yesBad/proton-bridge
1
0
Fork 0
forked from Silverfish/proton-bridge
Code Actions Activity

Other: Mitigate double-unlock of user keyring

Browse Source 
We need to unlock the user keyring anyway to unlock the address keyring,
so we should just return it instead of re-unlocking the user keyring
when sending a message.
This commit is contained in:
James Houlahan
2022-10-20 15:35:33 +02:00
parent 80d3f7d179
commit 81f4ef609b
9 changed files with 153 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/user/events.go
View File

@ -248,7 +248,7 @@ func (user *User) handleCreateMessageEvent(ctx context.Context, event liteapi.Me
return fmt.Errorf("failed to get full message: %w", err)
}
return user.withAddrKR(event.Message.AddressID, func(addrKR *crypto.KeyRing) error {
return user.withAddrKR(event.Message.AddressID, func(_, addrKR *crypto.KeyRing) error {
buildRes, err := buildRFC822(ctx, full, addrKR)
if err != nil {
return fmt.Errorf("failed to build RFC822 message: %w", err)

2
internal/user/imap.go
View File

@ -254,7 +254,7 @@ func (conn *imapConnector) CreateMessage(
imported []byte
)
if err := conn.withAddrKR(conn.addrID, func(addrKR *crypto.KeyRing) error {
if err := conn.withAddrKR(conn.addrID, func(_, addrKR *crypto.KeyRing) error {
res, err := stream.Collect(ctx, conn.client.ImportMessages(ctx, addrKR, 1, 1, []liteapi.ImportReq{{
Metadata: liteapi.ImportMetadata{
AddressID: conn.addrID,

8
internal/user/keys.go
View File

@ -36,7 +36,7 @@ func (user *User) withUserKR(fn func(*crypto.KeyRing) error) error {
})
}
func (user *User) withAddrKR(addrID string, fn func(*crypto.KeyRing) error) error {
func (user *User) withAddrKR(addrID string, fn func(*crypto.KeyRing, *crypto.KeyRing) error) error {
return user.withUserKR(func(userKR *crypto.KeyRing) error {
if ok, err := user.apiAddrs.GetErr(addrID, func(apiAddr liteapi.Address) error {
addrKR, err := apiAddr.Keys.Unlock(user.vault.KeyPass(), userKR)
@ -45,7 +45,7 @@ func (user *User) withAddrKR(addrID string, fn func(*crypto.KeyRing) error) erro
}
defer userKR.ClearPrivateParams()
return fn(addrKR)
return fn(userKR, addrKR)
}); !ok {
return fmt.Errorf("no such address %q", addrID)
} else if err != nil {
@ -56,7 +56,7 @@ func (user *User) withAddrKR(addrID string, fn func(*crypto.KeyRing) error) erro
})
}
func (user *User) withAddrKRs(fn func(map[string]*crypto.KeyRing) error) error {
func (user *User) withAddrKRs(fn func(*crypto.KeyRing, map[string]*crypto.KeyRing) error) error {
return user.withUserKR(func(userKR *crypto.KeyRing) error {
return user.apiAddrs.ValuesErr(func(apiAddrs []liteapi.Address) error {
addrKRs := make(map[string]*crypto.KeyRing)
@ -71,7 +71,7 @@ func (user *User) withAddrKRs(fn func(map[string]*crypto.KeyRing) error) error {
addrKRs[apiAddr.ID] = addrKR
}
return fn(addrKRs)
return fn(userKR, addrKRs)
})
})
}

