From f6ee6e959e0619d55ed2fb67b029e1c77fa77582 Mon Sep 17 00:00:00 2001 From: larabr <7375870+larabr@users.noreply.github.com> Date: Fri, 17 Jul 2020 14:19:03 +0200 Subject: [PATCH] Finish merging key validation --- src/packet/secret_key.js | 4 +- test/crypto/index.js | 2 +- test/crypto/validate.js | 572 ++++++++++++++++++++------------------- test/general/key.js | 2 +- test/general/openpgp.js | 10 +- 5 files changed, 297 insertions(+), 293 deletions(-) diff --git a/src/packet/secret_key.js b/src/packet/secret_key.js index 376d8ae3..a593599d 100644 --- a/src/packet/secret_key.js +++ b/src/packet/secret_key.js @@ -198,7 +198,7 @@ class SecretKeyPacket extends PublicKeyPacket { } arr.push(new Uint8Array(optionalFieldsArr)); - if (!this.s2k || this.s2k.type !== 'gnu-dummy') { + if (!this.isDummy()) { if (!this.s2k_usage) { const cleartextParams = write_cleartext_params(this.params, this.algorithm); this.keyMaterial = util.concatUint8Array([ @@ -395,7 +395,7 @@ class SecretKeyPacket extends PublicKeyPacket { * Clear private key parameters */ clearPrivateParams() { - if (this.s2k && this.s2k.type === 'gnu-dummy') { + if (this.isDummy()) { this.isEncrypted = true; return; } diff --git a/test/crypto/index.js b/test/crypto/index.js index 1c990b97..a897e1c2 100644 --- a/test/crypto/index.js +++ b/test/crypto/index.js @@ -10,5 +10,5 @@ module.exports = () => describe('Crypto', function () { require('./eax.js')(); require('./ocb.js')(); require('./rsa.js')(); - require('./validate.js'); + require('./validate.js')(); }); diff --git a/test/crypto/validate.js b/test/crypto/validate.js index 9ba8fae0..4a9d71da 100644 --- a/test/crypto/validate.js +++ b/test/crypto/validate.js @@ -1,4 +1,4 @@ -const openpgp = typeof window !== 'undefined' && window.openpgp ? window.openpgp : require('../../dist/openpgp'); +const openpgp = typeof window !== 'undefined' && window.openpgp ? window.openpgp : require('../..'); const chai = require('chai'); const BN = require('bn.js'); @@ -74,314 +74,316 @@ vqBGKJzmO5q3cECw =X9kJ -----END PGP PRIVATE KEY BLOCK-----`; -describe('EdDSA parameter validation', function() { - let keyParams; - before(async () => { - keyParams = await openpgp.crypto.generateParams(openpgp.enums.publicKey.eddsa, null, 'ed25519'); - }); - - it('EdDSA params should be valid', async function() { - const { oid, Q, seed } = openpgp.crypto.publicKey.elliptic.eddsa.parseParams(keyParams); - const valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, Q, seed); - expect(valid).to.be.true; - }); - - it('detect invalid edDSA Q', async function() { - const { oid, Q, seed } = openpgp.crypto.publicKey.elliptic.eddsa.parseParams(keyParams); - - - Q[0]++; - let valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, Q, seed); - expect(valid).to.be.false; - - const infQ = new Uint8Array(Q.length); - valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, infQ, seed); - expect(valid).to.be.false; - }); -}); - -describe('ECC curve validation', function() { - it('EdDSA params are not valid for ECDH', async function() { - const keyParams = await openpgp.crypto.generateParams( - openpgp.enums.publicKey.eddsa, - null, - 'ed25519' - ); - const { oid, Q, seed } = openpgp.crypto.publicKey.elliptic.eddsa.parseParams(keyParams); - const valid = await openpgp.crypto.publicKey.elliptic.ecdh.validateParams(oid, Q, seed); - expect(valid).to.be.false; - }); - - it('EdDSA params are not valid for EcDSA', async function() { - const keyParams = await openpgp.crypto.generateParams( - openpgp.enums.publicKey.eddsa, - null, - 'ed25519' - ); - const { oid, Q, seed } = openpgp.crypto.publicKey.elliptic.eddsa.parseParams(keyParams); - const valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, Q, seed); - expect(valid).to.be.false; - }); - - it('x25519 params are not valid for EcDSA', async function() { - const keyParams = await openpgp.crypto.generateParams( - openpgp.enums.publicKey.ecdsa, - null, - 'curve25519' - ); - const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); - const valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, Q, d); - expect(valid).to.be.false; - }); - - it('EcDSA params are not valid for EdDSA', async function() { - const keyParams = await openpgp.crypto.generateParams( - openpgp.enums.publicKey.ecdsa, null, 'p256' - ); - const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); - const valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, Q, d); - expect(valid).to.be.false; - }); - - it('x25519 params are not valid for EdDSA', async function() { - const keyParams = await openpgp.crypto.generateParams( - openpgp.enums.publicKey.ecdsa, null, 'curve25519' - ); - const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); - const valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, Q, d); - expect(valid).to.be.false; - }); -}); - - -const curves = ['curve25519', 'p256', 'p384', 'p521', 'secp256k1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1']; -curves.forEach(curve => { - describe(`ECC ${curve} parameter validation`, () => { +module.exports = () => { + describe('EdDSA parameter validation', function() { let keyParams; before(async () => { - // we generate also ecdh params as ecdsa ones since we do not need the kdf params - keyParams = await openpgp.crypto.generateParams( - openpgp.enums.publicKey.ecdsa, null, curve - ); + keyParams = await openpgp.crypto.generateParams(openpgp.enums.publicKey.eddsa, null, 'ed25519'); }); - if (curve !== 'curve25519') { - it(`EcDSA ${curve} params should be valid`, async function() { - const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); - const valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, Q, d); - expect(valid).to.be.true; - }); - - it('detect invalid EcDSA Q', async function() { - const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); - - Q[16]++; - let valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, Q, d); - expect(valid).to.be.false; - - const infQ = new Uint8Array(Q.length); - valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, infQ, d); - expect(valid).to.be.false; - }); - } - - it(`ECDH ${curve} params should be valid`, async function() { - const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); - const valid = await openpgp.crypto.publicKey.elliptic.ecdh.validateParams(oid, Q, d); + it('EdDSA params should be valid', async function() { + const { oid, Q, seed } = openpgp.crypto.publicKey.elliptic.eddsa.parseParams(keyParams); + const valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, Q, seed); expect(valid).to.be.true; }); - it('detect invalid ECDH Q', async function() { - const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); + it('detect invalid edDSA Q', async function() { + const { oid, Q, seed } = openpgp.crypto.publicKey.elliptic.eddsa.parseParams(keyParams); - Q[16]++; - let valid = await openpgp.crypto.publicKey.elliptic.ecdh.validateParams(oid, Q, d); + + Q[0]++; + let valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, Q, seed); expect(valid).to.be.false; const infQ = new Uint8Array(Q.length); - valid = await openpgp.crypto.publicKey.elliptic.ecdh.validateParams(oid, infQ, d); + valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, infQ, seed); expect(valid).to.be.false; }); }); -}); -describe('RSA parameter validation', function() { - let keyParams; - before(async () => { - keyParams = await openpgp.crypto.generateParams(openpgp.enums.publicKey.rsa_sign, 2048); + describe('ECC curve validation', function() { + it('EdDSA params are not valid for ECDH', async function() { + const keyParams = await openpgp.crypto.generateParams( + openpgp.enums.publicKey.eddsa, + null, + 'ed25519' + ); + const { oid, Q, seed } = openpgp.crypto.publicKey.elliptic.eddsa.parseParams(keyParams); + const valid = await openpgp.crypto.publicKey.elliptic.ecdh.validateParams(oid, Q, seed); + expect(valid).to.be.false; + }); + + it('EdDSA params are not valid for EcDSA', async function() { + const keyParams = await openpgp.crypto.generateParams( + openpgp.enums.publicKey.eddsa, + null, + 