From 99ba76c6959aa2c85a534817d4433a255922a4bb Mon Sep 17 00:00:00 2001 From: larabr <7375870+larabr@users.noreply.github.com> Date: Tue, 3 Oct 2023 18:47:39 +0200 Subject: [PATCH] Add `enums.curve.ed25519Legacy` and `.x25519Legacy` Set to replace `enums.curve.ed25519` (resp. `.curve25519`), which can still be used everywhere, but it will be dropped in v6. Deprecation notices have been added to ease transition. --- openpgp.d.ts | 4 ++++ src/enums.js | 8 ++++++-- src/key/helper.js | 6 +++--- test/general/config.js | 8 ++++---- test/general/key.js | 2 +- 5 files changed, 18 insertions(+), 10 deletions(-) diff --git a/openpgp.d.ts b/openpgp.d.ts index 9c8e2c98..df44c530 100644 --- a/openpgp.d.ts +++ b/openpgp.d.ts @@ -831,8 +831,12 @@ export namespace enums { p256 = 'p256', p384 = 'p384', p521 = 'p521', + /** @deprecated use `ed25519Legacy` instead */ ed25519 = 'ed25519', + ed25519Legacy = 'ed25519', + /** @deprecated use `x25519Legacy` instead */ curve25519 = 'curve25519', + x25519Legacy = 'curve25519', secp256k1 = 'secp256k1', brainpoolP256r1 = 'brainpoolP256r1', brainpoolP384r1 = 'brainpoolP384r1', diff --git a/src/enums.js b/src/enums.js index ad7ec96d..c6df0a9b 100644 --- a/src/enums.js +++ b/src/enums.js @@ -43,17 +43,21 @@ export default { '2b8104000a': 'secp256k1', '2B8104000A': 'secp256k1', - /** Ed25519 */ + /** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */ + 'ed25519Legacy': 'ed25519', 'ED25519': 'ed25519', + /** @deprecated use `ed25519Legacy` instead */ 'ed25519': 'ed25519', 'Ed25519': 'ed25519', '1.3.6.1.4.1.11591.15.1': 'ed25519', '2b06010401da470f01': 'ed25519', '2B06010401DA470F01': 'ed25519', - /** Curve25519 */ + /** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */ + 'x25519Legacy': 'curve25519', 'X25519': 'curve25519', 'cv25519': 'curve25519', + /** @deprecated use `x25519Legacy` instead */ 'curve25519': 'curve25519', 'Curve25519': 'curve25519', '1.3.6.1.4.1.3029.1.5.1': 'curve25519', diff --git a/src/key/helper.js b/src/key/helper.js index 77507151..a075cd48 100644 --- a/src/key/helper.js +++ b/src/key/helper.js @@ -333,11 +333,11 @@ export function sanitizeKeyOptions(options, subkeyDefaults = {}) { } catch (e) { throw new Error('Unknown curve'); } - if (options.curve === enums.curve.ed25519 || options.curve === enums.curve.curve25519) { - options.curve = options.sign ? enums.curve.ed25519 : enums.curve.curve25519; + if (options.curve === enums.curve.ed25519Legacy || options.curve === enums.curve.x25519Legacy) { + options.curve = options.sign ? enums.curve.ed25519Legacy : enums.curve.x25519Legacy; } if (options.sign) { - options.algorithm = options.curve === enums.curve.ed25519 ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; + options.algorithm = options.curve === enums.curve.ed25519Legacy ? enums.publicKey.eddsaLegacy : enums.publicKey.ecdsa; } else { options.algorithm = enums.publicKey.ecdh; } diff --git a/test/general/config.js b/test/general/config.js index 47f3dcb8..cff7ecc0 100644 --- a/test/general/config.js +++ b/test/general/config.js @@ -296,11 +296,11 @@ n9/quqtmyOtYOA6gXNCw0Fal3iANKBmsPmYI })).to.be.eventually.rejectedWith(/ecdh keys are considered too weak/); await expect(openpgp.encrypt({ - message, encryptionKeys: [key], config: { rejectCurves: new Set([openpgp.enums.curve.curve25519]) } + message, encryptionKeys: [key], config: { rejectCurves: new Set([openpgp.enums.curve.x25519Legacy]) } })).to.be.eventually.rejectedWith(/Support for ecdh keys using curve curve25519 is disabled/); const echdEncrypted = await openpgp.encrypt({ - message, encryptionKeys: [key], config: { rejectCurves: new Set([openpgp.enums.curve.ed25519]) } + message, encryptionKeys: [key], config: { rejectCurves: new Set([openpgp.enums.curve.ed25519Legacy]) } }); expect(echdEncrypted).to.match(/---BEGIN PGP MESSAGE---/); } finally { @@ -369,7 +369,7 @@ n9/quqtmyOtYOA6gXNCw0Fal3iANKBmsPmYI message, signingKeys: [key], config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.eddsaLegacy]) } })).to.be.eventually.rejectedWith(/eddsa keys are considered too weak/); await expect(openpgp.sign({ - message, signingKeys: [key], config: { rejectCurves: new Set([openpgp.enums.curve.ed25519]) } + message, signingKeys: [key], config: { rejectCurves: new Set([openpgp.enums.curve.ed25519Legacy]) } })).to.be.eventually.rejectedWith(/Support for eddsa keys using curve ed25519 is disabled/); }); @@ -419,7 +419,7 @@ n9/quqtmyOtYOA6gXNCw0Fal3iANKBmsPmYI const opt5 = { message: await openpgp.readMessage({ armoredMessage: signed }), verificationKeys: [key], - config: { rejectCurves: new Set([openpgp.enums.curve.ed25519]) } + config: { rejectCurves: new Set([openpgp.enums.curve.ed25519Legacy]) } }; const { signatures: [sig5] } = await openpgp.verify(opt5); await expect(sig5.verified).to.be.eventually.rejectedWith(/Support for eddsa keys using curve ed25519 is disabled/); diff --git a/test/general/key.js b/test/general/key.js index 2b416def..e2bab875 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -4070,7 +4070,7 @@ XvmoLueOOShu01X/kaylMqaT8w== const subkey = newPrivateKey.subkeys[total]; expect(subkey).to.exist; expect(subkey.getAlgorithmInfo().algorithm).to.be.equal('ecdh'); - expect(subkey.getAlgorithmInfo().curve).to.be.equal(openpgp.enums.curve.curve25519); + expect(subkey.getAlgorithmInfo().curve).to.be.equal(openpgp.enums.curve.x25519Legacy); await subkey.verify(); });