suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43fb58404d
fork-openpgpjs/test/general/config.js
larabr 43fb58404d
Simplify algorithm preference selection and normalize config names (#1262) 
- Rename `config.compression` to `config.preferredCompressionAlgorithm`
- Rename `config.encryptionCipher` to `config.preferredSymmetricAlgorithm`
- Rename `config.preferHashAlgorithm` to `config.preferredHashAlgorithm`
- Rename `config.aeadMode` to `config.preferredAeadAlgorithm`
- When encrypting to public keys, the compression/aead/symmetric algorithm is selected by:
  - taking the preferred algorithm specified in config, if it is supported by all recipients
  - otherwise, taking the "MUST implement" algorithm specified by rfc4880bis
- When encrypting to passphrases only (no public keys), the preferred algorithms from `config` are always used
- EdDSA signing with a hash algorithm weaker than sha256 is explicitly disallowed (https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2)
2021-03-10 18:06:03 +01:00

243 lines
11 KiB
JavaScript
Raw Blame History

const { expect } = require('chai');
const openpgp = typeof window !== 'undefined' && window.openpgp ? window.openpgp : require('../..');
module.exports = () => describe('Custom configuration', function() {
it('openpgp.generateKey', async function() {
const v5KeysVal = openpgp.config.v5Keys;
const preferredHashAlgorithmVal = openpgp.config.preferredHashAlgorithm;
const showCommentVal = openpgp.config.showComment;
openpgp.config.v5Keys = false;
openpgp.config.preferredHashAlgorithm = openpgp.enums.hash.sha256;
openpgp.config.showComment = false;
try {
const opt = {
userIds: { name: 'Test User', email: 'text@example.com' }
};
const { key, privateKeyArmored } = await openpgp.generateKey(opt);
expect(key.keyPacket.version).to.equal(4);
expect(privateKeyArmored.indexOf(openpgp.config.commentString) > 0).to.be.false;
expect(key.users[0].selfCertifications[0].preferredHashAlgorithms[0]).to.equal(openpgp.config.preferredHashAlgorithm);
const config = {
v5Keys: true,
showComment: true,
preferredHashAlgorithm: openpgp.enums.hash.sha512
};
const opt2 = {
userIds: { name: 'Test User', email: 'text@example.com' },
config
};
const { key: key2, privateKeyArmored: privateKeyArmored2 } = await openpgp.generateKey(opt2);
expect(key2.keyPacket.version).to.equal(5);
expect(privateKeyArmored2.indexOf(openpgp.config.commentString) > 0).to.be.true;
expect(key2.users[0].selfCertifications[0].preferredHashAlgorithms[0]).to.equal(config.preferredHashAlgorithm);
} finally {
openpgp.config.v5Keys = v5KeysVal;
openpgp.config.preferredHashAlgorithm = preferredHashAlgorithmVal;
openpgp.config.showComment = showCommentVal;
}
});
it('openpgp.reformatKey', async function() {
const preferredCompressionAlgorithmVal = openpgp.config.preferredCompressionAlgorithm;
const preferredHashAlgorithmVal = openpgp.config.preferredHashAlgorithm;
const showCommentVal = openpgp.config.showComment;
openpgp.config.preferredCompressionAlgorithm = openpgp.enums.compression.bzip2;
openpgp.config.preferredHashAlgorithm = openpgp.enums.hash.sha256;
openpgp.config.showComment = false;
try {
const userIds = { name: 'Test User', email: 'text2@example.com' };
const { key: origKey } = await openpgp.generateKey({ userIds });
const opt = { privateKey: origKey, userIds };
const { key: refKey, privateKeyArmored: refKeyArmored } = await openpgp.reformatKey(opt);
const prefs = refKey.users[0].selfCertifications[0];
expect(prefs.preferredCompressionAlgorithms[0]).to.equal(openpgp.config.preferredCompressionAlgorithm);
expect(prefs.preferredHashAlgorithms[0]).to.equal(openpgp.config.preferredHashAlgorithm);
