@protontech/openpgp 4.10.5 → 5.3.1

package/src/crypto/gcm.js

@@ -1,141 +0,0 @@
-// OpenPGP.js - An OpenPGP implementation in javascript
-// Copyright (C) 2016 Tankred Hase
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-/**
- * @fileoverview This module wraps native AES-GCM en/decryption for both
- * the WebCrypto api as well as node.js' crypto api.
- * @requires asmcrypto.js
- * @requires util
- * @module crypto/gcm
- */
-
-import { AES_GCM } from 'asmcrypto.js/dist_es5/aes/gcm';
-import util from '../util';
-
-const webCrypto = util.getWebCrypto(); // no GCM support in IE11, Safari 9
-const nodeCrypto = util.getNodeCrypto();
-const Buffer = util.getNodeBuffer();
-
-const blockLength = 16;
-const ivLength = 12; // size of the IV in bytes
-const tagLength = 16; // size of the tag in bytes
-const ALGO = 'AES-GCM';
-
-/**
- * Class to en/decrypt using GCM mode.
- * @param  {String}     cipher      The symmetric cipher algorithm to use e.g. 'aes128'
- * @param  {Uint8Array} key         The encryption key
- */
-async function GCM(cipher, key) {
-  if (cipher.substr(0, 3) !== 'aes') {
-    throw new Error('GCM mode supports only AES cipher');
-  }
-
-  if (util.getWebCrypto() && key.length !== 24) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support
-    const _key = await webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt', 'decrypt']);
-
-    return {
-      encrypt: async function(pt, iv, adata = new Uint8Array()) {
-        if (
-          !pt.length ||
-          // iOS does not support GCM-en/decrypting empty messages
-          // Also, synchronous en/decryption might be faster in this case.
-          (!adata.length && navigator.userAgent.indexOf('Edge') !== -1)
-          // Edge does not support GCM-en/decrypting without ADATA
-        ) {
-          return AES_GCM.encrypt(pt, key, iv, adata);
-        }
-        const ct = await webCrypto.encrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, pt);
-        return new Uint8Array(ct);
-      },
-
-      decrypt: async function(ct, iv, adata = new Uint8Array()) {
-        if (
-          ct.length === tagLength ||
-          // iOS does not support GCM-en/decrypting empty messages
-          // Also, synchronous en/decryption might be faster in this case.
-          (!adata.length && navigator.userAgent.indexOf('Edge') !== -1)
-          // Edge does not support GCM-en/decrypting without ADATA
-        ) {
-          return AES_GCM.decrypt(ct, key, iv, adata);
-        }
-        const pt = await webCrypto.decrypt({ name: ALGO, iv, additionalData: adata, tagLength: tagLength * 8 }, _key, ct);
-        return new Uint8Array(pt);
-      }
-    };
-  }
-
-  if (util.getNodeCrypto()) { // Node crypto library
-    key = Buffer.from(key);
-
-    return {
-      encrypt: async function(pt, iv, adata = new Uint8Array()) {
-        pt = Buffer.from(pt);
-        iv = Buffer.from(iv);
-        adata = Buffer.from(adata);
-        const en = new nodeCrypto.createCipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);
-        en.setAAD(adata);
-        const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext
-        return new Uint8Array(ct);
-      },
-
-      decrypt: async function(ct, iv, adata = new Uint8Array()) {
-        ct = Buffer.from(ct);
-        iv = Buffer.from(iv);
-        adata = Buffer.from(adata);
-        const de = new nodeCrypto.createDecipheriv('aes-' + (key.length * 8) + '-gcm', key, iv);
-        de.setAAD(adata);
-        de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext
-        const pt = Buffer.concat([de.update(ct.slice(0, ct.length - tagLength)), de.final()]);
-        return new Uint8Array(pt);
-      }
-    };
-  }
-
-  return {
-    encrypt: async function(pt, iv, adata) {
-      return AES_GCM.encrypt(pt, key, iv, adata);
-    },
-
-    decrypt: async function(ct, iv, adata) {
-      return AES_GCM.decrypt(ct, key, iv, adata);
-    }
-  };
-}
-
-
-/**
- * Get GCM nonce. Note: this operation is not defined by the standard.
- * A future version of the standard may define GCM mode differently,
- * hopefully under a different ID (we use Private/Experimental algorithm
- * ID 100) so that we can maintain backwards compatibility.
