suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,153 Commits 1 Branch 0 Tags 39 MiB
ab22fe86da
Commit Graph

201 Commits

Author SHA1 Message Date
Daniel Huigens
ef7c38860b Don't unnecessarily return objects in top-level functions 
openpgp.encrypt, sign, encryptSessionKey, encryptKey and decryptKey now
return their result directly without wrapping it in a "result" object.

Also, remove the `detached` and `returnSessionKey` options of
openpgp.encrypt.
 2021-02-09 19:25:20 +01:00
Daniel Huigens
3a84442b5f Don't use native streams in old Edge 2021-02-09 19:25:20 +01:00
Daniel Huigens
2fffc76060 Don't overwrite Web Streams Polyfill to globals 
Instead, use the ponyfill that's now included in web-stream-tools.
Also, convert back to native ReadableStream when we used the ponyfill.
 2021-02-09 19:25:20 +01:00
Daniel Huigens
95eb43a3c2 Return data instead of message in encryptSessionKey 
Add `armor=true/false` parameter to decide whether `data` is an armored
String or an unarmored Uint8Array.
 2021-02-09 19:25:20 +01:00
Daniel Huigens
08d6b276e3 Return data as string in openpgp.verify by default 
Add format='utf8'/'binary' param to openpgp.verify in order to be able
to return binary data instead.
 2021-02-09 19:25:20 +01:00
Daniel Huigens
7225251af8 Return Uint8Array(Stream) instead of object when armor = false 2021-02-09 19:25:20 +01:00
larabr
38ec5314d4 Fix ElGamal param range and PKCS1 decoding (#1169) 
* Fix ElGamal sampling range

* Stricter PKCS1 decoding
 2021-01-20 14:09:52 +01:00
larabr
cc1bdcbae8
Allow decryption with revoked keys (#1135) 
However, when decrypting session keys, check that the public key
algorithm matches that of the decryption key.
 2020-08-18 15:49:27 +02:00
larabr
14f244a80f Fix decryption tests 2020-07-17 15:14:21 +02:00
larabr
00c5f38689
Cipher-specific key validation (#1116) 
Also, check binding signatures for decryption keys.

Also, do not always fallback on Web Crypto ECC errors.
 2020-07-13 19:57:33 +02:00
Daniel Huigens
5d71ae8691 Fix normalizing \n after \r\n 
Broken in c4a7455.
 2020-04-22 19:09:50 +02:00
Daniel Huigens
8c3bcd1f21 Reject signatures using insecure hash algorithms 
Also, switch from returning false to throwing errors in most verify*()
functions, as well as in `await signatures[*].verified`, in order to be
able to show more informative error messages.
 2020-02-25 15:06:15 +01:00
Daniel Huigens
dc9660f2ae Add tests with old and new Blowfish encrypted messages 2020-02-02 16:51:56 +01:00
Daniel Huigens
6ae6012786 Terminate workers in openpgp.destroyWorker() 2020-01-24 17:57:39 +01:00
Daniel Huigens
2cc3262149 Fix test failing on high-core-count systems due to AEAD concurrency 2019-10-15 18:38:02 +02:00
Daniel Huigens
fbbeaa3cd9
Rename numBits and bits to rsaBits (#970) 
Keep supporting the old names as well though in `openpgp.generateKey`
and `getAlgorithmInfo`, but not in `openpgp.key.generate` (as it is
recommended that developers use `openpgp.generateKey` instead, and
it now throws when using `numBits` instead of `rsaBits`, so there's
no risk of silent key security downgrade).

The old names are now deprecated, and might be removed in v5.
 2019-09-18 13:40:44 +02:00
Daniel Huigens
9b5124d5cd
Switch from Sauce Labs to Browserstack (#965) 
* Switch from Sauce Labs to Browserstack