expect(refKeyArmored.indexOf(openpgp.config.commentString) > 0).to.be.false;
const config = {
showComment: true,
preferredCompressionAlgorithm: openpgp.enums.compression.zip,
preferredHashAlgorithm: openpgp.enums.hash.sha512
};
const opt2 = { privateKey: origKey, userIds, config };
const { key: refKey2, privateKeyArmored: refKeyArmored2 } = await openpgp.reformatKey(opt2);
const prefs2 = refKey2.users[0].selfCertifications[0];
expect(prefs2.preferredCompressionAlgorithms[0]).to.equal(config.preferredCompressionAlgorithm);
expect(prefs2.preferredHashAlgorithms[0]).to.equal(config.preferredHashAlgorithm);
expect(refKeyArmored2.indexOf(openpgp.config.commentString) > 0).to.be.true;
} finally {
openpgp.config.preferredCompressionAlgorithm = preferredCompressionAlgorithmVal;
openpgp.config.preferredHashAlgorithm = preferredHashAlgorithmVal;
openpgp.config.showComment = showCommentVal;
}
});
it('openpgp.revokeKey', async function() {
const showCommentVal = openpgp.config.showComment;
openpgp.config.showComment = false;
try {
const userIds = { name: 'Test User', email: 'text2@example.com' };
const { key, revocationCertificate } = await openpgp.generateKey({ userIds });
const opt = { key };
const { privateKeyArmored: revKeyArmored } = await openpgp.revokeKey(opt);
expect(revKeyArmored.indexOf(openpgp.config.commentString) > 0).to.be.false;
const opt2 = { key, config: { showComment: true } };
const { privateKeyArmored: revKeyArmored2 } = await openpgp.revokeKey(opt2);
expect(revKeyArmored2.indexOf(openpgp.config.commentString) > 0).to.be.true;
const opt3 = {
key,
revocationCertificate,
config: { rejectHashAlgorithms: new Set([openpgp.enums.hash.sha256, openpgp.enums.hash.sha512]) }
};
await expect(openpgp.revokeKey(opt3)).to.be.rejectedWith(/Insecure hash algorithm/);
} finally {
openpgp.config.showComment = showCommentVal;
}
});
it('openpgp.decryptKey', async function() {
const userIds = { name: 'Test User', email: 'text2@example.com' };
const passphrase = '12345678';
const { key } = await openpgp.generateKey({ userIds, passphrase });
key.keyPacket.makeDummy();
const opt = {
privateKey: await openpgp.readKey({ armoredKey: key.armor() }),
passphrase,
config: { rejectHashAlgorithms: new Set([openpgp.enums.hash.sha256, openpgp.enums.hash.sha512]) }
};
await expect(openpgp.decryptKey(opt)).to.be.rejectedWith(/Insecure hash algorithm/);
});
it('openpgp.encryptKey', async function() {
const s2kIterationCountByteVal = openpgp.config.s2kIterationCountByte;
openpgp.config.s2kIterationCountByte = 224;
try {
const passphrase = '12345678';
const userIds = { name: 'Test User', email: 'text2@example.com' };
const { key: privateKey } = await openpgp.generateKey({ userIds });
const encKey = await openpgp.encryptKey({ privateKey, userIds, passphrase });
expect(encKey.keyPacket.s2k.c).to.equal(openpgp.config.s2kIterationCountByte);
const config = { s2kIterationCountByte: 123 };
const encKey2 = await openpgp.encryptKey({ privateKey, userIds, passphrase, config });
expect(encKey2.keyPacket.s2k.c).to.equal(config.s2kIterationCountByte);
} finally {
openpgp.config.s2kIterationCountByte = s2kIterationCountByteVal;
}
});
it('openpgp.encrypt', async function() {
const aeadProtectVal = openpgp.config.aeadProtect;
const preferredCompressionAlgorithmVal = openpgp.config.preferredCompressionAlgorithm;
openpgp.config.aeadProtect = false;
openpgp.config.preferredCompressionAlgorithm = openpgp.enums.compression.uncompressed;
try {
const passwords = ['12345678'];
const message = openpgp.Message.fromText("test");
const armored = await openpgp.encrypt({ message, passwords });
