diff --git a/openpgp.d.ts b/openpgp.d.ts index 18ad538c..58c63de1 100644 --- a/openpgp.d.ts +++ b/openpgp.d.ts @@ -257,7 +257,7 @@ export class Message> { * Append signature to unencrypted message object * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature */ - public appendSignature(detachedSignature: string | Uint8Array): Promise; + public appendSignature(detachedSignature: string | Uint8Array, config?: Config): Promise; } @@ -352,7 +352,7 @@ export class SecretSubkeyPacket extends BaseSecretKeyPacket { export class CompressedDataPacket extends BasePacket { static readonly tag: enums.packet.compressedData; private compress(): void; - private decompress(): void; + private decompress(config?: Config): void; } export class SymEncryptedIntegrityProtectedDataPacket extends BasePacket { @@ -361,7 +361,7 @@ export class SymEncryptedIntegrityProtectedDataPacket extends BasePacket { export class AEADEncryptedDataPacket extends BasePacket { static readonly tag: enums.packet.aeadEncryptedData; - private decrypt(sessionKeyAlgorithm: string, sessionKey: Uint8Array): void; + private decrypt(sessionKeyAlgorithm: string, sessionKey: Uint8Array, config?: Config): void; private encrypt(sessionKeyAlgorithm: string, sessionKey: Uint8Array, config?: Config): void; private crypt(fn: Function, sessionKey: Uint8Array, data: MaybeStream): MaybeStream } @@ -480,10 +480,10 @@ export type AnyKeyPacket = BasePublicKeyPacket; type DataPacketType = 'utf8' | 'binary' | 'text' | 'mime'; - +type AllowedPackets = Map; // mapping to Packet classes (i.e. typeof LiteralDataPacket etc.) export class PacketList extends Array { - public length: number; - public read(bytes: Uint8Array, allowedPackets?: object, config?: Config): void; + static fromBinary(bytes: MaybeStream, allowedPackets: AllowedPackets, config?: Config): PacketList; // the packet types depend on`allowedPackets` + public read(bytes: MaybeStream, allowedPackets: AllowedPackets, config?: Config): void; public write(): Uint8Array; public filterByTag(...args: enums.packet[]): PacketList; public indexOfTag(...tags: enums.packet[]): number[]; diff --git a/src/cleartext.js b/src/cleartext.js index 6174a896..9d1cea64 100644 --- a/src/cleartext.js +++ b/src/cleartext.js @@ -144,8 +144,7 @@ export async function readCleartextMessage({ cleartextMessage, config }) { if (input.type !== enums.armor.signed) { throw new Error('No cleartext signed message.'); } - const packetlist = new PacketList(); - await packetlist.read(input.data, allowedPackets, undefined, config); + const packetlist = await PacketList.fromBinary(input.data, allowedPackets, config); verifyHeaders(input.headers, packetlist); const signature = new Signature(packetlist); return new CleartextMessage(input.text, signature); diff --git a/src/key/factory.js b/src/key/factory.js index 1af68100..d5670eeb 100644 --- a/src/key/factory.js +++ b/src/key/factory.js @@ -150,7 +150,6 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf })); const packetlist = new PacketList(); - packetlist.push(secretKeyPacket); await Promise.all(options.userIDs.map(async function(userID, index) { @@ -281,8 +280,7 @@ export async function readKey({ armoredKey, binaryKey, config }) { } else { input = binaryKey; } - const packetlist = new PacketList(); - await packetlist.read(input, allowedKeyPackets, undefined, config); + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config); return new Key(packetlist); } @@ -316,8 +314,7 @@ export async function readKeys({ armoredKeys, binaryKeys, config }) { input = data; } const keys = []; - const packetlist = new PacketList(); - await