* Don't run all tests on CI
 2019-09-16 14:59:06 +02:00
Daniel Huigens
a184ef6ec4 Remove support for the previous draft00 AEAD 2019-08-12 17:46:37 +02:00
Daniel Huigens
80c535eeb7 Separate config option to use V5 keys from AEAD config option 2019-08-12 17:46:37 +02:00
Daniel Huigens
735d6d088f Implement V5 signatures 2019-08-12 17:46:37 +02:00
Daniel Huigens
9166d6737c Don't babelify ES6 in unit tests when testing in modern browsers 2019-07-19 19:06:19 +02:00
Daniel Huigens
10cbd307c3 Add test for throwing on armor modifications 2019-07-19 19:05:26 +02:00
Daniel Huigens
34e6eacb2f Don't attempt to use workers if they fail to load 2019-05-02 12:08:08 +02:00
Daniel Huigens
a9599fea42
Work around go crypto bug in ECDH messages (#869) 2019-03-04 13:53:19 +01:00
Daniel Huigens
1dd168e7a2 Fix ECDH message encryption for some session keys 2019-02-05 13:46:59 +01:00
Daniel Huigens
d91b064e14 Optimize util.removeTrailingSpaces (#848) 
Backtracking regexes have pathological worst-case performance when
a long line contains a large amount of whitespace not followed by
a newline, since the regex engine will attempt to match the regex
at each whitespace character, read ahead to the non-whitespace non-
newline, declare no match, and try again at the next whitespace.

E.g. try running

    util.removeTrailingSpaces(new Array(1e6).join(' ') + 'a').length

which would hang V8.
 2019-01-27 00:22:47 +00:00
Daniel Huigens
77055f6dfe Don't zero-copy transfer buffers in Safari 11.1 and Chrome < 56 
See https://bugs.webkit.org/show_bug.cgi?id=184254
and https://bugs.chromium.org/p/chromium/issues/detail?id=334408.
 2019-01-15 20:16:59 +01:00
Daniel Huigens
fe69cb882d Zero-copy transfer buffers when passing streams to workers 2019-01-09 15:18:59 +01:00
Daniel Huigens
08f48bfc2c Switch to seek-bzip 2018-11-05 12:49:53 +01:00
Daniel Huigens
13c29b1fc9 Fix decryption with multiple passwords 2018-11-01 11:46:27 +01:00
Daniel Huigens
0a5461b8ba Split Sauce Labs JS unit tests into multiple parts for slow browsers 
Sauce Labs has a timeout of 5 minutes (including emulator/browser
startup time).
 2018-09-10 19:27:13 +02:00
Daniel Huigens
d1626a7a51 Disable some tests on Sauce Labs 
Since we still run the full test suite on Node.js, this would
only no longer catch bugs which are specific to

- Browser non-draft04 GCM (and don't manifest in draft04 GCM,
  and don't manifest in Node.js non-draft04 GCM)
- Browser OCB (which is not natively implemented in the browser)
- Browser V5 Keys
 2018-08-14 17:24:40 +02:00
Daniel Huigens
9bf7bbf45e Don't generate a new key for each encryption mode in tests 2018-08-14 17:24:39 +02:00
Daniel Huigens
67b067b1da Remove duplicate tests 
Many tests would run for every encryption mode, or for both V4 and V5 keys,
without there being any difference between the different test runs.

`grunt coverage` before and after this commit reports almost identical
statistics, providing some confidence that no code coverage was lost.
 2018-08-14 17:24:39 +02:00
Daniel Huigens
8c7e4386af Fix stream-reading zero-length (partial) packets 2018-08-14 17:19:54 +02:00
Daniel Huigens
052fa444be Support Node streams 2018-08-14 17:19:54 +02:00
Daniel Huigens
0ddff3ae7d Rename asStream to streaming 
Also, break up `postProcess`.
 2018-08-14 17:19:51 +02:00
Daniel Huigens
b35b167e63 Add openpgp.cleartext.fromText 
For symmetry with message.fromText
 2018-08-14 16:35:41 +02:00
Daniel Huigens
61a0e3fa69 Fix tests on IE11 2018-08-14 16:35:40 +02:00
Daniel Huigens
54d5bd7d39 Add testcase for verifying messages without one-pass-signatures 2018-08-14 16:35:39 +02:00
Daniel Huigens
1101a05b10 Don't return streams inside unarmored generated keys and signatures 
When not requested, we convert the streams to Uint8Arrays.

This makes the generated key safe to pass to a Worker more than once.

Partially reverts 735aa1da.
 2018-08-14 16:35:36 +02:00
Daniel Huigens
2b30ab9c8f Replace data with message parameter in encrypt() and sign() 
When encrypting/signing a stream, this allows you to indicate whether it's a
stream of Strings or Uint8Arrays (using message.fromText or message.fromBinary,
respectively.)

