suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor key generation to use callback

Browse Source 
* TODO: reactive native web crypto in rsa.js:142
* TODO: generate publicExponent Uint8Array from argument E in rsa.js:148
* TODO: signing with generated web crypto key fails with "Could not find valid key packet for signing in key"
This commit is contained in:
Tankred Hase 2014-09-30 15:38:02 +02:00
parent d6963f2017
commit cbe4a17ccb
12 changed files with 650 additions and 583 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -1,7 +1,7 @@
{
"name": "openpgp",
"description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
"version": "0.7.2",
"version": "0.8.0-dev",
"homepage": "http://openpgpjs.org/",
"engines": {
"node": ">=0.8"

24
src/crypto/crypto.js
View File

@ -178,15 +178,19 @@ module.exports = {
}
},
generateMpi: function(algo, bits) {
var result = (function() {
generateMpi: function(algo, bits, callback) {
switch (algo) {
case 'rsa_encrypt':
case 'rsa_encrypt_sign':
case 'rsa_sign':
//remember "publicKey" refers to the crypto/public_key dir
var rsa = new publicKey.rsa();
var keyObject = rsa.generate(bits, "10001");
rsa.generate(bits, "10001", function(err, keyObject) {
if (err) {
callback(err);
return;
}
var output = [];
output.push(keyObject.n);
output.push(keyObject.ee);
@ -194,17 +198,21 @@ module.exports = {
output.push(keyObject.p);
output.push(keyObject.q);
output.push(keyObject.u);
return output;
default:
throw new Error('Unsupported algorithm for key generation.');
}
})();
callback(null, mapResult(output));
});
break;
default:
callback(new Error('Unsupported algorithm for key generation.'));
}
function mapResult(result) {
return result.map(function(bn) {
var mpi = new type_mpi();
mpi.fromBigInteger(bn);
return mpi;
});
}
},

55
src/crypto/public_key/rsa.js
View File

@ -133,13 +133,15 @@ function RSA() {
// Generate a new random private key B bits long, using public expt E
function generate(B, E) {
function generate(B, E, callback) {
//
// Web Crypto RSA keygen proposal example
// Native RSA keygen using Web Crypto
//
if (typeof window !== 'undefined' && window.crypto && window.crypto.subtle) {
if (false && typeof window !== 'undefined' && window.crypto && (window.crypto.subtle || window.crypto.webkitSubtle)) {
var subtle = window.crypto.subtle || window.crypto.webkitSubtle;
var keyGenOpt = {
name: 'RSASSA-PKCS1-v1_5',
modulusLength: B, // the specified keysize in bits
@ -151,52 +153,34 @@ function RSA() {
var extractable = true; // make generated key extractable
window.crypto.subtle.generateKey(keyGenOpt, extractable, ['sign', 'verify'])
.then(onGenerated)
.then(onExported);
subtle.generateKey(keyGenOpt, extractable, ['sign', 'verify'])
.then(onGenerated, callback)
.then(onExported, callback);
return;
}
function onGenerated(key) {
// export the generated keys as JsonWebKey (JWK)
// https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33
var p1 = window.crypto.subtle.exportKey('jwk', key.privateKey);
var p2 = window.crypto.subtle.exportKey('jwk', key.publicKey);
return window.Promise.all([p1, p2]);
return subtle.exportKey('jwk', key.privateKey);
}
function onExported(exported) {
// Exported JWK has the following encoded parameters: n, p, q, qi, ...
var privKey = exported[0];
var pubKey = exported[1];
console.log('Exported private key: ', privKey);
console.log('Exported public key: ', pubKey);
var d = privKey.d;
var dp = privKey.dp;
var dq = privKey.dq;
var e = privKey.e;
var n = privKey.n;
var p = privKey.p;
var q = privKey.q;
var qi = privKey.qi;
function onExported(jwk) {
// map JWK parameters to local BigInteger type system
var key = new keyObject();
key.n = new BigInteger(util.hexstrdump(base64(n)), 16);
key.n = new BigInteger(util.hexstrdump(base64(jwk.n)), 16);
key.ee = new BigInteger(E, 16);
key.d = new BigInteger(util.hexstrdump(base64(d)), 16);
key.p = new BigInteger(util.hexstrdump(base64(p)), 16);
key.q = new BigInteger(util.hexstrdump(base64(q)), 16);
key.d = new BigInteger(util.hexstrdump(base64(jwk.d)), 16);
key.p = new BigInteger(util.hexstrdump(base64(jwk.p)), 16);
key.q = new BigInteger(util.hexstrdump(base64(jwk.q)), 16);
key.u = key.p.modInverse(key.q);
function base64(base64url) {
return base64url.replace(/-/g, '+').replace(/_/g, '/')
return base64url.replace(/-/g, '+').replace(/_/g, '/');
}
// TODO: add async style callback
callback(null, key);
}
//
@ -236,7 +220,8 @@ function RSA() {
break;
}
}
return key;
callback(null, key);
}
this.encrypt = encrypt;

