suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use rsaBits=2048 in addSubkey tests when using Web Crypto (#971)

Browse Source 
Fix tests failing in old browsers due to too low rsaBits.

Also, always throw in addSubkey when rsaBits is too low.
This commit is contained in:
Ilya Chesnokov 2019-09-24 18:53:12 +07:00 committed by Daniel Huigens
parent fbbeaa3cd9
commit 1e37b27673
2 changed files with 27 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/key.js
View File

@ -842,6 +842,12 @@ Key.prototype.addSubkey = async function(options = {}) {
if (!this.isPrivate()) {
throw new Error("Cannot add a subkey to a public key");
}
if (options.passphrase) {
throw new Error("Subkey could not be encrypted here, please encrypt whole key");
}
if (util.getWebCryptoAll() && options.rsaBits < 2048) {
throw new Error('When using webCrypto rsaBits should be 2048 or 4096, found: ' + options.rsaBits);
}
const secretKeyPacket = this.primaryKey;
if (!secretKeyPacket.isDecrypted()) {
throw new Error("Key is not decrypted");

34
test/general/key.js
View File

@ -1896,6 +1896,7 @@ function versionSpecificTests() {
expect(key.users[0].selfCertifications[0].isPrimaryUserID).to.be.true;
expect(key.getAlgorithmInfo().algorithm).to.equal('rsa_encrypt_sign');
expect(key.getAlgorithmInfo().bits).to.equal(opt.numBits);
expect(key.getAlgorithmInfo().rsaBits).to.equal(key.getAlgorithmInfo().bits);
expect(key.subKeys[0].getAlgorithmInfo().algorithm).to.equal('ecdh');
});
});
@ -2868,11 +2869,17 @@ VYGdb3eNlV8CfoEC
});
describe('addSubkey functionality testing', function(){
it('create and add a new rsa subkey to a rsa key', async function() {
let rsaBits;
let rsaOpt = {};
if (openpgp.util.getWebCryptoAll()) {
rsaBits = 2048;
rsaOpt = { rsaBits: rsaBits };
}
it('create and add a new rsa subkey to stored rsa key', async function() {
const privateKey = (await openpgp.key.readArmored(priv_key_rsa)).keys[0];
await privateKey.decrypt('hello world');
const total = privateKey.subKeys.length;
let newPrivateKey = await privateKey.addSubkey();
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
const armoredKey = newPrivateKey.armor();
newPrivateKey = (await openpgp.key.readArmored(armoredKey)).keys[0];
const subKey = newPrivateKey.subKeys[total];
@ -2880,17 +2887,24 @@ describe('addSubkey functionality testing', function(){
expect(newPrivateKey.subKeys.length).to.be.equal(total+1);
const subkeyN = subKey.keyPacket.params[0];
const pkN = privateKey.primaryKey.params[0];
expect(subkeyN.byteLength()).to.be.equal(pkN.byteLength());
expect(subkeyN.byteLength()).to.be.equal(rsaBits ? (rsaBits / 8) : pkN.byteLength());
expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('rsa_encrypt_sign');
expect(subKey.getAlgorithmInfo().rsaBits).to.be.equal(1024);
expect(subKey.getAlgorithmInfo().rsaBits).to.be.equal(rsaBits || privateKey.getAlgorithmInfo().rsaBits);
expect(await subKey.verify(newPrivateKey.primaryKey)).to.be.equal(openpgp.enums.keyStatus.valid);
});
it('should throw when trying to encrypt a subkey separately from key', async function() {
const privateKey = (await openpgp.key.readArmored(priv_key_rsa)).keys[0];
await privateKey.decrypt('hello world');
const opt = { rsaBits: rsaBits, passphrase: 'subkey passphrase'};
await expect(privateKey.addSubkey(opt)).to.be.rejectedWith('Subkey could not be encrypted here, please encrypt whole key');
});
it('encrypt and decrypt key with added subkey', async function() {
const privateKey = (await openpgp.key.readArmored(priv_key_rsa)).keys[0];
await privateKey.decrypt('hello world');
const total = privateKey.subKeys.length;
let newPrivateKey = await privateKey.addSubkey();
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
newPrivateKey = (await openpgp.key.readArmored(newPrivateKey.armor())).keys[0];
await newPrivateKey.encrypt('12345678');
const armoredKey = newPrivateKey.armor();
@ -2899,11 +2913,6 @@ describe('addSubkey functionality testing', function(){
const subKey = importedPrivateKey.subKeys[total];
expect(subKey).to.exist;
expect(importedPrivateKey.subKeys.length).to.be.equal(total+1);
const subkeyN = subKey.keyPacket.params[0];
const pkN = privateKey.primaryKey.params[0];
expect(subkeyN.byteLength()).to.be.equal(pkN.byteLength());
expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('rsa_encrypt_sign');
expect(subKey.getAlgorithmInfo().rsaBits).to.be.equal(1024);
expect(await subKey.verify(importedPrivateKey.primaryKey)).to.be.equal(openpgp.enums.keyStatus.valid);
});
@ -2933,7 +2942,6 @@ describe('addSubkey functionality testing', function(){
it('create and add a new ec subkey to a rsa key', async function() {
const privateKey = (await openpgp.key.readArmored(priv_key_rsa)).keys[0];
privateKey.subKeys = [];
await privateKey.decrypt('hello world');
const total = privateKey.subKeys.length;
const opt2 = {curve: 'curve25519'};
@ -3000,7 +3008,7 @@ describe('addSubkey functionality testing', function(){
const privateKey = (await openpgp.key.readArmored(priv_key_rsa)).keys[0];
await privateKey.decrypt('hello world');
const total = privateKey.subKeys.length;
const opt2 = {sign: true};
const opt2 = { sign: true, rsaBits: rsaBits };
let newPrivateKey = await privateKey.addSubkey(opt2);
const armoredKey = newPrivateKey.armor();
newPrivateKey = (await openpgp.key.readArmored(armoredKey)).keys[0];
@ -3020,7 +3028,7 @@ describe('addSubkey functionality testing', function(){
const privateKey = (await openpgp.key.readArmored(priv_key_rsa)).keys[0];
await privateKey.decrypt('hello world');
const total = privateKey.subKeys.length;
let newPrivateKey = await privateKey.addSubkey();
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
const armoredKey = newPrivateKey.armor();
newPrivateKey = (await openpgp.key.readArmored(armoredKey)).keys[0];
const subKey = newPrivateKey.subKeys[total];