Rename enums.aead.gcm to experimental_gcm

So that (1) if the spec ever defines GCM differently than we do, we have a
clean upgrade path and (2) it makes it clear that it's experimental.

README.md

@@ -76,7 +76,7 @@ OpenPGP.js [![Build Status](https://travis-ci.org/openpgpjs/openpgpjs.svg?branch
   ```
   openpgp.config.aead_mode = openpgp.enums.aead.eax // Default, native
   openpgp.config.aead_mode = openpgp.enums.aead.ocb // Non-native
-  openpgp.config.aead_mode = openpgp.enums.aead.gcm // **Non-standard**, fastest
+  openpgp.config.aead_mode = openpgp.enums.aead.experimental_gcm // **Non-standard**, fastest
   ```
 
   We previously also implemented an [earlier version](https://tools.ietf.org/html/draft-ford-openpgp-format-00) of the draft (using GCM), which you could enable by simply setting `openpgp.config.aead_protect = true`. If you need to stay compatible with that version, don't set `openpgp.config.aead_protect_version = 4`.

src/crypto/index.js

@@ -33,6 +33,7 @@ const mod = {
   cfb: cfb,
   /** @see module:crypto/gcm */
   gcm: gcm,
+  experimental_gcm: gcm,
   /** @see module:crypto/eax */
   eax: eax,
   /** @see module:crypto/ocb */

src/enums.js

@@ -178,7 +178,7 @@ export default {
   aead: {
     eax: 1,
     ocb: 2,
-    gcm: 100 // Private algorithm
+    experimental_gcm: 100 // Private algorithm
   },
 
   /** A list of packet types and numeric tags associated with them.

src/openpgp.js

@@ -591,7 +591,7 @@ function onError(message, error) {
  */
 function nativeAEAD() {
   return config.aead_protect && (
-    ((config.aead_protect_version !== 4 || config.aead_mode === enums.aead.gcm) && util.getWebCrypto()) ||
+    ((config.aead_protect_version !== 4 || config.aead_mode === enums.aead.experimental_gcm) && util.getWebCrypto()) ||
     (config.aead_protect_version === 4 && config.aead_mode === enums.aead.eax && util.getWebCryptoAll())
   );
 }

src/packet/sym_encrypted_aead_protected.js

@@ -66,7 +66,7 @@ SymEncryptedAEADProtected.prototype.read = function (bytes) {
     this.aeadAlgo = bytes[offset++];
     this.chunkSizeByte = bytes[offset++];
   } else {
-    this.aeadAlgo = enums.aead.gcm;
+    this.aeadAlgo = enums.aead.experimental_gcm;
   }
   const mode = crypto[enums.read(enums.aead, this.aeadAlgo)];
   this.iv = bytes.subarray(offset, mode.ivLength + offset);
@@ -114,7 +114,7 @@ SymEncryptedAEADProtected.prototype.decrypt = async function (sessionKeyAlgorith
  */
 SymEncryptedAEADProtected.prototype.encrypt = async function (sessionKeyAlgorithm, key) {
   this.cipherAlgo = enums.write(enums.symmetric, sessionKeyAlgorithm);
-  this.aeadAlgo = config.aead_protect_version === 4 ? enums.write(enums.aead, this.aeadAlgorithm) : enums.aead.gcm;
+  this.aeadAlgo = config.aead_protect_version === 4 ? enums.write(enums.aead, this.aeadAlgorithm) : enums.aead.experimental_gcm;
   const mode = crypto[enums.read(enums.aead, this.aeadAlgo)];
   this.iv = await crypto.random.getRandomBytes(mode.ivLength); // generate new random IV
   this.chunkSizeByte = config.aead_chunk_size_byte;

test/general/openpgp.js

@@ -683,7 +683,7 @@ describe('OpenPGP.js public api tests', function() {
         openpgp.config.use_native = false;
         openpgp.config.aead_protect = true;
         openpgp.config.aead_protect_version = 4;
-        openpgp.config.aead_mode = openpgp.enums.aead.gcm;
+        openpgp.config.aead_mode = openpgp.enums.aead.experimental_gcm;
 
         // Monkey-patch AEAD feature flag
         publicKey.keys[0].users[0].selfCertifications[0].features = [7];
@@ -698,7 +698,7 @@ describe('OpenPGP.js public api tests', function() {
         openpgp.config.use_native = true;
         openpgp.config.aead_protect = true;
         openpgp.config.aead_protect_version = 4;
-        openpgp.config.aead_mode = openpgp.enums.aead.gcm;
+        openpgp.config.aead_mode = openpgp.enums.aead.experimental_gcm;
 
         // Monkey-patch AEAD feature flag
         publicKey.keys[0].users[0].selfCertifications[0].features = [7];