@protontech/openpgp 5.8.0-0 → 5.9.0

package/dist/node/openpgp.mjs

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.8.0-0 - 2023-03-17 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.9.0 - 2023-05-15 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
 import buffer from 'buffer';
@@ -1913,7 +1913,7 @@ const util = {
     if (!util.isString(data)) {
       return false;
     }
-    const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}|xn--[a-zA-Z\-0-9]+)))$/;
+    const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/;
     return re.test(data);
   },
 
@@ -2624,6 +2624,8 @@ var enums = {
     splitPrivateKey: 16,
     /** 0x20 - This key may be used for authentication. */
     authentication: 32,
+    /** This key may be used for forwarded communications */
+    forwardedCommunication: 64,
     /** 0x80 - The private component of this key may be in the
      *        possession of more than one person. */
     sharedPrivateKey: 128
@@ -2828,6 +2830,13 @@ var config = {
    * @property {Boolean} allowUnauthenticatedStream
    */
   allowUnauthenticatedStream: false,
+  /**
+   * Allow decrypting forwarded messages, using keys with 0x40 ('forwarded communication') flag.
+   * Note: this is related to a **non-standard feature**.
+   * @memberof module:config
+   * @property {Boolean} allowForwardedMessages
+   */
+  allowForwardedMessages: false,
   /**
    * @memberof module:config
    * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum
@@ -2904,6 +2913,14 @@ var config = {
    * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error
    */
   ignoreMalformedPackets: false,
+  /**
+   * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only
+   * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable
+   * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).
+   * @memberof module:config
+   * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]
+   */
+  additionalAllowedPackets: [],
   /**
    * @memberof module:config
    * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages
@@ -2918,7 +2935,7 @@ var config = {
    * @memberof module:config
    * @property {String} versionString A version string to be included in armored messages
    */
-  versionString: 'OpenPGP.js 5.8.0-0',
+  versionString: 'OpenPGP.js 5.9.0',
   /**
    * @memberof module:config
    * @property {String} commentString A comment string to be included in armored messages
@@ -14414,7 +14431,7 @@ function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {
   return util.concatUint8Array([
     oid.write(),
     new Uint8Array([public_algo]),
-    kdfParams.replacementKDFParams || kdfParams.write(),
+    kdfParams.write(true),
     util.stringToUint8Array('Anonymous Sender    '),
     kdfParams.replacementFingerprint || fingerprint.subarray(0, 20)
   ]);
@@ -15256,32 +15273,28 @@ class ECDHSymmetricKey {
 
 // OpenPGP.js - An OpenPGP implementation in javascript
 
+const VERSION_FORWARDING = 0xFF;
+
 class KDFParams {
   /**
    * @param  {Integer}          version                 Version, defaults to 1
    * @param  {enums.hash}       hash                    Hash algorithm
    * @param  {enums.symmetric}  cipher                  Symmetric algorithm
-   * @param  {enums.kdfFlags}   flags                   (v2 only) flags
-   * @param  {Uint8Array}       replacementFingerprint  (v2 only) fingerprint to use instead of recipient one (v5 keys, the 20 leftmost bytes of the fingerprint)
-   * @param  {Uint8Array}       replacementKDFParams    (v2 only) serialized KDF params to use in KDF digest computation
+   * @param  {Uint8Array}       replacementFingerprint  (forwarding only) fingerprint to use instead of recipient one (v5 keys, the 20 leftmost bytes of the fingerprint)
    */
   constructor(data) {
     if (data) {
-      const { version, hash, cipher, flags, replacementFingerprint, replacementKDFParams } = data;
+      const { version, hash, cipher, replacementFingerprint } = data;
       this.version = version || 1;
       this.hash = hash;
       this.cipher = cipher;
 
-      this.flags = flags;
       this.replacementFingerprint = replacementFingerprint;
-      this.replacementKDFParams = replacementKDFParams;
     } else {
       this.version = null;
       this.hash = null;
       this.cipher = null;
-      this.flags = null;
       this.replacementFingerprint = null;
-      this.replacementKDFParams = null;
     }
   }
 