40
src/key.js
View File

@ -910,7 +910,9 @@ function readArmored(armoredText) {
* @return {module:key~Key}
* @static
*/
function generate(options) {
function generate(options, callback) {
var packetlist, secretKeyPacket, userIdPacket, dataToSign, signaturePacket, secretSubkeyPacket, subkeySignaturePacket;
options.keyType = options.keyType || enums.publicKey.rsa_encrypt_sign;
// RSA Encrypt-Only and RSA Sign-Only are deprecated and SHOULD NOT be generated
if (options.keyType !== enums.publicKey.rsa_encrypt_sign) {
@ -921,22 +923,29 @@ function generate(options) {
options.unlocked = true;
}
var packetlist = new packet.List();
packetlist = new packet.List();
var secretKeyPacket = new packet.SecretKey();
secretKeyPacket = new packet.SecretKey();
secretKeyPacket.algorithm = enums.read(enums.publicKey, options.keyType);
secretKeyPacket.generate(options.numBits);
secretKeyPacket.generate(options.numBits, onSecretKeyGenerated);
function onSecretKeyGenerated(err) {
if (err) {
callback(err);
return;
}
if (options.passphrase) {
secretKeyPacket.encrypt(options.passphrase);
}
var userIdPacket = new packet.Userid();
userIdPacket = new packet.Userid();
userIdPacket.read(options.userId);
var dataToSign = {};
dataToSign = {};
dataToSign.userid = userIdPacket;
dataToSign.key = secretKeyPacket;
var signaturePacket = new packet.Signature();
signaturePacket = new packet.Signature();
signaturePacket.signatureType = enums.signature.cert_generic;
signaturePacket.publicKeyAlgorithm = options.keyType;
signaturePacket.hashAlgorithm = config.prefer_hash_algorithm;
@ -960,9 +969,17 @@ function generate(options) {
}
signaturePacket.sign(secretKeyPacket, dataToSign);
var secretSubkeyPacket = new packet.SecretSubkey();
secretSubkeyPacket = new packet.SecretSubkey();
secretSubkeyPacket.algorithm = enums.read(enums.publicKey, options.keyType);
secretSubkeyPacket.generate(options.numBits);
secretSubkeyPacket.generate(options.numBits, onSecretSubkeyGenerated);
}
function onSecretSubkeyGenerated(err) {
if (err) {
callback(err);
return;
}
if (options.passphrase) {
secretSubkeyPacket.encrypt(options.passphrase);
}
@ -970,7 +987,7 @@ function generate(options) {
dataToSign = {};
dataToSign.key = secretKeyPacket;
dataToSign.bind = secretSubkeyPacket;
var subkeySignaturePacket = new packet.Signature();
subkeySignaturePacket = new packet.Signature();
subkeySignaturePacket.signatureType = enums.signature.subkey_binding;
subkeySignaturePacket.publicKeyAlgorithm = options.keyType;
subkeySignaturePacket.hashAlgorithm = config.prefer_hash_algorithm;
@ -988,7 +1005,8 @@ function generate(options) {
secretSubkeyPacket.clearPrivateMPIs();
}
return new Key(packetlist);
callback(null, new Key(packetlist));
}
}
/**

