Migrate from gopenpgp/v2 to gopenpgp/v3

gopenpgp v3 drops the helper package and replaces KeyRing methods
(Encrypt/Decrypt/Sign/Verify/EncryptSessionKey/DecryptSessionKey)
with a handle-builder API. PlainMessage and PGPSignature value types
are gone, replaced by raw []byte and *PGPMessage.

Notable call-site changes:
- helper.GenerateKey replaced with a local generateLockedKey wrapper
  around pgp.KeyGeneration() + pgp.LockKey() + Armor().
- addrKR.SignDetachedEncrypted is not exposed in v3; we sign with
  pgp.Sign().Detached() then encrypt the signature bytes separately.
- sessionKey.Decrypt / Encrypt go through pgp.Decryption().SessionKey()
  / pgp.Encryption().SessionKey() handles.
- addrKR.VerifyDetachedEncrypted maps to pgp.Decryption() with
  PlainDetachedSignature() + DecryptDetached().
- CountDecryptionEntities() now takes a unix-time argument.

Pulls in the matching go-proton-api commit b4908c1, which makes the
same migration in the underlying library so the KeyRing types match
across the package boundary.

Author: ncw

cache.go

@@ -4,7 +4,7 @@ import (
 	"context"
 	"sync"
 
-	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gopenpgp/v3/crypto"
 	"github.com/rclone/Proton-API-Bridge/common"
 	"github.com/rclone/go-proton-api"
 )

common/keyring.go

@@ -3,7 +3,7 @@ package common
 import (
 	"context"
 
-	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gopenpgp/v3/crypto"
 	"github.com/rclone/go-proton-api"
 )
 
@@ -60,7 +60,7 @@ func getAccountKRs(ctx context.Context, c *proton.Client, keyPass, saltedKeyPass
 	if err != nil {
 		return nil, nil, nil, nil, err
 
-	} else if userKR.CountDecryptionEntities() == 0 {
+	} else if userKR.CountDecryptionEntities(0) == 0 {
 		if err != nil {
 			return nil, nil, nil, nil, ErrFailedToUnlockUserKeys
 		}

common/user.go

@@ -6,7 +6,7 @@ import (
 	"encoding/json"
 	"os"
 
-	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gopenpgp/v3/crypto"
 	"github.com/rclone/Proton-API-Bridge/utility"
 	"github.com/rclone/go-proton-api"
 )

crypto.go

@@ -1,12 +1,13 @@
 package proton_api_bridge
 
 import (
+	"bytes"
 	"crypto/sha256"
 	"encoding/base64"
 	"io"
 
-	"github.com/ProtonMail/gopenpgp/v2/crypto"
-	"github.com/ProtonMail/gopenpgp/v2/helper"
+	"github.com/ProtonMail/gopenpgp/v3/armor"
+	"github.com/ProtonMail/gopenpgp/v3/crypto"
 )
 
 func generatePassphrase() (string, error) {
@@ -19,44 +20,72 @@ func generatePassphrase() (string, error) {
 	return tokenBase64, nil
 }
 
+// generateLockedKey is the v3-equivalent of v2 helper.GenerateKey: it generates
+// a new curve25519 key with the given identity, locks it with the passphrase,
+// and returns the armored locked key.
+func generateLockedKey(name, email string, passphrase []byte) (string, error) {
+	pgp := crypto.PGP()
+	key, err := pgp.KeyGeneration().AddUserId(name, email).New().GenerateKey()
+	if err != nil {
+		return "", err
+	}
+	defer key.ClearPrivateParams()
+
+	locked, err := pgp.LockKey(key, passphrase)
+	if err != nil {
+		return "", err
+	}
+	return locked.Armor()
+}
+
 func generateCryptoKey() (string, string, error) {
 	passphrase, err := generatePassphrase()
 	if err != nil {
 		return "", "", err
 	}
 
