@protontech/openpgp 5.3.1 → 5.5.0

package/dist/node/openpgp.mjs

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.3.1 - 2022-07-12 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.5.0 - 2022-10-31 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
 import buffer from 'buffer';
@@ -1776,7 +1776,7 @@ const util = {
    */
   printDebug: function (str) {
     if (debugMode) {
-      console.log(str);
+      console.log('[OpenPGP.js debug]', str);
     }
   },
 
@@ -1787,7 +1787,7 @@ const util = {
    */
   printDebugError: function (error) {
     if (debugMode) {
-      console.error(error);
+      console.error('[OpenPGP.js debug]', error);
     }
   },
 
@@ -2007,12 +2007,12 @@ const util = {
   },
 
   /**
-   * Remove trailing spaces and tabs from each line
+   * Remove trailing spaces, carriage returns and tabs from each line
    */
   removeTrailingSpaces: function(text) {
     return text.split('\n').map(line => {
       let i = line.length - 1;
-      for (; i >= 0 && (line[i] === ' ' || line[i] === '\t'); i--);
+      for (; i >= 0 && (line[i] === ' ' || line[i] === '\t' || line[i] === '\r'); i--);
       return line.substr(0, i + 1);
     }).join('\n');
   },
@@ -2890,7 +2890,7 @@ var defaultConfig = {
    * @memberof module:config
    * @property {String} versionString A version string to be included in armored messages
    */
-  versionString: 'OpenPGP.js 5.3.1',
+  versionString: 'OpenPGP.js 5.5.0',
   /**
    * @memberof module:config
    * @property {String} commentString A comment string to be included in armored messages
@@ -3107,15 +3107,17 @@ function createcrc24(input) {
 }
 
 /**
- * Verify armored headers. RFC4880, section 6.3: "OpenPGP should consider improperly formatted
- * Armor Headers to be corruption of the ASCII Armor."
+ * Verify armored headers. crypto-refresh-06, section 6.2:
+ * "An OpenPGP implementation may consider improperly formatted Armor
+ * Headers to be corruption of the ASCII Armor, but SHOULD make an
+ * effort to recover."
  * @private
  * @param {Array<String>} headers - Armor headers
  */
 function verifyHeaders(headers) {
   for (let i = 0; i < headers.length; i++) {
     if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) {
-      throw new Error('Improperly formatted armor header: ' + headers[i]);
+      util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));
     }
     if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {
       util.printDebugError(new Error('Unknown header: ' + headers[i]));
@@ -3309,7 +3311,7 @@ function armor(messageType, body, partIndex, partTotal, customComment, config =
       result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n');
       break;
     case enums.armor.signed:
-      result.push('\n-----BEGIN PGP SIGNED MESSAGE-----\n');
+      result.push('-----BEGIN PGP SIGNED MESSAGE-----\n');
       result.push('Hash: ' + hash + '\n\n');
       result.push(text.replace(/^-/mg, '- -'));
       result.push('\n-----BEGIN PGP SIGNATURE-----\n');
@@ -14300,16 +14302,17 @@ function parsePrivateKeyParams(algo, bytes, publicParams) {
     }
     case enums.publicKey.hmac: {
       const { cipher: algo } = publicParams;
-      const keySize = hash.getHashByteLength(algo);
+      const keySize = hash.getHashByteLength(algo.getValue());
       const hashSeed = bytes.subarray(read, read + 32); read += 32;
-      const key = bytes.subarray(read, read + keySize); read += keySize;
-      return { read, privateParams: { key, hashSeed } };
+      const keyMaterial = bytes.subarray(read, read + keySize); read += keySize;
+      return { read, privateParams: { hashSeed, keyMaterial } };
     }
     case enums.publicKey.aead: {
       const { cipher: algo } = publicParams;
+      const hashSeed = bytes.subarray(read, read + 32); read += 32;
       const { keySize } = getCipher(algo.getValue());
       const keyMaterial = bytes.subarray(read, read + keySize); read += keySize;
-      return { read, privateParams: { keyMaterial } };
+      return { read, privateParams: { hashSeed, keyMaterial } };
     }
     default:
       throw new UnsupportedError('Unknown public key encryption algorithm.');
@@ -14355,13 +14358,12 @@ function parseEncSessionKeyParams(algo, bytes) {
     //       - An authentication tag generated by the AEAD mode.
     case enums.publicKey.aead: {
       const aeadMode = new AEADEnum(); read += aeadMode.read(bytes.subarray(read));
-      const { tagLength, ivLength } = getAEADMode(aeadMode.getValue());
+      const { ivLength } = getAEADMode(aeadMode.getValue());
 
       const iv = bytes.subarray(read, read + ivLength); read += ivLength;
       const c = new ShortByteString(); read += c.read(bytes.subarray(read));
-      const t = bytes.subarray(read, read + tagLength);
 