- * @param  {Uint8Array} iv           The initialization vector (12 bytes)
- * @param  {Uint8Array} chunkIndex   The chunk index (8 bytes)
- */
-GCM.getNonce = function(iv, chunkIndex) {
-  const nonce = iv.slice();
-  for (let i = 0; i < chunkIndex.length; i++) {
-    nonce[4 + i] ^= chunkIndex[i];
-  }
-  return nonce;
-};
-
-GCM.blockLength = blockLength;
-GCM.ivLength = ivLength;
-GCM.tagLength = tagLength;
-
-export default GCM;

package/src/crypto/hash/index.js

@@ -1,163 +0,0 @@
-/**
- * @fileoverview Provides an interface to hashing functions available in Node.js or external libraries.
- * @see {@link https://github.com/asmcrypto/asmcrypto.js|asmCrypto}
- * @see {@link https://github.com/indutny/hash.js|hash.js}
- * @requires asmcrypto.js
- * @requires hash.js
- * @requires web-stream-tools
- * @requires crypto/hash/md5
- * @requires config
- * @requires util
- * @module crypto/hash
- */
-
-import { Sha1 } from 'asmcrypto.js/dist_es5/hash/sha1/sha1';
-import { Sha256 } from 'asmcrypto.js/dist_es5/hash/sha256/sha256';
-import sha224 from 'hash.js/lib/hash/sha/224';
-import sha384 from 'hash.js/lib/hash/sha/384';
-import sha512 from 'hash.js/lib/hash/sha/512';
-import { ripemd160 } from 'hash.js/lib/hash/ripemd';
-import stream from 'web-stream-tools';
-import md5 from './md5';
-import config from '../../config';
-import util from '../../util';
-
-const webCrypto = util.getWebCrypto();
-const nodeCrypto = util.getNodeCrypto();
-const Buffer = util.getNodeBuffer();
-
-function node_hash(type) {
-  return async function (data) {
-    const shasum = nodeCrypto.createHash(type);
-    return stream.transform(data, value => {
-      shasum.update(Buffer.from(value));
-    }, () => new Uint8Array(shasum.digest()));
-  };
-}
-
-function hashjs_hash(hash, webCryptoHash) {
-  return async function(data) {
-    if (!util.isStream(data) && webCrypto && webCryptoHash && data.length >= config.min_bytes_for_web_crypto) {
-      return new Uint8Array(await webCrypto.digest(webCryptoHash, data));
-    }
-    const hashInstance = hash();
-    return stream.transform(data, value => {
-      hashInstance.update(value);
-    }, () => new Uint8Array(hashInstance.digest()));
-  };
-}
-
-function asmcrypto_hash(hash, webCryptoHash) {
-  return async function(data) {
-    if (util.isStream(data)) {
-      const hashInstance = new hash();
-      return stream.transform(data, value => {
-        hashInstance.process(value);
-      }, () => hashInstance.finish().result);
-    } else if (webCrypto && webCryptoHash && data.length >= config.min_bytes_for_web_crypto) {
-      return new Uint8Array(await webCrypto.digest(webCryptoHash, data));
-    } else {
-      return hash.bytes(data);
-    }
-  };
-}
-
-let hash_fns;
-if (nodeCrypto) { // Use Node native crypto for all hash functions
-  hash_fns = {
-    md5: node_hash('md5'),
-    sha1: node_hash('sha1'),
-    sha224: node_hash('sha224'),
-    sha256: node_hash('sha256'),
-    sha384: node_hash('sha384'),
-    sha512: node_hash('sha512'),
-    ripemd: node_hash('ripemd160')
-  };
-} else { // Use JS fallbacks
-  hash_fns = {
-    md5: md5,
-    sha1: asmcrypto_hash(Sha1, navigator.userAgent.indexOf('Edge') === -1 && 'SHA-1'),
-    sha224: hashjs_hash(sha224),
-    sha256: asmcrypto_hash(Sha256, 'SHA-256'),
-    sha384: hashjs_hash(sha384, 'SHA-384'),
-    sha512: hashjs_hash(sha512, 'SHA-512'), // asmcrypto sha512 is huge.