64
internal/user/keys_test.go Normal file
View File

@ -0,0 +1,64 @@
// Copyright (c) 2022 Proton AG
//
// This file is part of Proton Mail Bridge.
//
// Proton Mail Bridge is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Proton Mail Bridge is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
package user
import (
"context"
"testing"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/stretchr/testify/require"
"gitlab.protontech.ch/go/liteapi"
"gitlab.protontech.ch/go/liteapi/server"
)
func BenchmarkUserKeyRing(b *testing.B) {
b.StopTimer()
withAPI(b, context.Background(), func(ctx context.Context, s *server.Server, m *liteapi.Manager) {
withAccount(b, s, "username", "password", []string{"email@pm.me"}, func(userID string, addrIDs []string) {
withUser(b, ctx, s, m, "username", "password", func(user *User) {
b.StartTimer()
for i := 0; i < b.N; i++ {
require.NoError(b, user.withUserKR(func(userKR *crypto.KeyRing) error {
return nil
}))
}
})
})
})
}
func BenchmarkAddrKeyRing(b *testing.B) {
b.StopTimer()
withAPI(b, context.Background(), func(ctx context.Context, s *server.Server, m *liteapi.Manager) {
withAccount(b, s, "username", "password", []string{"email@pm.me"}, func(userID string, addrIDs []string) {
withUser(b, ctx, s, m, "username", "password", func(user *User) {
b.StartTimer()
for i := 0; i < b.N; i++ {
require.NoError(b, user.withAddrKR(addrIDs[0], func(userKR, addrKR *crypto.KeyRing) error {
return nil
}))
}
})
})
})
}

112
internal/user/smtp.go
View File

@ -163,72 +163,70 @@ func (session *smtpSession) Data(r io.Reader) error { //nolint:funlen
}
return session.apiAddrs.ValuesErr(func(apiAddrs []liteapi.Address) error {
return session.withAddrKR(session.fromAddrID, func(addrKR *crypto.KeyRing) error {
return session.withUserKR(func(userKR *crypto.KeyRing) error {
// Use the first key for encrypting the message.
addrKR, err := addrKR.FirstKey()
return session.withAddrKR(session.fromAddrID, func(userKR, addrKR *crypto.KeyRing) error {
// Use the first key for encrypting the message.
addrKR, err := addrKR.FirstKey()
if err != nil {
return fmt.Errorf("failed to get first key: %w", err)
}
// If the message contains a sender, use it instead of the one from the return path.
if sender, ok := getMessageSender(parser); ok {
session.from = sender
}
// Load the user's mail settings.
settings, err := session.client.GetMailSettings(ctx)
if err != nil {
return fmt.Errorf("failed to get mail settings: %w", err)
}
// If we have to attach the public key, do it now.
if settings.AttachPublicKey == liteapi.AttachPublicKeyEnabled {
key, err := addrKR.GetKey(0)
if err != nil {
return fmt.Errorf("failed to get first key: %w", err)
return fmt.Errorf("failed to get sending key: %w", err)
}
// If the message contains a sender, use it instead of the one from the return path.
if sender, ok := getMessageSender(parser); ok {
session.from = sender
}
// Load the user's mail settings.
settings, err := session.client.GetMailSettings(ctx)
pubKey, err := key.GetArmoredPublicKey()
if err != nil {
return fmt.Errorf("failed to get mail settings: %w", err)
return fmt.Errorf("failed to get public key: %w", err)
}
// If we have to attach the public key, do it now.
if settings.AttachPublicKey == liteapi.AttachPublicKeyEnabled {
key, err := addrKR.GetKey(0)
if err != nil {
return fmt.Errorf("failed to get sending key: %w", err)
}
parser.AttachPublicKey(pubKey, fmt.Sprintf("publickey - %v - %v", addrKR.GetIdentities()[0].Name, key.GetFingerprint()[:8]))
}
pubKey, err := key.GetArmoredPublicKey()
if err != nil {
return fmt.Errorf("failed to get public key: %w", err)
}
// Parse the message we want to send (after we have attached the public key).
message, err := message.ParseWithParser(parser)
if err != nil {
return fmt.Errorf("failed to parse message: %w", err)
}
parser.AttachPublicKey(pubKey, fmt.Sprintf("publickey - %v - %v", addrKR.GetIdentities()[0].Name, key.GetFingerprint()[:8]))
}
// Parse the message we want to send (after we have attached the public key).
message, err := message.ParseWithParser(parser)
if err != nil {
return fmt.Errorf("failed to parse message: %w", err)
}
// Collect all the user's emails so we can match them to the outgoing message.
emails := xslices.Map(apiAddrs, func(addr liteapi.Address) string {
return addr.Email
})
sent, err := sendWithKey(
ctx,
session.client,
session.authID,
session.vault.AddressMode(),
settings,
userKR,
addrKR,
emails,
session.from,
session.to,
message,
)
if err != nil {
return fmt.Errorf("failed to send message: %w", err)
}
logrus.WithField("messageID", sent.ID).Info("Message sent")
return nil
// Collect all the user's emails so we can match them to the outgoing message.
emails := xslices.Map(apiAddrs, func(addr liteapi.Address) string {
return addr.Email
})
sent, err := sendWithKey(
ctx,
session.client,
session.authID,
session.vault.AddressMode(),
settings,
userKR,
addrKR,
emails,
session.from,
session.to,
message,
)
if err != nil {
return fmt.Errorf("failed to send message: %w", err)
}
logrus.WithField("messageID", sent.ID).Info("Message sent")
return nil
})
})
}

