suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,153 Commits 1 Branch 0 Tags 39 MiB
ab22fe86da
Commit Graph

1279 Commits

Author SHA1 Message Date
Daniel Huigens
d91b064e14 Optimize util.removeTrailingSpaces (#848) 
Backtracking regexes have pathological worst-case performance when
a long line contains a large amount of whitespace not followed by
a newline, since the regex engine will attempt to match the regex
at each whitespace character, read ahead to the non-whitespace non-
newline, declare no match, and try again at the next whitespace.

E.g. try running

    util.removeTrailingSpaces(new Array(1e6).join(' ') + 'a').length

which would hang V8.
 2019-01-27 00:22:47 +00:00
Sanjana Rajan
b0ac142f2e
Merge pull request #847 from twiss/dont-throw-verification-errors 
Don't throw on signature verification errors in openpgp.decrypt/verify
 2019-01-27 00:18:41 +00:00
Daniel Huigens
9e4cc1acfe Don't throw on signature verification errors in openpgp.decrypt/verify 2019-01-26 11:41:44 +01:00
wussler
6b19af0a63
new BN, fix doc 2019-01-22 16:50:06 +01:00
wussler
2975e49dd0
genPublicEphemeralKey to return Uint8Array 2019-01-22 16:24:55 +01:00
wussler
6d9160dd87
Fix mistake in documentation 2019-01-22 16:22:05 +01:00
Aron Wussler
1face482ba Naming 2019-01-21 15:35:45 +01:00
Aron Wussler
4c809a4846 Fix to returns 2019-01-21 14:57:02 +01:00
Daniel Huigens
31f72fb64d
Update src/crypto/public_key/elliptic/ecdh.js 
Co-Authored-By: wussler <aron@wussler.it>
 2019-01-18 16:40:31 +01:00
Daniel Huigens
680aa03bcd
Update src/crypto/public_key/elliptic/ecdh.js 
Co-Authored-By: wussler <aron@wussler.it>
 2019-01-18 16:40:22 +01:00
Daniel Huigens
f77ebc7605
Update src/crypto/public_key/elliptic/ecdh.js 
Co-Authored-By: wussler <aron@wussler.it>
 2019-01-18 16:40:13 +01:00
Aron Wussler
06952b4e30 Make ephemeral secret available from ECDH module 2019-01-18 16:06:57 +01:00
Daniel Huigens
77055f6dfe Don't zero-copy transfer buffers in Safari 11.1 and Chrome < 56 
See https://bugs.webkit.org/show_bug.cgi?id=184254
and https://bugs.chromium.org/p/chromium/issues/detail?id=334408.
 2019-01-15 20:16:59 +01:00
Daniel Huigens
fe69cb882d Zero-copy transfer buffers when passing streams to workers 2019-01-09 15:18:59 +01:00
Daniel Huigens
625c6ea4b3 Zero-copy transfer buffers from the worker to the main thread 2019-01-09 15:18:56 +01:00
Daniel Huigens
c73b4536be Fix error handling in worker delegation 2019-01-09 15:06:15 +01:00
Sanjana Rajan
ffeb43ef04
Merge pull request #831 from twiss/web-crypto-cfb 
Web Crypto CFB encryption, revision 2
 2019-01-03 06:56:40 -08:00
Sanjana Rajan
37bc379663
Merge pull request #828 from tomholub/patch-1 
Fix various JSDoc typos etc
 2019-01-03 06:55:42 -08:00
Sanjana Rajan
9b599c86b2
Merge pull request #827 from estelendur/double_is_readonly 
Double is readonly
 2019-01-02 15:15:22 -08:00
Daniel Huigens
31931c9b0d Simplify MDC verification 2019-01-02 15:13:00 +01:00
Daniel Huigens
3f1734ae7a Move CFB optimizations into cfb.js 
So that uses of CFB other than sym_encrypted_integrity_protected.js
can benefit from them.

Also, implement CFB resync mode in terms of normal CFB rather than
separately (and duplicated).
 2019-01-02 15:12:53 +01:00
Daniel Huigens
a891e0b4ea Web Crypto CFB encryption 2019-01-02 15:12:48 +01:00
Daniel Huigens
5c5da1d86f Fix passing streams to workers in Safari 9 
Safari 9 does not expose the MessagePort object in workers
(but does expose it on window, and also exposes MessageChannel
in workers).
 2019-01-02 14:07:36 +01:00
Tom J
cf6278ddc9
Promisify hash.digest return value in jsdoc 2018-12-30 16:52:57 +00:00
Tom J
1054ed46d8
Fix util.js jsdoc Uint8Array typos 2018-12-29 11:44:26 +00:00
Esty Thomas
08fdb351d1
Renames var to prevent "double is read-only" error 
Under some build systems, the function `double` produces an error:
```SyntaxError: "double" is read-only"```
The error goes away if the variable named `double` inside the function
named `double` is renamed. This commit renames it to `double_var` for
simplicity's sake.
 2018-12-27 12:27:42 -05:00
Sanjana Rajan
836ad2805a
Revert "Web Crypto CFB encryption" 2018-12-23 18:42:24 +01:00
Sanjana Rajan
6c02b25aa5
Merge pull request #820 from twiss/web-crypto-cfb 
Web Crypto CFB encryption
 2018-12-23 17:55:25 +01:00
Sanjana Rajan
529973f2a2
Merge branch 'master' into fix/non-primary-non-revoked-sub-user 2018-12-23 17:52:01 +01:00
Sanjana Rajan
1bee091f2a
Merge pull request #815 from twiss/userIds 
Make fromUserIds/toUserIds params plural, and accept arrays of User IDs
 2018-12-23 17:50:46 +01:00
Daniel Huigens
113c4a5f1e Add CAST5 to always-allowed algorithms 
Golang's OpenPGP implementation uses CAST5 as its fallback.
(The spec mandates TripleDES as fallback.)

Fixes #819.
