@protontech/openpgp 4.10.8 → 5.3.1

package/src/crypto/random.js

@@ -1,145 +0,0 @@
-// GPG4Browsers - An OpenPGP implementation in javascript
-// Copyright (C) 2011 Recurity Labs GmbH
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-// The GPG4Browsers crypto interface
-
-/**
- * @fileoverview Provides tools for retrieving secure randomness from browsers or Node.js
- * @requires bn.js
- * @requires util
- * @module crypto/random
- */
-
-import BN from 'bn.js';
-import util from '../util';
-
-// Do not use util.getNodeCrypto because we need this regardless of use_native setting
-const nodeCrypto = util.detectNode() && require('crypto');
-
-export default {
-  /**
-   * Retrieve secure random byte array of the specified length
-   * @param {Integer} length Length in bytes to generate
-   * @returns {Uint8Array} Random byte array
-   * @async
-   */
-  getRandomBytes: async function(length) {
-    const buf = new Uint8Array(length);
-    if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
-      crypto.getRandomValues(buf);
-    } else if (typeof global !== 'undefined' && typeof global.msCrypto === 'object' && typeof global.msCrypto.getRandomValues === 'function') {
-      global.msCrypto.getRandomValues(buf);
-    } else if (nodeCrypto) {
-      const bytes = nodeCrypto.randomBytes(buf.length);
-      buf.set(bytes);
-    } else if (this.randomBuffer.buffer) {
-      await this.randomBuffer.get(buf);
-    } else {
-      throw new Error('No secure random number generator available.');
-    }
-    return buf;
-  },
-
-  /**
-   * Create a secure random MPI that is greater than or equal to min and less than max.
-   * @param {module:type/mpi} min Lower bound, included
-   * @param {module:type/mpi} max Upper bound, excluded
-   * @returns {module:BN} Random MPI
-   * @async
-   */
-  getRandomBN: async function(min, max) {
-    if (max.cmp(min) <= 0) {
-      throw new Error('Illegal parameter value: max <= min');
-    }
-
-    const modulus = max.sub(min);
-    const bytes = modulus.byteLength();
-
-    // Using a while loop is necessary to avoid bias introduced by the mod operation.
-    // However, we request 64 extra random bits so that the bias is negligible.
-    // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
-    const r = new BN(await this.getRandomBytes(bytes + 8));
-    return r.mod(modulus).add(min);
-  },
-
-  randomBuffer: new RandomBuffer()
-};
-
-/**
- * Buffer for secure random numbers
- */
-function RandomBuffer() {
-  this.buffer = null;
-  this.size = null;
-  this.callback = null;
-}
-
-/**
- * Initialize buffer
- * @param  {Integer} size size of buffer
- */
-RandomBuffer.prototype.init = function(size, callback) {
-  this.buffer = new Uint8Array(size);
-  this.size = 0;
-  this.callback = callback;
-};
-
-/**
- * Concat array of secure random numbers to buffer
- * @param {Uint8Array} buf
- */
-RandomBuffer.prototype.set = function(buf) {
-  if (!this.buffer) {
-    throw new Error('RandomBuffer is not initialized');
-  }
-  if (!(buf instanceof Uint8Array)) {
-    throw new Error('Invalid type: buf not an Uint8Array');
-  }
-  const freeSpace = this.buffer.length - this.size;
-  if (buf.length > freeSpace) {
-    buf = buf.subarray(0, freeSpace);
-  }
-  // set buf with offset old size of buffer
-  this.buffer.set(buf, this.size);
-  this.size += buf.length;
-};
-
-/**
- * Take numbers out of buffer and copy to array
- * @param {Uint8Array} buf the destination array
- */
-RandomBuffer.prototype.get = async function(buf) {
-  if (!this.buffer) {
-    throw new Error('RandomBuffer is not initialized');
-  }
-  if (!(buf instanceof Uint8Array)) {
-    throw new Error('Invalid type: buf not an Uint8Array');
-  }
-  if (this.size < buf.length) {
-    if (!this.callback) {
-      throw new Error('Random number buffer depleted');
-    }
-    // Wait for random bytes from main context, then try again
-    await this.callback();
-    return this.get(buf);
-  }
-  for (let i = 0; i < buf.length; i++) {
-    buf[i] = this.buffer[--this.size];
-    // clear buffer value
-    this.buffer[this.size] = 0;
-  }
-};

