suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Separate config option to use V5 keys from AEAD config option

Browse Source
This commit is contained in:
Daniel Huigens 2019-08-12 15:32:35 +02:00
parent 9bb1710a9f
commit 80c535eeb7
5 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/config/config.js
View File

@ -76,6 +76,14 @@ export default {
* @property {Integer} aead_chunk_size_byte * @property {Integer} aead_chunk_size_byte
*/ */
aead_chunk_size_byte: 12, aead_chunk_size_byte: 12,
/**
* Use V5 keys.
* **NOT INTEROPERABLE WITH OTHER OPENPGP IMPLEMENTATIONS**
* **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**
* @memberof module:config
* @property {Boolean} v5_keys
*/
v5_keys: false,
/** /**
* {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}: * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}:
* Iteration Count Byte for S2K (String to Key) * Iteration Count Byte for S2K (String to Key)

3
src/key.js
View File

@ -1526,6 +1526,9 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options) {
if (config.aead_protect && config.aead_protect_version === 4) { if (config.aead_protect && config.aead_protect_version === 4) {
signaturePacket.features || (signaturePacket.features = [0]); signaturePacket.features || (signaturePacket.features = [0]);
signaturePacket.features[0] |= enums.features.aead; signaturePacket.features[0] |= enums.features.aead;
}
if (config.v5_keys) {
signaturePacket.features || (signaturePacket.features = [0]);
signaturePacket.features[0] |= enums.features.v5_keys; signaturePacket.features[0] |= enums.features.v5_keys;
} }
if (options.keyExpirationTime > 0) { if (options.keyExpirationTime > 0) {

2
src/packet/public_key.js
View File

@ -56,7 +56,7 @@ function PublicKey(date=new Date()) {
* Packet version * Packet version
* @type {Integer} * @type {Integer}
*/ */
this.version = config.aead_protect && config.aead_protect_version === 4 ? 5 : 4; this.version = config.v5_keys ? 5 : 4;
/** /**
* Key creation date. * Key creation date.
* @type {Date} * @type {Date}

8
test/general/key.js
View File

@ -1680,7 +1680,7 @@ function versionSpecificTests() {
expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha256, hash.sha512, hash.sha1]); expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha256, hash.sha512, hash.sha1]);
const compr = openpgp.enums.compression; const compr = openpgp.enums.compression;
expect(key.users[0].selfCertifications[0].preferredCompressionAlgorithms).to.eql([compr.zlib, compr.zip]); expect(key.users[0].selfCertifications[0].preferredCompressionAlgorithms).to.eql([compr.zlib, compr.zip]);
expect(key.users[0].selfCertifications[0].features).to.eql(openpgp.config.aead_protect && openpgp.config.aead_protect_version === 4 ? [7] : [1]); expect(key.users[0].selfCertifications[0].features).to.eql(openpgp.config.v5_keys ? [7] : [1]);
}; };
const opt = {numBits: 512, userIds: 'test <a@b.com>', passphrase: 'hello'}; const opt = {numBits: 512, userIds: 'test <a@b.com>', passphrase: 'hello'};
if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys
@ -1717,7 +1717,7 @@ function versionSpecificTests() {
expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha224, hash.sha256, hash.sha512, hash.sha1]); expect(key.users[0].selfCertifications[0].preferredHashAlgorithms).to.eql([hash.sha224, hash.sha256, hash.sha512, hash.sha1]);
const compr = openpgp.enums.compression; const compr = openpgp.enums.compression;
expect(key.users[0].selfCertifications[0].preferredCompressionAlgorithms).to.eql([compr.zlib, compr.zip]); expect(key.users[0].selfCertifications[0].preferredCompressionAlgorithms).to.eql([compr.zlib, compr.zip]);
expect(key.users[0].selfCertifications[0].features).to.eql(openpgp.config.aead_protect && openpgp.config.aead_protect_version === 4 ? [7] : [1]); expect(key.users[0].selfCertifications[0].features).to.eql(openpgp.config.v5_keys ? [7] : [1]);
}; };
const opt = {numBits: 512, userIds: 'test <a@b.com>', passphrase: 'hello'}; const opt = {numBits: 512, userIds: 'test <a@b.com>', passphrase: 'hello'};
if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys
@ -2208,17 +2208,21 @@ describe('Key', function() {
describe('V4', versionSpecificTests); describe('V4', versionSpecificTests);
let v5_keysVal;
let aead_protectVal; let aead_protectVal;
let aead_protect_versionVal; let aead_protect_versionVal;
tryTests('V5', versionSpecificTests, { tryTests('V5', versionSpecificTests, {
if: !openpgp.config.saucelabs, if: !openpgp.config.saucelabs,
beforeEach: function() { beforeEach: function() {
v5_keysVal = openpgp.config.v5_keys;
aead_protectVal = openpgp.config.aead_protect; aead_protectVal = openpgp.config.aead_protect;
aead_protect_versionVal = openpgp.config.aead_protect_version; aead_protect_versionVal = openpgp.config.aead_protect_version;
openpgp.config.v5_keys = true;
openpgp.config.aead_protect = true; openpgp.config.aead_protect = true;
openpgp.config.aead_protect_version = 4; openpgp.config.aead_protect_version = 4;
}, },
afterEach: function() { afterEach: function() {
openpgp.config.v5_keys = v5_keysVal;
openpgp.config.aead_protect = aead_protectVal; openpgp.config.aead_protect = aead_protectVal;
openpgp.config.aead_protect_version = aead_protect_versionVal; openpgp.config.aead_protect_version = aead_protect_versionVal;
} }

