395 lines
14 KiB
JavaScript
395 lines
14 KiB
JavaScript
// GPG4Browsers - An OpenPGP implementation in javascript
|
|
// Copyright (C) 2011 Recurity Labs GmbH
|
|
//
|
|
// This library is free software; you can redistribute it and/or
|
|
// modify it under the terms of the GNU Lesser General Public
|
|
// License as published by the Free Software Foundation; either
|
|
// version 3.0 of the License, or (at your option) any later version.
|
|
//
|
|
// This library is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
// Lesser General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Lesser General Public
|
|
// License along with this library; if not, write to the Free Software
|
|
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
/**
|
|
* @fileoverview The openpgp base module should provide all of the functionality
|
|
* to consume the openpgp.js library. All additional classes are documented
|
|
* for extending and developing on top of the base library.
|
|
*/
|
|
|
|
/**
|
|
* @requires cleartext
|
|
* @requires config
|
|
* @requires encoding/armor
|
|
* @requires enums
|
|
* @requires message
|
|
* @requires packet
|
|
* @module openpgp
|
|
*/
|
|
|
|
'use strict';
|
|
|
|
var armor = require('./encoding/armor.js'),
|
|
enums = require('./enums.js'),
|
|
message = require('./message.js'),
|
|
cleartext = require('./cleartext.js'),
|
|
key = require('./key.js'),
|
|
util = require('./util'),
|
|
AsyncProxy = require('./worker/async_proxy.js');
|
|
|
|
require('es6-promise').polyfill(); // load ES6 Promises polyfill
|
|
|
|
var asyncProxy = null; // instance of the asyncproxy
|
|
|
|
/**
|
|
* Set the path for the web worker script and create an instance of the async proxy
|
|
* @param {String} path relative path to the worker scripts, default: 'openpgp.worker.js'
|
|
* @param {Object} [options.worker=Object] alternative to path parameter:
|
|
* web worker initialized with 'openpgp.worker.js'
|
|
* @return {Boolean} true if worker created successfully
|
|
*/
|
|
function initWorker(path, options) {
|
|
if (options && options.worker || typeof window !== 'undefined' && window.Worker) {
|
|
options = options || {};
|
|
options.config = this.config;
|
|
asyncProxy = new AsyncProxy(path, options);
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns a reference to the async proxy if the worker was initialized with openpgp.initWorker()
|
|
* @return {module:worker/async_proxy~AsyncProxy|null} the async proxy or null if not initialized
|
|
*/
|
|
function getWorker() {
|
|
return asyncProxy;
|
|
}
|
|
|
|
/**
|
|
* Encrypts message text/data with keys or passwords
|
|
* @param {(Array<module:key~Key>|module:key~Key)} keys array of keys or single key, used to encrypt the message
|
|
* @param {String} data text/data message as native JavaScript string/binary string
|
|
* @param {(Array<String>|String)} passwords passwords for the message
|
|
* @param {Object} params parameter object with optional properties binary {Boolean},
|
|
* filename {String}, and packets {Boolean}
|
|
* @return {Promise<String> or Promise<Packetlist>} encrypted ASCII armored message, or Packetlist if params.packets is true
|
|
* @static
|
|
*/
|
|
function encryptMessage(keys, data, passwords, params) {
|
|
|
|
if (asyncProxy) {
|
|
return asyncProxy.encryptMessage(keys, data, passwords, params);
|
|
}
|
|
|
|
var filename, binary, packets;
|
|
if(params) {
|
|
filename = params.filename;
|
|
binary = params.binary;
|
|
packets = params.packets;
|
|
}
|
|
|
|
return execute(function() {
|
|
var msg, armored;
|
|
if(binary) {
|
|