When signing text, this allows you to control whether to create a cleartext
message or a regular armored text message.

When creating a detached signature, it allows you to control whether it's "meant
for" (verifying against) a cleartext message. A cleartext message has trailing
whitespace trimmed before signing. This fixes the case of passing a detached
signature from sign() to encrypt(). Since encrypt() doesn't create a cleartext
message, the signature would be invalid if the text contained lines with
trailing whitespace.
 2018-08-10 14:46:29 +02:00
Daniel Huigens
95413cc6ed Fix signatures of messages with leading/trailing whitespace 2018-08-10 14:46:29 +02:00
Daniel Huigens
9f0f00e087 Make signature.verified a Promise instead of result.signatures 
Also, fix verifying detached signatures
 2018-08-10 14:46:28 +02:00
Daniel Huigens
d2ba6b3c6c Wait for data to be read before resolving signatures 2018-08-10 14:46:28 +02:00
Daniel Huigens
4d82d25559 Pass more tests 
We now use streams internally in more places.
 2018-08-10 14:46:26 +02:00
Daniel Huigens
56ec5b3a8d Don't keep extra copies of streams in memory 2018-08-10 14:46:22 +02:00
Daniel Huigens
f0633f00ea Don't repeatedly decrypt the same key in unit tests 2018-08-10 14:44:01 +02:00
Daniel Huigens
d67526338e Streaming (de)compression (Web) 
compressjs has a streaming API, but it is synchronous, so we can't use it
(at least in the browser).
 2018-08-10 14:44:01 +02:00
Daniel Huigens
db39e616ca Replace stream.tee() with stream.clone() 
Also some other fixes to pass more tests.
 2018-08-10 14:44:01 +02:00
Daniel Huigens
0372bf78f1 Make (de)armoring and packet reading asynchronous 2018-08-10 14:44:01 +02:00
Sanjana Rajan
8f01d4b0b5 clean up tests 2018-08-01 17:47:07 +03:00
Kay Lukas
6f176f8b30 Fix multiple workers 2018-07-26 18:33:30 +02:00
Daniel Huigens
91b7165b78 Add key/subKey.getKeyId, getFingerprint, getAlgorithmInfo, getCreationTime, isDecrypted 2018-07-19 15:03:25 +02:00
Daniel Huigens
8cfe817b18 Remove getEncryptionKeyPacket and getSigningKeyPacket 
Also, rename subKey.subKey to keyPacket and alias key.primaryKey as keyPacket.
 2018-07-19 13:31:03 +02:00
Daniel Huigens
3fd0fa8f68 Various key revocation fixes 2018-07-13 17:45:09 +02:00
Daniel Huigens
1ed7943bf9 Create openpgp.revokeKey 2018-07-11 17:57:31 +02:00
Maximilian Krambach
1eb3902a96 Run tests with randomly generated strings 2018-05-17 12:40:30 +02:00
Daniel Huigens
6c2fec3450 Parse user IDs 
Also, support comments when creating user IDs
 2018-05-01 13:39:23 +02:00
Daniel Huigens
8ec01ae07a Reduce duplicate tests 2018-04-30 16:58:38 +02:00
Daniel Huigens
550b758d57 Fall back to asm for CTR and CBC in old Safari 2018-04-30 16:58:35 +02:00
Daniel Huigens
7ce3f5521f Set default draft version to 4 2018-04-30 15:55:38 +02:00
Daniel Huigens
04651e359a Rename enums.aead.gcm to experimental_gcm 
So that (1) if the spec ever defines GCM differently than we do, we have a
clean upgrade path and (2) it makes it clear that it's experimental.
 2018-04-30 15:55:37 +02:00
Daniel Huigens
4568d080d5 Fix decryption with multiple chunks 2018-04-30 15:55:34 +02:00
Daniel Huigens
343c64eca0 Add tests for signing and verifying messages with trailing spaces 2018-04-30 15:55:33 +02:00
Daniel Huigens
e061df113c Implement GCM mode in the new draft 
Also, implement additional data for GCM