packetlist.read(input, allowedKeyPackets, undefined, config); + const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config); const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); if (keyIndex.length === 0) { throw new Error('No key packet found'); diff --git a/src/key/key.js b/src/key/key.js index 28289e70..5f900bcd 100644 --- a/src/key/key.js +++ b/src/key/key.js @@ -147,13 +147,13 @@ class Key { * Transforms structured key data to packetlist * @returns {PacketList} The packets that form a key. */ - toPacketlist() { + toPacketList() { const packetlist = new PacketList(); packetlist.push(this.keyPacket); packetlist.push(...this.revocationSignatures); packetlist.push(...this.directSignatures); - this.users.map(user => packetlist.push(...user.toPacketlist())); - this.subKeys.map(subKey => packetlist.push(...subKey.toPacketlist())); + this.users.map(user => packetlist.push(...user.toPacketList())); + this.subKeys.map(subKey => packetlist.push(...subKey.toPacketList())); return packetlist; } @@ -164,7 +164,7 @@ class Key { * @async */ async clone(deep = false) { - const key = new Key(this.toPacketlist()); + const key = new Key(this.toPacketList()); if (deep) { key.getKeys().forEach(k => { // shallow clone the key packets @@ -255,7 +255,7 @@ class Key { */ toPublic() { const packetlist = new PacketList(); - const keyPackets = this.toPacketlist(); + const keyPackets = this.toPacketList(); let bytes; let pubKeyPacket; let pubSubkeyPacket; @@ -285,7 +285,7 @@ class Key { * @returns {Uint8Array} Binary key. */ write() { - return this.toPacketlist().write(); + return this.toPacketList().write(); } /** @@ -295,7 +295,7 @@ class Key { */ armor(config = defaultConfig) { const type = this.isPublic() ? enums.armor.publicKey : enums.armor.privateKey; - return armor(type, this.toPacketlist().write(), undefined, undefined, undefined, config); + return armor(type, this.toPacketList().write(), undefined, undefined, undefined, config); } /** @@ -755,8 +755,7 @@ class Key { */ async applyRevocationCertificate(revocationCertificate, config = defaultConfig) { const input = await unarmor(revocationCertificate, config); - const packetlist = new PacketList(); - await packetlist.read(input.data, allowedRevocationPackets, undefined, config); + const packetlist = await PacketList.fromBinary(input.data, allowedRevocationPackets, config); const revocationSignature = packetlist.findPacket(enums.packet.signature); if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) { throw new Error('Could not find revocation signature packet'); @@ -900,9 +899,8 @@ class Key { options = helper.sanitizeKeyOptions(options, defaultOptions); const keyPacket = await helper.generateSecretSubkey(options); const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config); - const packetList = this.toPacketlist(); - packetList.push(keyPacket); - packetList.push(bindingSignature); + const packetList = this.toPacketList(); + packetList.push(keyPacket, bindingSignature); return new Key(packetList); } } diff --git a/src/key/subkey.js b/src/key/subkey.js index a4ad6521..17a14370 100644 --- a/src/key/subkey.js +++ b/src/key/subkey.js @@ -31,7 +31,7 @@ class SubKey { * Transforms structured subkey data to packetlist * @returns {PacketList} */ - toPacketlist() { + toPacketList() { const packetlist = new PacketList(); packetlist.push(this.keyPacket); packetlist.push(...this.revocationSignatures); diff --git a/src/key/user.js b/src/key/user.js index 61c540e5..bff585c9 100644 --- a/src/key/user.js +++ b/src/key/user.js @@ -27,7 +27,7 @@ class User { * Transforms structured user data to packetlist * @returns {PacketList} */ - toPacketlist() { + toPacketList() { const packetlist = new PacketList(); packetlist.push(this.userID || this.userAttribute); packetlist.push(...this.revocationSignatures); diff --git a/src/message.js b/src/message.js index f92bdc32..782a4835 100644 --- a/src/message.js +++ b/src/message.js @@ -176,8 +176,7 @@ export class Message { await Promise.all(passwords.map(async function(password, i) { let packets; if (i) { - packets = new PacketList(); - await packets.read(symESKeyPacketlist.write(), allowedSymSessionKeyPackets); + packets = await PacketList.fromBinary(symESKeyPacketlist.write(), allowedSymSessionKeyPackets, config); } else { packets = symESKeyPacketlist; } @@ -524,12 +523,12 @@ export class Message { * @returns {Promise} New detached signature of message content. * @async */ - async signDetached(privateKeys = [], signature = null, signingKeyIds = [], date = new Date(), userIDs = [], config = defaultConfig) { + async signDetached(privateKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) { const literalDataPacket = this.packets.findPacket(enums.packet.literalData); if (!literalDataPacket) { throw new Error('No literal data packet to sign.'); } - return new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIds, date, userIDs, true, config)); + return new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, true, config)); } /** @@ -626,11 +625,13 @@ export class Message { /** * Append signature to unencrypted message object * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config */ - async appendSignature(detachedSignature) { + async appendSignature(detachedSignature, config = defaultConfig) { await this.packets.read( util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, - allowedDetachedSignaturePackets + allowedDetachedSignaturePackets, + config ); } @@ -826,8 +827,7 @@ export async function readMessage({ armoredMessage, binaryMessage, config }) { } input = data; } - const packetlist = new PacketList(); - await packetlist.read(input, allowedMessagePackets, streamType, config); + const packetlist = await PacketList.fromBinary(input, allowedMessagePackets, config); const message = new Message(packetlist); message.fromStream = streamType; return message; diff --git a/src/packet/aead_encrypted_data.js b/src/packet/aead_encrypted_data.js index aa9c86eb..3fb53c48 100644 --- a/src/packet/aead_encrypted_data.js +++ b/src/packet/aead_encrypted_data.js @@ -90,12 +90,16 @@ class AEADEncryptedDataPacket { * Decrypt the encrypted payload. * @param {String} sessionKeyAlgorithm - The session key's cipher algorithm e.g. 'aes128' * @param {Uint8Array} key - The session key used to encrypt the payload + * @param {Object} [config] - Full configuration, defaults to openpgp.config * @throws {Error} if decryption was not successful * @async */ - async decrypt(sessionKeyAlgorithm, key) { - this.packets = new PacketList(); - await this.packets.read(await this.crypt('decrypt', key, stream.clone(this.encrypted)), allowedPackets); + async decrypt(sessionKeyAlgorithm, key, config = defaultConfig) { + this.packets = await PacketList.fromBinary( + await this.crypt('decrypt', key, stream.clone(this.encrypted)), + allowedPackets, + config + ); } /** diff --git a/src/packet/compressed_data.js b/src/packet/compressed_data.js index cda81e97..59befa81 100644 --- a/src/packet/compressed_data.js +++ b/src/packet/compressed_data.js @@ -79,8 +79,9 @@ class CompressedDataPacket { /** * Parsing function for the packet. * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config */ - async read(bytes) { + async read(bytes, config = defaultConfig) { await stream.parse(bytes, async