 2018-12-22 00:00:47 -05:00
Daniel Huigens
95cc9cecf0 Disable Web Workers on browsers without MessageChannel support 
For compatibility with old Firefox / Pale Moon 27
 2018-12-21 23:09:41 -05:00
Daniel Huigens
2c5cb6ad9f Fix armor parsing in edge case where reader.readToEnd() returns new Uint8Array([]) 2018-12-21 17:00:45 -05:00
Daniel Huigens
cfe7ff9bb8 Simplify MDC verification 2018-12-21 13:04:23 -05:00
Daniel Huigens
9691dc9c99 Fix getExpirationTime with capabilities and an expired signing subkey 
When the latest subkey with the requested capabilities is expired,
and the primary key has the requested capabilities, return the
primary key expiry instead.

Also, change isExpired/isDataExpired to still return false at the
date returned by getExpirationTime, so that the latter returns the
last date that the key can still be used.
 2018-12-21 12:49:22 -05:00
Daniel Huigens
668264aa9a Move CFB optimizations into cfb.js 
So that uses of CFB other than sym_encrypted_integrity_protected.js
can benefit from them.

Also, implement CFB resync mode in terms of normal CFB rather than
separately (and duplicated).
 2018-12-20 17:50:01 -05:00
Daniel Huigens
3c10c582e2 Web Crypto CFB encryption 2018-12-20 12:27:23 -05:00
Daniel Huigens
804e91140a Add config values to preferred algorithms 2018-12-17 12:52:30 -05:00
Daniel Huigens
926047f0b3 Default to RFC4880bis-mandated symmetric algos 2018-12-17 12:27:09 -05:00
Daniel Huigens
06608318d4 Fix CMAC of the empty string 
This is currently never called, as EAX always adds a prefix to
the CMAC'ed message.
 2018-12-17 12:27:08 -05:00
Daniel Huigens
9b83f6fcb2 Return generic error on PKESK checksum mismatch when decrypting 2018-12-17 12:27:07 -05:00
Daniel Huigens
e727097bb0 Always look at the same literal data packet in getText() and verify() 2018-12-17 12:27:05 -05:00
Daniel Huigens
8720adcf65 Check signature public key algorithm against issuer key algorithm 2018-12-17 12:27:04 -05:00
Daniel Huigens
3b9676f2e9 Reject messages encrypted with a symmetric algo not in preferred algos 2018-12-17 12:27:03 -05:00
Daniel Huigens
19be0831b9 Add userIds parameter to signPrimaryUser and verifyPrimaryUser 2018-12-14 17:49:09 +01:00
Daniel Huigens
cb3f644708 Validate ECC public keys 2018-12-14 17:21:12 +01:00
Daniel Huigens
d74a2af4d3 Return primary key expiry based on userId param in getExpirationTime 2018-12-14 16:54:55 +01:00
Daniel Huigens
65772d86b3 Make fromUserIds/toUserIds params plural, and accept arrays of User IDs 
Each User ID object is used for the key object at the corresponding index
in the privateKeys/publicKeys arrays.
 2018-12-14 16:54:44 +01:00
Daniel Huigens
d4d94c6fb7 Remove non-AES CFB quick check 2018-12-11 14:05:26 +01:00
Kay Lukas
2dbb8582d7 Add testcases 2018-12-10 20:21:55 +01:00
Kay Lukas
3c0b22268d Prefer a non-revoked primary user 2018-12-10 17:50:21 +01:00
Daniel Huigens
c7339f6f78 Check whether signing key was non-expired at signature creation time 2018-12-10 16:34:44 +01:00
Daniel Huigens
787965981a Check whether message signatures are expired when verifying them 2018-12-10 15:20:24 +01:00
Daniel Huigens
92230d2055 Consider non-expired signatures from expired keys to still be valid 2018-12-10 15:20:11 +01:00
Daniel Huigens
ff86b00315 Fix undefined behavior when reading 3des algo 2018-12-10 14:21:52 +01:00
Kay Lukas
a49529d243 Handle end of stream in compression correctly 2018-12-07 11:47:52 +01:00
Thomas Oberndörfer
a7bae10fe8 Revise check on key revocation sub packet: throwing the exception should only be done on single keys and not discard the whole armored block with possibly multiple keys. Evaluate only self-signatures. 2018-11-30 11:45:31 +01:00
Kay Lukas
c952e833d3 Support 3des as a session key algorithm 2018-11-06 17:38:17 +01:00
Daniel Huigens
997f3e8e38 Compute signed data based on expected signature type 2018-11-05 17:13:40 +01:00
Daniel Huigens
1071cb9bca Fix cloning embedded signatures 2018-11-05 16:32:30 +01:00
Sanjana Rajan
67de70fa01
Merge pull request #798 from twiss/seek-bzip 
Remove bzip2 compression
 2018-11-05 12:58:50 +01:00
Daniel Huigens
08f48bfc2c Switch to seek-bzip 2018-11-05 12:49:53 +01:00
Daniel Huigens
9a7fe9cd45 Bump S2K iteration count parameter 2018-11-05 11:47:46 +01:00
Daniel Huigens
d314a20e0f Don't return keys with an authorized revocation key 2018-11-05 11:47:45 +01:00
Daniel Huigens
8fa3aadea2 Add and require primary key binding signatures on signing keys 
Also, fix keyFlags of signing subkeys.

Also, store Issuer Key ID and Embedded Signature in unhashed rather
than hashed subpackets.
 2018-11-05 11:47:45 +01:00
Daniel Huigens
8c97112449 Throw on critical unknown signature subpackets 2018-11-05 11:47:44 +01:00
Daniel Huigens
47138eed61 Don't trust unhashed signature subpackets 
Also, export packet.Signature.prototype.read_sub_packets.
 2018-11-05 11:47:43 +01:00
Daniel Huigens
327d3e5392 Only accept binary or text signatures when verifying messages 2018-11-05 11:47:39 +01:00
Sanjana Rajan
17f639bc8d
Merge pull request #795 from twiss/web-crypto-hashing 
Web Crypto hashing
 2018-11-05 11:38:41 +01:00
Daniel Huigens
2245df6023 Don't return streams in openpgp.revokeKey() 2018-11-05 11:15:39 +01:00
Daniel Huigens
4faa84daa0 Inline iterated S2K loop 2018-11-01 15:40:04 +01:00
Daniel Huigens
a250ee9f91 Clean up checksum calculation 2018-11-01 14:47:22 +01:00
Daniel Huigens
e8a2c45390 Only use Web Crypto for hashing beyond a treshold number of bytes 
Sending data to the Web Crypto API involves some latency.