-    ripemd: hashjs_hash(ripemd160)
-  };
-}
-
-export default {
-
-  /** @see module:md5 */
-  md5: hash_fns.md5,
-  /** @see asmCrypto */
-  sha1: hash_fns.sha1,
-  /** @see hash.js */
-  sha224: hash_fns.sha224,
-  /** @see asmCrypto */
-  sha256: hash_fns.sha256,
-  /** @see hash.js */
-  sha384: hash_fns.sha384,
-  /** @see asmCrypto */
-  sha512: hash_fns.sha512,
-  /** @see hash.js */
-  ripemd: hash_fns.ripemd,
-
-  /**
-   * Create a hash on the specified data using the specified algorithm
-   * @param {module:enums.hash} algo Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})
-   * @param {Uint8Array} data Data to be hashed
-   * @returns {Promise<Uint8Array>} hash value
-   */
-  digest: function(algo, data) {
-    switch (algo) {
-      case 1:
-        // - MD5 [HAC]
-        return this.md5(data);
-      case 2:
-        // - SHA-1 [FIPS180]
-        return this.sha1(data);
-      case 3:
-        // - RIPE-MD/160 [HAC]
-        return this.ripemd(data);
-      case 8:
-        // - SHA256 [FIPS180]
-        return this.sha256(data);
-      case 9:
-        // - SHA384 [FIPS180]
-        return this.sha384(data);
-      case 10:
-        // - SHA512 [FIPS180]
-        return this.sha512(data);
-      case 11:
-        // - SHA224 [FIPS180]
-        return this.sha224(data);
-      default:
-        throw new Error('Invalid hash function.');
-    }
-  },
-
-  /**
-   * Returns the hash size in bytes of the specified hash algorithm type
-   * @param {module:enums.hash} algo Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})
-   * @returns {Integer} Size in bytes of the resulting hash
-   */
-  getHashByteLength: function(algo) {
-    switch (algo) {
-      case 1: // - MD5 [HAC]
-        return 16;
-      case 2: // - SHA-1 [FIPS180]
-      case 3: // - RIPE-MD/160 [HAC]
-        return 20;
-      case 8: // - SHA256 [FIPS180]
-        return 32;
-      case 9: // - SHA384 [FIPS180]
-        return 48;
-      case 10: // - SHA512 [FIPS180]
-        return 64;
-      case 11: // - SHA224 [FIPS180]
-        return 28;
-      default:
-        throw new Error('Invalid hash algorithm.');
-    }
-  }
-};

package/src/crypto/hash/md5.js

@@ -1,205 +0,0 @@
-/**
- * A fast MD5 JavaScript implementation
- * Copyright (c) 2012 Joseph Myers
- * http://www.myersdaily.org/joseph/javascript/md5-text.html
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purposes and without
- * fee is hereby granted provided that this copyright notice
- * appears in all copies.
- *
- * Of course, this soft is provided "as is" without express or implied
- * warranty of any kind.
- */
-
-/**
- * @requires util
- */
-
-import util from '../../util';
-
-// MD5 Digest
-async function md5(entree) {
-  const digest = md51(util.Uint8Array_to_str(entree));
-  return util.hex_to_Uint8Array(hex(digest));
-}
-
-function md5cycle(x, k) {
-  let a = x[0];
-  let b = x[1];
-  let c = x[2];
-  let d = x[3];
-
-  a = ff(a, b, c, d, k[0], 7, -680876936);
-  d = ff(d, a, b, c, k[1], 12, -389564586);
-  c = ff(c, d, a, b, k[2], 17, 606105819);
-  b = ff(b, c, d, a, k[3], 22, -1044525330);
-  a = ff(a, b, c, d, k[4], 7, -176418897);
-  d = ff(d, a, b, c, k[5], 12, 1200080426);
-  c = ff(c, d, a, b, k[6], 17, -1473231341);
-  b = ff(b, c, d, a, k[7], 22, -45705983);
-  a = ff(a, b, c, d, k[8], 7, 1770035416);
-  d = ff(d, a, b, c, k[9], 12, -1958414417);
-  c = ff(c, d, a, b, k[10], 17, -42063);
-  b = ff(b, c, d, a, k[11], 22, -1990404162);
-  a = ff(a, b, c, d, k[12], 7, 1804603682);
-  d = ff(d, a, b, c, k[13], 12, -40341101);
-  c = ff(c, d, a, b, k[14], 17, -1502002290);
-  b = ff(b, c, d, a, k[15], 22, 1236535329);
-
-  a = gg(a, b, c, d, k[1], 5, -165796510);