reader => { // One octet that gives the algorithm used to compress the packet. @@ -89,7 +90,7 @@ class CompressedDataPacket { // Compressed data, which makes up the remainder of the packet. this.compressed = reader.remainder(); - await this.decompress(); + await this.decompress(config); }); } @@ -110,15 +111,15 @@ class CompressedDataPacket { /** * Decompression method for decompressing the compressed data * read by read_packet + * @param {Object} [config] - Full configuration, defaults to openpgp.config */ - async decompress() { + async decompress(config = defaultConfig) { if (!decompress_fns[this.algorithm]) { throw new Error(this.algorithm + ' decompression not supported'); } - this.packets = new PacketList(); - await this.packets.read(decompress_fns[this.algorithm](this.compressed), allowedPackets); + this.packets = await PacketList.fromBinary(decompress_fns[this.algorithm](this.compressed), allowedPackets, config); } /** diff --git a/src/packet/packetlist.js b/src/packet/packetlist.js index 1be3fa69..a5c29169 100644 --- a/src/packet/packetlist.js +++ b/src/packet/packetlist.js @@ -17,7 +17,7 @@ import defaultConfig from '../config'; */ export function newPacketFromTag(tag, allowedPackets) { if (!allowedPackets[tag]) { - throw new Error(`Packet not allowed in this context: ${enums.read(enums.packets, tag)}`); + throw new Error(`Packet not allowed in this context: ${enums.read(enums.packet, tag)}`); } return new allowedPackets[tag](); } @@ -29,9 +29,29 @@ export function newPacketFromTag(tag, allowedPackets) { * @extends Array */ class PacketList extends Array { + /** + * Parses the given binary data and returns a list of packets. + * Equivalent to calling `read` on an empty PacketList instance. + * @param {Uint8Array | ReadableStream} bytes - A Uint8Array of bytes. + * @param {Uint8Array | ReadableStream} bytes - binary data to parse + * @param {Object} allowedPackets - mapping where keys are allowed packet tags, pointing to their Packet class + * @param {Object} [config] - full configuration, defaults to openpgp.config + * @throws on parsing errors + * @async */ async read(bytes, allowedPackets, config = defaultConfig) { this.stream = stream.transformPair(bytes, async (readable, writable) => { diff --git a/src/packet/sym_encrypted_integrity_protected_data.js b/src/packet/sym_encrypted_integrity_protected_data.js index d49e1642..5d5c85b7 100644 --- a/src/packet/sym_encrypted_integrity_protected_data.js +++ b/src/packet/sym_encrypted_integrity_protected_data.js @@ -131,8 +131,7 @@ class SymEncryptedIntegrityProtectedDataPacket { if (!util.isStream(encrypted) || !config.allowUnauthenticatedStream) { packetbytes = await stream.readToEnd(packetbytes); } - this.packets = new PacketList(); - await this.packets.read(packetbytes, allowedPackets); + this.packets = await PacketList.fromBinary(packetbytes, allowedPackets, config); return true; } } diff --git a/src/packet/symmetrically_encrypted_data.js b/src/packet/symmetrically_encrypted_data.js index e7711e78..265ecda7 100644 --- a/src/packet/symmetrically_encrypted_data.js +++ b/src/packet/symmetrically_encrypted_data.js @@ -92,8 +92,7 @@ class SymmetricallyEncryptedDataPacket { encrypted.subarray(2, crypto.cipher[sessionKeyAlgorithm].blockSize + 2) ); - this.packets = new PacketList(); - await this.packets.read(decrypted, allowedPackets); + this.packets = await PacketList.fromBinary(decrypted, allowedPackets, config); } /** diff --git a/src/signature.js b/src/signature.js index e2fc32eb..9b64887e 100644 --- a/src/signature.js +++ b/src/signature.js @@ -82,7 +82,6 @@ export async function readSignature({ armoredSignature, binarySignature, config } input = data; } - const packetlist = new PacketList(); - await packetlist.read(input, allowedPackets, undefined, config); + const packetlist = await PacketList.fromBinary(input, allowedPackets, config); return new Signature(packetlist); } diff --git a/test/general/config.js b/test/general/config.js index 345fedcb..9950b81d 100644 --- a/test/general/config.js +++ b/test/general/config.js @@ -3,6 +3,72 @@ const { expect } = require('chai'); const openpgp = typeof window !