 2018-11-01 14:47:22 +01:00
Daniel Huigens
7253df1632 Don't hash when comparing key fingerprints 2018-11-01 14:47:21 +01:00
Daniel Huigens
abce79b509 Use Web Crypto for hashing 2018-11-01 14:11:22 +01:00
Sanjana Rajan
3c45b6f18a
Merge pull request #793 from twiss/signature-errors 
Check that one-pass signatures match their corresponding signature
 2018-11-01 12:13:02 +01:00
Daniel Huigens
11fd2313a7 Fix unhandled promise rejection when decrypting non-MDC message 2018-11-01 11:46:43 +01:00
Daniel Huigens
13c29b1fc9 Fix decryption with multiple passwords 2018-11-01 11:46:27 +01:00
Daniel Huigens
d442b6bad7 Throw when signature packet does not correspond to one pass signature packet 2018-10-29 11:47:39 +01:00
Daniel Huigens
9c82bf491e Reject signatures[*].verified and signatures[*].signature on read errors 
However, don't throw "unhandled promise rejection" when not using these
properties at all, or when they reject before the user has a chance to
handle them.
 2018-10-29 11:47:36 +01:00
Daniel Huigens
c3419e5cd0 Don't return streams in openpgp.reformatKey() 2018-10-25 19:41:59 +02:00
Daniel Huigens
baaa0716b4 Fix performance issue with handling large messages 2018-10-19 15:09:33 +02:00
Daniel Huigens
6f9670cc65 Clarify comment explaining packetlist's usage of supportsStreaming 2018-10-10 18:21:02 +02:00
Daniel Huigens
bc6118980f Throw on parse errors in integrity protected encrypted packets 2018-10-05 12:40:05 +02:00
Daniel Huigens
3751731330 Don't hang when signature packet corresponding to one-pass sig is missing 2018-10-04 22:13:10 +02:00
Daniel Huigens
ac6b57781b Make isValid*KeyPacket inner functions 2018-09-22 23:03:10 +02:00
Daniel Huigens
bbcdacef8d Small documentation fixes 2018-09-22 23:03:10 +02:00
Daniel Huigens
b3af56b8a3 Ignore third-party revocation signatures 
This check was removed in ec22dab.
 2018-09-22 23:03:10 +02:00
Daniel Huigens
a1c47ecdea Indicate an error when parsing a key with an authorized revocation key 
Since we will ignore revocation signatures from authorized revocation keys,
it is dangerous to use these keys.
 2018-09-22 23:03:10 +02:00
Daniel Huigens
5cf61daa19 Check validity of signatures before using them 2018-09-22 23:03:10 +02:00
Daniel Huigens
d8840294cf Make newlines in armored objects consistent 
- Don't add an extraneous newline at the end of base64-encoded data
  if it is a multiple of 60 characters long.
- Generate \r\n instead of \n in base64-encoded data.
- Generate one newline instead of two after END PGP PUBLIC KEY BLOCK
  for consistency with the other footers.
 2018-09-13 14:32:35 +02:00
Sanjana Rajan
d43437473f bugfix - when a requested key capability is not present, return null expiration 2018-09-03 21:59:58 -07:00
Daniel Huigens
ca2f6d03b6 Slightly optimize base64 decoding 2018-09-03 18:23:38 +02:00
Daniel Huigens
dc722770d0 Don't process armored message data line per line 
This cuts down on the overhead of streaming by reducing the amount
of calls to reader.read() and writer.write().
 2018-09-03 18:23:38 +02:00
Daniel Huigens
e055d86062 Update documentation 2018-08-14 17:50:26 +02:00
Daniel Huigens
e5a3095894 Fix GCM and EAX in Edge 
Web Crypto AES-GCM in Edge seems to require non-empty ADATA and an
explicit tagLength.

AES-CTR doesn't seem to be supported at all, so this disables Web Crypto
for EAX in Edge.
 2018-08-14 17:24:41 +02:00
Daniel Huigens
4bdc5e92ab Add --compat option 
Without it, the generated build is for recent versions of
Chrome, Firefox, Safari and Edge.

With it, the generated build is for IE11+.
 2018-08-14 17:24:41 +02:00
Daniel Huigens
c705f475b7 Switch back to hash.js SHA512 
asmcrypto.js SHA512 is huge (75kB, 7kB gzipped).

This partially reverts fadcc4b5.
 2018-08-14 17:24:40 +02:00
Daniel Huigens
00a2c0c0c2 Support unicode surrogate code points 2018-08-14 17:24:40 +02:00
Daniel Huigens
a2f53b2ce2 Speed up initial builds 2018-08-14 17:24:40 +02:00
Daniel Huigens
8c7e4386af Fix stream-reading zero-length (partial) packets 2018-08-14 17:19:54 +02:00
Daniel Huigens
052fa444be Support Node streams 2018-08-14 17:19:54 +02:00
Daniel Huigens
0ddff3ae7d Rename asStream to streaming 
Also, break up `postProcess`.
 2018-08-14 17:19:51 +02:00
Daniel Huigens
b35b167e63 Add openpgp.cleartext.fromText 
For symmetry with message.fromText
 2018-08-14 16:35:41 +02:00
Daniel Huigens
52c4fa9639 Move streams library to a separate package 2018-08-14 16:35:40 +02:00
Daniel Huigens
252da44419 Don't depend on util in stream.js 2018-08-14 16:35:40 +02:00
Daniel Huigens
bb15ffc2a0 Fix streaming verify when using Worker and streams polyfill 2018-08-14 16:35:40 +02:00
Daniel Huigens
29271accef Enable Transferables in IE11 
Reverts 11ff845c.
 2018-08-14 16:35:40 +02:00
Daniel Huigens
c75e2323c0 Support IE11 for streaming 2018-08-14 16:35:39 +02:00
Daniel Huigens
721e522b17 Don't increase buffering in transformWithCancel 
Keep backpressure the same as in default TransformStream().
 2018-08-14 16:35:39 +02:00
Daniel Huigens
0b0112d1e6 En/decrypt all AEAD chunks in parallel when not returning a stream 2018-08-14 16:35:39 +02:00
Daniel Huigens
d844b8b06c Add minimum AEAD buffer size 
This enables parallelism for streaming AEAD chunked encryption.

