@protontech/openpgp 5.3.1 → 5.5.0

package/dist/node/openpgp.js

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.3.1 - 2022-07-12 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.5.0 - 2022-10-31 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 'use strict';
 
 const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
@@ -1790,7 +1790,7 @@ const util = {
    */
   printDebug: function (str) {
     if (debugMode) {
-      console.log(str);
+      console.log('[OpenPGP.js debug]', str);
     }
   },
 
@@ -1801,7 +1801,7 @@ const util = {
    */
   printDebugError: function (error) {
     if (debugMode) {
-      console.error(error);
+      console.error('[OpenPGP.js debug]', error);
     }
   },
 
@@ -2021,12 +2021,12 @@ const util = {
   },
 
   /**
-   * Remove trailing spaces and tabs from each line
+   * Remove trailing spaces, carriage returns and tabs from each line
    */
   removeTrailingSpaces: function(text) {
     return text.split('\n').map(line => {
       let i = line.length - 1;
-      for (; i >= 0 && (line[i] === ' ' || line[i] === '\t'); i--);
+      for (; i >= 0 && (line[i] === ' ' || line[i] === '\t' || line[i] === '\r'); i--);
       return line.substr(0, i + 1);
     }).join('\n');
   },
@@ -2904,7 +2904,7 @@ var defaultConfig = {
    * @memberof module:config
    * @property {String} versionString A version string to be included in armored messages
    */
-  versionString: 'OpenPGP.js 5.3.1',
+  versionString: 'OpenPGP.js 5.5.0',
   /**
    * @memberof module:config
    * @property {String} commentString A comment string to be included in armored messages
@@ -3121,15 +3121,17 @@ function createcrc24(input) {
 }
 
 /**
- * Verify armored headers. RFC4880, section 6.3: "OpenPGP should consider improperly formatted
- * Armor Headers to be corruption of the ASCII Armor."
+ * Verify armored headers. crypto-refresh-06, section 6.2:
+ * "An OpenPGP implementation may consider improperly formatted Armor
+ * Headers to be corruption of the ASCII Armor, but SHOULD make an
+ * effort to recover."
  * @private
  * @param {Array<String>} headers - Armor headers
  */
 function verifyHeaders(headers) {
   for (let i = 0; i < headers.length; i++) {
     if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) {
-      throw new Error('Improperly formatted armor header: ' + headers[i]);
+      util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));
     }
     if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {
       util.printDebugError(new Error('Unknown header: ' + headers[i]));
@@ -3323,7 +3325,7 @@ function armor(messageType, body, partIndex, partTotal, customComment, config =
       result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n');
       break;
     case enums.armor.signed:
-      result.push('\n-----BEGIN PGP SIGNED MESSAGE-----\n');
+      result.push('-----BEGIN PGP SIGNED MESSAGE-----\n');
       result.push('Hash: ' + hash + '\n\n');
       result.push(text.replace(/^-/mg, '- -'));
       result.push('\n-----BEGIN PGP SIGNATURE-----\n');
@@ -14314,16 +14316,17 @@ function parsePrivateKeyParams(algo, bytes, publicParams) {
     }
     case enums.publicKey.hmac: {
       const { cipher: algo } = publicParams;
-      const keySize = hash.getHashByteLength(algo);
+      const keySize = hash.getHashByteLength(algo.getValue());
       const hashSeed = bytes.subarray(read, read + 32); read += 32;
-      const key = bytes.subarray(read, read + keySize); read += keySize;
-      return { read, privateParams: { key, hashSeed } };
+      const keyMaterial = bytes.subarray(read, read + keySize); read += keySize;
+      return { read, privateParams: { hashSeed, keyMaterial } };
     }
     case enums.publicKey.aead: {
       const { cipher: algo } = publicParams;
+      const hashSeed = bytes.subarray(read, read + 32); read += 32;
       const { keySize } = getCipher(algo.getValue());
       const keyMaterial = bytes.subarray(read, read + keySize); read += keySize;
-      return { read, privateParams: { keyMaterial } };
+      return { read, privateParams: { hashSeed, keyMaterial } };
     }
     default:
       throw new UnsupportedError('Unknown public key encryption algorithm.');
@@ -14369,13 +14372,12 @@ function parseEncSessionKeyParams(algo, bytes) {
     //       - An authentication tag generated by the AEAD mode.
     case enums.publicKey.aead: {
       const aeadMode = new AEADEnum(); read += aeadMode.read(bytes.subarray(read));
-      const { tagLength, ivLength } = getAEADMode(aeadMode.getValue());
+      const { ivLength } = getAEADMode(aeadMode.getValue());
 
       const iv = bytes.subarray(read, read + ivLength); read += ivLength;
       const c = new ShortByteString(); read += c.read(bytes.subarray(read));
-      const t = bytes.subarray(read, read + tagLength);
 