msg = message.fromBinary(data, filename);
|
|
}
|
|
else {
|
|
msg = message.fromText(data, filename);
|
|
}
|
|
msg = msg.encrypt(keys, passwords);
|
|
|
|
if(packets) {
|
|
var arr = [];
|
|
var dataIndex = msg.packets.indexOfTag(enums.packet.symmetricallyEncrypted, enums.packet.symEncryptedIntegrityProtected)[0];
|
|
arr.push(msg.packets.slice(0,dataIndex).write()); // Keys
|
|
arr.push(msg.packets.slice(dataIndex,msg.packets.length).write()); // Data
|
|
return arr;
|
|
}
|
|
else {
|
|
return armor.encode(enums.armor.message, msg.packets.write());
|
|
}
|
|
|
|
}, 'Error encrypting message!');
|
|
}
|
|
|
|
/**
|
|
* Encrypts session key with keys or passwords
|
|
* @param {String} sessionKey sessionKey as a binary string
|
|
* @param {String} algo algorithm of sessionKey
|
|
* @param {(Array<module:key~Key>|module:key~Key)} keys array of keys or single key, used to encrypt the key
|
|
* @param {(Array<String>|String)} passwords passwords for the message
|
|
* @return {Promise<Packetlist>} Binary string of key packets
|
|
* @static
|
|
*/
|
|
function encryptSessionKey(sessionKey, algo, keys, passwords) {
|
|
|
|
if (asyncProxy) {
|
|
return asyncProxy.encryptSessionKey(sessionKey, algo, keys, passwords);
|
|
}
|
|
|
|
return execute(function() {
|
|
|
|
var msg = message.encryptSessionKey(sessionKey, algo, keys, passwords);
|
|
return msg.packets.write();
|
|
|
|
}, 'Error encrypting session key!');
|
|
}
|
|
|
|
/**
|
|
* Signs message text and encrypts it
|
|
* @param {(Array<module:key~Key>|module:key~Key)} publicKeys array of keys or single key, used to encrypt the message
|
|
* @param {module:key~Key} privateKey private key with decrypted secret key data for signing
|
|
* @param {String} text message as native JavaScript string
|
|
* @return {Promise<String>} encrypted ASCII armored message
|
|
* @static
|
|
*/
|
|
function signAndEncryptMessage(publicKeys, privateKey, text) {
|
|
if (!publicKeys.length) {
|
|
publicKeys = [publicKeys];
|
|
}
|
|
|
|
if (asyncProxy) {
|
|
return asyncProxy.signAndEncryptMessage(publicKeys, privateKey, text);
|
|
}
|
|
|
|
return execute(function() {
|
|
var msg, armored;
|
|
msg = message.fromText(text);
|
|
msg = msg.sign([privateKey]);
|
|
msg = msg.encrypt(publicKeys);
|
|
armored = armor.encode(enums.armor.message, msg.packets.write());
|
|
return armored;
|
|
|
|
}, 'Error signing and encrypting message!');
|
|
}
|
|
|
|
/**
|
|
* Decrypts message
|
|
* @param {module:key~Key|String} privateKey private key with decrypted secret key data, string password, or session key
|
|
* @param {module:message~Message} msg the message object with the encrypted data
|
|
* @param {Object} params parameter object with optional properties binary {Boolean}
|
|
* and sessionKeyAlgorithm {String} which must only be set when privateKey is a session key
|
|
* @return {Promise<(String|null)>} decrypted message as as native JavaScript string
|
|
* or null if no literal data found
|
|
* @static
|
|
*/
|
|
function decryptMessage(privateKey, msg, params) {
|
|
if (asyncProxy) {
|
|
return asyncProxy.decryptMessage(privateKey, msg, params);
|
|
}
|
|
|
|
var binary, sessionKeyAlgorithm;
|
|
if(params) {
|
|
binary = params.binary;
|
|
sessionKeyAlgorithm = params.sessionKeyAlgorithm;
|
|
}
|
|
|
|
return execute(function() {
|
|
msg = msg.decrypt(privateKey, sessionKeyAlgorithm);
|
|
if(binary) {
|
|
return msg.getLiteralData();
|
|
}
|
|
else {
|
|
return msg.getText();
|
|
}
|
|
|
|
}, 'Error decrypting message!');
|
|
}
|
|
|
|
/**
|
|
* Decrypts message
|
|