-      return { aeadMode, iv, c, t };
+      return { aeadMode, iv, c };
     }
     default:
       throw new UnsupportedError('Unknown public key encryption algorithm.');
@@ -14455,8 +14457,8 @@ async function createSymmetricParams(key, algo) {
   const bindingHash = await hash.sha256(seed);
   return {
     privateParams: {
-      keyMaterial: key,
-      hashSeed: seed
+      hashSeed: seed,
+      keyMaterial: key
     },
     publicParams: {
       cipher: algo,
@@ -14509,14 +14511,14 @@ async function validateParams$6(algo, publicParams, privateParams) {
     }
     case enums.publicKey.hmac: {
       const { cipher: algo, digest } = publicParams;
-      const { keyMaterial, hashSeed } = privateParams;
-      const keySize = hash.getHashByteLength(algo);
+      const { hashSeed, keyMaterial } = privateParams;
+      const keySize = hash.getHashByteLength(algo.getValue());
       return keySize === keyMaterial.length &&
         util.equalsUint8Array(digest, await hash.sha256(hashSeed));
     }
     case enums.publicKey.aead: {
       const { cipher: algo, digest } = publicParams;
-      const { keyMaterial, hashSeed } = privateParams;
+      const { hashSeed, keyMaterial } = privateParams;
       const { keySize } = getCipher(algo.getValue());
       return keySize === keyMaterial.length &&
         util.equalsUint8Array(digest, await hash.sha256(hashSeed));
@@ -23266,6 +23268,11 @@ class SignaturePacket {
     // Add hashed subpackets
     arr.push(this.writeHashedSubPackets());
 
+    // Remove unhashed subpackets, in case some allowed unhashed
+    // subpackets existed, in order not to duplicate them (in both
+    // the hashed and unhashed subpackets) when re-signing.
+    this.unhashedSubpackets = [];
+
     this.signatureData = util.concat(arr);
 
     const toHash = this.toHash(this.signatureType, data, detached);
@@ -23328,6 +23335,11 @@ class SignaturePacket {
       bytes = util.concat([bytes, this.revocationKeyFingerprint]);
       arr.push(writeSubPacket(sub.revocationKey, bytes));
     }
+    if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {
+      // If the version of [the] key is greater than 4, this subpacket
+      // MUST NOT be included in the signature.
+      arr.push(writeSubPacket(sub.issuer, this.issuerKeyID.write()));
+    }
     this.rawNotations.forEach(([{ name, value, humanReadable }]) => {
       bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];
       // 2 octets of name length
@@ -23381,6 +23393,14 @@ class SignaturePacket {
       bytes = util.concat(bytes);
       arr.push(writeSubPacket(sub.signatureTarget, bytes));
     }
+    if (this.embeddedSignature !== null) {
+      arr.push(writeSubPacket(sub.embeddedSignature, this.embeddedSignature.write()));
+    }
+    if (this.issuerFingerprint !== null) {
+      bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];
+      bytes = util.concat(bytes);
+      arr.push(writeSubPacket(sub.issuerFingerprint, bytes));
+    }
     if (this.preferredAEADAlgorithms !== null) {
       bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));
       arr.push(writeSubPacket(sub.preferredAEADAlgorithms, bytes));
@@ -23393,26 +23413,11 @@ class SignaturePacket {
   }
 
