@protontech/openpgp 4.10.6 → 5.4.0

package/src/crypto/public_key/elliptic/ecdsa.js

@@ -1,348 +0,0 @@
-// OpenPGP.js - An OpenPGP implementation in javascript
-// Copyright (C) 2015-2016 Decentral
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-/**
- * @fileoverview Implementation of ECDSA following RFC6637 for Openpgpjs
- * @requires bn.js
- * @requires web-stream-tools
- * @requires enums
- * @requires util
- * @requires crypto/public_key/elliptic/curves
- * @module crypto/public_key/elliptic/ecdsa
- */
-
-import BN from 'bn.js';
-import enums from '../../../enums';
-import util from '../../../util';
-import random from '../../random';
-import hash from '../../hash';
-import Curve, { webCurves, privateToJwk, rawPublicToJwk, validateStandardParams } from './curves';
-import { getIndutnyCurve, keyFromPrivate, keyFromPublic } from './indutnyKey';
-
-const webCrypto = util.getWebCrypto();
-const nodeCrypto = util.getNodeCrypto();
-
-/**
- * Sign a message using the provided key
- * @param  {module:type/oid}   oid          Elliptic curve object identifier
- * @param  {module:enums.hash} hash_algo    Hash algorithm used to sign
- * @param  {Uint8Array}        message      Message to sign
- * @param  {Uint8Array}        publicKey    Public key
- * @param  {Uint8Array}        privateKey   Private key used to sign the message
- * @param  {Uint8Array}        hashed       The hashed message
- * @returns {{r: Uint8Array,
- *            s: Uint8Array}}               Signature of the message
- * @async
- */
-async function sign(oid, hash_algo, message, publicKey, privateKey, hashed) {
-  const curve = new Curve(oid);
-  if (message && !util.isStream(message)) {
-    const keyPair = { publicKey, privateKey };
-    switch (curve.type) {
-      case 'web': {
-        // If browser doesn't support a curve, we'll catch it
-        try {
-          // Need to await to make sure browser succeeds
-          return await webSign(curve, hash_algo, message, keyPair);
-        } catch (err) {
-          // We do not fallback if the error is related to key integrity
-          // Unfortunaley Safari does not support p521 and throws a DataError when using it
-          // So we need to always fallback for that curve
-          if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {
-            throw err;
-          }
-          util.print_debug_error("Browser did not support verifying: " + err.message);
-        }
-        break;
-      }
-      case 'node': {
-        const signature = await nodeSign(curve, hash_algo, message, keyPair);
-        return {
-          r: signature.r.toArrayLike(Uint8Array),
-          s: signature.s.toArrayLike(Uint8Array)
-        };
-      }
-    }
-  }
-  return ellipticSign(curve, hashed, privateKey);
-}
-
-/**
- * Verifies if a signature is valid for a message
- * @param  {module:type/oid}   oid       Elliptic curve object identifier
- * @param  {module:enums.hash} hash_algo Hash algorithm used in the signature
- * @param  {{r: Uint8Array,
-             s: Uint8Array}}   signature Signature to verify
- * @param  {Uint8Array}        message   Message to verify
- * @param  {Uint8Array}        publicKey Public key used to verify the message
- * @param  {Uint8Array}        hashed    The hashed message
- * @returns {Boolean}
- * @async
- */
-async function verify(oid, hash_algo, signature, message, publicKey, hashed) {
-  const curve = new Curve(oid);
-  if (message && !util.isStream(message)) {
-    switch (curve.type) {
-      case 'web':
-        try {
-          // Need to await to make sure browser succeeds
-          return await webVerify(curve, hash_algo, signature, message, publicKey);