The reason we can't do so at the very end of the pipe chain
(e.g., in `readToEnd`) is because requests for increased
buffering (i.e. `desiredSize > 1`) do not propagate backwards,
only requests for backpressure (i.e. `desiredSize <= 0`) do.
 2018-08-14 16:35:39 +02:00
Daniel Huigens
ca537e439d Comments & code style 2018-08-14 16:35:38 +02:00
Daniel Huigens
1101a05b10 Don't return streams inside unarmored generated keys and signatures 
When not requested, we convert the streams to Uint8Arrays.

This makes the generated key safe to pass to a Worker more than once.

Partially reverts 735aa1da.
 2018-08-14 16:35:36 +02:00
Daniel Huigens
d489f3369f Update to asmcrypto.js 2 2018-08-10 14:46:30 +02:00
Daniel Huigens
e66d44e42d Rename config.unsafe_stream to allow_unauthenticated_stream 2018-08-10 14:46:29 +02:00
Daniel Huigens
2b30ab9c8f Replace data with message parameter in encrypt() and sign() 
When encrypting/signing a stream, this allows you to indicate whether it's a
stream of Strings or Uint8Arrays (using message.fromText or message.fromBinary,
respectively.)

When signing text, this allows you to control whether to create a cleartext
message or a regular armored text message.

When creating a detached signature, it allows you to control whether it's "meant
for" (verifying against) a cleartext message. A cleartext message has trailing
whitespace trimmed before signing. This fixes the case of passing a detached
signature from sign() to encrypt(). Since encrypt() doesn't create a cleartext
message, the signature would be invalid if the text contained lines with
trailing whitespace.
 2018-08-10 14:46:29 +02:00
Daniel Huigens
95413cc6ed Fix signatures of messages with leading/trailing whitespace 2018-08-10 14:46:29 +02:00
Daniel Huigens
160b03451f Fix key generation in Firefox 
Previously broken by daa0188e.
 2018-08-10 14:46:29 +02:00
Daniel Huigens
9f0f00e087 Make signature.verified a Promise instead of result.signatures 
Also, fix verifying detached signatures
 2018-08-10 14:46:28 +02:00
Daniel Huigens
0db32bea39 Backpressure and cancellation in sign/verify 2018-08-10 14:46:28 +02:00
Daniel Huigens
d2ba6b3c6c Wait for data to be read before resolving signatures 2018-08-10 14:46:28 +02:00
Daniel Huigens
3113976dd2 Don't throw in result.signatures 
- The caller might not await them, in which case you get an "unhandled rejection"
- The caller might await them but only after reading the data, in which case you
  get an unhandled rejection if there's an error before the end of the data
 2018-08-10 14:46:27 +02:00
Daniel Huigens
b6e988b6a6 Convert result.signatures to a Promise 
Also, throw armor checksum errors inside the data stream
 2018-08-10 14:46:27 +02:00
Daniel Huigens
0cabf72682 Add TextDecoder polyfill 2018-08-10 14:46:27 +02:00
Daniel Huigens
ad92ac7c3a Fix signature type of one-pass signatures when passing a signature 
If the type of the signature passed to openpgp.encrypt() did not
match the "expected" type (text for literal text packets, etc)
the signature type would be set incorrectly.
 2018-08-10 14:46:26 +02:00
Daniel Huigens
4d82d25559 Pass more tests 
We now use streams internally in more places.
 2018-08-10 14:46:26 +02:00
Daniel Huigens
4e749965f2 Remove support for V3 keys and signatures 2018-08-10 14:46:26 +02:00
Daniel Huigens
eb72d4dd63 Don't use asmcrypto's streaming API when not necessary 
Optimization for Firefox
 2018-08-10 14:46:26 +02:00
Daniel Huigens
e1a8b17753 Fix literalPacket.getText() 
We now close streams after reading them, so we can no longer use
stream.locked for a proxy for "has been read". What we want is the
internal [[disturbed]] property, but we can't access it for native
streams.

Since we always read the stream when calling getText(), it's not
an issue.
 2018-08-10 14:46:25 +02:00
Daniel Huigens
411b626149 Work around timing difference between Chrome and polyfill 
When piping a stream to a writable stream and erroring that,
the input (readable) stream only gets cancelled after pipeTo()
returns in Chrome.
 2018-08-10 14:46:25 +02:00
Daniel Huigens
55fd292fba Fix armor errors 
Also, fix error handling in transformPair()
 2018-08-10 14:46:25 +02:00
Daniel Huigens
304cbf4783 Fix backpressure 2018-08-10 14:46:25 +02:00
Daniel Huigens
589b666ac7 Don't clone stream in packet.parse() 2018-08-10 14:46:24 +02:00
Daniel Huigens
ddda6a0b16 Implement cancellation by manually linking together input and output streams 2018-08-10 14:46:24 +02:00
Daniel Huigens
de2971d84a Use TransformStreams 2018-08-10 14:46:24 +02:00
Daniel Huigens
51c897b073 Cancelling 2018-08-10 14:46:23 +02:00
Daniel Huigens
a6a701df7f Streaming signing 2018-08-10 14:46:23 +02:00
Daniel Huigens
9c1c28bc59 Add option to read unauthenticated data from stream 2018-08-10 14:46:23 +02:00
Daniel Huigens
1effe19c1d Allow simultaneously reading data and waiting for signature verification 
This makes openpgp.{decrypt,verify}().signatures a Promise when passing a
stream or when asStream=true
 2018-08-10 14:46:22 +02:00
Daniel Huigens
4bbbdaee9f Rename stream.subarray() to stream.slice() 
Also, support ReadableStream[String] in stream.* and reader.* functions
 2018-08-10 14:46:22 +02:00
Daniel Huigens
56ec5b3a8d Don't keep extra copies of streams in memory 2018-08-10 14:46:22 +02:00
Daniel Huigens
f79a3f718d Fix streaming UTF8 decoding 2018-08-10 14:44:01 +02:00
Daniel Huigens
253e1c572b Switch to asmcrypto for hashing where available 2018-08-10 14:44:01 +02:00
Daniel Huigens
ade2627bca Streaming verify one-pass signatures 2018-08-10 14:44:01 +02:00
Daniel Huigens
ead3ddd706 Streaming decrypt old-format packets 2018-08-10 14:44:01 +02:00
Daniel Huigens
9fcc075f0b Streaming decrypt non-partial-length-encoded packets 2018-08-10 14:44:01 +02:00
Daniel Huigens
fb155ffae0 Streaming support on Node 2018-08-10 14:44:01 +02:00
Daniel Huigens
8658816b90 Add Web Streams polyfill 2018-08-10 14:44:01 +02:00
Daniel Huigens
802e1b8d94 Transfer Streams to Workers 
Also, add a "asStream" parameter to high-level functions to control
whether the return value is a Stream; defaulting to whether the
parameter passed was a Stream.