-      return { aeadMode, iv, c, t };
+      return { aeadMode, iv, c };
     }
     default:
       throw new UnsupportedError('Unknown public key encryption algorithm.');
@@ -14469,8 +14471,8 @@ async function createSymmetricParams(key, algo) {
   const bindingHash = await hash.sha256(seed);
   return {
     privateParams: {
-      keyMaterial: key,
-      hashSeed: seed
+      hashSeed: seed,
+      keyMaterial: key
     },
     publicParams: {
       cipher: algo,
@@ -14523,14 +14525,14 @@ async function validateParams$6(algo, publicParams, privateParams) {
     }
     case enums.publicKey.hmac: {
       const { cipher: algo, digest } = publicParams;
-      const { keyMaterial, hashSeed } = privateParams;
-      const keySize = hash.getHashByteLength(algo);
+      const { hashSeed, keyMaterial } = privateParams;
+      const keySize = hash.getHashByteLength(algo.getValue());
       return keySize === keyMaterial.length &&
         util.equalsUint8Array(digest, await hash.sha256(hashSeed));
     }
     case enums.publicKey.aead: {
       const { cipher: algo, digest } = publicParams;
-      const { keyMaterial, hashSeed } = privateParams;
+      const { hashSeed, keyMaterial } = privateParams;
       const { keySize } = getCipher(algo.getValue());
       return keySize === keyMaterial.length &&
         util.equalsUint8Array(digest, await hash.sha256(hashSeed));
@@ -23280,6 +23282,11 @@ class SignaturePacket {
     // Add hashed subpackets
     arr.push(this.writeHashedSubPackets());
 
+    // Remove unhashed subpackets, in case some allowed unhashed
+    // subpackets existed, in order not to duplicate them (in both
+    // the hashed and unhashed subpackets) when re-signing.
+    this.unhashedSubpackets = [];
+
     this.signatureData = util.concat(arr);
 
     const toHash = this.toHash(this.signatureType, data, detached);
@@ -23342,6 +23349,11 @@ class SignaturePacket {
       bytes = util.concat([bytes, this.revocationKeyFingerprint]);
       arr.push(writeSubPacket(sub.revocationKey, bytes));
     }
+    if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {
+      // If the version of [the] key is greater than 4, this subpacket
+      // MUST NOT be included in the signature.
+      arr.push(writeSubPacket(sub.issuer, this.issuerKeyID.write()));
+    }
     this.rawNotations.forEach(([{ name, value, humanReadable }]) => {
       bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];
       // 2 octets of name length
@@ -23395,6 +23407,14 @@ class SignaturePacket {
       bytes = util.concat(bytes);
       arr.push(writeSubPacket(sub.signatureTarget, bytes));
     }
+    if (this.embeddedSignature !== null) {
+      arr.push(writeSubPacket(sub.embeddedSignature, this.embeddedSignature.write()));
+    }
+    if (this.issuerFingerprint !== null) {
+      bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];
+      bytes = util.concat(bytes);
+      arr.push(writeSubPacket(sub.issuerFingerprint, bytes));
+    }
     if (this.preferredAEADAlgorithms !== null) {
       bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));
       arr.push(writeSubPacket(sub.preferredAEADAlgorithms, bytes));
@@ -23407,26 +23427,11 @@ class SignaturePacket {
   }
 
   /**
-   * Creates Uint8Array of bytes of Issuer and Embedded Signature subpackets
+   * Creates an Uint8Array containing the unhashed subpackets
    * @returns {Uint8Array} Subpacket data.
    */
   writeUnhashedSubPackets() {
-    const sub = enums.signatureSubpacket;
     const arr = [];
-    let bytes;
-    if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {
-      // If the version of [the] key is greater than 4, this subpacket
-      // MUST NOT be included in the signature.
-      arr.push(writeSubPacket(sub.issuer, this.issuerKeyID.write()));
-    }
-    if (this.embeddedSignature !== null) {
-      arr.push(writeSubPacket(sub.embeddedSignature, this.embeddedSignature.write()));
-    }
-    if (this.issuerFingerprint !== null) {
-      bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];
-      bytes = util.concat(bytes);
-      arr.push(writeSubPacket(sub.issuerFingerprint, bytes));
-    }
     this.unhashedSubpackets.forEach(data => {
       arr.push(writeSimpleLength(data.length));
       arr.push(data);
@@ -23446,9 +23451,11 @@ class SignaturePacket {
     const critical = bytes[mypos] & 0x80;
     const type = bytes[mypos] & 0x7F;
 
-    if (!hashed && !allowedUnhashedSubpackets.has(type)) {
+    if (!hashed) {
       this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length));
-      return;
+      if (!allowedUnhashedSubpackets.has(type)) {
+        return;
+      }
     }
 
     mypos++;
@@ -30514,7 +30521,7 @@ class CleartextMessage {
    * @param {Signature} signature - The detached signature or an empty signature for unsigned messages
    */
   constructor(text, signature) {
-    // normalize EOL to canonical form <CR><LF>
+    // remove trailing whitespace and normalize EOL to canonical form <CR><LF>
     this.text = util.removeTrailingSpaces(text).replace(/\r?\n/g, '\r\n');
     if (signature && !(signature instanceof Signature)) {
       throw new Error('Invalid signature input');
@@ -30915,7 +30922,7 @@ async function encryptKey({ privateKey, passphrase, config, ...rest }) {
 
 
 /**
- * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys` or `passwords`
+ * Encrypts a message using public keys, passwords or both at once. At least one of `encryptionKeys`, `passwords` or `sessionKeys`
  *   must be specified. If signing keys are specified, those will be used to sign the message.
  * @param {Object} options
  * @param {Message} options.message - Message to be encrypted as created by {@link createMessage}
@@ -31230,6 +31237,10 @@ async function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKey
   if (rest.publicKeys) throw new Error('The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead');
   const unknownOptions = Object.keys(rest); if (unknownOptions.length > 0) throw new Error(`Unknown option: ${unknownOptions.join(', ')}`);
 
+  if ((!encryptionKeys || encryptionKeys.length === 0) && (!passwords || passwords.length === 0)) {
+    throw new Error('No encryption keys or passwords provided.');
+  }
+
   try {
     const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);
     return formatObject(message, format, config);