26
src/openpgp.js
View File

@ -224,24 +224,28 @@ function verifyClearSignedMessage(publicKeys, msg, callback) {
* @param {String} options.userId assumes already in form of "User Name <username@email.com>"
* @param {String} options.passphrase The passphrase used to encrypt the resulting private key
* @param {Boolean} [options.unlocked=false] The secret part of the generated key is unlocked
* @param {function} callback (optional) callback(error, result) for async style
* @param {function} callback(error, result) The required callback
* @return {Object} {key: module:key~Key, privateKeyArmored: String, publicKeyArmored: String}
* @static
*/
function generateKeyPair(options, callback) {
if (useWorker(callback)) {
if (!callback) {
throw new Error('Callback must be set for key generation!');
}
// use web worker if web crypto apis are not supported
if (!useWebCrypto() && useWorker(callback)) {
asyncProxy.generateKeyPair(options, callback);
return;
}
return execute(function() {
key.generate(options, function(err, newKey) {
var result = {};
var newKey = key.generate(options);
result.key = newKey;
result.privateKeyArmored = newKey.armor();
result.publicKeyArmored = newKey.toPublic().armor();
return result;
}, callback);
callback(null, result);
});
}
//
@ -257,12 +261,20 @@ function useWorker(callback) {
}
if (!asyncProxy) {
throw new Error('You need to set the worker path!');
console.log('You need to set the worker path!');
return false;
}
return true;
}
/**
* Check for WebCrypto support
*/
function useWebCrypto() {
return typeof window !== 'undefined' && window.crypto && (window.crypto.subtle || window.crypto.webkitSubtle);
}
/**
* Command pattern that handles async calls gracefully
*/

16
src/packet/secret_key.js
View File

@ -270,9 +270,19 @@ SecretKey.prototype.decrypt = function (passphrase) {
return true;
};
SecretKey.prototype.generate = function (bits) {
this.mpi = crypto.generateMpi(this.algorithm, bits);
this.isDecrypted = true;
SecretKey.prototype.generate = function (bits, callback) {
var self = this;
crypto.generateMpi(self.algorithm, bits, function(err, mpi) {
if (err) {
callback(err);
return;
}
self.mpi = mpi;
self.isDecrypted = true;
callback();
});
};
/**

12
src/worker/worker.js
View File

@ -110,12 +110,20 @@ onmessage = function (event) {
break;
case 'generate-key-pair':
try {
data = window.openpgp.generateKeyPair(msg.options);
window.openpgp.generateKeyPair(msg.options, function(error, data) {
if (error) {
err = error.message;
response({event: 'method-return', data: data, err: err});
return;
}
data.key = data.key.toPacketlist();
response({event: 'method-return', data: data, err: err});
});
} catch (e) {
err = e.message;
}
response({event: 'method-return', data: data, err: err});
}
break;
case 'decrypt-key':
try {