-        } catch (err) {
-          // We do not fallback if the error is related to key integrity
-          // Unfortunaley Safari does not support p521 and throws a DataError when using it
-          // So we need to always fallback for that curve
-          if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {
-            throw err;
-          }
-          util.print_debug_error("Browser did not support verifying: " + err.message);
-        }
-        break;
-      case 'node':
-        return nodeVerify(curve, hash_algo, signature, message, publicKey);
-    }
-  }
-  const digest = (typeof hash_algo === 'undefined') ? message : hashed;
-  return ellipticVerify(curve, signature, digest, publicKey);
-}
-
-/**
- * Validate EcDSA parameters
- * @param {module:type/oid}    oid Elliptic curve object identifier
- * @param {Uint8Array}         Q   EcDSA public point
- * @param {Uint8Array}         d   EcDSA secret scalar
- * @returns {Promise<Boolean>} whether params are valid
- * @async
- */
-async function validateParams(oid, Q, d) {
-  const curve = new Curve(oid);
-  // Reject curves x25519 and ed25519
-  if (curve.keyType !== enums.publicKey.ecdsa) {
-    return false;
-  }
-
-  // To speed up the validation, we try to use node- or webcrypto when available
-  // and sign + verify a random message
-  switch (curve.type) {
-    case 'web':
-    case 'node': {
-      const message = await random.getRandomBytes(8);
-      const hashAlgo = enums.hash.sha256;
-      const hashed = await hash.digest(hashAlgo, message);
-      try {
-        const signature = await sign(oid, hashAlgo, message, Q, d, hashed);
-        return await verify(oid, hashAlgo, signature, message, Q, hashed);
-      } catch (err) {
-        return false;
-      }
-    }
-    default:
-      return validateStandardParams(enums.publicKey.ecdsa, oid, Q, d);
-  }
-}
-
-/**
- * Parses MPI params and returns them as byte arrays of fixed length
- * @param {Array} params key parameters
- * @returns {Object} parameters in the form
- *  { oid, d: Uint8Array, Q: Uint8Array }
- */
-function parseParams(params) {
-  if (params.length < 2 || params.length > 3) {
-    throw new Error('Unexpected number of parameters');
-  }
-
-  const oid = params[0];
-  const curve = new Curve(oid);
-  const parsedParams = { oid };
-  // The public point never has leading zeros, as it is prefixed by 0x40 or 0x04
-  parsedParams.Q = params[1].toUint8Array();
-  if (params.length === 3) {
-    parsedParams.d = params[2].toUint8Array('be', curve.payloadSize);
-  }
-
-  return parsedParams;
-}
-
-
-export default { sign, verify, ellipticVerify, ellipticSign, validateParams, parseParams };
-
-
-//////////////////////////
-//                      //
-//   Helper functions   //
-//                      //
-//////////////////////////
-
-async function ellipticSign(curve, hashed, privateKey) {
-  const indutnyCurve = await getIndutnyCurve(curve.name);
-  const key = keyFromPrivate(indutnyCurve, privateKey);
-  const signature = key.sign(hashed);
-  return {
-    r: signature.r.toArrayLike(Uint8Array),
-    s: signature.s.toArrayLike(Uint8Array)
-  };
-}
-
-async function ellipticVerify(curve, signature, digest, publicKey) {
-  const indutnyCurve = await getIndutnyCurve(curve.name);
-  const key = keyFromPublic(indutnyCurve, publicKey);
-  return key.verify(digest, signature);
-}
-
-async function webSign(curve, hash_algo, message, keyPair) {
-  const len = curve.payloadSize;
-  const jwk = privateToJwk(curve.payloadSize, webCurves[curve.name], keyPair.publicKey, keyPair.privateKey);
-  const key = await webCrypto.importKey(
-    "jwk",
-    jwk,
-    {