@@ -15291,44 +15304,41 @@ class KDFParams {
    * @returns {Number} Number of read bytes.
    */
   read(input) {
+    const totalBytes = input[0];
     this.version = input[1];
     this.hash = input[2];
     this.cipher = input[3];
     let readBytes = 4;
 
-    if (this.version === 2) {
-      this.flags = input[readBytes++];
-      if (this.flags & enums.kdfFlags.replace_fingerprint) {
-        this.replacementFingerprint = input.slice(readBytes, readBytes + 20);
-        readBytes += 20;
-      }
-      if (this.flags & enums.kdfFlags.replace_kdf_params) {
-        const fieldLength = input[readBytes] + 1; // account for length
-        this.replacementKDFParams = input.slice(readBytes, readBytes + fieldLength);
-        readBytes += fieldLength;
-      }
+    if (this.version === VERSION_FORWARDING) {
+      const fingerprintLength = totalBytes - readBytes + 1; // acount for length byte
+      this.replacementFingerprint = input.slice(readBytes, readBytes + fingerprintLength);
+      readBytes += fingerprintLength;
     }
     return readBytes;
   }
 
   /**
    * Write KDFParams to an Uint8Array
+   * @param {Boolean} [forReplacementParams] - forwarding only: whether to serialize data to use for replacement params
    * @returns  {Uint8Array}  Array with the KDFParams value
    */
-  write() {
-    if (!this.version || this.version === 1) {
+  write(forReplacementParams) {
+    if (!this.version || this.version === 1 || forReplacementParams) {
       return new Uint8Array([3, 1, this.hash, this.cipher]);
     }
 
-    const v2Fields = util.concatUint8Array([
-      new Uint8Array([4, 2, this.hash, this.cipher, this.flags]),
-      this.replacementFingerprint || new Uint8Array(),
-      this.replacementKDFParams || new Uint8Array()
+    const forwardingFields = util.concatUint8Array([
+      new Uint8Array([
+        3 + this.replacementFingerprint.length,
+        this.version,
+        this.hash,
+        this.cipher
+      ]),
+      this.replacementFingerprint
     ]);
 
-    // update length field
-    v2Fields[0] = v2Fields.length - 1;
-    return new Uint8Array(v2Fields);
+    return forwardingFields;
   }
 }
 
@@ -24298,6 +24308,9 @@ class PacketList extends Array {
    * @async
    */
   async read(bytes, allowedPackets, config$1 = config) {
+    if (config$1.additionalAllowedPackets.length) {
+      allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) };
+    }
     this.stream = transformPair(bytes, async (readable, writable) => {
       const writer = getWriter(writable);
       try {
@@ -27851,7 +27864,8 @@ function isValidDecryptionKeyPacket(signature, config) {
 
   return !signature.keyFlags ||
     (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||
-    (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;
+    (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0 ||
+    (config.allowForwardedMessages && (signature.keyFlags[0] & enums.keyFlags.forwardedCommunication) !== 0);
 }
 
 /**
@@ -28799,7 +28813,7 @@ class Key {
       throw exception || new Error('Could not find primary user');
     }
     await Promise.all(users.map(async function (a) {
-      return a.user.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1);
+      return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1);
     }));
     // sort by primary user flag and signature creation time
     const primaryUser = users.sort(function(a, b) {
@@ -29022,7 +29036,8 @@ class Key {
 
       results.push(...signatures.map(
         signature => ({
-          userID: user.userID.userID,
+          userID: user.userID ? user.userID.userID : null,
+          userAttribute: user.userAttribute,
           keyID: signature.keyID,
           valid: signature.valid
         }))
@@ -44760,4 +44775,4 @@ var index = /*#__PURE__*/Object.freeze({
   'default': loadWasm
 });
 
-export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, armor, config, createCleartextMessage, createMessage, decrypt$4 as decrypt, decryptKey, decryptSessionKeys, encrypt$4 as encrypt, encryptKey, encryptSessionKey, enums, generateKey, generateSessionKey$1 as generateSessionKey, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign$5 as sign, unarmor, verify$5 as verify };
+export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, KDFParams, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, armor, config, createCleartextMessage, createMessage, decrypt$4 as decrypt, decryptKey, decryptSessionKeys, encrypt$4 as encrypt, encryptKey, encryptSessionKey, enums, generateKey, generateSessionKey$1 as generateSessionKey, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign$5 as sign, unarmor, verify$5 as verify };

package/dist/openpgp.js

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.8.0-0 - 2023-03-17 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.9.0 - 2023-05-15 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 var openpgp = (function (exports) {
   'use strict';
 