== 'undefined' && window.openpgp ? window.openpgp : require('../..'); module.exports = () => describe('Custom configuration', function() { + it('openpgp.readMessage', async function() { + const armoredMessage = await openpgp.encrypt({ message: await openpgp.createMessage({ text:"hello world" }), passwords: 'password' }); + const message = await openpgp.readMessage({ armoredMessage }); + message.packets.unshift(new openpgp.MarkerPacket()); // MarkerPacket is not allowed in the Message context + + const config = { tolerant: true }; + const parsedMessage = await openpgp.readMessage({ armoredMessage: message.armor(), config }); + expect(parsedMessage.packets.length).to.equal(2); + + config.tolerant = false; + await expect( + openpgp.readMessage({ armoredMessage: message.armor(), config }) + ).to.be.rejectedWith(/Packet not allowed in this context/); + }); + + it('openpgp.readSignature', async function() { + const armoredSignature = `-----BEGIN PGP SIGNATURE----- + +wnUEARYKAAYFAmCPyjwAIQkQk5xMVrwBTN4WIQT7kMrxk1s/unaTxxmTnExW +vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z +3KkV9TCnZibYM9OXuIvQpkoIKn4qbyFv7AaSIgs= +=hgTd +-----END PGP SIGNATURE-----`; + + const signature = await openpgp.readSignature({ armoredSignature }); + signature.packets.unshift(new openpgp.MarkerPacket()); // MarkerPacket is not allowed in the Signature context + + const config = { tolerant: true }; + const parsedSignature = await openpgp.readSignature({ armoredSignature: signature.armor(), config }); + expect(parsedSignature.packets.length).to.equal(1); + + config.tolerant = false; + await expect( + openpgp.readSignature({ armoredSignature: signature.armor(), config }) + ).to.be.rejectedWith(/Packet not allowed in this context/); + }); + + it('openpgp.readKey', async function() { + const armoredKey = `-----BEGIN PGP PUBLIC KEY BLOCK----- + +xjMEYI/KsBYJKwYBBAHaRw8BAQdAW2lu0r97hQztwP8+WbSF9N/QJ5hkevhm +CGJbM3HBvznNEHRlc3QgPHRlc3RAYS5pdD7CjAQQFgoAHQUCYI/KsAQLCQcI +AxUICgQWAAIBAhkBAhsDAh4BACEJEKgxHS8jVhd9FiEE8hy8OerCaNGuKPDw +qDEdLyNWF32XOQD/dq2/D394eW67VwUhvRpQl9gwToDf+SixATEFigok5JgA +/3ZeH9eXiZqo3rChfdQ+3VKTd7yoI2gM/pjbHupemYYAzjgEYI/KsBIKKwYB +BAGXVQEFAQEHQN/8mxAaro95FmvPQ4wlAfk3WKUHZtNvpaqzXo1K6WdMAwEI +B8J4BBgWCAAJBQJgj8qwAhsMACEJEKgxHS8jVhd9FiEE8hy8OerCaNGuKPDw +qDEdLyNWF30o6wD/fZYCV8aS4dAu2U3fpN5y5+PbuXFRYljA5gQ/1zrGN/UA +/3r62WsCVupzKdISZYOMPwEY5qN/4f9i6ZWxIynmVX0E +=6+P3 +-----END PGP PUBLIC KEY BLOCK-----`; + + const keyPackets = (await openpgp.readKey({ armoredKey })).toPacketList(); + keyPackets.unshift(new openpgp.MarkerPacket()); // MarkerPacket is not allowed in the Signature context + + const config = { tolerant: true }; + const parsedKey = await openpgp.readKey({ binaryKey: keyPackets.write(), config }); + expect(parsedKey.toPacketList().length).to.equal(5); + + config.tolerant = false; + await expect( + openpgp.readKey({ binaryKey: keyPackets.write(), config }) + ).to.be.rejectedWith(/Packet not allowed in this context/); + }); + + it('openpgp.generateKey', async function() { const v5KeysVal = openpgp.config.v5Keys; const preferredHashAlgorithmVal = openpgp.config.preferredHashAlgorithm; diff --git a/test/general/key.js b/test/general/key.js index 3d296c74..7cf5dee5 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -2763,8 +2763,7 @@ module.exports = () => describe('Key', function() { 43 ee 3b 24 06 `.replace(/\s+/g, '')); - const packetlist = new openpgp.PacketList(); - await packetlist.read(packetBytes, util.constructAllowedPackets([openpgp.PublicKeyPacket]), undefined, openpgp.config); + const packetlist = await openpgp.PacketList.fromBinary(packetBytes, util.constructAllowedPackets([openpgp.PublicKeyPacket]), openpgp.config); const key = packetlist[0]; expect(key).to.exist; }); @@ -2792,12 +2791,9 @@ module.exports = () => describe('Key', function() { const pubKey = await openpgp.readKey({ armoredKey: pub_sig_test }); expect(pubKey).to.exist; - const packetlist = new openpgp.PacketList(); - - await packetlist.read( + const packetlist = await openpgp.PacketList.fromBinary( (await openpgp.unarmor(pub_sig_test)).data, util.constructAllowedPackets([...Object.values(openpgp).filter(packetClass => !!packetClass.tag)]), - undefined, openpgp.config ); @@ -3288,8 +3284,7 @@ module.exports = () => describe('Key', function() { const revocationCertificate = await revKey.getRevocationCertificate(); const input = await openpgp.unarmor(revocation_certificate_arm4); - const packetlist = new openpgp.PacketList(); - await packetlist.read(input.data, util.constructAllowedPackets([openpgp.SignaturePacket]), undefined, openpgp.config); + const packetlist = await openpgp.PacketList.fromBinary(input.data, util.constructAllowedPackets([openpgp.SignaturePacket]), openpgp.config); const armored = openpgp.armor(openpgp.enums.armor.publicKey, packetlist.write()); expect(revocationCertificate.replace(/^Comment: .*$\n/mg, '')).to.equal(armored.replace(/^Comment: .*$\n/mg, '')); diff --git a/test/general/packet.js b/test/general/packet.js index dd178582..537dfa63 100644 --- a/test/general/packet.js +++ b/test/general/packet.js @@ -67,6 +67,21 @@ module.exports = () => describe("Packet", function() { '=KXkj\n' + '-----END PGP PRIVATE KEY BLOCK-----'; + it('Ignores disallowed packet with tolerant mode enabled', async function() { + const packets = new openpgp.PacketList(); + packets.push(new openpgp.MarkerPacket()); + const bytes = packets.write(); + const parsed = await openpgp.PacketList.fromBinary(bytes, {}, { ...openpgp.config, tolerant: true }); + expect(parsed.length).to.equal(0); + }); + + it('Throws on disallowed packet with tolerant mode disabled', async function() { + const packets = new openpgp.PacketList(); + packets.push(new openpgp.MarkerPacket()); + const bytes = packets.write(); + await expect(openpgp.PacketList.fromBinary(bytes, {}, { ...openpgp.config, tolerant: false })).to.be.rejectedWith(/Packet not allowed in this context/); + }); + it('Symmetrically encrypted packet without integrity protection - allow decryption', async function() { const aeadProtectVal = openpgp.config.aeadProtect; const allowUnauthenticatedMessagesVal = openpgp.config.allowUnauthenticatedMessages; @@ -702,8 +717,7 @@ module.exports = () => describe("Packet", function() { }); it('Secret key reading with signature verification.', async function() { - const packets = new openpgp.PacketList(); - await packets.read((await openpgp.unarmor(armored_key)).data, allAllowedPackets); + const packets = await openpgp.PacketList.fromBinary((await openpgp.unarmor(armored_key)).data, allAllowedPackets); const [keyPacket, userIDPacket, keySigPacket, subkeyPacket, subkeySigPacket] = packets; expect(keySigPacket.verified).to.be.null; expect(subkeySigPacket.verified).to.be.null; @@ -733,8 +747,7 @@ module.exports = () => describe("Packet", function() { '=htrB\n' + '-----END PGP MESSAGE-----'; - const packets = new openpgp.PacketList(); - await packets.read((await openpgp.unarmor(armored_key)).data, allAllowedPackets); + const packets = await openpgp.PacketList.fromBinary((await openpgp.unarmor(armored_key)).data, allAllowedPackets); const keyPacket = packets[0]; const subkeyPacket = packets[3]; await subkeyPacket.decrypt('test'); @@ -849,8 +862,7 @@ V+HOQJQxXJkVRYa3QrFUehiMzTeqqMdgC6ZqJy7+ const raw = new openpgp.PacketList(); raw.push(secretKeyPacket); - const packetList = new openpgp.PacketList(); - await packetList.read(raw.write(), allAllowedPackets, undefined, openpgp.config); + const packetList = await openpgp.PacketList.fromBinary(raw.write(), allAllowedPackets, openpgp.config); const secretKeyPacket2 = packetList[0]; await secretKeyPacket2.decrypt('hello'); @@ -906,8 +918,7 @@ V+HOQJQxXJkVRYa3QrFUehiMzTeqqMdgC6ZqJy7+ const raw = new openpgp.PacketList(); raw.push(secretKeyPacket); - const packetList = new openpgp.PacketList(); - await packetList.read(raw.write(), allAllowedPackets, undefined, openpgp.config); + const packetList = await openpgp.PacketList.fromBinary(raw.write(), allAllowedPackets, openpgp.config); const secretKeyPacket2 = packetList[0]; await secretKeyPacket2.decrypt('hello'); }); diff --git a/test/security/subkey_trust.js b/test/security/subkey_trust.js index d32a378a..79ff74ec 100644 --- a/test/security/subkey_trust.js +++ b/test/security/subkey_trust.js @@ -43,8 +43,8 @@ async function testSubkeyTrust() { // the victim's public key and a signed message const { victimPubKey, attackerPrivKey, signed } = await generateTestData(); - const pktPubVictim = victimPubKey.toPacketlist(); - const pktPrivAttacker = attackerPrivKey.toPacketlist(); + const pktPubVictim = victimPubKey.toPacketList(); + const pktPrivAttacker = attackerPrivKey.toPacketList(); const dataToSign = { key: attackerPrivKey.toPublic().keyPacket, bind: pktPubVictim[3] // victim subkey @@ -56,13 +56,13 @@ async function testSubkeyTrust() { fakeBindingSignature.keyFlags = [enums.keyFlags.signData]; await fakeBindingSignature.sign(attackerPrivKey.keyPacket, dataToSign); const newList = new PacketList(); - newList.push(...[ + newList.push( pktPrivAttacker[0], // attacker private key pktPrivAttacker[1], // attacker user pktPrivAttacker[2], // attacker self signature pktPubVictim[3], // victim subkey fakeBindingSignature // faked key binding - ]); + ); let fakeKey = new Key(newList); fakeKey = await readKey({ armoredKey: await fakeKey.toPublic().armor() }); const verifyAttackerIsBatman = await openpgp.verify({ diff --git a/test/security/unsigned_subpackets.js b/test/security/unsigned_subpackets.js index 66c09143..f7c1e17e 100644 --- a/test/security/unsigned_subpackets.js +++ b/test/security/unsigned_subpackets.js @@ -68,7 +68,7 @@ async function makeKeyValid() { } const invalidkey = await getInvalidKey(); // deconstruct invalid key - const [pubkey, puser, pusersig] = invalidkey.toPacketlist().map(i => i); + const [pubkey, puser, pusersig] = invalidkey.toPacketList().map(i => i); // create a fake signature const fake = new SignaturePacket(); Object.assign(fake, pusersig); @@ -81,7 +81,7 @@ async function makeKeyValid() { pusersig.readSubPackets(fake.writeHashedSubPackets(), false); // reconstruct the modified key const newlist = new PacketList(); - newlist.push(...[pubkey, puser, pusersig]); + newlist.push(pubkey, puser, pusersig); let modifiedkey = new Key(newlist); // re-read the message to eliminate any // behaviour due to cached values.