2
internal/user/sync.go
View File

@ -43,7 +43,7 @@ const (
)
func (user *User) sync(ctx context.Context) error {
return user.withAddrKRs(func(addrKRs map[string]*crypto.KeyRing) error {
return user.withAddrKRs(func(_ *crypto.KeyRing, addrKRs map[string]*crypto.KeyRing) error {
logrus.Info("Beginning sync")
if !user.vault.SyncStatus().HasLabels {

49
internal/user/user_test.go
View File

@ -15,7 +15,7 @@
// You should have received a copy of the GNU General Public License
// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
package user_test
package user
import (
"context"
@ -24,7 +24,6 @@ import (
"github.com/ProtonMail/proton-bridge/v2/internal/certs"
"github.com/ProtonMail/proton-bridge/v2/internal/events"
"github.com/ProtonMail/proton-bridge/v2/internal/user"
"github.com/ProtonMail/proton-bridge/v2/internal/vault"
"github.com/ProtonMail/proton-bridge/v2/tests"
"github.com/stretchr/testify/require"
@ -34,8 +33,8 @@ import (
)
func init() {
user.EventPeriod = 100 * time.Millisecond
user.EventJitter = 0
EventPeriod = 100 * time.Millisecond
EventJitter = 0
backend.GenerateKey = tests.FastGenerateKey
certs.GenerateCert = tests.FastGenerateCert
}
@ -43,7 +42,7 @@ func init() {
func TestUser_Data(t *testing.T) {
withAPI(t, context.Background(), func(ctx context.Context, s *server.Server, m *liteapi.Manager) {
withAccount(t, s, "username", "password", []string{"email@pm.me", "alias@pm.me"}, func(userID string, addrIDs []string) {
withUser(t, ctx, s, m, "username", "password", func(user *user.User) {
withUser(t, ctx, s, m, "username", "password", func(user *User) {
// User's ID should be correct.
require.Equal(t, userID, user.ID())
@ -66,7 +65,7 @@ func TestUser_Data(t *testing.T) {
func TestUser_Sync(t *testing.T) {
withAPI(t, context.Background(), func(ctx context.Context, s *server.Server, m *liteapi.Manager) {
withAccount(t, s, "username", "password", []string{"email@pm.me"}, func(userID string, addrIDs []string) {
withUser(t, ctx, s, m, "username", "password", func(user *user.User) {
withUser(t, ctx, s, m, "username", "password", func(user *User) {
// User starts a sync at startup.
require.IsType(t, events.SyncStarted{}, <-user.GetEventCh())
@ -83,7 +82,7 @@ func TestUser_Sync(t *testing.T) {
func TestUser_Deauth(t *testing.T) {
withAPI(t, context.Background(), func(ctx context.Context, s *server.Server, m *liteapi.Manager) {
withAccount(t, s, "username", "password", []string{"email@pm.me"}, func(userID string, addrIDs []string) {
withUser(t, ctx, s, m, "username", "password", func(user *user.User) {
withUser(t, ctx, s, m, "username", "password", func(user *User) {
eventCh := user.GetEventCh()
// Revoke the user's auth token.
@ -96,7 +95,7 @@ func TestUser_Deauth(t *testing.T) {
})
}
func withAPI(_ *testing.T, ctx context.Context, fn func(context.Context, *server.Server, *liteapi.Manager)) { //nolint:revive