   /**
-   * Creates Uint8Array of bytes of Issuer and Embedded Signature subpackets
+   * Creates an Uint8Array containing the unhashed subpackets
    * @returns {Uint8Array} Subpacket data.
    */
   writeUnhashedSubPackets() {
-    const sub = enums.signatureSubpacket;
     const arr = [];
-    let bytes;
-    if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {
-      // If the version of [the] key is greater than 4, this subpacket
-      // MUST NOT be included in the signature.
-      arr.push(writeSubPacket(sub.issuer, this.issuerKeyID.write()));
-    }
-    if (this.embeddedSignature !== null) {
-      arr.push(writeSubPacket(sub.embeddedSignature, this.embeddedSignature.write()));
-    }
-    if (this.issuerFingerprint !== null) {
-      bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];
-      bytes = util.concat(bytes);
-      arr.push(writeSubPacket(sub.issuerFingerprint, bytes));
-    }
     this.unhashedSubpackets.forEach(data => {
       arr.push(writeSimpleLength(data.length));
       arr.push(data);
@@ -23432,9 +23437,11 @@ class SignaturePacket {
     const critical = bytes[mypos] & 0x80;
     const type = bytes[mypos] & 0x7F;
 
-    if (!hashed && !allowedUnhashedSubpackets.has(type)) {
+    if (!hashed) {
       this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length));
-      return;
+      if (!allowedUnhashedSubpackets.has(type)) {
+        return;
+      }
     }
 
     mypos++;
@@ -30500,7 +30507,7 @@ class CleartextMessage {
    * @param {Signature} signature - The detached signature or an empty signature for unsigned messages
    */
   constructor(text, signature) {
-    // normalize EOL to canonical form <CR><LF>
+    // remove trailing whitespace and normalize EOL to canonical form <CR><LF>
     this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n');
     if (signature && !(signature instanceof Signature)) {
       throw new Error('Invalid signature input');
@@ -30901,7 +30908,7 @@ async function encryptKey({ privateKey, passphrase, config, ...rest }) {
 
 
 /**
- * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys` or `passwords`
+ * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`
  *   must be specified. If signing keys are specified, those will be used to sign the message.
  * @param {Object} options
  * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}
@@ -31216,6 +31223,10 @@ async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKey
   if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');
   const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);
 
+  if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {
+    throw new Error('No encryption keys or passwords provided.');
+  }
+
   try {
     const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);
     return formatObject(message, format, config);

package/dist/openpgp.js

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.3.1 - 2022-07-12 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.5.0 - 2022-10-31 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 var openpgp = (function (exports) {
   'use strict';
 
@@ -1773,7 +1773,7 @@ var openpgp = (function (exports) {
      */
     printDebug: function (str) {
       if (debugMode) {
-        console.log(str);
+        console.log('[OpenPGP.js debug]', str);
       }
     },
 
@@ -1784,7 +1784,7 @@ var openpgp = (function (exports) {
      */
     printDebugError: function (error) {
       if (debugMode) {
-        console.error(error);
+        console.error('[OpenPGP.js debug]', error);
       }
     },
 
@@ -2004,12 +2004,12 @@ var openpgp = (function (exports) {
     },
 
     /**
-     * Remove trailing spaces and tabs from each line
+     * Remove trailing spaces, carriage returns and tabs from each line
      */
     removeTrailingSpaces: function(text) {
       return text.split('\n').map(line => {
         let i = line.length - 1;
-        for (; i >= 0 && (line[i] === ' ' || line[i] === '\t'); i--);
+        for (; i >= 0 && (line[i] === ' ' || line[i] === '\t' || line[i] === '\r'); i--);
         return line.substr(0, i + 1);
       }).join('\n');
     },
@@ -2887,7 +2887,7 @@ var openpgp = (function (exports) {
      * @memberof module:config
      * @property {String} versionString A version string to be included in armored messages
      */
-    versionString: 'OpenPGP.js 5.3.1',
+    versionString: 'OpenPGP.js 5.5.0',
     /**
      * @memberof module:config
      * @property {String} commentString A comment string to be included in armored messages
@@ -3104,15 +3104,17 @@ var openpgp = (function (exports) {
   }
 