-      "name": "ECDSA",
-      "namedCurve": webCurves[curve.name],
-      "hash": { name: enums.read(enums.webHash, curve.hash) }
-    },
-    false,
-    ["sign"]
-  );
-
-  const signature = new Uint8Array(await webCrypto.sign(
-    {
-      "name": 'ECDSA',
-      "namedCurve": webCurves[curve.name],
-      "hash": { name: enums.read(enums.webHash, hash_algo) }
-    },
-    key,
-    message
-  ));
-
-  return {
-    r: signature.slice(0, len),
-    s: signature.slice(len, len << 1)
-  };
-}
-
-async function webVerify(curve, hash_algo, { r, s }, message, publicKey) {
-  const len = curve.payloadSize;
-  const jwk = rawPublicToJwk(curve.payloadSize, webCurves[curve.name], publicKey);
-  const key = await webCrypto.importKey(
-    "jwk",
-    jwk,
-    {
-      "name": "ECDSA",
-      "namedCurve": webCurves[curve.name],
-      "hash": { name: enums.read(enums.webHash, curve.hash) }
-    },
-    false,
-    ["verify"]
-  );
-
-  const signature = util.concatUint8Array([
-    new Uint8Array(len - r.length), r,
-    new Uint8Array(len - s.length), s
-  ]).buffer;
-
-  return webCrypto.verify(
-    {
-      "name": 'ECDSA',
-      "namedCurve": webCurves[curve.name],
-      "hash": { name: enums.read(enums.webHash, hash_algo) }
-    },
-    key,
-    signature,
-    message
-  );
-}
-
-async function nodeSign(curve, hash_algo, message, keyPair) {
-  const sign = nodeCrypto.createSign(enums.read(enums.hash, hash_algo));
-  sign.write(message);
-  sign.end();
-  const key = ECPrivateKey.encode({
-    version: 1,
-    parameters: curve.oid,
-    privateKey: Array.from(keyPair.privateKey),
-    publicKey: { unused: 0, data: Array.from(keyPair.publicKey) }
-  }, 'pem', {
-    label: 'EC PRIVATE KEY'
-  });
-
-  return ECDSASignature.decode(sign.sign(key), 'der');
-}
-
-async function nodeVerify(curve, hash_algo, { r, s }, message, publicKey) {
-  const verify = nodeCrypto.createVerify(enums.read(enums.hash, hash_algo));
-  verify.write(message);
-  verify.end();
-  const key = SubjectPublicKeyInfo.encode({
-    algorithm: {
-      algorithm: [1, 2, 840, 10045, 2, 1],
-      parameters: curve.oid
-    },
-    subjectPublicKey: { unused: 0, data: Array.from(publicKey) }
-  }, 'pem', {
-    label: 'PUBLIC KEY'
-  });
-  const signature = ECDSASignature.encode({
-    r: new BN(r), s: new BN(s)
-  }, 'der');
-
-  try {
-    return verify.verify(key, signature);
-  } catch (err) {
-    return false;
-  }
-}
-
-// Originally written by Owen Smith https://github.com/omsmith
-// Adapted on Feb 2018 from https://github.com/Brightspace/node-jwk-to-pem/
-
-/* eslint-disable no-invalid-this */
-
-const asn1 = nodeCrypto ? require('asn1.js') : undefined;
-
-const ECDSASignature = nodeCrypto ?
-  asn1.define('ECDSASignature', function() {
-    this.seq().obj(
-      this.key('r').int(),
-      this.key('s').int()
-    );
-  }) : undefined;
-
-const ECPrivateKey = nodeCrypto ?
-  asn1.define('ECPrivateKey', function() {
-    this.seq().obj(
-      this.key('version').int(),
-      this.key('privateKey').octstr(),
-      this.key('parameters').explicit(0).optional().any(),
-      this.key('publicKey').explicit(1).optional().bitstr()
-    );
-  }) : undefined;
-
-const AlgorithmIdentifier = nodeCrypto ?
-  asn1.define('AlgorithmIdentifier', function() {
-    this.seq().obj(
-      this.key('algorithm').objid(),
-      this.key('parameters').optional().any()
-    );
-  }) : undefined;
-
-const SubjectPublicKeyInfo = nodeCrypto ?
-  asn1.define('SubjectPublicKeyInfo', function() {
-    this.seq().obj(
-      this.key('algorithm').use(AlgorithmIdentifier),
-      this.key('subjectPublicKey').bitstr()
-    );
-  }) : undefined;