package/src/crypto/signature.js

@@ -1,137 +0,0 @@
-/**
- * @fileoverview Provides functions for asymmetric signing and signature verification
- * @requires crypto/crypto
- * @requires crypto/public_key
- * @requires enums
- * @requires util
- * @module crypto/signature
-*/
-
-import crypto from './crypto';
-import publicKey from './public_key';
-import enums from '../enums';
-import util from '../util';
-
-export default {
-  /**
-   * Verifies the signature provided for data using specified algorithms and public key parameters.
-   * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}
-   * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}
-   * for public key and hash algorithms.
-   * @param {module:enums.publicKey} algo      Public key algorithm
-   * @param {module:enums.hash}      hash_algo Hash algorithm
-   * @param {Array<module:type/mpi>} msg_MPIs  Algorithm-specific signature parameters
-   * @param {Array<module:type/mpi>} pub_MPIs  Algorithm-specific public key parameters
-   * @param {Uint8Array}             data      Data for which the signature was created
-   * @param {Uint8Array}             hashed    The hashed data
-   * @returns {Boolean}                        True if signature is valid
-   * @async
-   */
-  verify: async function(algo, hash_algo, msg_MPIs, pub_MPIs, data, hashed) {
-    const types = crypto.getPubKeyParamTypes(algo);
-    if (pub_MPIs.length < types.length) {
-      throw new Error('Missing public key parameters');
-    }
-    switch (algo) {
-      case enums.publicKey.rsa_encrypt_sign:
-      case enums.publicKey.rsa_encrypt:
-      case enums.publicKey.rsa_sign: {
-        const n = pub_MPIs[0].toUint8Array();
-        const e = pub_MPIs[1].toUint8Array();
-        const m = msg_MPIs[0].toUint8Array('be', n.length);
-        return publicKey.rsa.verify(hash_algo, data, m, n, e, hashed);
-      }
-      case enums.publicKey.dsa: {
-        const r = msg_MPIs[0].toBN();
-        const s = msg_MPIs[1].toBN();
-        const p = pub_MPIs[0].toBN();
-        const q = pub_MPIs[1].toBN();
-        const g = pub_MPIs[2].toBN();
-        const y = pub_MPIs[3].toBN();
-        return publicKey.dsa.verify(hash_algo, r, s, hashed, g, p, q, y);
-      }
-      case enums.publicKey.ecdsa: {
-        const { oid, Q } = publicKey.elliptic.ecdsa.parseParams(pub_MPIs);
-        const signature = { r: msg_MPIs[0].toUint8Array(), s: msg_MPIs[1].toUint8Array() };
-        return publicKey.elliptic.ecdsa.verify(oid, hash_algo, signature, data, Q, hashed);
-      }
-      case enums.publicKey.eddsa: {
-        const { oid, Q } = publicKey.elliptic.eddsa.parseParams(pub_MPIs);
-        // EdDSA signature params are expected in little-endian format
-        const signature = {
-          R: msg_MPIs[0].toUint8Array('le', 32),
-          S: msg_MPIs[1].toUint8Array('le', 32)
-        };
-        return publicKey.elliptic.eddsa.verify(oid, hash_algo, signature, data, Q, hashed);
-      }
-      default:
-        throw new Error('Invalid signature algorithm.');
-    }
-  },
-
-  /**
-   * Creates a signature on data using specified algorithms and private key parameters.
-   * See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}
-   * and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}
-   * for public key and hash algorithms.
-   * @param {module:enums.publicKey} algo       Public key algorithm
-   * @param {module:enums.hash}      hash_algo  Hash algorithm
-   * @param {Array<module:type/mpi>} key_params Algorithm-specific public and private key parameters
-   * @param {Uint8Array}             data       Data to be signed
-   * @param {Uint8Array}             hashed     The hashed data
-   * @returns {Uint8Array}                      Signature
-   * @async
-   */
-  sign: async function(algo, hash_algo, key_params, data, hashed) {
-    const types = [].concat(crypto.getPubKeyParamTypes(algo), crypto.getPrivKeyParamTypes(algo));
-    if (key_params.length < types.length) {
-      throw new Error('Missing private key parameters');
-    }
-    switch (algo) {
-      case enums.publicKey.rsa_encrypt_sign:
-      case enums.publicKey.rsa_encrypt:
-      case enums.publicKey.rsa_sign: {
-        const n = key_params[0].toUint8Array();
-        const e = key_params[1].toUint8Array();
-        const d = key_params[2].toUint8Array();
-        const p = key_params[3].toUint8Array();
-        const q = key_params[4].toUint8Array();
-        const u = key_params[5].toUint8Array();
-        const signature = await publicKey.rsa.sign(hash_algo, data, n, e, d, p, q, u, hashed);
-        return util.Uint8Array_to_MPI(signature);
-      }
-      case enums.publicKey.dsa: {
-        const p = key_params[0].toBN();
-        const q = key_params[1].toBN();
-        const g = key_params[2].toBN();
-        const x = key_params[4].toBN();
-        const signature = await publicKey.dsa.sign(hash_algo, hashed, g, p, q, x);
-        return util.concatUint8Array([
-          util.Uint8Array_to_MPI(signature.r),
-          util.Uint8Array_to_MPI(signature.s)
-        ]);
-      }
-      case enums.publicKey.elgamal: {
-        throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.');
-      }
-      case enums.publicKey.ecdsa: {
-        const { oid, Q, d } = publicKey.elliptic.ecdsa.parseParams(key_params);
-        const signature = await publicKey.elliptic.ecdsa.sign(oid, hash_algo, data, Q, d, hashed);
-        return util.concatUint8Array([
-          util.Uint8Array_to_MPI(signature.r),
-          util.Uint8Array_to_MPI(signature.s)
-        ]);
-      }
-      case enums.publicKey.eddsa: {
-        const { oid, Q, seed } = publicKey.elliptic.eddsa.parseParams(key_params);
-        const signature = await publicKey.elliptic.eddsa.sign(oid, hash_algo, data, Q, seed, hashed);
-        return util.concatUint8Array([
-          util.Uint8Array_to_MPI(signature.R),
-          util.Uint8Array_to_MPI(signature.S)
-        ]);
-      }
-      default:
-        throw new Error('Invalid signature algorithm.');
-    }
-  }
-};