31
test/general/basic.js
View File

@ -8,8 +8,11 @@ var chai = require('chai'),
describe('Basic', function() {
describe("Key generation/encryption/decryption", function() {
var testHelper = function(passphrase, userid, message) {
var key = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
var testHelper = function(passphrase, userid, message, done) {
var opt = {numBits: 512, userId: userid, passphrase: passphrase};
openpgp.generateKeyPair(opt, function(err, key) {
expect(err).to.not.exist;
expect(key).to.exist;
expect(key.key).to.exist;
expect(key.privateKeyArmored).to.exist;
@ -50,15 +53,16 @@ describe('Basic', function() {
expect(decrypted).to.exist;
expect(decrypted.signatures[0].valid).to.be.true;
expect(decrypted.text).to.equal(message);
done();
});
};
it('ASCII Text', function (done) {
testHelper('password', 'Test McTestington <test@example.com>', 'hello world');
done();
testHelper('password', 'Test McTestington <test@example.com>', 'hello world', done);
});
it('Unicode Text', function (done) {
testHelper('●●●●', '♔♔♔♔ <test@example.com>', 'łäóć');
done();
testHelper('●●●●', '♔♔♔♔ <test@example.com>', 'łäóć', done);
});
it('should fail to verify signature for wrong public key', function (done) {
@ -66,7 +70,9 @@ describe('Basic', function() {
var passphrase = 'password';
var message = 'hello world';
var key = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
var opt = {numBits: 512, userId: userid, passphrase: passphrase};
openpgp.generateKeyPair(opt, function(err, key) {
expect(err).to.not.exist;
var privKeys = openpgp.key.readArmored(key.privateKeyArmored);
var publicKeys = openpgp.key.readArmored(key.publicKeyArmored);
@ -81,7 +87,9 @@ describe('Basic', function() {
var msg = openpgp.message.readArmored(encrypted);
expect(msg).to.exist;
var anotherKey = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
openpgp.generateKeyPair(opt, function(err, anotherKey) {
expect(err).to.not.exist;
var anotherPubKey = openpgp.key.readArmored(anotherKey.publicKeyArmored).keys[0];
var decrypted = openpgp.decryptAndVerifyMessage(privKey, [anotherPubKey], msg);
@ -90,6 +98,8 @@ describe('Basic', function() {
expect(decrypted.text).to.equal(message);
done();
});
});
});
it('Performance test', function (done) {
// init test data
@ -103,7 +113,9 @@ describe('Basic', function() {
var userid = 'Test McTestington <test@example.com>';
var passphrase = 'password';
var key = openpgp.generateKeyPair({numBits: 512, userId: userid, passphrase: passphrase});
var opt = {numBits: 512, userId: userid, passphrase: passphrase};
openpgp.generateKeyPair(opt, function(err, key) {
expect(err).to.not.exist;
var info = '\npassphrase: ' + passphrase + '\n' + 'userid: ' + userid + '\n' + 'message: ' + message;
@ -145,6 +157,7 @@ describe('Basic', function() {
done();
});
});
});
describe("Message encryption/decryption", function() {
var pub_key =

18
test/general/key.js
View File

@ -618,7 +618,7 @@ var pgp_desktop_priv =
expect(prefAlgo).to.equal(openpgp.config.encryption_cipher);
});
it('Preferences of generated key', function() {
it('Preferences of generated key', function(done) {
var testPref = function(key) {
// key flags
var keyFlags = openpgp.enums.keyFlags;
@ -633,10 +633,14 @@ var pgp_desktop_priv =
var compr = openpgp.enums.compression;
expect(key.users[0].selfCertifications[0].preferredCompressionAlgorithms).to.eql([compr.zlib, compr.zip]);
expect(key.users[0].selfCertifications[0].features).to.eql(openpgp.config.integrity_protect ? [1] : null); // modification detection
}
var key = openpgp.generateKeyPair({numBits: 512, userId: 'test', passphrase: 'hello'});
};
var opt = {numBits: 512, userId: 'test', passphrase: 'hello'};
openpgp.generateKeyPair(opt, function(err, key) {
expect(err).to.not.exist;
testPref(key.key);
testPref(openpgp.key.readArmored(key.publicKeyArmored).keys[0]);
done();
});
});
it('User attribute packet read & write', function() {
@ -653,11 +657,15 @@ var pgp_desktop_priv =
expect(primUser.selfCertificate).to.be.an.instanceof(openpgp.packet.Signature);
});
it('Generated key is not unlocked by default', function() {
var key = openpgp.generateKeyPair({numBits: 512, userId: 'test', passphrase: '123'});
it('Generated key is not unlocked by default', function(done) {
var opt = {numBits: 512, userId: 'test', passphrase: '123'};
openpgp.generateKeyPair(opt, function(err, key) {
expect(err).to.not.exist;
var msg = openpgp.message.fromText('hello').encrypt([key.key]);
msg = msg.decrypt.bind(msg, key.key);
expect(msg).to.throw('Private key is not decrypted.');
done();
});
});
});