-	// all hardcoded values from iOS drive
-	key, err := helper.GenerateKey("Drive key", "noreply@protonmail.com", []byte(passphrase), "x25519", 0)
+	// "Drive key" / "noreply@protonmail.com" are the hardcoded identity used by
+	// the iOS Drive client; v3's default profile produces a curve25519 key,
+	// which is what the v2 helper produced for keyType "x25519".
+	key, err := generateLockedKey("Drive key", "noreply@protonmail.com", []byte(passphrase))
 	if err != nil {
 		return "", "", err
 	}
 
 	return passphrase, key, nil
 }
 
-// taken from Proton Go API Backend
+// encryptWithSignature encrypts b to kr and signs it with addrKR, returning the
+// armored ciphertext and armored detached signature.
 func encryptWithSignature(kr, addrKR *crypto.KeyRing, b []byte) (string, string, error) {
-	enc, err := kr.Encrypt(crypto.NewPlainMessage(b), nil)
+	pgp := crypto.PGP()
+
+	encHandle, err := pgp.Encryption().Recipients(kr).New()
+	if err != nil {
+		return "", "", err
+	}
+
+	enc, err := encHandle.Encrypt(b)
 	if err != nil {
 		return "", "", err
 	}
 
-	encArm, err := enc.GetArmored()
+	encArm, err := enc.Armor()
 	if err != nil {
 		return "", "", err
 	}
 
-	sig, err := addrKR.SignDetached(crypto.NewPlainMessage(b))
+	signHandle, err := pgp.Sign().SigningKeys(addrKR).Detached().New()
 	if err != nil {
 		return "", "", err
 	}
 
-	sigArm, err := sig.GetArmored()
+	sigArm, err := signHandle.Sign(b, crypto.Armor)
 	if err != nil {
 		return "", "", err
 	}
 
-	return encArm, sigArm, nil
+	return encArm, string(sigArm), nil
 }
 
 func generateNodeKeys(kr, addrKR *crypto.KeyRing) (string, string, string, error) {
@@ -74,52 +103,79 @@ func generateNodeKeys(kr, addrKR *crypto.KeyRing) (string, string, string, error
 }
 
 func reencryptKeyPacket(srcKR, dstKR, addrKR *crypto.KeyRing, passphrase string) (string, error) {
-	oldSplitMessage, err := crypto.NewPGPSplitMessageFromArmored(passphrase)
+	pgp := crypto.PGP()
+
+	oldMessage, err := crypto.NewPGPMessageFromArmored(passphrase)
 	if err != nil {
 		return "", err
 	}
 
-	sessionKey, err := srcKR.DecryptSessionKey(oldSplitMessage.KeyPacket)
+	srcDec, err := pgp.Decryption().DecryptionKeys(srcKR).New()
 	if err != nil {
 		return "", err
 	}
 
-	newKeyPacket, err := dstKR.EncryptSessionKey(sessionKey)
+	sessionKey, err := srcDec.DecryptSessionKey(oldMessage.BinaryKeyPacket())
 	if err != nil {
 		return "", err
 	}
 
-	newSplitMessage := crypto.NewPGPSplitMessage(newKeyPacket, oldSplitMessage.DataPacket)
+	dstEnc, err := pgp.Encryption().Recipients(dstKR).New()
+	if err != nil {
+		return "", err
+	}
+
+	newKeyPacket, err := dstEnc.EncryptSessionKey(sessionKey)
+	if err != nil {
+		return "", err
+	}
 
-	return newSplitMessage.GetArmored()
+	newSplitMessage := crypto.NewPGPSplitMessage(newKeyPacket, oldMessage.BinaryDataPacket())
+	return newSplitMessage.Armor()
 }
 
 func getKeyRing(kr, addrKR *crypto.KeyRing, key, passphrase, passphraseSignature string) (*crypto.KeyRing, error) {
+	pgp := crypto.PGP()
+
 	enc, err := crypto.NewPGPMessageFromArmored(passphrase)
 	if err != nil {
 		return nil, err
 	}
 