@@ -1910,7 +1910,7 @@ var openpgp = (function (exports) {
       if (!util.isString(data)) {
         return false;
       }
-      const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}|xn--[a-zA-Z\-0-9]+)))$/;
+      const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/;
       return re.test(data);
     },
 
@@ -2621,6 +2621,8 @@ var openpgp = (function (exports) {
       splitPrivateKey: 16,
       /** 0x20 - This key may be used for authentication. */
       authentication: 32,
+      /** This key may be used for forwarded communications */
+      forwardedCommunication: 64,
       /** 0x80 - The private component of this key may be in the
        *        possession of more than one person. */
       sharedPrivateKey: 128
@@ -2825,6 +2827,13 @@ var openpgp = (function (exports) {
      * @property {Boolean} allowUnauthenticatedStream
      */
     allowUnauthenticatedStream: false,
+    /**
+     * Allow decrypting forwarded messages, using keys with 0x40 ('forwarded communication') flag.
+     * Note: this is related to a **non-standard feature**.
+     * @memberof module:config
+     * @property {Boolean} allowForwardedMessages
+     */
+    allowForwardedMessages: false,
     /**
      * @memberof module:config
      * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum
@@ -2901,6 +2910,14 @@ var openpgp = (function (exports) {
      * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error
      */
     ignoreMalformedPackets: false,
+    /**
+     * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only
+     * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable
+     * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).
+     * @memberof module:config
+     * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]
+     */
+    additionalAllowedPackets: [],
     /**
      * @memberof module:config
      * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages
@@ -2915,7 +2932,7 @@ var openpgp = (function (exports) {
      * @memberof module:config
      * @property {String} versionString A version string to be included in armored messages
      */
-    versionString: 'OpenPGP.js 5.8.0-0',
+    versionString: 'OpenPGP.js 5.9.0',
     /**
      * @memberof module:config
      * @property {String} commentString A comment string to be included in armored messages
@@ -14405,7 +14422,7 @@ var openpgp = (function (exports) {
     return util.concatUint8Array([
       oid.write(),
       new Uint8Array([public_algo]),
-      kdfParams.replacementKDFParams || kdfParams.write(),
+      kdfParams.write(true),
       util.stringToUint8Array('Anonymous Sender    '),
       kdfParams.replacementFingerprint || fingerprint.subarray(0, 20)
     ]);
@@ -15247,32 +15264,28 @@ var openpgp = (function (exports) {
 
   // OpenPGP.js - An OpenPGP implementation in javascript
 
+  const VERSION_FORWARDING = 0xFF;
+
   class KDFParams {
     /**
      * @param  {Integer}          version                 Version, defaults to 1
      * @param  {enums.hash}       hash                    Hash algorithm
      * @param  {enums.symmetric}  cipher                  Symmetric algorithm
-     * @param  {enums.kdfFlags}   flags                   (v2 only) flags
-     * @param  {Uint8Array}       replacementFingerprint  (v2 only) fingerprint to use instead of recipient one (v5 keys, the 20 leftmost bytes of the fingerprint)
-     * @param  {Uint8Array}       replacementKDFParams    (v2 only) serialized KDF params to use in KDF digest computation
+     * @param  {Uint8Array}       replacementFingerprint  (forwarding only) fingerprint to use instead of recipient one (v5 keys, the 20 leftmost bytes of the fingerprint)
      */
     constructor(data) {
       if (data) {
-        const { version, hash, cipher, flags, replacementFingerprint, replacementKDFParams } = data;
+        const { version, hash, cipher, replacementFingerprint } = data;
         this.version = version || 1;
         this.hash = hash;
         this.cipher = cipher;
 
-        this.flags = flags;
         this.replacementFingerprint = replacementFingerprint;
-        this.replacementKDFParams = replacementKDFParams;
       } else {
         this.version = null;
         this.hash = null;
         this.cipher = null;
-        this.flags = null;
         this.replacementFingerprint = null;
-        this.replacementKDFParams = null;
       }
     }
 
