vendor: update github.com/t3rm1n4l/go-mega to fix v2 account login

Fixes #2771
2019-02-04 17:33:15 +00:00 · 2019-02-04 17:33:15 +00:00 · 7d5d6c041f
commit 7d5d6c041f
parent bdc638530e
14 changed files with 138 additions and 22 deletions
--- a/vendor/github.com/t3rm1n4l/go-mega/.travis.yml
+++ b/vendor/github.com/t3rm1n4l/go-mega/.travis.yml
@ -4,13 +4,13 @@ osx_image: xcode7.3
 os:
 - linux
 go:
- 1.7.6
- 1.8.7
- 1.9.5
- "1.10.1"
+- 1.9.x
+- 1.10.x
+- 1.11.x
 - tip
 install:
 - make build_dep
+- go get -u ./...
 script:
 - make check
 - make test
@ -19,7 +19,7 @@ matrix:
  - go: tip
  include:
  - os: osx
-    go: "1.10.1"
+    go: "1.11.x"
 env:
  global:
  - secure: RzsF80V1i69FVJwKSF8WrFzk5bRUKtPxRkhjiLOO0b1usFg0EIY6XFp3s/VTR6oT91LRXml3Bp7wHHrkPvGnHyUyuxj6loj3gIrsX8cZHUtjyQX/Szfi9MOJpbdJvfCcHByEh9YGldAz//9zvEo5oGuI29Luur3cv+BJNJElmHg=
--- a/vendor/github.com/t3rm1n4l/go-mega/go.mod
+++ b/vendor/github.com/t3rm1n4l/go-mega/go.mod
@ -0,0 +1,3 @@
+module github.com/t3rm1n4l/go-mega
+
+require golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613
--- a/vendor/github.com/t3rm1n4l/go-mega/go.sum
+++ b/vendor/github.com/t3rm1n4l/go-mega/go.sum
@ -0,0 +1,2 @@
+golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613 h1:MQ/ZZiDsUapFFiMS+vzwXkCTeEKaum+Do5rINYJDmxc=
+golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
--- a/vendor/github.com/t3rm1n4l/go-mega/mega.go
+++ b/vendor/github.com/t3rm1n4l/go-mega/mega.go
@ -5,6 +5,7 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"crypto/sha512"
 	"encoding/json"
 	"errors"
 	"fmt"
@ -19,6 +20,8 @@ import (
 	"strings"
 	"sync"
 	"time"
+
+	"golang.org/x/crypto/pbkdf2"
 )

 // Default settings
@ -93,6 +96,10 @@ func (c *config) SetUploadWorkers(w int) error {

 type Mega struct {
 	config
+	// Version of the account
+	accountVersion int
+	// Salt for the account if accountVersion > 1
+	accountSalt []byte
 	// Sequence number
 	sn int64
 	// Server state sn
@ -457,8 +464,47 @@ func (m *Mega) api_request(r []byte) (buf []byte, err error) {
 	return nil, err
 }

+// prelogin call
+func (m *Mega) prelogin(email string) error {
+	var msg [1]PreloginMsg
+	var res [1]PreloginResp
+
+	email = strings.ToLower(email) // mega uses lowercased emails for login purposes - FIXME is this true for prelogin?
+
+	msg[0].Cmd = "us0"
+	msg[0].User = email
+
+	req, err := json.Marshal(msg)
+	if err != nil {
+		return err
+	}
+	result, err := m.api_request(req)
+	if err != nil {
+		return err
+	}
+
+	err = json.Unmarshal(result, &res)
+	if err != nil {
+		return err
+	}
+
+	if res[0].Version == 0 {
+		return errors.New("prelogin: no version returned")
+	} else if res[0].Version > 2 {
+		return fmt.Errorf("prelogin: version %d account not supported", res[0].Version)
+	} else if res[0].Version == 2 {
+		if len(res[0].Salt) == 0 {
+			return errors.New("prelogin: no salt returned")
+		}
+		m.accountSalt = base64urldecode([]byte(res[0].Salt))
+	}
+	m.accountVersion = res[0].Version
+
+	return nil
+}
+
 // Authenticate and start a session
-func (m *Mega) Login(email string, passwd string) error {
+func (m *Mega) login(email string, passwd string) error {
 	var msg [1]LoginMsg
 	var res [1]LoginResp
 	var err error
@ -473,7 +519,22 @@ func (m *Mega) Login(email string, passwd string) error {

 	msg[0].Cmd = "us"
 	msg[0].User = email
-	msg[0].Handle = string(uhandle)
+	if m.accountVersion == 1 {
+		msg[0].Handle = string(uhandle)
+	} else {
+		const derivedKeyLength = 2 * aes.BlockSize
+		derivedKey := pbkdf2.Key([]byte(passwd), m.accountSalt, 100000, derivedKeyLength, sha512.New)
+		authKey := derivedKey[aes.BlockSize:]
+		passkey = derivedKey[:aes.BlockSize]
+
+		sessionKey := make([]byte, aes.BlockSize)
+		_, err = rand.Read(sessionKey)
+		if err != nil {
+			return err
+		}
+		msg[0].Handle = string(base64urlencode(authKey))
+		msg[0].SessionKey = string(base64urlencode(sessionKey))
+	}

 	req, _ := json.Marshal(msg)
 	result, err = m.api_request(req)
@ -494,6 +555,20 @@ func (m *Mega) Login(email string, passwd string) error {
 	if err != nil {
 		return err
 	}
+	return nil
+}
+
+// Authenticate and start a session
+func (m *Mega) Login(email string, passwd string) error {
+	err := m.prelogin(email)
+	if err != nil {
+		return err
+	}
+
+	err = m.login(email, passwd)
+	if err != nil {
+		return err
+	}

 	waitEvent := m.WaitEventsStart()

--- a/vendor/github.com/t3rm1n4l/go-mega/messages.go
+++ b/vendor/github.com/t3rm1n4l/go-mega/messages.go
@ -2,16 +2,32 @@ package mega

 import "encoding/json"

+type PreloginMsg struct {
+	Cmd  string `json:"a"`
+	User string `json:"user"`
+}
+
+type PreloginResp struct {
+	Version int    `json:"v"`
+	Salt    string `json:"s"`
+}
+
 type LoginMsg struct {
-	Cmd    string `json:"a"`
-	User   string `json:"user"`
-	Handle string `json:"uh"`
+	Cmd        string `json:"a"`
+	User       string `json:"user"`
+	Handle     string `json:"uh"`
+	SessionKey string `json:"sek,omitempty"`
+	Si         string `json:"si,omitempty"`
+	Mfa        string `json:"mfa,omitempty"`
 }

 type LoginResp struct {
-	Csid  string `json:"csid"`
-	Privk string `json:"privk"`
-	Key   string `json:"k"`
+	Csid       string `json:"csid"`
+	Privk      string `json:"privk"`
+	Key        string `json:"k"`
+	Ach        int    `json:"ach"`
+	SessionKey string `json:"sek"`
+	U          string `json:"u"`
 }

 type UserMsg struct {