data, then
manually check that it works via gpg. Alternatively update the tests to
go through decryption again instead of hardcoding encrypted/signed
blobs.
I checked TestEncrypt manually and it seems to work:
cat msg.txt
-----BEGIN PGP MESSAGE-----
wcBMAxF0jxulHQ8+AQf+MKEqgZA3ZR6K79wGFa67rAxC9NudHUXFaXKAxOZqKmt9
dSH+jIbVrnM/5+/noaHY+3/YbPcow/E0XIfb/G0TDfLI1y5NyLRN5u8ms293ONqL
xbEBp1f/mert3UTvi3ewCd4V/bP7+s2XcwgpRFZE6wYV+iFHS1IgMdqNHR2lNhNW
wszcVy6rRCdhiYsgz56YASPfJmGroPARzh1LIPoTKwXisLnAaM0JUb6f2E2/K2Jp
Z6OMrPfiGPl/XGhr80B9UaQjSkMZx8cH3L7Av3Q+q7llRmBK2Y5Skgl96RDDX0Pr
x/6tBxa96LXINovCGS/BZ1jbv9xL175G7x4iXH9VYNLA7wFm6UvU74osO4hM+lnK
NCsu95V5R1HjltYjoQY7HR4k2KplLD7fqWrm/dj8IrwqSrSa6ZgHZCEpROx/goiQ
oqyhtF3XXohwM0C6Mr+ojdmXbBNdOmv3sm+isdFGCIGgiYhcAyBRDMehx3sBLWLY
8oeqR759MhzKztHC0sZaU8OMeAWpD7XVrVHX1JKxfVxHG8FEE2uKXI2YP5TJNv0N
YZc/QtfY/+X4U70zER1DwZM8ZVIgJrFrhLhFjqYwE3CfKw14GqZxTxxL1VwI3VSJ
/zTsUgrfGoG7JLb3z5sgobN2sNSCWuJMMLZq59vLbOph1/DwHe/E1IzlEb5fmKy8
xqEZwkoLpGhfFKi5Db3l28sxeGqVWTz1INeX8A6yfGgLwXlp3+G/3XgdbU69frH2
TjoTdGoJqOq4o6UMsFYuxXuFe6Z/ncXLHgsDiosBGPEsEbby2SEB3aJyCl5o/Z47
eKc13ezboR8W88a2movSZhFVlGDDyvdgxL9rJPS4K5/sLjmFG9o3xgft9im1QAss
c7eWsEhiiJjje6IIPFa+rYaiNUsy7n2syyFMCocLjAbq
=eow+
-----END PGP MESSAGE-----
LC_ALL=C gpg -d msg.txt
gpg: encrypted with 2048-bit RSA key, ID 11748F1BA51D0F3E, created 2020-02-13
"John Doe (This is a test key) <john.doe@example.org>"
Content-Type: text/plain
This is an encrypted message!gpg: Signature made Thu Feb 20 01:00:00 2020 CET
gpg: using RSA key B1A8669354153B799F2217BF307215C13DF7A964
gpg: Good signature from "John Doe (This is a test key) <john.doe@example.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: B1A8 6693 5415 3B79 9F22 17BF 3072 15C1 3DF7 A964
So the updated go-crypto seems to not break your program. I had a look if I'd be able to change the test to decrypt the message instead of checking against the hardcoded data but it seems I don't understand enough of your program and go-crypto to get this done as I don't really know either of them (I just need to update go-crypto in Debian to be able to package protonmail/gopenpgp which I need for my program).
Hi!
I've had a look at the dumped packets and it seems like the issuer key fingerprint subpacket is no longer marked as critical, due to this commit:
ProtonMail/go-crypto@a4f6767
This is a bugfix and I encourage you to update the tests in go-pgpmail.
My 2 cents are to implement proper testing, not to rely on hardcoded strings, as openpgp has some flexibility in the packet ordering / serialization, therefore it'll break again for sure. Asserting ciphertext is a recipe for headache. Wondering how ciphertext could be asserted at all I've discovered an all-zero random instantiation, that is fishy even in tests.
I'd probably implement "hardcoded blob decrypts correctly" kind of test and "encrypt+decrypt flow works correctly", asserting only that the structure of the MIME-encoded message is correct (ignoring what's within the armoring itself).