@protontech/openpgp 4.10.6 → 5.4.0

package/src/packet/marker.js

@@ -1,62 +0,0 @@
-// GPG4Browsers - An OpenPGP implementation in javascript
-// Copyright (C) 2011 Recurity Labs GmbH
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-/**
- * @requires enums
- */
-
-import enums from '../enums';
-
-/**
- * Implementation of the strange "Marker packet" (Tag 10)
- *
- * {@link https://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}:
- * An experimental version of PGP used this packet as the Literal
- * packet, but no released version of PGP generated Literal packets with this
- * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as
- * the Marker packet.
- *
- * Such a packet MUST be ignored when received.
- * @memberof module:packet
- * @constructor
- */
-function Marker() {
-  this.tag = enums.packet.marker;
-}
-
-/**
- * Parsing function for a literal data packet (tag 10).
- *
- * @param {String} input Payload of a tag 10 packet
- * @param {Integer} position
- *            Position to start reading from the input string
- * @param {Integer} len
- *            Length of the packet or the remaining length of
- *            input at position
- * @returns {module:packet.Marker} Object representation
- */
-Marker.prototype.read = function (bytes) {
-  if (bytes[0] === 0x50 && // P
-      bytes[1] === 0x47 && // G
-      bytes[2] === 0x50) { // P
-    return true;
-  }
-  // marker packet does not contain "PGP"
-  return false;
-};
-
-export default Marker;

package/src/packet/one_pass_signature.js

@@ -1,156 +0,0 @@
-// GPG4Browsers - An OpenPGP implementation in javascript
-// Copyright (C) 2011 Recurity Labs GmbH
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-/**
- * @requires web-stream-tools
- * @requires packet/signature
- * @requires type/keyid
- * @requires enums
- * @requires util
- */
-
-import stream from 'web-stream-tools';
-import Signature from './signature';
-import type_keyid from '../type/keyid';
-import enums from '../enums';
-import util from '../util';
-
-/**
- * Implementation of the One-Pass Signature Packets (Tag 4)
- *
- * {@link https://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}:
- * The One-Pass Signature packet precedes the signed data and contains
- * enough information to allow the receiver to begin calculating any
- * hashes needed to verify the signature.  It allows the Signature
- * packet to be placed at the end of the message, so that the signer
- * can compute the entire signed message in one pass.
- * @memberof module:packet
- * @constructor
- */
-function OnePassSignature() {
-  /**
-   * Packet type
-   * @type {module:enums.packet}
-   */
-  this.tag = enums.packet.onePassSignature;
-  /** A one-octet version number.  The current version is 3. */
-  this.version = null;
-  /**
-   * A one-octet signature type.
-   * Signature types are described in
-   * {@link https://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}.
-   */
-  this.signatureType = null;
-  /**
-   * A one-octet number describing the hash algorithm used.
-   * @see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}
-   */
-  this.hashAlgorithm = null;
-  /**
-   * A one-octet number describing the public-key algorithm used.
-   * @see {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}
-   */
-  this.publicKeyAlgorithm = null;
-  /** An eight-octet number holding the Key ID of the signing key. */
-  this.issuerKeyId = null;
-  /**
-   * A one-octet number holding a flag showing whether the signature is nested.
-   * A zero value indicates that the next packet is another One-Pass Signature packet
-   * that describes another signature to be applied to the same message data.
-   */
-  this.flags = null;
-}
-
-/**
- * parsing function for a one-pass signature packet (tag 4).
- * @param {Uint8Array} bytes payload of a tag 4 packet
- * @returns {module:packet.OnePassSignature} object representation
- */
-OnePassSignature.prototype.read = function (bytes) {
-  let mypos = 0;
-  // A one-octet version number.  The current version is 3.
-  this.version = bytes[mypos++];
-
-  // A one-octet signature type.  Signature types are described in
-  //   Section 5.2.1.
-  this.signatureType = bytes[mypos++];
-
-  // A one-octet number describing the hash algorithm used.
-  this.hashAlgorithm = bytes[mypos++];
-
-  // A one-octet number describing the public-key algorithm used.
-  this.publicKeyAlgorithm = bytes[mypos++];
-
-  // An eight-octet number holding the Key ID of the signing key.