* @param {module:key~Key|String} privateKey private key with decrypted secret key data or string password
|
|
* @param {module:message~Message} msg the message object with the encrypted session key packets
|
|
* @return {Promise<Object|null>} decrypted session key and algorithm in object form
|
|
* or null if no key packets found
|
|
* @static
|
|
*/
|
|
function decryptSessionKey(privateKey, msg) {
|
|
if (asyncProxy) {
|
|
return asyncProxy.decryptSessionKey(privateKey, msg);
|
|
}
|
|
|
|
return execute(function() {
|
|
var obj = msg.decryptSessionKey(privateKey);
|
|
return obj;
|
|
|
|
}, 'Error decrypting session key!');
|
|
}
|
|
|
|
/**
|
|
* Decrypts message and verifies signatures
|
|
* @param {module:key~Key} privateKey private key with decrypted secret key data
|
|
* @param {(Array<module:key~Key>|module:key~Key)} publicKeys array of keys or single key, to verify signatures
|
|
* @param {module:message~Message} msg the message object with signed and encrypted data
|
|
* @return {Promise<{text: String, signatures: Array<{keyid: module:type/keyid, valid: Boolean}>}>}
|
|
* decrypted message as as native JavaScript string
|
|
* with verified signatures or null if no literal data found
|
|
* @static
|
|
*/
|
|
function decryptAndVerifyMessage(privateKey, publicKeys, msg) {
|
|
if (!publicKeys.length) {
|
|
publicKeys = [publicKeys];
|
|
}
|
|
|
|
if (asyncProxy) {
|
|
return asyncProxy.decryptAndVerifyMessage(privateKey, publicKeys, msg);
|
|
}
|
|
|
|
return execute(function() {
|
|
var result = {};
|
|
msg = msg.decrypt(privateKey);
|
|
result.text = msg.getText();
|
|
if (result.text) {
|
|
result.signatures = msg.verify(publicKeys);
|
|
return result;
|
|
}
|
|
return null;
|
|
|
|
}, 'Error decrypting and verifying message!');
|
|
}
|
|
|
|
/**
|
|
* Signs a cleartext message
|
|
* @param {(Array<module:key~Key>|module:key~Key)} privateKeys array of keys or single key with decrypted secret key data to sign cleartext
|
|
* @param {String} text cleartext
|
|
* @return {Promise<String>} ASCII armored message
|
|
* @static
|
|
*/
|
|
function signClearMessage(privateKeys, text) {
|
|
if (!privateKeys.length) {
|
|
privateKeys = [privateKeys];
|
|
}
|
|
|
|
if (asyncProxy) {
|
|
return asyncProxy.signClearMessage(privateKeys, text);
|
|
}
|
|
|
|
return execute(function() {
|
|
var cleartextMessage = new cleartext.CleartextMessage(text);
|
|
cleartextMessage.sign(privateKeys);
|
|
return cleartextMessage.armor();
|
|
|
|
}, 'Error signing cleartext message!');
|
|
}
|
|
|
|
/**
|
|
* Verifies signatures of cleartext signed message
|
|
* @param {(Array<module:key~Key>|module:key~Key)} publicKeys array of keys or single key, to verify signatures
|
|
* @param {module:cleartext~CleartextMessage} msg cleartext message object with signatures
|
|
* @return {Promise<{text: String, signatures: Array<{keyid: module:type/keyid, valid: Boolean}>}>}
|
|
* cleartext with status of verified signatures
|
|
* @static
|
|
*/
|
|
function verifyClearSignedMessage(publicKeys, msg) {
|
|
if (!publicKeys.length) {
|
|
publicKeys = [publicKeys];
|
|
}
|
|
|
|
if (asyncProxy) {
|
|
return asyncProxy.verifyClearSignedMessage(publicKeys, msg);
|
|
}
|
|
|
|
return execute(function() {
|
|
var result = {};
|
|
if (!(msg instanceof cleartext.CleartextMessage)) {
|
|
throw new Error('Parameter [message] needs to be of type CleartextMessage.');
|
|
}
|
|
result.text = msg.getText();
|
|
result.signatures = msg.verify(publicKeys);
|
|
return result;
|
|
|
|
}, 'Error verifying cleartext signed message!');
|
|
}
|
|
|
|
/**
|
|
* Generates a new OpenPGP key pair. Currently only supports RSA keys.