func withAPI(_ testing.TB, ctx context.Context, fn func(context.Context, *server.Server, *liteapi.Manager)) { //nolint:revive
server := server.New()
defer server.Close()
@ -106,9 +105,9 @@ func withAPI(_ *testing.T, ctx context.Context, fn func(context.Context, *server
))
}
func withAccount(t *testing.T, s *server.Server, username, password string, emails []string, fn func(string, []string)) {
func withAccount(tb testing.TB, s *server.Server, username, password string, emails []string, fn func(string, []string)) { //nolint:unparam
userID, addrID, err := s.CreateUser(username, emails[0], []byte(password))
require.NoError(t, err)
require.NoError(tb, err)
addrIDs := make([]string, 0, len(emails))
@ -116,7 +115,7 @@ func withAccount(t *testing.T, s *server.Server, username, password string, emai
for _, email := range emails[1:] {
addrID, err := s.CreateAddress(userID, email, []byte(password))
require.NoError(t, err)
require.NoError(tb, err)
addrIDs = append(addrIDs, addrID)
}
@ -124,33 +123,33 @@ func withAccount(t *testing.T, s *server.Server, username, password string, emai
fn(userID, addrIDs)
}
func withUser(t *testing.T, ctx context.Context, _ *server.Server, m *liteapi.Manager, username, password string, fn func(*user.User)) { //nolint:revive
func withUser(tb testing.TB, ctx context.Context, _ *server.Server, m *liteapi.Manager, username, password string, fn func(*User)) { //nolint:unparam,revive
client, apiAuth, err := m.NewClientWithLogin(ctx, username, []byte(password))
require.NoError(t, err)
defer func() { require.NoError(t, client.Close()) }()
require.NoError(tb, err)
defer func() { require.NoError(tb, client.Close()) }()
apiUser, err := client.GetUser(ctx)
require.NoError(t, err)
require.NoError(tb, err)
salts, err := client.GetSalts(ctx)
require.NoError(t, err)
require.NoError(tb, err)
saltedKeyPass, err := salts.SaltForKey([]byte(password), apiUser.Keys.Primary().ID)
require.NoError(t, err)
require.NoError(tb, err)
vault, corrupt, err := vault.New(t.TempDir(), t.TempDir(), []byte("my secret key"))
require.NoError(t, err)
require.False(t, corrupt)
vault, corrupt, err := vault.New(tb.TempDir(), tb.TempDir(), []byte("my secret key"))
require.NoError(tb, err)
require.False(tb, corrupt)
vaultUser, err := vault.AddUser(apiUser.ID, username, apiAuth.UID, apiAuth.RefreshToken, saltedKeyPass)
require.NoError(t, err)
require.NoError(tb, err)
user, err := user.New(ctx, vaultUser, client, apiUser, true)
require.NoError(t, err)
defer func() { require.NoError(t, user.Close()) }()
user, err := New(ctx, vaultUser, client, apiUser, true)
require.NoError(tb, err)
defer func() { require.NoError(tb, user.Close()) }()
imapConn, err := user.NewIMAPConnectors()
require.NoError(t, err)
require.NoError(tb, err)
go func() {
for _, imapConn := range imapConn {