6
test/general/openpgp.js
View File

@ -696,6 +696,7 @@ describe('[Sauce Labs Group 2] OpenPGP.js public api tests', function() {
let aead_protect_versionVal; let aead_protect_versionVal;
let aead_modeVal; let aead_modeVal;
let aead_chunk_size_byteVal; let aead_chunk_size_byteVal;
let v5_keysVal;
beforeEach(async function() { beforeEach(async function() {
publicKey = await openpgp.key.readArmored(pub_key); publicKey = await openpgp.key.readArmored(pub_key);
@ -723,6 +724,7 @@ describe('[Sauce Labs Group 2] OpenPGP.js public api tests', function() {
aead_protect_versionVal = openpgp.config.aead_protect_version; aead_protect_versionVal = openpgp.config.aead_protect_version;
aead_modeVal = openpgp.config.aead_mode; aead_modeVal = openpgp.config.aead_mode;
aead_chunk_size_byteVal = openpgp.config.aead_chunk_size_byte; aead_chunk_size_byteVal = openpgp.config.aead_chunk_size_byte;
v5_keysVal = openpgp.config.v5_keys;
}); });
afterEach(function() { afterEach(function() {
@ -732,6 +734,7 @@ describe('[Sauce Labs Group 2] OpenPGP.js public api tests', function() {
openpgp.config.aead_protect_version = aead_protect_versionVal; openpgp.config.aead_protect_version = aead_protect_versionVal;
openpgp.config.aead_mode = aead_modeVal; openpgp.config.aead_mode = aead_modeVal;
openpgp.config.aead_chunk_size_byte = aead_chunk_size_byteVal; openpgp.config.aead_chunk_size_byte = aead_chunk_size_byteVal;
openpgp.config.v5_keys = v5_keysVal;
}); });
it('Configuration', async function() { it('Configuration', async function() {
@ -854,11 +857,12 @@ describe('[Sauce Labs Group 2] OpenPGP.js public api tests', function() {
} }
}); });
tryTests('GCM mode (draft04)', tests, { tryTests('GCM mode (V5 keys)', tests, {
if: true, if: true,
beforeEach: function() { beforeEach: function() {
openpgp.config.aead_protect = true; openpgp.config.aead_protect = true;
openpgp.config.aead_mode = openpgp.enums.aead.experimental_gcm; openpgp.config.aead_mode = openpgp.enums.aead.experimental_gcm;
openpgp.config.v5_keys = true;
// Monkey-patch AEAD feature flag // Monkey-patch AEAD feature flag
publicKey.keys[0].users[0].selfCertifications[0].features = [7]; publicKey.keys[0].users[0].selfCertifications[0].features = [7];