-  this.issuerKeyId = new type_keyid();
-  this.issuerKeyId.read(bytes.subarray(mypos, mypos + 8));
-  mypos += 8;
-
-  // A one-octet number holding a flag showing whether the signature
-  //   is nested.  A zero value indicates that the next packet is
-  //   another One-Pass Signature packet that describes another
-  //   signature to be applied to the same message data.
-  this.flags = bytes[mypos++];
-  return this;
-};
-
-/**
- * creates a string representation of a one-pass signature packet
- * @returns {Uint8Array} a Uint8Array representation of a one-pass signature packet
- */
-OnePassSignature.prototype.write = function () {
-  const start = new Uint8Array([3, enums.write(enums.signature, this.signatureType),
-    enums.write(enums.hash, this.hashAlgorithm),
-    enums.write(enums.publicKey, this.publicKeyAlgorithm)]);
-
-  const end = new Uint8Array([this.flags]);
-
-  return util.concatUint8Array([start, this.issuerKeyId.write(), end]);
-};
-
-/**
- * Fix custom types after cloning
- */
-OnePassSignature.prototype.postCloneTypeFix = function() {
-  this.issuerKeyId = type_keyid.fromClone(this.issuerKeyId);
-};
-
-OnePassSignature.prototype.hash = Signature.prototype.hash;
-OnePassSignature.prototype.toHash = Signature.prototype.toHash;
-OnePassSignature.prototype.toSign = Signature.prototype.toSign;
-OnePassSignature.prototype.calculateTrailer = function(...args) {
-  return stream.fromAsync(async () => Signature.prototype.calculateTrailer.apply(await this.correspondingSig, args));
-};
-
-OnePassSignature.prototype.verify = async function() {
-  const correspondingSig = await this.correspondingSig;
-  if (!correspondingSig || correspondingSig.tag !== enums.packet.signature) {
-    throw new Error('Corresponding signature packet missing');
-  }
-  if (
-    correspondingSig.signatureType !== this.signatureType ||
-    correspondingSig.hashAlgorithm !== this.hashAlgorithm ||
-    correspondingSig.publicKeyAlgorithm !== this.publicKeyAlgorithm ||
-    !correspondingSig.issuerKeyId.equals(this.issuerKeyId)
-  ) {
-    throw new Error('Corresponding signature packet does not match one-pass signature packet');
-  }
-  correspondingSig.hashed = this.hashed;
-  return correspondingSig.verify.apply(correspondingSig, arguments);
-};
-
-export default OnePassSignature;

package/src/packet/packet.js

@@ -1,300 +0,0 @@
-// GPG4Browsers - An OpenPGP implementation in javascript
-// Copyright (C) 2011 Recurity Labs GmbH
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-/* eslint-disable callback-return */
-
-/**
- * @fileoverview Functions for reading and writing packets
- * @requires web-stream-tools
- * @requires enums
- * @requires util
- * @module packet/packet
- */
-
-import stream from 'web-stream-tools';
-import enums from '../enums';
-import util from '../util';
-
-export default {
-  readSimpleLength: function(bytes) {
-    let len = 0;
-    let offset;
-    const type = bytes[0];
-
-
-    if (type < 192) {
-      [len] = bytes;
-      offset = 1;
-    } else if (type < 255) {
-      len = ((bytes[0] - 192) << 8) + (bytes[1]) + 192;
-      offset = 2;
-    } else if (type === 255) {
-      len = util.readNumber(bytes.subarray(1, 1 + 4));
-      offset = 5;
-    }
-
-    return {
-      len: len,
-      offset: offset
-    };
-  },
-
-  /**
-   * Encodes a given integer of length to the openpgp length specifier to a
-   * string
-   *
-   * @param {Integer} length The length to encode
-   * @returns {Uint8Array} String with openpgp length representation
-   */
-  writeSimpleLength: function(length) {
-    if (length < 192) {
-      return new Uint8Array([length]);
-    } else if (length > 191 && length < 8384) {
-      /*
-       * let a = (total data packet length) - 192 let bc = two octet
-       * representation of a let d = b + 192
-       */
-      return new Uint8Array([((length - 192) >> 8) + 192, (length - 192) & 0xFF]);
-    }
-    return util.concatUint8Array([new Uint8Array([255]), util.writeNumber(length, 4)]);
-  },
-
-  writePartialLength: function(power) {
-    if (power < 0 || power > 30) {
-      throw new Error('Partial Length power must be between 1 and 30');
-    }
-    return new Uint8Array([224 + power]);
-  },
-
-  writeTag: function(tag_type) {