-	dec, err := kr.Decrypt(enc, nil, crypto.GetUnixTime())
+	decHandle, err := pgp.Decryption().DecryptionKeys(kr).New()
 	if err != nil {
 		return nil, err
 	}
 
-	sig, err := crypto.NewPGPSignatureFromArmored(passphraseSignature)
+	decResult, err := decHandle.Decrypt(enc.Bytes(), crypto.Bytes)
 	if err != nil {
 		return nil, err
 	}
+	dec := decResult.Bytes()
 
-	if err := addrKR.VerifyDetached(dec, sig, crypto.GetUnixTime()); err != nil {
+	sig, err := armor.Unarmor(passphraseSignature)
+	if err != nil {
 		return nil, err
 	}
 
+	verifyHandle, err := pgp.Verify().VerificationKeys(addrKR).New()
+	if err != nil {
+		return nil, err
+	}
+	verifyResult, err := verifyHandle.VerifyDetached(dec, sig, crypto.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	if sigErr := verifyResult.SignatureError(); sigErr != nil {
+		return nil, sigErr
+	}
+
 	lockedKey, err := crypto.NewKeyFromArmored(key)
 	if err != nil {
 		return nil, err
 	}
 
-	unlockedKey, err := lockedKey.Unlock(dec.GetBinary())
+	unlockedKey, err := lockedKey.Unlock(dec)
 	if err != nil {
 		return nil, err
 	}
@@ -133,33 +189,48 @@ func decryptBlockIntoBuffer(sessionKey *crypto.SessionKey, addrKR, nodeKR *crypt
 		return err
 	}
 
-	plainMessage, err := sessionKey.Decrypt(data)
+	skDec, err := crypto.PGP().Decryption().SessionKey(sessionKey).New()
 	if err != nil {
 		return err
 	}
-
-	encSignatureArm, err := crypto.NewPGPMessageFromArmored(encSignature)
+	skResult, err := skDec.Decrypt(data, crypto.Bytes)
 	if err != nil {
 		return err
 	}
+	plain := skResult.Bytes()
 
-	err = addrKR.VerifyDetachedEncrypted(plainMessage, encSignatureArm, nodeKR, crypto.GetUnixTime())
+	encSignatureMsg, err := crypto.NewPGPMessageFromArmored(encSignature)
 	if err != nil {
 		return err
 	}
 
-	_, err = buffer.ReadFrom(plainMessage.NewReader())
+	// v2 used addrKR.VerifyDetachedEncrypted, where the signature itself is
+	// encrypted to nodeKR. v3 expresses this through a Decryption handle with
+	// PlainDetachedSignature() + DecryptDetached().
+	decHandle, err := crypto.PGP().Decryption().
+		DecryptionKeys(nodeKR).
+		VerificationKeys(addrKR).
+		PlainDetachedSignature().
+		New()
 	if err != nil {
 		return err
 	}
+	verifyResult, err := decHandle.DecryptDetached(plain, encSignatureMsg.Bytes(), crypto.Bytes)
+	if err != nil {
+		return err
+	}
+	if sigErr := verifyResult.SignatureError(); sigErr != nil {
+		return sigErr
+	}
+
+	if _, err := buffer.ReadFrom(bytes.NewReader(plain)); err != nil {
+		return err
+	}
 
 	h := sha256.New()
 	h.Write(data)
 	hash := h.Sum(nil)
 	base64Hash := base64.StdEncoding.EncodeToString(hash)
-	if err != nil {
-		return err
-	}
 	if base64Hash != originalHash {
 		return ErrDownloadedBlockHashVerificationFailed
 	}

drive.go

@@ -6,7 +6,7 @@ import (
 	"github.com/rclone/Proton-API-Bridge/common"
 	"golang.org/x/sync/semaphore"
 