@@ -15282,44 +15295,41 @@ var openpgp = (function (exports) {
      * @returns {Number} Number of read bytes.
      */
     read(input) {
+      const totalBytes = input[0];
       this.version = input[1];
       this.hash = input[2];
       this.cipher = input[3];
       let readBytes = 4;
 
-      if (this.version === 2) {
-        this.flags = input[readBytes++];
-        if (this.flags & enums.kdfFlags.replace_fingerprint) {
-          this.replacementFingerprint = input.slice(readBytes, readBytes + 20);
-          readBytes += 20;
-        }
-        if (this.flags & enums.kdfFlags.replace_kdf_params) {
-          const fieldLength = input[readBytes] + 1; // account for length
-          this.replacementKDFParams = input.slice(readBytes, readBytes + fieldLength);
-          readBytes += fieldLength;
-        }
+      if (this.version === VERSION_FORWARDING) {
+        const fingerprintLength = totalBytes - readBytes + 1; // acount for length byte
+        this.replacementFingerprint = input.slice(readBytes, readBytes + fingerprintLength);
+        readBytes += fingerprintLength;
       }
       return readBytes;
     }
 
     /**
      * Write KDFParams to an Uint8Array
+     * @param {Boolean} [forReplacementParams] - forwarding only: whether to serialize data to use for replacement params
      * @returns  {Uint8Array}  Array with the KDFParams value
      */
-    write() {
-      if (!this.version || this.version === 1) {
+    write(forReplacementParams) {
+      if (!this.version || this.version === 1 || forReplacementParams) {
         return new Uint8Array([3, 1, this.hash, this.cipher]);
       }
 
-      const v2Fields = util.concatUint8Array([
-        new Uint8Array([4, 2, this.hash, this.cipher, this.flags]),
-        this.replacementFingerprint || new Uint8Array(),
-        this.replacementKDFParams || new Uint8Array()
+      const forwardingFields = util.concatUint8Array([
+        new Uint8Array([
+          3 + this.replacementFingerprint.length,
+          this.version,
+          this.hash,
+          this.cipher
+        ]),
+        this.replacementFingerprint
       ]);
 
-      // update length field
-      v2Fields[0] = v2Fields.length - 1;
-      return new Uint8Array(v2Fields);
+      return forwardingFields;
     }
   }
 
@@ -24289,6 +24299,9 @@ var openpgp = (function (exports) {
      * @async
      */
     async read(bytes, allowedPackets, config$1 = config) {
+      if (config$1.additionalAllowedPackets.length) {
+        allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) };
+      }
       this.stream = transformPair(bytes, async (readable, writable) => {
         const writer = getWriter(writable);
         try {
@@ -27842,7 +27855,8 @@ var openpgp = (function (exports) {
 
     return !signature.keyFlags ||
       (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||
-      (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;
+      (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0 ||
+      (config.allowForwardedMessages && (signature.keyFlags[0] & enums.keyFlags.forwardedCommunication) !== 0);
   }
 
   /**
@@ -28790,7 +28804,7 @@ var openpgp = (function (exports) {
         throw exception || new Error('Could not find primary user');
       }
       await Promise.all(users.map(async function (a) {
-        return a.user.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1);
+        return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1);
       }));
       // sort by primary user flag and signature creation time
       const primaryUser = users.sort(function(a, b) {
@@ -29013,7 +29027,8 @@ var openpgp = (function (exports) {
 
         results.push(...signatures.map(
           signature => ({
-            userID: user.userID.userID,
+            userID: user.userID ? user.userID.userID : null,
+            userAttribute: user.userAttribute,
             keyID: signature.keyID,
             valid: signature.valid
           }))
@@ -44748,6 +44763,7 @@ var openpgp = (function (exports) {
   exports.AEADEncryptedDataPacket = AEADEncryptedDataPacket;
   exports.CleartextMessage = CleartextMessage;
   exports.CompressedDataPacket = CompressedDataPacket;
+  exports.KDFParams = KDFParams;
   exports.LiteralDataPacket = LiteralDataPacket;
   exports.MarkerPacket = MarkerPacket;
   exports.Message = Message;