 2018-08-10 14:44:01 +02:00
Daniel Huigens
58eca571bf Fix integrity_protect = false 2018-08-10 14:44:01 +02:00
Daniel Huigens
d67526338e Streaming (de)compression (Web) 
compressjs has a streaming API, but it is synchronous, so we can't use it
(at least in the browser).
 2018-08-10 14:44:01 +02:00
Daniel Huigens
37014ecf30 Pass more tests 
- Allow leading spaces in headers (since we were already accepting
leading spaces everywhere else in the armored text).
- Read ReadableStreams before passing them to a Worker
 2018-08-10 14:44:01 +02:00
Daniel Huigens
05479e6e6b Don't warn about await in loops 2018-08-10 14:44:01 +02:00
Daniel Huigens
db39e616ca Replace stream.tee() with stream.clone() 
Also some other fixes to pass more tests.
 2018-08-10 14:44:01 +02:00
Daniel Huigens
3475843d82 Don't hack util.concatUint8Array() to handle Streams 
Use util.concat() instead.
 2018-08-10 14:44:01 +02:00
Daniel Huigens
16ba26c298 Streaming AEAD 2018-08-10 14:44:01 +02:00
Daniel Huigens
1f30556674 Split stream.transform into using two helper functions 2018-08-10 14:44:01 +02:00
Daniel Huigens
4ada3fa590 Don't mutate prototypes of Uint8Array, ReadableStream and ReadableStreamDefaultWriter 2018-08-10 14:44:01 +02:00
Daniel Huigens
70f0e1d2f5 Finish streaming armoring 2018-08-10 14:44:01 +02:00
Daniel Huigens
0af4742a14 Signatures 2018-08-10 14:44:01 +02:00
Daniel Huigens
0372bf78f1 Make (de)armoring and packet reading asynchronous 2018-08-10 14:44:01 +02:00
Daniel Huigens
403bdc5346 Streaming decryption (Web) 2018-08-10 14:44:01 +02:00
Daniel Huigens
b4f5976242 Writing partial lengths 2018-08-10 14:44:01 +02:00
Daniel Huigens
9853d3d830 Streaming encryption (Web) 2018-08-10 14:44:01 +02:00
Daniel Huigens
9302fdcc56 Don't cache literal.getBytes() when signing with textMode=false 
This partially reverts bcfb9c0.
 2018-08-10 14:44:01 +02:00
Sanjana Rajan
c79bda1d37 bugfix - compare create time from key packet 2018-08-03 14:21:15 +02:00
Sanjana Rajan
adb0148ca1 fix #748, signature cloning in verification objects 2018-07-30 15:32:17 +03:00
Kay Lukas
6f176f8b30 Fix multiple workers 2018-07-26 18:33:30 +02:00
Sanjana Rajan
438d47f634 handle case where primary user doesn't exist when getting exp time 2018-07-24 17:17:12 +02:00
Wiktor Kwapisiewicz
19e3c344fd
Fix verification of User Attributes 
This change corrects verification of certifications over User Attributes
(such as photos).

Before this change the code did not differentiate between User IDs and
User Attributes as both of them were stored in `data.userid` [0] and
incorrectly used the User ID constant (0xB4) for both cases.

This change fixes the bug by storing User IDs in `userId` property and
User Attributes in `userAttribute` property. The check for property
existence has been modified to avoid comparisons with `undefined` as the
`User` class sets `null` for not assigned packets instead of
`undefined`.

Only data structures for signing and verification were modified and not
the properties used in the `User` class.

[0]: 11b2d2de3c/src/key.js (L872)
 2018-07-24 13:03:46 +02:00
Daniel Huigens
15e6f0d654 Replace get(Sub)KeyPackets with get(Sub)Keys 2018-07-19 15:03:25 +02:00
Daniel Huigens
91b7165b78 Add key/subKey.getKeyId, getFingerprint, getAlgorithmInfo, getCreationTime, isDecrypted 2018-07-19 15:03:25 +02:00
Daniel Huigens
8cfe817b18 Remove getEncryptionKeyPacket and getSigningKeyPacket 
Also, rename subKey.subKey to keyPacket and alias key.primaryKey as keyPacket.
 2018-07-19 13:31:03 +02:00
Daniel Huigens
a49276a158 Allow checking expiry of subkeys by capability, keyId or userId 2018-07-18 14:40:28 +02:00
Daniel Huigens
06746b6a77 Use latest created subkey when possible 2018-07-18 14:29:59 +02:00
Daniel Huigens
8f3e448fa6 Remove obsolete JSDoc comment 2018-07-13 18:15:53 +02:00
Sanjana Rajan
53f473bfa7
Merge pull request #734 from twiss/key-revocation 
Key revocation
 2018-07-13 17:46:48 +02:00
Daniel Huigens
3fd0fa8f68 Various key revocation fixes 2018-07-13 17:45:09 +02:00
Sanjana Rajan
8865103e17
Merge pull request #733 from wiktor-k/fix-primary-uid 
Fix Key#getPrimaryUser on keys without valid UIDs
 2018-07-12 15:03:01 +02:00
Wiktor Kwapisiewicz
c3d4bf3529
Fix Key#getPrimaryUser on keys without valid UIDs 
During tests of weird keys [0] it was found out that OpenPGP.js does not
handle keys without valid UIDs well.