-    /* we're only generating v4 packet headers here */
-    return new Uint8Array([0xC0 | tag_type]);
-  },
-
-  /**
-   * Writes a packet header version 4 with the given tag_type and length to a
-   * string
-   *
-   * @param {Integer} tag_type Tag type
-   * @param {Integer} length Length of the payload
-   * @returns {String} String of the header
-   */
-  writeHeader: function(tag_type, length) {
-    /* we're only generating v4 packet headers here */
-    return util.concatUint8Array([this.writeTag(tag_type), this.writeSimpleLength(length)]);
-  },
-
-  /**
-   * Whether the packet type supports partial lengths per RFC4880
-   * @param {Integer} tag_type Tag type
-   * @returns {Boolean} String of the header
-   */
-  supportsStreaming: function(tag_type) {
-    return [
-      enums.packet.literal,
-      enums.packet.compressed,
-      enums.packet.symmetricallyEncrypted,
-      enums.packet.symEncryptedIntegrityProtected,
-      enums.packet.symEncryptedAEADProtected
-    ].includes(tag_type);
-  },
-
-  /**
-   * Generic static Packet Parser function
-   *
-   * @param {Uint8Array | ReadableStream<Uint8Array>} input Input stream as string
-   * @param {Function} callback Function to call with the parsed packet
-   * @returns {Boolean} Returns false if the stream was empty and parsing is done, and true otherwise.
-   */
-  read: async function(input, streaming, callback) {
-    const reader = stream.getReader(input);
-    let writer;
-    let callbackReturned;
-    try {
-      const peekedBytes = await reader.peekBytes(2);
-      // some sanity checks
-      if (!peekedBytes || peekedBytes.length < 2 || (peekedBytes[0] & 0x80) === 0) {
-        throw new Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");
-      }
-      const headerByte = await reader.readByte();
-      let tag = -1;
-      let format = -1;
-      let packet_length;
-
-      format = 0; // 0 = old format; 1 = new format
-      if ((headerByte & 0x40) !== 0) {
-        format = 1;
-      }
-
-      let packet_length_type;
-      if (format) {
-        // new format header
-        tag = headerByte & 0x3F; // bit 5-0
-      } else {
-        // old format header
-        tag = (headerByte & 0x3F) >> 2; // bit 5-2
-        packet_length_type = headerByte & 0x03; // bit 1-0
-      }
-
-      const supportsStreaming = this.supportsStreaming(tag);
-      let packet = null;
-      if (streaming && supportsStreaming) {
-        const transform = new TransformStream();
-        writer = stream.getWriter(transform.writable);
-        packet = transform.readable;
-        callbackReturned = callback({ tag, packet });
-      } else {
-        packet = [];
-      }
-
-      let wasPartialLength;
-      do {
-        if (!format) {
-          // 4.2.1. Old Format Packet Lengths
-          switch (packet_length_type) {
-            case 0:
-              // The packet has a one-octet length. The header is 2 octets
-              // long.
-              packet_length = await reader.readByte();
-              break;
-            case 1:
-              // The packet has a two-octet length. The header is 3 octets
-              // long.
-              packet_length = (await reader.readByte() << 8) | await reader.readByte();
-              break;
-            case 2:
-              // The packet has a four-octet length. The header is 5
-              // octets long.
-              packet_length = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<
-                8) | await reader.readByte();
-              break;
-            default:
-              // 3 - The packet is of indeterminate length. The header is 1
-              // octet long, and the implementation must determine how long
-              // the packet is. If the packet is in a file, this means that
-              // the packet extends until the end of the file. In general,
-              // an implementation SHOULD NOT use indeterminate-length
-              // packets except where the end of the data will be clear
-              // from the context, and even then it is better to use a
-              // definite length, or a new format header. The new format
-              // headers described below have a mechanism for precisely
-              // encoding data of indeterminate length.