package/src/crypto/public_key/elliptic/eddsa.js

@@ -1,119 +0,0 @@
-// OpenPGP.js - An OpenPGP implementation in javascript
-// Copyright (C) 2018 Proton Technologies AG
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-/**
- * @fileoverview Implementation of EdDSA following RFC4880bis-03 for OpenPGP
- * @requires hash.js
- * @requires tweetnacl
- * @requires crypto/public_key/elliptic/curve
- * @requires util
- * @module crypto/public_key/elliptic/eddsa
- */
-
-import sha512 from 'hash.js/lib/hash/sha/512';
-import nacl from 'tweetnacl/nacl-fast-light.js';
-import util from '../../../util';
-
-nacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest());
-
-/**
- * Sign a message using the provided key
- * @param  {module:type/oid}   oid          Elliptic curve object identifier
- * @param  {module:enums.hash} hash_algo    Hash algorithm used to sign
- * @param  {Uint8Array}        message      Message to sign
- * @param  {Uint8Array}        publicKey    Public key
- * @param  {Uint8Array}        privateKey   Private key used to sign the message
- * @param  {Uint8Array}        hashed       The hashed message
- * @returns {{R: Uint8Array,
- *            S: Uint8Array}}               Signature of the message
- * @async
- */
-async function sign(oid, hash_algo, message, publicKey, privateKey, hashed) {
-  const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]);
-  const signature = nacl.sign.detached(hashed, secretKey);
-  // EdDSA signature params are returned in little-endian format
-  return {
-    R: signature.subarray(0, 32),
-    S: signature.subarray(32)
-  };
-}
-
-/**
- * Verifies if a signature is valid for a message
- * @param  {module:type/oid}   oid       Elliptic curve object identifier
- * @param  {module:enums.hash} hash_algo Hash algorithm used in the signature
- * @param  {{R: Uint8Array,
-             S: Uint8Array}}   signature Signature to verify the message
- * @param  {Uint8Array}        m         Message to verify
- * @param  {Uint8Array}        publicKey Public key used to verify the message
- * @param  {Uint8Array}        hashed    The hashed message
- * @returns {Boolean}
- * @async
- */
-async function verify(oid, hash_algo, { R, S }, m, publicKey, hashed) {
-  const signature = util.concatUint8Array([R, S]);
-  return nacl.sign.detached.verify(hashed, signature, publicKey.subarray(1));
-}
-
-/**
- * Validate EdDSA parameters
- * @param {module:type/oid}    oid Elliptic curve object identifier
- * @param {Uint8Array}         Q   EdDSA public point
- * @param {Uint8Array}         k   EdDSA secret seed
- * @returns {Promise<Boolean>} whether params are valid
- * @async
- */
-async function validateParams(oid, Q, k) {
-  // Check whether the given curve is supported
-  if (oid.getName() !== 'ed25519') {
-    return false;
-  }
-
-  /**
-   * Derive public point Q' = dG from private key
-   * and expect Q == Q'
-   */
-  const { publicKey } = nacl.sign.keyPair.fromSeed(k);
-  const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix
-  return util.equalsUint8Array(Q, dG);
-}
-
-/**
- * Parses MPI params and returns them as byte arrays of fixed length
- * @param {Array} params key parameters
- * @returns {Object} parameters in the form
- *  { oid, seed: Uint8Array, Q: Uint8Array }
- */
-function parseParams(params) {
-  if (params.length < 2 || params.length > 3) {
-    throw new Error('Unexpected number of parameters');
-  }
-
-  const parsedParams = {
-    oid: params[0],
-    Q: params[1].toUint8Array('be', 33)
-  };
-
-  if (params.length === 3) {
-    parsedParams.seed = params[2].toUint8Array('be', 32);
-  }
-
-  return parsedParams;
-}
-
-
-export default { sign, verify, validateParams, parseParams };