There are two issues that this change corrects, first one is adding
filtering of user IDs in `getPrimaryUser` such as only users with self
certifications are considered. Without that change using
`getPrimaryUser` on a key without valid UIDs would throw an exception
(`Cannot read property 'verified' of undefined` [1]).

Second issue is correcting condition whether to throw if no UID was
found. Previous condition checked for `userId` variable, but this is
initialized by default and as such is almost always set. This causes
`key.getPrimaryUser()` (without condition) to throw `Could not find user
that matches that user ID`. The condition has been modified to match the
filter condition (checking if any property of `userId` has been
initialized).

[0]: https://gitlab.com/sequoia-pgp/weird-keys/tree/master/openpgpjs

[1]: 576ed08a54/openpgpjs/results/no-bound-uid.pgp.txt
 2018-07-12 14:04:07 +02:00
Daniel Huigens
e411839ae3 Deduplicate signature packet creation 2018-07-11 18:05:01 +02:00
Daniel Huigens
1ed7943bf9 Create openpgp.revokeKey 2018-07-11 17:57:31 +02:00
Daniel Huigens
368d80245a Subkey revocation 2018-07-11 17:46:49 +02:00
Daniel Huigens
a3484c3116 Key revocation 2018-07-11 17:45:59 +02:00
Maximilian Krambach
11029e4162 Key merging with non-UserID user attribute 
fix #678
 2018-07-09 16:53:55 +02:00
Sanjana Rajan
99d3849ff3 style fix 2018-07-02 11:44:06 +02:00
Sanjana Rajan
b56afca063
Merge pull request #725 from FlowCrypt/master 
configurable max uid length | close #724
 2018-07-02 11:44:38 +02:00
Tom James Holub
35260cb5db configurable max uid length | close #724 2018-06-30 04:35:08 +00:00
Wiktor Kwapisiewicz
0099c373d2
Fix reading signersUserId packet in signatures 
This bug caused all signersUserIds strings to be prefixed with `"null"`
string. Changed to use only the last value for this packet type.

Previous implementation probably assumed that there will be more than one
signersUserId packet but I haven't been able to generate such signature
using gpg (only last user id was embedded). Moreover signature
serialization function `write_all_sub_packets` writes only one value of
this packet as a UTF-8 string.
 2018-06-27 12:17:19 +02:00
Sanjana Rajan
c7a65ccd16 fix #716 2018-06-13 15:05:10 +02:00
Sanjana Rajan
0248604a96 more helpful error messages when rsa message and sig sizes exceed that of modulus 2018-06-13 13:06:07 +02:00
Wiktor Kwapisiewicz
043e77a6ea
Add Web Key Directory lookup 
This change implements Web Key Directory lookup using user's e-mail
address. The target host is the same as the e-mail's domain and the
local-part is hashed with SHA-1 and encoded using Z-Base32 encoding.

Implemented is basic flow of version 06 of OpenPGP Web Key Directory
draft [0].

It was necessary to update node-fetch package to allow returning array
buffers from HTTP responses.

If openpgpjs is used in the browser all keys retrieved from Web Key
Directory should have `Access-Control-Allow-Origin` header set to `*`
(including 404 Not found responses).

[0]: https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/
 2018-05-29 21:21:24 +02:00
Wiktor Kwapisiewicz
da98ccb421
Add ZBase32 encoding function 
See: https://tools.ietf.org/html/rfc6189#section-5.1.6
 2018-05-29 09:55:47 +02:00
Sanjana Rajan
bcfb9c037a fix case with binary signatures on text data 2018-05-22 14:58:13 -07:00
mmso
11ff845c3e
Don't include transferable on IE11 on postMessage 2018-05-18 09:16:57 +02:00
Sanjana Rajan
33d5b158f8 fix #706 - if ignore_mdc_error is set to false then MDC is required for all symmetrically encrypted data 2018-05-15 00:04:58 -07:00
Sanjana Rajan
6efcce1069 prioritize signing with subkeys when possible 2018-05-09 12:23:35 -07:00
Sanjana Rajan
4926667cf9
Merge pull request #694 from twiss/eslint-cleanup 
Remove some ESLint silencers
 2018-05-03 08:05:57 -07:00
Daniel Huigens
b5c6e655de Warn about console usage 2018-05-03 13:07:52 +02:00
Daniel Huigens
4afaae13ca Remove unused variables 2018-05-03 13:07:52 +02:00
Daniel Huigens
6e27e3145c Micro-optimize DSA signing 2018-05-03 13:07:52 +02:00
Daniel Huigens
0ae427060f Add Object.assign polyfill 2018-05-03 13:07:51 +02:00
Daniel Huigens
887e832635 Throw when user ID matches no users 2018-05-03 13:04:32 +02:00
Daniel Huigens
95b9e5188a Remove some ESLint silencers 2018-05-01 17:36:15 +02:00
Daniel Huigens
94b27c9a02 Don't repeatedly loop enums in enums.read 2018-05-01 16:43:29 +02:00
Daniel Huigens
3c224379f6 Remove util.isUserId() 
It was not really correct anyway; a user id can just be an email address
without < > brackets.
 2018-05-01 13:39:24 +02:00
Daniel Huigens
fe3c1b4f31 Add fromUserId / toUserId parameters to openpgp.encrypt and sign 
To select the user whose algorithm preferences, expiration time etc to use.
 2018-05-01 13:39:23 +02:00
Daniel Huigens
6c2fec3450 Parse user IDs 
Also, support comments when creating user IDs
 2018-05-01 13:39:23 +02:00
Sanjana Rajan
9a5583fd25 clarifying comments 2018-04-30 13:30:48 -07:00
Sanjana Rajan
d562c147f9
Merge pull request #691 from twiss/draft04 
Implement RFC4880bis-04
 2018-04-30 12:16:20 -07:00
Daniel Huigens
a16d1a6a1d iOS does not support GCM-en/decrypting empty messages 2018-04-30 19:09:48 +02:00
Daniel Huigens
2627755b49 iOS Safari doesn't allow setting Error.message 2018-04-30 16:58:39 +02:00
Daniel Huigens
a7fce27424 Safari 8 compatibility 2018-04-30 16:58:37 +02:00
Daniel Huigens
cc1f7a4765 Lower chunk_size_byte to 12 (256KiB) 
- In anticipation of streaming decryption
- Firefox 34 does not support chunk_size_byte > 24

256KiB is almost as fast as no chunks (although both of those can be up to
~1.5x slower than optimally using threads for very large message sizes).