-              packet_length = Infinity;
-              break;
-          }
-        } else { // 4.2.2. New Format Packet Lengths
-          // 4.2.2.1. One-Octet Lengths
-          const lengthByte = await reader.readByte();
-          wasPartialLength = false;
-          if (lengthByte < 192) {
-            packet_length = lengthByte;
-            // 4.2.2.2. Two-Octet Lengths
-          } else if (lengthByte >= 192 && lengthByte < 224) {
-            packet_length = ((lengthByte - 192) << 8) + (await reader.readByte()) + 192;
-            // 4.2.2.4. Partial Body Lengths
-          } else if (lengthByte > 223 && lengthByte < 255) {
-            packet_length = 1 << (lengthByte & 0x1F);
-            wasPartialLength = true;
-            if (!supportsStreaming) {
-              throw new TypeError('This packet type does not support partial lengths.');
-            }
-            // 4.2.2.3. Five-Octet Lengths
-          } else {
-            packet_length = (await reader.readByte() << 24) | (await reader.readByte() << 16) | (await reader.readByte() <<
-              8) | await reader.readByte();
-          }
-        }
-        if (packet_length > 0) {
-          let bytesRead = 0;
-          while (true) {
-            if (writer) await writer.ready;
-            const { done, value } = await reader.read();
-            if (done) {
-              if (packet_length === Infinity) break;
-              throw new Error('Unexpected end of packet');
-            }
-            const chunk = packet_length === Infinity ? value : value.subarray(0, packet_length - bytesRead);
-            if (writer) await writer.write(chunk);
-            else packet.push(chunk);
-            bytesRead += value.length;
-            if (bytesRead >= packet_length) {
-              reader.unshift(value.subarray(packet_length - bytesRead + value.length));
-              break;
-            }
-          }
-        }
-      } while (wasPartialLength);
-
-      // If this was not a packet that "supports streaming", we peek to check
-      // whether it is the last packet in the message. We peek 2 bytes instead
-      // of 1 because the beginning of this function also peeks 2 bytes, and we
-      // want to cut a `subarray` of the correct length into `web-stream-tools`'
-      // `externalBuffer` as a tiny optimization here.
-      //
-      // If it *was* a streaming packet (i.e. the data packets), we peek at the
-      // entire remainder of the stream, in order to forward errors in the
-      // remainder of the stream to the packet data. (Note that this means we
-      // read/peek at all signature packets before closing the literal data
-      // packet, for example.) This forwards armor checksum errors to the
-      // encrypted data stream, for example, so that they don't get lost /
-      // forgotten on encryptedMessage.packets.stream, which we never look at.
-      //
-      // Note that subsequent packet parsing errors could still end up there if
-      // `config.tolerant` is set to false, or on malformed messages with
-      // multiple data packets, but usually it shouldn't happen.
-      //
-      // An example of what we do when stream-parsing a message containing
-      // [ one-pass signature packet, literal data packet, signature packet ]:
-      // 1. Read the one-pass signature packet
-      // 2. Peek 2 bytes of the literal data packet
-      // 3. Parse the one-pass signature packet
-      //
-      // 4. Read the literal data packet, simultaneously stream-parsing it
-      // 5. Peek until the end of the message
-      // 6. Finish parsing the literal data packet
-      //
-      // 7. Read the signature packet again (we already peeked at it in step 5)
-      // 8. Peek at the end of the stream again (`peekBytes` returns undefined)
-      // 9. Parse the signature packet
-      //
-      // Note that this means that if there's an error in the very end of the
-      // stream, such as an MDC error, we throw in step 5 instead of in step 8
-      // (or never), which is the point of this exercise.
-      const nextPacket = await reader.peekBytes(supportsStreaming ? Infinity : 2);
-      if (writer) {
-        await writer.ready;
-        await writer.close();
-      } else {
-        packet = util.concatUint8Array(packet);
-        await callback({ tag, packet });
-      }
-      return !nextPacket || !nextPacket.length;
-    } catch (e) {
-      if (writer) {
-        await writer.abort(e);
-        return true;
-      } else {
-        throw e;
-      }
-    } finally {
-      if (writer) {
-        await callbackReturned;
-      }
-      reader.releaseLock();
-    }
-  }
-};