'ed25519' + ); + const { oid, Q, seed } = openpgp.crypto.publicKey.elliptic.eddsa.parseParams(keyParams); + const valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, Q, seed); + expect(valid).to.be.false; + }); + + it('x25519 params are not valid for EcDSA', async function() { + const keyParams = await openpgp.crypto.generateParams( + openpgp.enums.publicKey.ecdsa, + null, + 'curve25519' + ); + const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); + const valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, Q, d); + expect(valid).to.be.false; + }); + + it('EcDSA params are not valid for EdDSA', async function() { + const keyParams = await openpgp.crypto.generateParams( + openpgp.enums.publicKey.ecdsa, null, 'p256' + ); + const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); + const valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, Q, d); + expect(valid).to.be.false; + }); + + it('x25519 params are not valid for EdDSA', async function() { + const keyParams = await openpgp.crypto.generateParams( + openpgp.enums.publicKey.ecdsa, null, 'curve25519' + ); + const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); + const valid = await openpgp.crypto.publicKey.elliptic.eddsa.validateParams(oid, Q, d); + expect(valid).to.be.false; + }); }); - it('generated RSA params are valid', async function() { - const n = keyParams[0].toUint8Array(); - const e = keyParams[1].toUint8Array(); - const d = keyParams[2].toUint8Array(); - const p = keyParams[3].toUint8Array(); - const q = keyParams[4].toUint8Array(); - const u = keyParams[5].toUint8Array(); - const valid = await openpgp.crypto.publicKey.rsa.validateParams(n, e, d, p, q, u); - expect(valid).to.be.true; + + const curves = ['curve25519', 'p256', 'p384', 'p521', 'secp256k1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1']; + curves.forEach(curve => { + describe(`ECC ${curve} parameter validation`, () => { + let keyParams; + before(async () => { + // we generate also ecdh params as ecdsa ones since we do not need the kdf params + keyParams = await openpgp.crypto.generateParams( + openpgp.enums.publicKey.ecdsa, null, curve + ); + }); + + if (curve !== 'curve25519') { + it(`EcDSA ${curve} params should be valid`, async function() { + const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); + const valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, Q, d); + expect(valid).to.be.true; + }); + + it('detect invalid EcDSA Q', async function() { + const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); + + Q[16]++; + let valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, Q, d); + expect(valid).to.be.false; + + const infQ = new Uint8Array(Q.length); + valid = await openpgp.crypto.publicKey.elliptic.ecdsa.validateParams(oid, infQ, d); + expect(valid).to.be.false; + }); + } + + it(`ECDH ${curve} params should be valid`, async function() { + const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); + const valid = await openpgp.crypto.publicKey.elliptic.ecdh.validateParams(oid, Q, d); + expect(valid).to.be.true; + }); + + it('detect invalid ECDH Q', async function() { + const { oid, Q, d } = openpgp.crypto.publicKey.elliptic.ecdsa.parseParams(keyParams); + + Q[16]++; + let valid = await openpgp.crypto.publicKey.elliptic.ecdh.validateParams(oid, Q, d); + expect(valid).to.be.false; + + const infQ = new Uint8Array(Q.length); + valid = await openpgp.crypto.publicKey.elliptic.ecdh.validateParams(oid, infQ, d); + expect(valid).to.be.false; + }); + }); }); - it('detect invalid RSA n', async function() { - const n = keyParams[0].toUint8Array(); - const e = keyParams[1].toUint8Array(); - const d = keyParams[2].toUint8Array(); - const p = keyParams[3].toUint8Array(); - const q = keyParams[4].toUint8Array(); - const u = keyParams[5].toUint8Array(); + describe('RSA parameter validation', function() { + let keyParams; + before(async () => { + keyParams = await openpgp.crypto.generateParams(openpgp.enums.publicKey.rsaSign, 2048); + }); - n[0]++; - const valid = await