The optimal chunk size would be something like:

    max(data.length / navigator.hardwareConcurrency, 128KiB)

But we don't do so currently because

- We don't know the hardwareConcurrency of the decrypting machine
- Smaller chunk sizes are better for streaming decryption
 2018-04-30 16:58:36 +02:00
Daniel Huigens
550b758d57 Fall back to asm for CTR and CBC in old Safari 2018-04-30 16:58:35 +02:00
Daniel Huigens
7ce3f5521f Set default draft version to 4 2018-04-30 15:55:38 +02:00
Daniel Huigens
04651e359a Rename enums.aead.gcm to experimental_gcm 
So that (1) if the spec ever defines GCM differently than we do, we have a
clean upgrade path and (2) it makes it clear that it's experimental.
 2018-04-30 15:55:37 +02:00
Daniel Huigens
bbf71d149b Deduplicate OCB encrypt / decrypt 2018-04-30 15:55:37 +02:00
Daniel Huigens
e8adeef278 Implement Issuer Fingerprint subpacket 2018-04-30 15:55:37 +02:00
Daniel Huigens
310d8dd9b9 Fix V5 key fingerprint in ECDH parameters 2018-04-30 15:55:36 +02:00
Daniel Huigens
be62b0cf65 Add algorithm IDs for AEDH and AEDSA 2018-04-30 15:55:36 +02:00
Daniel Huigens
0376f49e01 Deduplicate getPreferredSymAlgo / getPreferredAEADAlgo 2018-04-30 15:55:35 +02:00
Daniel Huigens
4568d080d5 Fix decryption with multiple chunks 2018-04-30 15:55:34 +02:00
Daniel Huigens
485cb17e95 Deduplicate SymEncryptedAEADProtected encrypt / decrypt 2018-04-30 15:55:34 +02:00
Daniel Huigens
ebeedd3443 Fix removing whitespace from the last line of cleartext signed messages 
Also, move normalizing line endings and removing whitespace to util functions
 2018-04-30 15:55:33 +02:00
Daniel Huigens
4e204d7331 Update AEAD instructions in README 2018-04-30 15:55:32 +02:00
Daniel Huigens
d7efead337 Update Web Worker selection logic for AEAD 2018-04-30 15:55:32 +02:00
Daniel Huigens
e061df113c Implement GCM mode in the new draft 
Also, implement additional data for GCM
 2018-04-30 15:55:31 +02:00
Daniel Huigens
d5a7cb3037 Constant-time double() in OCB 2018-04-27 14:06:20 +02:00
Daniel Huigens
69762f95de Code style 2018-04-27 14:06:20 +02:00
Daniel Huigens
51d7860622 Native CMAC 2018-04-27 14:06:19 +02:00
Daniel Huigens
6f2abdc2cf Implement MIME message type (Literal Data Packet format 'm') 2018-04-27 14:06:19 +02:00
Daniel Huigens
3b81088aaf Decouple signature type from data packet type 
Instead of creating a text signature for text packets and a binary signature for
binary packets, we determine the signature type based on whether a String or
Uint8Array was originally passed. This is useful for the new MIME data packet
type (implemented in the next commit) which you can pass in either format.

This also partly reverts a22c9e4. Instead of canonicalizing the literal data
packet, we canonicalize the data when signing. This fixes a hypothetical case
where an uncanonicalized text packet has both a text and a binary signature.

This also partly reverts c28f7ad. GPG does not strip trailing whitespace when
creating text signatures of literal data packets.
 2018-04-27 14:06:19 +02:00
Daniel Huigens
2f849063f9 Allow reusing EAX/OCB instances with the same key 
This is useful for chunked encryption in draft04
 2018-04-27 14:06:19 +02:00
Daniel Huigens
e24b46192d Only AEAD-protect when target keys support it 2018-04-27 14:06:18 +02:00
Daniel Huigens
28dbbadcff Add config.aead_protect_version option 2018-04-27 14:06:17 +02:00
Daniel Huigens
d5d4c97228 Fix config.use_native 2018-04-27 14:06:17 +02:00
Daniel Huigens
53d6f20b72 Reduce allocations in OCB mode 2018-04-27 14:06:17 +02:00
Daniel Huigens
997ec1c8db Add AEAD feature flags 2018-04-27 14:06:17 +02:00
Daniel Huigens
5f97a8c937 Implement preferred AEAD algorithms 2018-04-27 14:06:16 +02:00
Daniel Huigens
93f75f398f Reuse CMAC in EAX mode 2018-04-27 14:06:16 +02:00
Daniel Huigens
627a6ef46e Only calculate AES key schedules once in cipher/aes.js 2018-04-27 14:06:15 +02:00
Daniel Huigens
c6ba83c4a3 Allow configuring openpgp in unit tests using query params (e.g. ?debug=true&use_native=false) 2018-04-27 14:06:15 +02:00
Daniel Huigens
ba2b761da4 Implement OCB mode 2018-04-27 14:06:15 +02:00
Daniel Huigens
cc4cc38fe7 Add util.print_debug_hexarray_dump 2018-04-27 14:06:15 +02:00
Daniel Huigens
f40489aa43 Implement getLeftNBits, shiftLeft and shiftRight for Uint8Arrays 2018-04-27 14:06:14 +02:00
Daniel Huigens
5f891d28d6 Switch cipher/aes.js to Uint8Arrays 2018-04-27 14:06:14 +02:00
Daniel Huigens
c2f898279b Implement version 5 Secret-Key Packet Format 2018-04-27 14:06:14 +02:00
Daniel Huigens
5d43b44e50 Log swallowed errors in debug mode 2018-04-27 14:06:14 +02:00
Daniel Huigens
17ad654d60 Implement version 5 Symmetric-Key Encrypted Session Key packet 2018-04-27 14:06:13 +02:00
Sanjana Rajan
92542e3ee4 fix #636 2018-04-26 13:19:02 -07:00
Daniel Huigens
7b3f51c0d4 Implement AEAD Encrypted Data Packet 2018-04-25 20:12:10 +02:00
Daniel Huigens
85a1b9859b Implement EAX mode 2018-04-25 20:12:10 +02:00
Daniel Huigens
c63ed980a1 Fix dash-escaping the first line of cleartext signed messages 2018-04-25 19:46:43 +02:00
Sanjana Rajan
ce973be6ba
Merge pull request #685 from twiss/workers-random 
Use crypto.getRandomValues in Workers
 2018-04-23 12:42:49 -07:00
Sanjana Rajan
6b2514f587
Merge pull request #687 from twiss/use-recent-binding 
Only use the most recent self-signature
 2018-04-23 12:42:36 -07:00
Daniel Huigens
ceec57672e Use most recent primary user 2018-04-23 14:17:09 +02:00
Daniel Huigens
bfc047da36 Don't request randomness from main thread in workers by default 2018-04-19 14:25:13 +02:00
KAYLukas
187cc6b05a Support compression in the WebWorker 2018-04-18 18:08:36 +02:00
Daniel Huigens
39c7374d70 Only consider most recent user self certification 2018-04-18 14:40:07 +02:00
Daniel Huigens
122d526f49 Only consider most recent subkey binding signature 
This partially reverts 2bda127.