-	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gopenpgp/v3/crypto"
 	"github.com/rclone/go-proton-api"
 )
 

file_download.go

@@ -5,7 +5,7 @@ import (
 	"context"
 	"io"
 
-	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gopenpgp/v3/crypto"
 	"github.com/rclone/Proton-API-Bridge/utility"
 	"github.com/rclone/go-proton-api"
 )

file_upload.go

@@ -14,7 +14,7 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gopenpgp/v3/crypto"
 	"github.com/rclone/Proton-API-Bridge/utility"
 	"github.com/rclone/go-proton-api"
 )
@@ -342,17 +342,38 @@ func (protonDrive *ProtonDrive) uploadAndCollectBlockData(ctx context.Context, n
 			Encryption: current link's session key
 			Signature: share's signature address keys
 		*/
-		dataPlainMessage := crypto.NewPlainMessage(data)
-		encData, err := newSessionKey.Encrypt(dataPlainMessage)
+		pgp := crypto.PGP()
+
+		sessionEnc, err := pgp.Encryption().SessionKey(newSessionKey).New()
+		if err != nil {
+			return nil, 0, nil, "", err
+		}
+		encMsg, err := sessionEnc.Encrypt(data)
 		if err != nil {
 			return nil, 0, nil, "", err
 		}
+		encData := encMsg.Bytes()
 
-		encSignature, err := protonDrive.DefaultAddrKR.SignDetachedEncrypted(dataPlainMessage, newNodeKR)
+		// v2's SignDetachedEncrypted: sign the data with addrKR, then encrypt
+		// the signature to newNodeKR. v3 does not expose a one-shot helper, so
+		// we sign first and encrypt the signature bytes separately.
+		signHandle, err := pgp.Sign().SigningKeys(protonDrive.DefaultAddrKR).Detached().New()
+		if err != nil {
+			return nil, 0, nil, "", err
+		}
+		rawSig, err := signHandle.Sign(data, crypto.Bytes)
+		if err != nil {
+			return nil, 0, nil, "", err
+		}
+		sigEncHandle, err := pgp.Encryption().Recipients(newNodeKR).New()
+		if err != nil {
+			return nil, 0, nil, "", err
+		}
+		encSignature, err := sigEncHandle.Encrypt(rawSig)
 		if err != nil {
 			return nil, 0, nil, "", err
 		}
-		encSignatureStr, err := encSignature.GetArmored()
+		encSignatureStr, err := encSignature.Armor()
 		if err != nil {
 			return nil, 0, nil, "", err
 		}
@@ -387,14 +408,15 @@ func (protonDrive *ProtonDrive) uploadAndCollectBlockData(ctx context.Context, n
 }
 
 func (protonDrive *ProtonDrive) commitNewRevision(ctx context.Context, nodeKR *crypto.KeyRing, xAttrCommon *proton.RevisionXAttrCommon, manifestSignatureData []byte, linkID, revisionID string) error {
-	manifestSignature, err := protonDrive.DefaultAddrKR.SignDetached(crypto.NewPlainMessage(manifestSignatureData))
+	signHandle, err := crypto.PGP().Sign().SigningKeys(protonDrive.DefaultAddrKR).Detached().New()
 	if err != nil {
 		return err
 	}
-	manifestSignatureString, err := manifestSignature.GetArmored()
+	manifestSig, err := signHandle.Sign(manifestSignatureData, crypto.Armor)
 	if err != nil {
 		return err
 	}
+	manifestSignatureString := string(manifestSig)
 
 	commitRevisionReq := proton.CommitRevisionReq{
 		ManifestSignature: manifestSignatureString,

folder_recursive.go

@@ -5,7 +5,7 @@ import (
 	"io"
 	"os"
 
-	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/ProtonMail/gopenpgp/v3/crypto"
 	"github.com/rclone/go-proton-api"
 )