-  d = gg(d, a, b, c, k[6], 9, -1069501632);
-  c = gg(c, d, a, b, k[11], 14, 643717713);
-  b = gg(b, c, d, a, k[0], 20, -373897302);
-  a = gg(a, b, c, d, k[5], 5, -701558691);
-  d = gg(d, a, b, c, k[10], 9, 38016083);
-  c = gg(c, d, a, b, k[15], 14, -660478335);
-  b = gg(b, c, d, a, k[4], 20, -405537848);
-  a = gg(a, b, c, d, k[9], 5, 568446438);
-  d = gg(d, a, b, c, k[14], 9, -1019803690);
-  c = gg(c, d, a, b, k[3], 14, -187363961);
-  b = gg(b, c, d, a, k[8], 20, 1163531501);
-  a = gg(a, b, c, d, k[13], 5, -1444681467);
-  d = gg(d, a, b, c, k[2], 9, -51403784);
-  c = gg(c, d, a, b, k[7], 14, 1735328473);
-  b = gg(b, c, d, a, k[12], 20, -1926607734);
-
-  a = hh(a, b, c, d, k[5], 4, -378558);
-  d = hh(d, a, b, c, k[8], 11, -2022574463);
-  c = hh(c, d, a, b, k[11], 16, 1839030562);
-  b = hh(b, c, d, a, k[14], 23, -35309556);
-  a = hh(a, b, c, d, k[1], 4, -1530992060);
-  d = hh(d, a, b, c, k[4], 11, 1272893353);
-  c = hh(c, d, a, b, k[7], 16, -155497632);
-  b = hh(b, c, d, a, k[10], 23, -1094730640);
-  a = hh(a, b, c, d, k[13], 4, 681279174);
-  d = hh(d, a, b, c, k[0], 11, -358537222);
-  c = hh(c, d, a, b, k[3], 16, -722521979);
-  b = hh(b, c, d, a, k[6], 23, 76029189);
-  a = hh(a, b, c, d, k[9], 4, -640364487);
-  d = hh(d, a, b, c, k[12], 11, -421815835);
-  c = hh(c, d, a, b, k[15], 16, 530742520);
-  b = hh(b, c, d, a, k[2], 23, -995338651);
-
-  a = ii(a, b, c, d, k[0], 6, -198630844);
-  d = ii(d, a, b, c, k[7], 10, 1126891415);
-  c = ii(c, d, a, b, k[14], 15, -1416354905);
-  b = ii(b, c, d, a, k[5], 21, -57434055);
-  a = ii(a, b, c, d, k[12], 6, 1700485571);
-  d = ii(d, a, b, c, k[3], 10, -1894986606);
-  c = ii(c, d, a, b, k[10], 15, -1051523);
-  b = ii(b, c, d, a, k[1], 21, -2054922799);
-  a = ii(a, b, c, d, k[8], 6, 1873313359);
-  d = ii(d, a, b, c, k[15], 10, -30611744);
-  c = ii(c, d, a, b, k[6], 15, -1560198380);
-  b = ii(b, c, d, a, k[13], 21, 1309151649);
-  a = ii(a, b, c, d, k[4], 6, -145523070);
-  d = ii(d, a, b, c, k[11], 10, -1120210379);
-  c = ii(c, d, a, b, k[2], 15, 718787259);
-  b = ii(b, c, d, a, k[9], 21, -343485551);
-
-  x[0] = add32(a, x[0]);
-  x[1] = add32(b, x[1]);
-  x[2] = add32(c, x[2]);
-  x[3] = add32(d, x[3]);
-}
-
-function cmn(q, a, b, x, s, t) {
-  a = add32(add32(a, q), add32(x, t));
-  return add32((a << s) | (a >>> (32 - s)), b);
-}
-
-function ff(a, b, c, d, x, s, t) {
-  return cmn((b & c) | ((~b) & d), a, b, x, s, t);
-}
-
-function gg(a, b, c, d, x, s, t) {
-  return cmn((b & d) | (c & (~d)), a, b, x, s, t);
-}
-
-function hh(a, b, c, d, x, s, t) {
-  return cmn(b ^ c ^ d, a, b, x, s, t);
-}
-
-function ii(a, b, c, d, x, s, t) {
-  return cmn(c ^ (b | (~d)), a, b, x, s, t);
-}
-
-function md51(s) {
-  const n = s.length;
-  const state = [1732584193, -271733879, -1732584194, 271733878];
-  let i;
-  for (i = 64; i <= s.length; i += 64) {
-    md5cycle(state, md5blk(s.substring(i - 64, i)));
-  }
-  s = s.substring(i - 64);
-  const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
-  for (i = 0; i < s.length; i++) {
-    tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);
-  }
-  tail[i >> 2] |= 0x80 << ((i % 4) << 3);
-  if (i > 55) {
-    md5cycle(state, tail);
-    for (i = 0; i < 16; i++) {
-      tail[i] = 0;
-    }
-  }
-  tail[14] = n * 8;
-  md5cycle(state, tail);
-  return state;
-}
-
-/* there needs to be support for Unicode here,
- * unless we pretend that we can redefine the MD-5
- * algorithm for multi-byte characters (perhaps
- * by adding every four 16-bit characters and
- * shortening the sum to 32 bits). Otherwise
- * I suggest performing MD-5 as if every character
- * was two bytes--e.g., 0040 0025 = @%--but then
- * how will an ordinary MD-5 sum be matched?
