Rename numBits and bits to rsaBits (#970)

Keep supporting the old names as well though in `openpgp.generateKey` and `getAlgorithmInfo`, but not in `openpgp.key.generate` (as it is recommended that developers use `openpgp.generateKey` instead, and it now throws when using `numBits` instead of `rsaBits`, so there's no risk of silent key security downgrade). The old names are now deprecated, and might be removed in v5.
2019-09-18 13:40:44 +02:00 · 2019-09-18 13:40:44 +02:00 · fbbeaa3cd9
commit fbbeaa3cd9
parent 7f40ab0940
7 changed files with 22 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -350,7 +350,7 @@ RSA keys:
 ```js
 var options = {
    userIds: [{ name:'Jon Smith', email:'jon@example.com' }], // multiple user IDs
-    numBits: 4096,                                            // RSA key size
+    rsaBits: 4096,                                            // RSA key size
    passphrase: 'super long and hard to guess secret'         // protects the private key
 };
 ```
--- a/src/key.js
+++ b/src/key.js
@ -829,7 +829,7 @@ Key.prototype.verifyAllUsers = async function(keys) {
 /**
 * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.
 * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key.
- * @param {Integer} options.numBits    number of bits for the key creation.
+ * @param {Integer} options.rsaBits    number of bits for the key creation.
 * @param {Number} [options.keyExpirationTime=0]
 *                             The number of seconds after the key creation time that the key expires
 * @param {String} curve       (optional) Elliptic curve for ECC keys
@ -842,12 +842,11 @@ Key.prototype.addSubkey = async function(options = {}) {
  if (!this.isPrivate()) {
    throw new Error("Cannot add a subkey to a public key");
  }
-  const defaultOptions = this.primaryKey.getAlgorithmInfo();
-  defaultOptions.numBits = defaultOptions.bits;
  const secretKeyPacket = this.primaryKey;
  if (!secretKeyPacket.isDecrypted()) {
    throw new Error("Key is not decrypted");
  }
+  const defaultOptions = secretKeyPacket.getAlgorithmInfo();
  options = sanitizeKeyOptions(options, defaultOptions);
  const keyPacket = await generateSecretSubkey(options);
  const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options);
@ -1336,7 +1335,7 @@ export async function readArmored(armoredText) {
 * @param {module:enums.publicKey} [options.keyType=module:enums.publicKey.rsa_encrypt_sign]
 *                             To indicate what type of key to make.
 *                             RSA is 1. See {@link https://tools.ietf.org/html/rfc4880#section-9.1}
- * @param {Integer} options.numBits    number of bits for the key creation.
+ * @param {Integer} options.rsaBits    number of bits for the key creation.
 * @param {String|Array<String>}  options.userIds
 *                             Assumes already in form of "User Name <username@email.com>"
 *                             If array is used, the first userId is set as primary user Id
@ -1363,7 +1362,7 @@ export async function generate(options) {

 function sanitizeKeyOptions(options, subkeyDefaults = {}) {
  options.curve = options.curve || subkeyDefaults.curve;
-  options.numBits = options.numBits || subkeyDefaults.numBits;
+  options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;
  options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;
  options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;
  options.date = options.date || subkeyDefaults.date;
@ -1384,7 +1383,7 @@ function sanitizeKeyOptions(options, subkeyDefaults = {}) {
    } else {
      options.algorithm = enums.publicKey.ecdh;
    }
-  } else if (options.numBits) {
+  } else if (options.rsaBits) {
    options.algorithm = enums.publicKey.rsa_encrypt_sign;
  } else {
    throw new Error('Unrecognized key type');
@ -1396,7 +1395,7 @@ async function generateSecretKey(options) {
  const secretKeyPacket = new packet.SecretKey(options.date);
  secretKeyPacket.packets = null;
  secretKeyPacket.algorithm = enums.read(enums.publicKey, options.algorithm);
-  await secretKeyPacket.generate(options.numBits, options.curve);
+  await secretKeyPacket.generate(options.rsaBits, options.curve);
  return secretKeyPacket;
 }

@ -1404,7 +1403,7 @@ async function generateSecretSubkey(options) {
  const secretSubkeyPacket = new packet.SecretSubkey(options.date);
  secretSubkeyPacket.packets = null;
  secretSubkeyPacket.algorithm = enums.read(enums.publicKey, options.algorithm);
-  await secretSubkeyPacket.generate(options.numBits, options.curve);
+  await secretSubkeyPacket.generate(options.rsaBits, options.curve);
  return secretSubkeyPacket;
 }

--- a/src/openpgp.js
+++ b/src/openpgp.js
@ -105,7 +105,7 @@ export function destroyWorker() {
 * Generates a new OpenPGP key pair. Supports RSA and ECC keys. Primary and subkey will be of same type.
 * @param  {Array<Object>} userIds   array of user IDs e.g. [{ name:'Phil Zimmermann', email:'phil@openpgp.org' }]
 * @param  {String} passphrase       (optional) The passphrase used to encrypt the resulting private key
- * @param  {Number} numBits          (optional) number of bits for RSA keys: 2048 or 4096.
+ * @param  {Number} rsaBits          (optional) number of bits for RSA keys: 2048 or 4096.
 * @param  {Number} keyExpirationTime (optional) The number of seconds after the key creation time that the key expires
 * @param  {String} curve            (optional) elliptic curve for ECC keys:
 *                                              curve25519, p256, p384, p521, secp256k1,
@ -119,11 +119,11 @@ export function destroyWorker() {
 * @static
 */