|
|
* Primary and subkey will be of same type.
|
|
* @param {module:enums.publicKey} [options.keyType=module:enums.publicKey.rsa_encrypt_sign] to indicate what type of key to make.
|
|
* RSA is 1. See {@link http://tools.ietf.org/html/rfc4880#section-9.1}
|
|
* @param {Integer} options.numBits number of bits for the key creation. (should be 1024+, generally)
|
|
* @param {String} options.userId assumes already in form of "User Name <username@email.com>"
|
|
* @param {String} options.passphrase The passphrase used to encrypt the resulting private key
|
|
* @param {Boolean} [options.unlocked=false] The secret part of the generated key is unlocked
|
|
* @return {Promise<Object>} {key: module:key~Key, privateKeyArmored: String, publicKeyArmored: String}
|
|
* @static
|
|
*/
|
|
function generateKeyPair(options) {
|
|
// use web worker if web crypto apis are not supported
|
|
if (!util.getWebCrypto() && asyncProxy) {
|
|
return asyncProxy.generateKeyPair(options);
|
|
}
|
|
|
|
return key.generate(options).then(function(newKey) {
|
|
var result = {};
|
|
result.key = newKey;
|
|
result.privateKeyArmored = newKey.armor();
|
|
result.publicKeyArmored = newKey.toPublic().armor();
|
|
return result;
|
|
|
|
}).catch(function(err) {
|
|
console.error(err);
|
|
|
|
if (!util.getWebCrypto()) {
|
|
// js fallback already tried
|
|
throw new Error('Error generating keypair using js fallback!');
|
|
}
|
|
|
|
// fall back to js keygen in a worker
|
|
console.log('Error generating keypair using native WebCrypto... falling back back to js!');
|
|
return asyncProxy.generateKeyPair(options);
|
|
|
|
}).catch(onError.bind(null, 'Error generating keypair!'));
|
|
}
|
|
|
|
//
|
|
// helper functions
|
|
//
|
|
|
|
/**
|
|
* Command pattern that wraps synchronous code into a promise
|
|
* @param {function} cmd The synchronous function with a return value
|
|
* to be wrapped in a promise
|
|
* @param {String} errMsg A human readable error Message
|
|
* @return {Promise} The promise wrapped around cmd
|
|
*/
|
|
function execute(cmd, errMsg) {
|
|
// wrap the sync cmd in a promise
|
|
var promise = new Promise(function(resolve) {
|
|
var result = cmd();
|
|
resolve(result);
|
|
});
|
|
|
|
// handler error globally
|
|
return promise.catch(onError.bind(null, errMsg));
|
|
}
|
|
|
|
/**
|
|
* Global error handler that logs the stack trace and
|
|
* rethrows a high lvl error message
|
|
* @param {String} message A human readable high level error Message
|
|
* @param {Error} error The internal error that caused the failure
|
|
*/
|
|
function onError(message, error) {
|
|
// log the stack trace
|
|
console.error(error.stack);
|
|
// rethrow new high level error for api users
|
|
throw new Error(message);
|
|
}
|
|
|
|
exports.initWorker = initWorker;
|
|
exports.getWorker = getWorker;
|
|
exports.encryptMessage = encryptMessage;
|
|
exports.encryptSessionKey = encryptSessionKey;
|
|
exports.signAndEncryptMessage = signAndEncryptMessage;
|
|
exports.decryptMessage = decryptMessage;
|
|
exports.decryptSessionKey = decryptSessionKey;
|
|
exports.decryptAndVerifyMessage = decryptAndVerifyMessage;
|
|
exports.signClearMessage = signClearMessage;
|
|
exports.verifyClearSignedMessage = verifyClearSignedMessage;
|
|
exports.generateKeyPair = generateKeyPair; |