   /**
-   * Verify armored headers. RFC4880, section 6.3: "OpenPGP should consider improperly formatted
-   * Armor Headers to be corruption of the ASCII Armor."
+   * Verify armored headers. crypto-refresh-06, section 6.2:
+   * "An OpenPGP implementation may consider improperly formatted Armor
+   * Headers to be corruption of the ASCII Armor, but SHOULD make an
+   * effort to recover."
    * @private
    * @param {Array<String>} headers - Armor headers
    */
   function verifyHeaders(headers) {
     for (let i = 0; i < headers.length; i++) {
       if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) {
-        throw new Error('Improperly formatted armor header: ' + headers[i]);
+        util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));
       }
       if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {
         util.printDebugError(new Error('Unknown header: ' + headers[i]));
@@ -3306,7 +3308,7 @@ var openpgp = (function (exports) {
         result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n');
         break;
       case enums.armor.signed:
-        result.push('\n-----BEGIN PGP SIGNED MESSAGE-----\n');
+        result.push('-----BEGIN PGP SIGNED MESSAGE-----\n');
         result.push('Hash: ' + hash + '\n\n');
         result.push(text.replace(/^-/mg, '- -'));
         result.push('\n-----BEGIN PGP SIGNATURE-----\n');
@@ -14291,16 +14293,17 @@ var openpgp = (function (exports) {
       }
       case enums.publicKey.hmac: {
         const { cipher: algo } = publicParams;
-        const keySize = hash.getHashByteLength(algo);
+        const keySize = hash.getHashByteLength(algo.getValue());
         const hashSeed = bytes.subarray(read, read + 32); read += 32;
-        const key = bytes.subarray(read, read + keySize); read += keySize;
-        return { read, privateParams: { key, hashSeed } };
+        const keyMaterial = bytes.subarray(read, read + keySize); read += keySize;
+        return { read, privateParams: { hashSeed, keyMaterial } };
       }
       case enums.publicKey.aead: {
         const { cipher: algo } = publicParams;
+        const hashSeed = bytes.subarray(read, read + 32); read += 32;
         const { keySize } = getCipher(algo.getValue());
         const keyMaterial = bytes.subarray(read, read + keySize); read += keySize;
-        return { read, privateParams: { keyMaterial } };
+        return { read, privateParams: { hashSeed, keyMaterial } };
       }
       default:
         throw new UnsupportedError('Unknown public key encryption algorithm.');
@@ -14346,13 +14349,12 @@ var openpgp = (function (exports) {
       //       - An authentication tag generated by the AEAD mode.
       case enums.publicKey.aead: {
         const aeadMode = new AEADEnum(); read += aeadMode.read(bytes.subarray(read));
-        const { tagLength, ivLength } = getAEADMode(aeadMode.getValue());
+        const { ivLength } = getAEADMode(aeadMode.getValue());
 
         const iv = bytes.subarray(read, read + ivLength); read += ivLength;
         const c = new ShortByteString(); read += c.read(bytes.subarray(read));
-        const t = bytes.subarray(read, read + tagLength);
 
-        return { aeadMode, iv, c, t };
+        return { aeadMode, iv, c };
       }
       default:
         throw new UnsupportedError('Unknown public key encryption algorithm.');
@@ -14446,8 +14448,8 @@ var openpgp = (function (exports) {
     const bindingHash = await hash.sha256(seed);
     return {
       privateParams: {
-        keyMaterial: key,
-        hashSeed: seed
+        hashSeed: seed,
+        keyMaterial: key
       },
       publicParams: {
         cipher: algo,
@@ -14500,14 +14502,14 @@ var openpgp = (function (exports) {
       }
       case enums.publicKey.hmac: {
         const { cipher: algo, digest } = publicParams;
-        const { keyMaterial, hashSeed } = privateParams;
-        const keySize = hash.getHashByteLength(algo);
+        const { hashSeed, keyMaterial } = privateParams;
+        const keySize = hash.getHashByteLength(algo.getValue());
         return keySize === keyMaterial.length &&
           util.equalsUint8Array(digest, await hash.sha256(hashSeed));
       }
       case enums.publicKey.aead: {
         const { cipher: algo, digest } = publicParams;
-        const { keyMaterial, hashSeed } = privateParams;
+        const { hashSeed, keyMaterial } = privateParams;
         const { keySize } = getCipher(algo.getValue());
         return keySize === keyMaterial.length &&
           util.equalsUint8Array(digest, await hash.sha256(hashSeed));
@@ -23257,6 +23259,11 @@ var openpgp = (function (exports) {
       // Add hashed subpackets
       arr.push(this.writeHashedSubPackets());
 