27
test/general/packet.js
View File

@ -117,10 +117,12 @@ describe("Packet", function() {
});
it('Public key encrypted symmetric key packet', function(done) {
var rsa = new openpgp.crypto.publicKey.rsa(),
mpi = rsa.generate(512, "10001")
var rsa = new openpgp.crypto.publicKey.rsa();
var mpi = [mpi.n, mpi.ee, mpi.d, mpi.p, mpi.q, mpi.u];
rsa.generate(512, "10001", function(error, mpiGen) {
expect(error).to.not.exist;
var mpi = [mpiGen.n, mpiGen.ee, mpiGen.d, mpiGen.p, mpiGen.q, mpiGen.u];
mpi = mpi.map(function(k) {
var mpi = new openpgp.MPI();
@ -148,6 +150,7 @@ describe("Packet", function() {
expect(msg2[0].sessionKeyAlgorithm).to.equal(enc.sessionKeyAlgorithm);
done();
});
});
it('Secret key packet (reading, unencrpted)', function(done) {
var armored_key =
@ -240,7 +243,6 @@ describe("Packet", function() {
'=iSaK\n' +
'-----END PGP MESSAGE-----';
var key = new openpgp.packet.List();
key.read(openpgp.armor.decode(armored_key).data);
key = key[3];
@ -380,11 +382,12 @@ describe("Packet", function() {
var key = new openpgp.packet.List();
key.push(new openpgp.packet.SecretKey);
var rsa = new openpgp.crypto.publicKey.rsa(),
mpi = rsa.generate(512, "10001")
var rsa = new openpgp.crypto.publicKey.rsa();
rsa.generate(512, "10001", function(err, mipGen) {
expect(err).to.not.exist;
var mpi = [mpi.n, mpi.ee, mpi.d, mpi.p, mpi.q, mpi.u];
var mpi = [mipGen.n, mipGen.ee, mipGen.d, mipGen.p, mipGen.q, mipGen.u];
mpi = mpi.map(function(k) {
var mpi = new openpgp.MPI();
@ -405,14 +408,17 @@ describe("Packet", function() {
expect(key[0].mpi.toString()).to.equal(key2[0].mpi.toString());
done();
});
});
it('Writing and verification of a signature packet.', function(done) {
var key = new openpgp.packet.SecretKey();
var rsa = new openpgp.crypto.publicKey.rsa,
mpi = rsa.generate(512, "10001")
var rsa = new openpgp.crypto.publicKey.rsa;
var mpi = [mpi.n, mpi.ee, mpi.d, mpi.p, mpi.q, mpi.u];
rsa.generate(512, "10001", function(err, mpiGen) {
expect(err).to.not.exist;
var mpi = [mpiGen.n, mpiGen.ee, mpiGen.d, mpiGen.p, mpiGen.q, mpiGen.u];
mpi = mpi.map(function(k) {
var mpi = new openpgp.MPI();
@ -447,4 +453,5 @@ describe("Packet", function() {
expect(verified).to.be.true;
done();
});
});
});

10
test/general/signature.js
View File

@ -636,13 +636,19 @@ describe("Signature", function() {
expect(result[0].valid).to.be.true;
});
it('Sign message with key without password', function() {
var key = openpgp.generateKeyPair({numBits: 512, userId: 'ABC', passphrase: null}).key;
it('Sign message with key without password', function(done) {
var opt = {numBits: 512, userId: 'ABC', passphrase: null};
openpgp.generateKeyPair(opt, function(err, gen) {
expect(err).to.not.exist;
var key = gen.key;
var message = openpgp.message.fromText('hello world');
message = message.sign([key]);
expect(message).to.exist;
done();
});
});
});

8
test/worker/api.js
View File

@ -427,14 +427,6 @@ describe('High level API', function() {
});
});
it('Generate 1024-bit RSA/RSA key sync', function () {
var key = openpgp.generateKeyPair({numBits: 1024, userId: 'Test McTestington <test@example.com>', passphrase: 'hello world'});
expect(key).to.exist;
expect(key.publicKeyArmored).to.match(/^-----BEGIN PGP PUBLIC/);
expect(key.privateKeyArmored).to.match(/^-----BEGIN PGP PRIVATE/);
expect(key.key).to.be.an.instanceof(openpgp.key.Key);
});
});
describe('Decrypt secret key', function() {