From 80c535eeb7511b9f239ef882cbcfacc50d7d7990 Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Mon, 12 Aug 2019 15:32:35 +0200 Subject: [PATCH] Separate config option to use V5 keys from AEAD config option --- src/config/config.js | 8 ++++++++ src/key.js | 3 +++ src/packet/public_key.js | 2 +- test/general/key.js | 8 ++++++-- test/general/openpgp.js | 6 +++++- 5 files changed, 23 insertions(+), 4 deletions(-) diff --git a/src/config/config.js b/src/config/config.js index 9e53b925..f88c70df 100644 --- a/src/config/config.js +++ b/src/config/config.js @@ -76,6 +76,14 @@ export default { * @property {Integer} aead_chunk_size_byte */ aead_chunk_size_byte: 12, + /** + * Use V5 keys. + * **NOT INTEROPERABLE WITH OTHER OPENPGP IMPLEMENTATIONS** + * **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION** + * @memberof module:config + * @property {Boolean} v5_keys + */ + v5_keys: false, /** * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}: * Iteration Count Byte for S2K (String to Key) diff --git a/src/key.js b/src/key.js index a783352f..430c0f03 100644 --- a/src/key.js +++ b/src/key.js @@ -1526,6 +1526,9 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options) { if (config.aead_protect && config.aead_protect_version === 4) { signaturePacket.features || (signaturePacket.features = [0]); signaturePacket.features[0] |= enums.features.aead; + } + if (config.v5_keys) { + signaturePacket.features || (signaturePacket.features = [0]); signaturePacket.features[0] |= enums.features.v5_keys; } if (options.keyExpirationTime > 0) { diff --git a/src/packet/public_key.js b/src/packet/public_key.js index 30be0afa..ec743da0 100644 --- a/src/packet/public_key.js +++ b/src/packet/public_key.js @@ -56,7 +56,7 @@ function PublicKey(date=new Date()) { * Packet version * @type {Integer} */ - this.version = config.aead_protect && config.aead_protect_version === 4 ? 5 : 4; + this.version = config.v5_keys ? 5 : 4; /** * Key creation date. * @type {Date} diff --git a/test/general/key.js b/test/general/key.js index 491c72fb..d56e6a62 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -1680,7 +1680,7 @@ function versionSpecificTests() { expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha256, hash.sha512, hash.sha1]); const compr = openpgp.enums.compression; expect(key.users[0].selfCertifications[0].preferredCompressionAlgorithms).to.eql([compr.zlib, compr.zip]); - expect(key.users[0].selfCertifications[0].features).to.eql(openpgp.config.aead_protect && openpgp.config.aead_protect_version === 4 ? [7] : [1]); + expect(key.users[0].selfCertifications[0].features).to.eql(openpgp.config.v5_keys ? [7] : [1]); }; const opt = {numBits: 512, userIds: 'test ', passphrase: 'hello'}; if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys @@ -1717,7 +1717,7 @@ function versionSpecificTests() { expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha224, hash.sha256, hash.sha512, hash.sha1]); const compr = openpgp.enums.compression; expect(key.users[0].selfCertifications[0].preferredCompressionAlgorithms).to.eql([compr.zlib, compr.zip]); - expect(key.users[0].selfCertifications[0].features).to.eql(openpgp.config.aead_protect && openpgp.config.aead_protect_version === 4 ? [7] : [1]); + expect(key.users[0].selfCertifications[0].features).to.eql(openpgp.config.v5_keys ? [7] : [1]); }; const opt = {numBits: 512, userIds: 'test ', passphrase: 'hello'}; if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys @@ -2208,17 +2208,21 @@ describe('Key', function() { describe('V4', versionSpecificTests); + let v5_keysVal; let aead_protectVal; let aead_protect_versionVal; tryTests('V5', versionSpecificTests, { if: !openpgp.config.saucelabs, beforeEach: function() { + v5_keysVal = openpgp.config.v5_keys; aead_protectVal = openpgp.config.aead_protect; aead_protect_versionVal = openpgp.config.aead_protect_version; + openpgp.config.v5_keys = true; openpgp.config.aead_protect = true; openpgp.config.aead_protect_version = 4; }, afterEach: function() { + openpgp.config.v5_keys = v5_keysVal; openpgp.config.aead_protect = aead_protectVal; openpgp.config.aead_protect_version = aead_protect_versionVal; } diff --git a/test/general/openpgp.js b/test/general/openpgp.js index 65146234..e6758b09 100644 --- a/test/general/openpgp.js +++ b/test/general/openpgp.js @@ -696,6 +696,7 @@ describe('[Sauce Labs Group 2] OpenPGP.js public api tests', function() { let aead_protect_versionVal; let aead_modeVal; let aead_chunk_size_byteVal; + let v5_keysVal; beforeEach(async function() { publicKey = await openpgp.key.readArmored(pub_key); @@ -723,6 +724,7 @@ describe('[Sauce Labs Group 2] OpenPGP.js public api tests', function() { aead_protect_versionVal = openpgp.config.aead_protect_version; aead_modeVal = openpgp.config.aead_mode; aead_chunk_size_byteVal = openpgp.config.aead_chunk_size_byte; + v5_keysVal = openpgp.config.v5_keys; }); afterEach(function() { @@ -732,6 +734,7 @@ describe('[Sauce Labs Group 2] OpenPGP.js public api tests', function() { openpgp.config.aead_protect_version = aead_protect_versionVal; openpgp.config.aead_mode = aead_modeVal; openpgp.config.aead_chunk_size_byte = aead_chunk_size_byteVal; + openpgp.config.v5_keys = v5_keysVal; }); it('Configuration', async function() { @@ -854,11 +857,12 @@ describe('[Sauce Labs Group 2] OpenPGP.js public api tests', function() { } }); - tryTests('GCM mode (draft04)', tests, { + tryTests('GCM mode (V5 keys)', tests, { if: true, beforeEach: function() { openpgp.config.aead_protect = true; openpgp.config.aead_mode = openpgp.enums.aead.experimental_gcm; + openpgp.config.v5_keys = true; // Monkey-patch AEAD feature flag publicKey.keys[0].users[0].selfCertifications[0].features = [7];