const encrypted = await openpgp.readMessage({ armoredMessage: armored });
const { packets: [skesk, encData] } = encrypted;
expect(skesk.version).to.equal(4); // cfb
expect(encData.tag).to.equal(openpgp.enums.packet.symEncryptedIntegrityProtectedData);
const { packets: [literal] } = await encrypted.decrypt(null, passwords, null, encrypted.fromStream, openpgp.config);
expect(literal.tag).to.equal(openpgp.enums.packet.literalData);
const config = {
aeadProtect: true,
preferredCompressionAlgorithm: openpgp.enums.compression.zip,
deflateLevel: 1
};
const armored2 = await openpgp.encrypt({ message, passwords, config });
const encrypted2 = await openpgp.readMessage({ armoredMessage: armored2 });
const { packets: [skesk2, encData2] } = encrypted2;
expect(skesk2.version).to.equal(5);
expect(encData2.tag).to.equal(openpgp.enums.packet.AEADEncryptedData);
const { packets: [compressed] } = await encrypted2.decrypt(null, passwords, null, encrypted2.fromStream, openpgp.config);
expect(compressed.tag).to.equal(openpgp.enums.packet.compressedData);
expect(compressed.algorithm).to.equal("zip");
} finally {
openpgp.config.aeadProtect = aeadProtectVal;
openpgp.config.preferredCompressionAlgorithm = preferredCompressionAlgorithmVal;
}
});
it('openpgp.sign', async function() {
const userIds = { name: 'Test User', email: 'text2@example.com' };
const { privateKeyArmored } = await openpgp.generateKey({ userIds });
const key = await openpgp.readKey({ armoredKey: privateKeyArmored });
const message = openpgp.Message.fromText("test");
const opt = {
message,
privateKeys: key,
config: { rejectHashAlgorithms: new Set([openpgp.enums.hash.sha256, openpgp.enums.hash.sha512]) }
};
await expect(openpgp.sign(opt)).to.be.rejectedWith(/Insecure hash algorithm/);
opt.detached = true;
await expect(openpgp.sign(opt)).to.be.rejectedWith(/Insecure hash algorithm/);
const clearText = openpgp.CleartextMessage.fromText("test");
const opt2 = {
message: clearText,
privateKeys: key,
config: { rejectHashAlgorithms: new Set([openpgp.enums.hash.sha256, openpgp.enums.hash.sha512]) }
};
await expect(openpgp.sign(opt2)).to.be.rejectedWith(/Insecure hash algorithm/);
});
it('openpgp.verify', async function() {
const userIds = { name: 'Test User', email: 'text2@example.com' };
const { privateKeyArmored } = await openpgp.generateKey({ userIds });
const key = await openpgp.readKey({ armoredKey: privateKeyArmored });
const config = { rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.sha256, openpgp.enums.hash.sha512]) };
const message = openpgp.Message.fromText("test");
const signed = await openpgp.sign({ message, privateKeys: key });
const opt = {
message: await openpgp.readMessage({ armoredMessage: signed }),
publicKeys: key,
config
};
const { signatures: [sig] } = await openpgp.verify(opt);
await expect(sig.error).to.match(/Insecure message hash algorithm/);
const armoredSignature = await openpgp.sign({ message, privateKeys: key, detached: true });
const opt2 = {
message,
signature: await openpgp.readSignature({ armoredSignature }),
publicKeys: key,
config
};
const { signatures: [sig2] } = await openpgp.verify(opt2);
await expect(sig2.error).to.match(/Insecure message hash algorithm/);
const cleartext = openpgp.CleartextMessage.fromText("test");
const signedCleartext = await openpgp.sign({ message: cleartext, privateKeys: key });
const opt3 = {
message: await openpgp.readCleartextMessage({ cleartextMessage: signedCleartext }),
publicKeys: key,
config
};
const { signatures: [sig3] } = await openpgp.verify(opt3);
await expect(sig3.error).to.match(/Insecure message hash algorithm/);
});
});
Reference in New Issue View Git Blame Copy Permalink