 2018-04-18 14:40:06 +02:00
Sanjana Rajan
c28f7ad4d7 always remove trailing whitespace from lines when canonicalizing 2018-04-17 08:41:52 -07:00
Daniel Huigens
20a9bccb41 Use crypto.getRandomValues in Workers 2018-04-17 14:01:42 +02:00
Sanjana Rajan
2de426e0bc
Merge pull request #683 from openpgpjs/generate_key_refactor 
More generateKey options
 2018-04-16 14:13:13 -07:00
Sanjana Rajan
2bd540026f add multiple passphrase options to key encrypt and decrypt 2018-04-16 12:52:17 -07:00
Sanjana Rajan
e4bd27ce2f tests 2018-04-16 10:51:07 -07:00
KAYLukas
d0ed5134d7 randomRequested is never turned off 2018-04-16 17:05:44 +02:00
Sanjana Rajan
24119f4fb1 keygen update 2018-04-15 12:38:18 -07:00
Daniel Huigens
cfb0fdbbb1 Check length tag in DER-encoded OIDs 2018-03-26 19:06:15 +02:00
Daniel Huigens
59b608f0a6 Enable native Brainpool crypto on Node 2018-03-26 16:18:21 +02:00
Sanjana Rajan
614640ee42 add comment 2018-03-22 16:55:40 -07:00
Sanjana Rajan
a22c9e4770 WIP text signatures 2018-03-22 16:10:21 -07:00
Sanjana Rajan
6fe73033a4 docs 2018-03-19 19:11:20 -07:00
Sanjana Rajan
eb96d44298 add date parameter to generateKey function 2018-03-19 18:55:15 -07:00
Sanjana Rajan
f88c1bc8a4
Merge pull request #672 from openpgpjs/feat/brainpool 
Adds Brainpool Curves + tests + docs
 2018-03-19 00:09:23 -07:00
Emeric Chevalier
e257e7a570 Fix parsing of revocation subkey fingerprint 2018-03-18 19:45:12 +01:00
Mahrud Sayrafi
944dece506
Adds Brainpool Curves + tests + docs 2018-03-18 10:12:29 -07:00
Sanjana Rajan
75cd4e5e6f some fixes, add expired key test 2018-03-17 07:32:56 -07:00
Sanjana Rajan
c0ceffe998 some refactoring, calculate exp time of expired keys 2018-03-17 04:59:58 -07:00
Sanjana Rajan
a41fc29b44 typo fix 2018-03-16 11:52:45 -07:00
Sanjana Rajan
7408e824cb fix sort function for choosing primary user 2018-03-16 11:50:20 -07:00
Sanjana Rajan
b4055f494f fix #670 2018-03-15 09:05:36 +01:00
Sanjana Rajan
4d40c603cc
Merge pull request #668 from openpgpjs/rev_fixes 
invalid primary key -> all subkeys are invalid
 2018-03-13 08:34:48 +01:00
Mahrud Sayrafi
96c9cd0d73
Fixes dead links in the documentation 2018-03-13 00:13:04 -07:00
Sanjana Rajan
3945912b29 remove some redundant code 2018-03-13 01:44:22 +01:00
Sanjana Rajan
38508b33d1 if primary key is invalid, so are subkeys 2018-03-12 23:23:03 +01:00
Mahrud Sayrafi
4ded3f9d58
Documentation improvements in src/packet 2018-03-09 08:01:06 -08:00
Mahrud Sayrafi
a5e7562066
Many documentation improvements; more to come 2018-03-08 19:27:57 -08:00
Mahrud Sayrafi
08da24de27
documentation fixes 2018-03-08 10:55:58 -08:00
Sanjana Rajan
d3f42b2fc1 update comments 2018-03-08 15:36:40 +01:00
Sanjana Rajan
c5b5bf7826 utils fix 2018-03-08 14:28:50 +01:00
Mahrud Sayrafi
6fefe22c09 Finished fixing key.js; fixes async tests 2018-03-08 10:01:55 +01:00
Mahrud Sayrafi
0b2817ba39 Last little things become async ... 2018-03-08 10:01:55 +01:00
Mahrud Sayrafi
47006069d1 Added test for encryption with revoked subkey 2018-03-08 10:01:54 +01:00
Mahrud Sayrafi
23a4141ce9 Addresses @sanjanarajan's comments 2018-03-08 10:01:54 +01:00
Mahrud Sayrafi
73a240df6c Simplifies (Key|User|SubKey).isRevoked, API changes in key.js 
For User s/revocationCertifications/revocationSignatures/g
For Key/SubKey s/revocationSignature/revocationSignatures/g is now an array.
 2018-03-08 10:01:54 +01:00
Mahrud Sayrafi
ec22dabac3 Slightly simplifies key.js; adds key.verifyKeyPackets which should be run before getEncryption/SigningKeyPacket 2018-03-08 10:01:54 +01:00
Sanjana Rajan
354b961b67 primegen bugfix, recalculate i 2018-03-07 08:32:52 +01:00
KAYLukas
59d2973c05 ESLint 2018-03-07 00:50:26 +01:00