-export function generateKey({ userIds = [], passphrase = "", numBits = 2048, keyExpirationTime = 0, curve = "", date = new Date(), subkeys = [{}] }) {
+export function generateKey({ userIds = [], passphrase = "", numBits = 2048, rsaBits = numBits, keyExpirationTime = 0, curve = "", date = new Date(), subkeys = [{}] }) {
  userIds = toArray(userIds);
-  const options = { userIds, passphrase, numBits, keyExpirationTime, curve, date, subkeys };
-  if (util.getWebCryptoAll() && numBits < 2048) {
-    throw new Error('numBits should be 2048 or 4096, found: ' + numBits);
+  const options = { userIds, passphrase, rsaBits, keyExpirationTime, curve, date, subkeys };
+  if (util.getWebCryptoAll() && rsaBits < 2048) {
+    throw new Error('rsaBits should be 2048 or 4096, found: ' + rsaBits);
  }

  if (!util.getWebCryptoAll() && asyncProxy) { // use web worker if web crypto apis are not supported
--- a/src/packet/public_key.js
+++ b/src/packet/public_key.js
@ -248,13 +248,14 @@ PublicKey.prototype.hasSameFingerprintAs = function(other) {

 /**
 * Returns algorithm information
- * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String}
+ * @returns {Object} An object of the form {algorithm: String, rsaBits:int, curve:String}
 */
 PublicKey.prototype.getAlgorithmInfo = function () {
  const result = {};
  result.algorithm = this.algorithm;
  if (this.params[0] instanceof type_mpi) {
-    result.bits = this.params[0].byteLength() * 8;
+    result.rsaBits = this.params[0].byteLength() * 8;
+    result.bits = result.rsaBits; // Deprecated.
  } else {
    result.curve = this.params[0].getName();
  }
--- a/test/general/key.js
+++ b/test/general/key.js
@ -1895,6 +1895,7 @@ function versionSpecificTests() {
      expect(key.users[0].userId.userid).to.equal(userId);
      expect(key.users[0].selfCertifications[0].isPrimaryUserID).to.be.true;
      expect(key.getAlgorithmInfo().algorithm).to.equal('rsa_encrypt_sign');
+      expect(key.getAlgorithmInfo().bits).to.equal(opt.numBits);
      expect(key.subKeys[0].getAlgorithmInfo().algorithm).to.equal('ecdh');
    });
  });
@ -2881,6 +2882,7 @@ describe('addSubkey functionality testing', function(){
    const pkN = privateKey.primaryKey.params[0];
    expect(subkeyN.byteLength()).to.be.equal(pkN.byteLength());
    expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('rsa_encrypt_sign');
+    expect(subKey.getAlgorithmInfo().rsaBits).to.be.equal(1024);
    expect(await subKey.verify(newPrivateKey.primaryKey)).to.be.equal(openpgp.enums.keyStatus.valid);
  });

@ -2901,6 +2903,7 @@ describe('addSubkey functionality testing', function(){
    const pkN = privateKey.primaryKey.params[0];
    expect(subkeyN.byteLength()).to.be.equal(pkN.byteLength());
    expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('rsa_encrypt_sign');
+    expect(subKey.getAlgorithmInfo().rsaBits).to.be.equal(1024);
    expect(await subKey.verify(importedPrivateKey.primaryKey)).to.be.equal(openpgp.enums.keyStatus.valid);
  });

--- a/test/general/openpgp.js
+++ b/test/general/openpgp.js
@ -586,7 +586,7 @@ describe('OpenPGP.js public api tests', function() {
        expect(keyGenStub.withArgs({
          userIds: [{ name: 'Test User', email: 'text@example.com' }],
          passphrase: 'secret',
-          numBits: 2048,
+          rsaBits: 2048,
          keyExpirationTime: 0,
          curve: "",
          date: now,
--- a/test/security/subkey_trust.js
+++ b/test/security/subkey_trust.js
@ -10,7 +10,7 @@ const expect = chai.expect;
 async function generateTestData() {
  const victimPrivKey = await key.generate({
    userIds: ['Victim <victim@example.com>'],
-    numBits: openpgp.util.getWebCryptoAll() ? 2048 : 1024,
+    rsaBits: openpgp.util.getWebCryptoAll() ? 2048 : 1024,
    subkeys: [{
      sign: true
    }]
@ -19,7 +19,7 @@ async function generateTestData() {

  const attackerPrivKey = await key.generate({
    userIds: ['Attacker <attacker@example.com>'],
-    numBits: openpgp.util.getWebCryptoAll() ? 2048 : 1024,
+    rsaBits: openpgp.util.getWebCryptoAll() ? 2048 : 1024,
    subkeys: [],
    sign: false
  });