- * There is no way to standardize text to something
- * like UTF-8 before transformation; speed cost is
- * utterly prohibitive. The JavaScript standard
- * itself needs to look at this: it should start
- * providing access to strings as preformed UTF-8
- * 8-bit unsigned value arrays.
- */
-function md5blk(s) { /* I figured global was faster.   */
-  const md5blks = [];
-  let i; /* Andy King said do it this way. */
-  for (i = 0; i < 64; i += 4) {
-    md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<
-      24);
-  }
-  return md5blks;
-}
-
-const hex_chr = '0123456789abcdef'.split('');
-
-function rhex(n) {
-  let s = '';
-  let j = 0;
-  for (; j < 4; j++) {
-    s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];
-  }
-  return s;
-}
-
-function hex(x) {
-  for (let i = 0; i < x.length; i++) {
-    x[i] = rhex(x[i]);
-  }
-  return x.join('');
-}
-
-/* this function is much faster,
-so if possible we use it. Some IEs
-are the only ones I know of that
-need the idiotic second function,
-generated by an if clause.  */
-
-function add32(a, b) {
-  return (a + b) & 0xFFFFFFFF;
-}
-
-export default md5;

package/src/crypto/index.js

@@ -1,57 +0,0 @@
-/**
- * @fileoverview Provides access to all cryptographic primitives used in OpenPGP.js
- * @see module:crypto/crypto
- * @see module:crypto/signature
- * @see module:crypto/public_key
- * @see module:crypto/cipher
- * @see module:crypto/random
- * @see module:crypto/hash
- * @module crypto
- */
-
-import cipher from './cipher';
-import hash from './hash';
-import cfb from './cfb';
-import gcm from './gcm';
-import eax from './eax';
-import ocb from './ocb';
-import publicKey from './public_key';
-import signature from './signature';
-import random from './random';
-import pkcs1 from './pkcs1';
-import pkcs5 from './pkcs5';
-import crypto from './crypto';
-import aes_kw from './aes_kw';
-
-// TODO move cfb and gcm to cipher
-const mod = {
-  /** @see module:crypto/cipher */
-  cipher: cipher,
-  /** @see module:crypto/hash */
-  hash: hash,
-  /** @see module:crypto/cfb */
-  cfb: cfb,
-  /** @see module:crypto/gcm */
-  gcm: gcm,
-  experimental_gcm: gcm,
-  /** @see module:crypto/eax */
-  eax: eax,
-  /** @see module:crypto/ocb */
-  ocb: ocb,
-  /** @see module:crypto/public_key */
-  publicKey: publicKey,
-  /** @see module:crypto/signature */
-  signature: signature,
-  /** @see module:crypto/random */
-  random: random,
-  /** @see module:crypto/pkcs1 */
-  pkcs1: pkcs1,
-  /** @see module:crypto/pkcs5 */
-  pkcs5: pkcs5,
-  /** @see module:crypto/aes_kw */
-  aes_kw: aes_kw
-};
-
-Object.assign(mod, crypto);
-
-export default mod;