package/src/crypto/public_key/elliptic/index.js

@@ -1,34 +0,0 @@
-// OpenPGP.js - An OpenPGP implementation in javascript
-// Copyright (C) 2015-2016 Decentral
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-/**
- * @fileoverview Functions to access Elliptic Curve Cryptography
- * @see module:crypto/public_key/elliptic/curve
- * @see module:crypto/public_key/elliptic/ecdh
- * @see module:crypto/public_key/elliptic/ecdsa
- * @see module:crypto/public_key/elliptic/eddsa
- * @module crypto/public_key/elliptic
- */
-
-import Curve, { generate, getPreferredHashAlgo } from './curves';
-import ecdsa from './ecdsa';
-import eddsa from './eddsa';
-import ecdh from './ecdh';
-
-export default {
-  Curve, ecdh, ecdsa, eddsa, generate, getPreferredHashAlgo
-};

package/src/crypto/public_key/elliptic/indutnyKey.js

@@ -1,85 +0,0 @@
-// OpenPGP.js - An OpenPGP implementation in javascript
-// Copyright (C) 2015-2016 Decentral
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-/**
- * @fileoverview Wrapper for a KeyPair of an curve from indutny/elliptic library
- * @requires enums
- * @requires asn1.js
- * @module crypto/public_key/elliptic/indutnyKey
- */
-
-import { loadScript, dl } from '../../../lightweight_helper';
-import config from '../../../config';
-import util from '../../../util';
-
-export function keyFromPrivate(indutnyCurve, priv) {
-  const keyPair = indutnyCurve.keyPair({ priv: priv });
-  return keyPair;
-}
-
-export function keyFromPublic(indutnyCurve, pub) {
-  const keyPair = indutnyCurve.keyPair({ pub: pub });
-  if (keyPair.validate().result !== true) {
-    throw new Error('Invalid elliptic public key');
-  }
-  return keyPair;
-}
-
-/**
- * Load elliptic on demand to global.openpgp.elliptic
- * @returns {Promise<elliptic>}
- */
-async function loadEllipticPromise() {
-  const path = config.indutny_elliptic_path;
-  const options = config.indutny_elliptic_fetch_options;
-  const ellipticDlPromise = dl(path, options).catch(() => dl(path, options));
-  const ellipticContents = await ellipticDlPromise;
-  const mainUrl = URL.createObjectURL(new Blob([ellipticContents], { type: 'text/javascript' }));
-  await loadScript(mainUrl);
-  URL.revokeObjectURL(mainUrl);
-  if (!global.openpgp.elliptic) {
-    throw new Error('Elliptic library failed to load correctly');
-  }
-  return global.openpgp.elliptic;
-}
-
-let ellipticPromise;
-
-function loadElliptic() {
-  if (!config.external_indutny_elliptic) {
-    return require('elliptic');
-  }
-  if (util.detectNode()) {
-    // eslint-disable-next-line
-    return require(config.indutny_elliptic_path);
-  }
-  if (!ellipticPromise) {
-    ellipticPromise = loadEllipticPromise().catch(e => {
-      ellipticPromise = undefined;
-      throw e;
-    });
-  }
-  return ellipticPromise;
-}
-
-export async function getIndutnyCurve(name) {
-  if (!config.use_indutny_elliptic) {
-    throw new Error('This curve is only supported in the full build of OpenPGP.js');
-  }
-  const elliptic = await loadElliptic();
-  return new elliptic.ec(name);
-}

package/src/crypto/public_key/index.js

@@ -1,28 +0,0 @@
-/**
- * @fileoverview Asymmetric cryptography functions
- * @requires tweetnacl
- * @requires crypto/public_key/dsa
- * @requires crypto/public_key/elgamal
- * @requires crypto/public_key/elliptic
- * @requires crypto/public_key/rsa
- * @module crypto/public_key
- */
-
-import nacl from 'tweetnacl/nacl-fast-light.js';
-import rsa from './rsa';
-import elgamal from './elgamal';
-import elliptic from './elliptic';
-import dsa from './dsa';
-
-export default {
-  /** @see module:crypto/public_key/rsa */
-  rsa: rsa,
-  /** @see module:crypto/public_key/elgamal */
-  elgamal: elgamal,
-  /** @see module:crypto/public_key/elliptic */
-  elliptic: elliptic,
-  /** @see module:crypto/public_key/dsa */
-  dsa: dsa,
-  /** @see tweetnacl */
-  nacl: nacl
-};