+      // Remove unhashed subpackets, in case some allowed unhashed
+      // subpackets existed, in order not to duplicate them (in both
+      // the hashed and unhashed subpackets) when re-signing.
+      this.unhashedSubpackets = [];
+
       this.signatureData = util.concat(arr);
 
       const toHash = this.toHash(this.signatureType, data, detached);
@@ -23319,6 +23326,11 @@ var openpgp = (function (exports) {
         bytes = util.concat([bytes, this.revocationKeyFingerprint]);
         arr.push(writeSubPacket(sub.revocationKey, bytes));
       }
+      if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {
+        // If the version of [the] key is greater than 4, this subpacket
+        // MUST NOT be included in the signature.
+        arr.push(writeSubPacket(sub.issuer, this.issuerKeyID.write()));
+      }
       this.rawNotations.forEach(([{ name, value, humanReadable }]) => {
         bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];
         // 2 octets of name length
@@ -23372,6 +23384,14 @@ var openpgp = (function (exports) {
         bytes = util.concat(bytes);
         arr.push(writeSubPacket(sub.signatureTarget, bytes));
       }
+      if (this.embeddedSignature !== null) {
+        arr.push(writeSubPacket(sub.embeddedSignature, this.embeddedSignature.write()));
+      }
+      if (this.issuerFingerprint !== null) {
+        bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];
+        bytes = util.concat(bytes);
+        arr.push(writeSubPacket(sub.issuerFingerprint, bytes));
+      }
       if (this.preferredAEADAlgorithms !== null) {
         bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));
         arr.push(writeSubPacket(sub.preferredAEADAlgorithms, bytes));
@@ -23384,26 +23404,11 @@ var openpgp = (function (exports) {
     }
 
     /**
-     * Creates Uint8Array of bytes of Issuer and Embedded Signature subpackets
+     * Creates an Uint8Array containing the unhashed subpackets
      * @returns {Uint8Array} Subpacket data.
      */
     writeUnhashedSubPackets() {
-      const sub = enums.signatureSubpacket;
       const arr = [];
-      let bytes;
-      if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {
-        // If the version of [the] key is greater than 4, this subpacket
-        // MUST NOT be included in the signature.
-        arr.push(writeSubPacket(sub.issuer, this.issuerKeyID.write()));
-      }
-      if (this.embeddedSignature !== null) {
-        arr.push(writeSubPacket(sub.embeddedSignature, this.embeddedSignature.write()));
-      }
-      if (this.issuerFingerprint !== null) {
-        bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];
-        bytes = util.concat(bytes);
-        arr.push(writeSubPacket(sub.issuerFingerprint, bytes));
-      }
       this.unhashedSubpackets.forEach(data => {
         arr.push(writeSimpleLength(data.length));
         arr.push(data);
@@ -23423,9 +23428,11 @@ var openpgp = (function (exports) {
       const critical = bytes[mypos] & 0x80;
       const type = bytes[mypos] & 0x7F;
 
-      if (!hashed && !allowedUnhashedSubpackets.has(type)) {
+      if (!hashed) {
         this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length));
-        return;
+        if (!allowedUnhashedSubpackets.has(type)) {
+          return;
+        }
       }
 
       mypos++;
@@ -30491,7 +30498,7 @@ var openpgp = (function (exports) {
      * @param {Signature} signature - The detached signature or an empty signature for unsigned messages
      */
     constructor(text, signature) {
-      // normalize EOL to canonical form <CR><LF>
+      // remove trailing whitespace and normalize EOL to canonical form <CR><LF>
       this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n');
       if (signature && !(signature instanceof Signature)) {
         throw new Error('Invalid signature input');
@@ -30892,7 +30899,7 @@ var openpgp = (function (exports) {
 
 
   /**
-   * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys` or `passwords`
+   * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`
    *   must be specified. If signing keys are specified, those will be used to sign the message.
    * @param {Object} options
    * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}
@@ -31207,6 +31214,10 @@ var openpgp = (function (exports) {
     if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');
     const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);
 
+    if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {
+      throw new Error('No encryption keys or passwords provided.');
+    }
+
     try {
       const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);
       return formatObject(message, format, config);