openpgp.crypto.publicKey.rsa.validateParams(n, e, d, p, q, u); - expect(valid).to.be.false; + it('generated RSA params are valid', async function() { + const n = keyParams[0].toUint8Array(); + const e = keyParams[1].toUint8Array(); + const d = keyParams[2].toUint8Array(); + const p = keyParams[3].toUint8Array(); + const q = keyParams[4].toUint8Array(); + const u = keyParams[5].toUint8Array(); + const valid = await openpgp.crypto.publicKey.rsa.validateParams(n, e, d, p, q, u); + expect(valid).to.be.true; + }); + + it('detect invalid RSA n', async function() { + const n = keyParams[0].toUint8Array(); + const e = keyParams[1].toUint8Array(); + const d = keyParams[2].toUint8Array(); + const p = keyParams[3].toUint8Array(); + const q = keyParams[4].toUint8Array(); + const u = keyParams[5].toUint8Array(); + + n[0]++; + const valid = await openpgp.crypto.publicKey.rsa.validateParams(n, e, d, p, q, u); + expect(valid).to.be.false; + }); + + it('detect invalid RSA e', async function() { + const n = keyParams[0].toUint8Array(); + const e = keyParams[1].toUint8Array(); + const d = keyParams[2].toUint8Array(); + const p = keyParams[3].toUint8Array(); + const q = keyParams[4].toUint8Array(); + const u = keyParams[5].toUint8Array(); + + e[0]++; + const valid = await openpgp.crypto.publicKey.rsa.validateParams(n, e, d, p, q, u); + expect(valid).to.be.false; + }); }); - it('detect invalid RSA e', async function() { - const n = keyParams[0].toUint8Array(); - const e = keyParams[1].toUint8Array(); - const d = keyParams[2].toUint8Array(); - const p = keyParams[3].toUint8Array(); - const q = keyParams[4].toUint8Array(); - const u = keyParams[5].toUint8Array(); + describe('DSA parameter validation', function() { + let dsaKey; + before(async () => { + dsaKey = await openpgp.key.readArmored(armoredDSAKey); + }); - e[0]++; - const valid = await openpgp.crypto.publicKey.rsa.validateParams(n, e, d, p, q, u); - expect(valid).to.be.false; - }); -}); + it('DSA params should be valid', async function() { + const params = dsaKey.keyPacket.params; + const p = params[0].toUint8Array(); + const q = params[1].toUint8Array(); + const g = params[2].toUint8Array(); + const y = params[3].toUint8Array(); + const x = params[4].toUint8Array(); + const valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, g, y, x); + expect(valid).to.be.true; + }); -describe('DSA parameter validation', function() { - let dsaKey; - before(async () => { - dsaKey = (await openpgp.key.readArmored(armoredDSAKey)).keys[0]; + it('detect invalid DSA p', async function() { + const params = dsaKey.keyPacket.params; + const p = params[0].toUint8Array(); + const q = params[1].toUint8Array(); + const g = params[2].toUint8Array(); + const y = params[3].toUint8Array(); + const x = params[4].toUint8Array(); + + p[0]++; + const valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, g, y, x); + + expect(valid).to.be.false; + }); + + it('detect invalid DSA y', async function() { + const params = dsaKey.keyPacket.params; + const p = params[0].toUint8Array(); + const q = params[1].toUint8Array(); + const g = params[2].toUint8Array(); + const y = params[3].toUint8Array(); + const x = params[4].toUint8Array(); + + y[0]++; + const valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, g, y, x); + + expect(valid).to.be.false; + }); + + it('detect invalid DSA g', async function() { + const params = dsaKey.keyPacket.params; + const p = params[0].toUint8Array(); + const q = params[1].toUint8Array(); + const g = params[2].toUint8Array(); + const y = params[3].toUint8Array(); + const x = params[4].toUint8Array(); + + g[0]++; + let valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, g, y, x); + expect(valid).to.be.false; + + const gOne = new Uint8Array([1]); + valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, gOne, y, x); + expect(valid).to.be.false; + }); }); - it('DSA params should be valid', async function() { - const params = dsaKey.keyPacket.params; - const p = params[0].toUint8Array(); - const q = params[1].toUint8Array(); - const g = params[2].toUint8Array(); - const y = params[3].toUint8Array(); - const x = params[4].toUint8Array(); - const valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, g, y, x); - expect(valid).to.be.true; + describe('ElGamal parameter validation', function() { + let egKey; + before(async () => { + egKey = (await openpgp.key.readArmored(armoredElGamalKey)).subKeys[0]; + }); + + it('params should be valid', async function() { + const params = egKey.keyPacket.params; + const p = params[0].toUint8Array(); + const g = params[1].toUint8Array(); + const y = params[2].toUint8Array(); + const x = params[3].toUint8Array(); + + const valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, g, y, x); + expect(valid).to.be.true; + }); + + it('detect invalid p', async function() { + const params = egKey.keyPacket.params; + const p = params[0].toUint8Array(); + const g = params[1].toUint8Array(); + const y = params[2].toUint8Array(); + const x = params[3].toUint8Array(); + p[0]++; + const valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, g, y, x); + + expect(valid).to.be.false; + }); + + it('detect invalid y', async function() { + const params = egKey.keyPacket.params; + const p = params[0].toUint8Array(); + const g = params[1].toUint8Array(); + const y = params[2].toUint8Array(); + const x = params[3].toUint8Array(); + + y[0]++; + const valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, g, y, x); + + expect(valid).to.be.false; + }); + + it('detect invalid g', async function() { + const params = egKey.keyPacket.params; + const p = params[0].toUint8Array(); + const g = params[1].toUint8Array(); + const y = params[2].toUint8Array(); + const x = params[3].toUint8Array(); + + g[0]++; + let valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, g, y, x); + expect(valid).to.be.false; + + const gOne = new Uint8Array([1]); + valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, gOne, y, x); + expect(valid).to.be.false; + }); + + it('detect g with small order', async function() { + const params = egKey.keyPacket.params; + const p = params[0].toUint8Array(); + const g = params[1].toUint8Array(); + const y = params[2].toUint8Array(); + const x = params[3].toUint8Array(); + + const pBN = new BN(p); + const gModP = new BN(g).toRed(new BN.red(pBN)); + // g**(p-1)/2 has order 2 + const gOrd2 = gModP.redPow(pBN.subn(1).shrn(1)); + const valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, gOrd2.toArrayLike(Uint8Array, 'be'), y, x); + expect(valid).to.be.false; + }); }); - - it('detect invalid DSA p', async function() { - const params = dsaKey.keyPacket.params; - const p = params[0].toUint8Array(); - const q = params[1].toUint8Array(); - const g = params[2].toUint8Array(); - const y = params[3].toUint8Array(); - const x = params[4].toUint8Array(); - - p[0]++; - const valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, g, y, x); - - expect(valid).to.be.false; - }); - - it('detect invalid DSA y', async function() { - const params = dsaKey.keyPacket.params; - const p = params[0].toUint8Array(); - const q = params[1].toUint8Array(); - const g = params[2].toUint8Array(); - const y = params[3].toUint8Array(); - const x = params[4].toUint8Array(); - - y[0]++; - const valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, g, y, x); - - expect(valid).to.be.false; - }); - - it('detect invalid DSA g', async function() { - const params = dsaKey.keyPacket.params; - const p = params[0].toUint8Array(); - const q = params[1].toUint8Array(); - const g = params[2].toUint8Array(); - const y = params[3].toUint8Array(); - const x = params[4].toUint8Array(); - - g[0]++; - let valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, g, y, x); - expect(valid).to.be.false; - - const gOne = new Uint8Array([1]); - valid = await openpgp.crypto.publicKey.dsa.validateParams(p, q, gOne, y, x); - expect(valid).to.be.false; - }); -}); - -describe('ElGamal parameter validation', function() { - let egKey; - before(async () => { - egKey = (await