 2018-04-30 15:55:31 +02:00
Daniel Huigens
6f2abdc2cf Implement MIME message type (Literal Data Packet format 'm') 2018-04-27 14:06:19 +02:00
Daniel Huigens
e24b46192d Only AEAD-protect when target keys support it 2018-04-27 14:06:18 +02:00
Daniel Huigens
e44fbbccab Add more OCB tests 2018-04-27 14:06:18 +02:00
Daniel Huigens
28dbbadcff Add config.aead_protect_version option 2018-04-27 14:06:17 +02:00
Daniel Huigens
7b3f51c0d4 Implement AEAD Encrypted Data Packet 2018-04-25 20:12:10 +02:00
Sanjana Rajan
e4bd27ce2f tests 2018-04-16 10:51:07 -07:00
Sanjana Rajan
2f351985c4 tests 2018-03-19 18:55:30 -07:00
Mahrud Sayrafi
6fefe22c09 Finished fixing key.js; fixes async tests 2018-03-08 10:01:55 +01:00
Mahrud Sayrafi
0b2817ba39 Last little things become async ... 2018-03-08 10:01:55 +01:00
Bart Butler
2bb5db2cf4 multiple web workers 2018-03-05 21:36:53 -08:00
Bart Butler
572abadc91 random number web worker buffer automatic refill 2018-03-05 17:57:35 -08:00
Bart Butler
f57888fe55 change all calls of getRandomBytes and getRandomBN to be async 2018-03-05 16:31:56 -08:00
Bart Butler
0186ca8a24 tree shake sinon to just get what we need 2018-02-26 14:45:05 -08:00
KAYLukas
56ad9a00e0 Fix testcases 2018-02-21 22:32:09 +01:00
KAYLukas
6b4d44dbb1 Fix browser tests 2018-02-19 22:12:24 +01:00
KAYLukas
071fc35f38 Check created time to be valid and discard milliseconds from date objects 2018-02-17 11:28:04 +01:00
KAYLukas
6ca8bc2180 Add timeparameter for verification and remove verify_expired_keys 2018-02-16 17:20:48 +01:00
KAYLukas
7e66ea20db Add timeparameter to signing and encryption 2018-02-16 17:20:48 +01:00
Bart Butler
7e1731f2bb remove excess compression testing, fix cleartext signing with multiple keys test 2018-02-14 15:19:52 -08:00
Bart Butler
fa2672fcc1
Merge pull request #642 from mmso/feat/bzip2 
Fix #607 - Add support for bzip2 de/compression
 2018-02-14 11:00:56 -08:00
Sanjana Rajan
b5d19b6f8d pull out common signature code 2018-02-14 19:00:13 +01:00
Sanjana Rajan
2ffd81553d test multiple private key signing cleartext 2018-02-14 17:30:35 +01:00
mmso
8808fdb8ed
Fix #607 - Add support for bzip2 de/compression 2018-02-14 14:14:07 +01:00
BafS
b672f1936a Use let and const ES6 features. 
Remove var, for let or const if possible, clean some syntax, enforce one var per declaration and semicolons
 2018-02-13 23:33:09 +01:00
BafS
de6ffc2f76 Remove 'user strict' 
'use strict' is unnecessary inside modules because module code is always strict mode code. Ref: https://www.ecma-international.org/ecma-262/6.0/#sec-strict-mode-code
 2018-02-13 23:33:09 +01:00
mmso
2a504e4e1a
Disable spy call expecations on the web worker 2018-02-13 17:21:20 +01:00
mmso
9f7466ef45
Add compression support for the encrypt function 2018-02-13 15:08:41 +01:00
Sanjana Rajan
62015c2c8d useWildcard -> wildcard 2018-02-12 19:31:47 +01:00
Sanjana Rajan
989ad5077e cleanup, docs 2018-02-12 13:40:23 +01:00
Sanjana Rajan
417af8c6bc tests 2018-02-12 09:47:51 +01:00
Sanjana Rajan
d5022a3a4a rename vars in old tests 2018-02-12 09:47:51 +01:00
Bart Butler
7bd78585fd
Merge pull request #629 from dkg/http-to-https 
move from http to https where possible.
 2018-02-08 13:36:14 -08:00
Mahrud Sayrafi
d851398b0c
Merge branch 'master' into http-to-https 2018-02-08 10:56:46 -08:00
Mahrud Sayrafi
0ebe0972e7
Merge branch 'master' into speling 2018-02-08 10:46:42 -08:00