openpgp.key.readArmored(armoredElGamalKey)).keys[0].subKeys[0]; - }); - - it('params should be valid', async function() { - const params = egKey.keyPacket.params; - const p = params[0].toUint8Array(); - const g = params[1].toUint8Array(); - const y = params[2].toUint8Array(); - const x = params[3].toUint8Array(); - - const valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, g, y, x); - expect(valid).to.be.true; - }); - - it('detect invalid p', async function() { - const params = egKey.keyPacket.params; - const p = params[0].toUint8Array(); - const g = params[1].toUint8Array(); - const y = params[2].toUint8Array(); - const x = params[3].toUint8Array(); - p[0]++; - const valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, g, y, x); - - expect(valid).to.be.false; - }); - - it('detect invalid y', async function() { - const params = egKey.keyPacket.params; - const p = params[0].toUint8Array(); - const g = params[1].toUint8Array(); - const y = params[2].toUint8Array(); - const x = params[3].toUint8Array(); - - y[0]++; - const valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, g, y, x); - - expect(valid).to.be.false; - }); - - it('detect invalid g', async function() { - const params = egKey.keyPacket.params; - const p = params[0].toUint8Array(); - const g = params[1].toUint8Array(); - const y = params[2].toUint8Array(); - const x = params[3].toUint8Array(); - - g[0]++; - let valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, g, y, x); - expect(valid).to.be.false; - - const gOne = new Uint8Array([1]); - valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, gOne, y, x); - expect(valid).to.be.false; - }); - - it('detect g with small order', async function() { - const params = egKey.keyPacket.params; - const p = params[0].toUint8Array(); - const g = params[1].toUint8Array(); - const y = params[2].toUint8Array(); - const x = params[3].toUint8Array(); - - const pBN = new BN(p); - const gModP = new BN(g).toRed(new BN.red(pBN)); - // g**(p-1)/2 has order 2 - const gOrd2 = gModP.redPow(pBN.subn(1).shrn(1)); - const valid = await openpgp.crypto.publicKey.elgamal.validateParams(p, gOrd2.toArrayLike(Uint8Array, 'be'), y, x); - expect(valid).to.be.false; - }); -}); +}; diff --git a/test/general/key.js b/test/general/key.js index e8a68f0a..55716997 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -2861,7 +2861,7 @@ module.exports = () => describe('Key', function() { }); it('clearPrivateParams() - detect that private key parameters were zeroed out', async function() { - const { keys: [key] } = await openpgp.key.readArmored(priv_key_rsa); + const key = await openpgp.key.readArmored(priv_key_rsa); await key.decrypt('hello world'); const signingKeyPacket = key.subKeys[0].keyPacket; const params = signingKeyPacket.params.slice(); diff --git a/test/general/openpgp.js b/test/general/openpgp.js index e71a6b8f..5fea0f03 100644 --- a/test/general/openpgp.js +++ b/test/general/openpgp.js @@ -740,7 +740,7 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { privateKeys: privateKey }; const encrypted = await openpgp.encrypt(encOpt); - decOpt.message = await openpgp.message.readArmored(encrypted.data); + decOpt.message = await openpgp.message.readArmored(encrypted); await expect(openpgp.decrypt(decOpt)).to.be.rejectedWith('Error decrypting message: Private key is not decrypted.'); }); @@ -842,12 +842,14 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { return openpgp.encryptSessionKey({ data: sk, algorithm: 'aes128', - publicKeys: publicKey.keys + publicKeys: publicKey, + armor: false }).then(async function(encrypted) { - const invalidPrivateKey = (await openpgp.key.readArmored(priv_key)).keys[0]; + const message = await openpgp.message.read(encrypted); + const invalidPrivateKey = await openpgp.key.readArmored(priv_key); invalidPrivateKey.subKeys[0].bindingSignatures = []; return openpgp.decryptSessionKeys({ - message: encrypted.message, + message, privateKeys: invalidPrivateKey }).then(() => { throw new Error('Should not decrypt with invalid key');