@protontech/openpgp 5.9.0 → 5.9.1-1

package/dist/node/openpgp.mjs

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.9.0 - 2023-05-15 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.9.1-1 - 2023-09-06 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
 import buffer from 'buffer';
@@ -2935,7 +2935,7 @@ var config = {
    * @memberof module:config
    * @property {String} versionString A version string to be included in armored messages
    */
-  versionString: 'OpenPGP.js 5.9.0',
+  versionString: 'OpenPGP.js 5.9.1-1',
   /**
    * @memberof module:config
    * @property {String} commentString A comment string to be included in armored messages
@@ -16009,10 +16009,12 @@ class Argon2S2K {
     const decodedM = 2 << (this.encodedM - 1);
 
     try {
-      if (!argon2Promise) { // first load
-        loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index; })).default;
-        argon2Promise = loadArgonWasmModule();
-      }
+      // on first load, the argon2 lib is imported and the WASM module is initialized.
+      // the two steps need to be atomic to avoid race conditions causing multiple wasm modules
+      // being loaded when `argon2Promise` is not initialized.
+      loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index; })).default;
+      argon2Promise = argon2Promise || loadArgonWasmModule();
+
       // important to keep local ref to argon2 in case the module is reloaded by another instance
       const argon2 = await argon2Promise;
 
@@ -16032,6 +16034,7 @@ class Argon2S2K {
       if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {
         // it will be awaited if needed at the next `produceKey` invocation
         argon2Promise = loadArgonWasmModule();
+        argon2Promise.catch(() => {});
       }
       return hash;
     } catch (e) {
@@ -27563,7 +27566,9 @@ async function createBindingSignature(subkey, primaryKey, options, config) {
       signatureType: enums.signature.keyBinding
     }, options.date, undefined, undefined, undefined, config);
   } else {
-    subkeySignaturePacket.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];
+    subkeySignaturePacket.keyFlags = options.forwarding ?
+      [enums.keyFlags.forwardedCommunication] :
+      [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];
   }
   if (options.keyExpirationTime > 0) {
     subkeySignaturePacket.keyExpirationTime = options.keyExpirationTime;
@@ -27801,6 +27806,10 @@ function sanitizeKeyOptions(options, subkeyDefaults = {}) {
   options.date = options.date || subkeyDefaults.date;
 
   options.sign = options.sign || false;
+  options.forwarding = options.forwarding || false;
+  if (options.sign && options.forwarding) {
+    throw new Error('Incompatible options: "sign" and "forwarding" cannot be set together');
+  }
 
   switch (options.type) {
     case 'ecc':
@@ -27857,7 +27866,12 @@ function isValidEncryptionKeyPacket(keyPacket, signature) {
 }
 
 function isValidDecryptionKeyPacket(signature, config) {
-  if (config.allowInsecureDecryptionWithSigningKeys) {
+  const isSigningKey = !signature.keyFlags ||
+    (signature.keyFlags[0] & enums.keyFlags.sign) !== 0 ||
+    (signature.keyFlags[0] & enums.keyFlags.certifyKeys) !== 0 ||
+    (signature.keyFlags[0] & enums.keyFlags.authentication) !== 0;
+
+  if (isSigningKey && config.allowInsecureDecryptionWithSigningKeys) {
     // This is only relevant for RSA keys, all other signing algorithms cannot decrypt
     return true;
   }
@@ -29456,7 +29470,8 @@ async function reformat(options, config) {
         getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)
       ).catch(() => ({}));
       return {
-        sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)
+        sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData),
+        forwarding: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.forwardedCommunication)
       };
     }));
   }
@@ -44678,8 +44693,9 @@ async function wasmLoader(memory, getSIMD, getNonSIMD) {
   const importObject = { env: { memory } };
   if (isSIMDSupported === undefined) {
     try {
-      isSIMDSupported = true; // will be overwritten in the catch
-      return await getSIMD(importObject);
+      const loaded = await getSIMD(importObject);
+      isSIMDSupported = true;
+      return loaded;
     } catch(e) {
       isSIMDSupported = false;
     }

package/dist/openpgp.js

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.9.0 - 2023-05-15 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.9.1-1 - 2023-09-06 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 var openpgp = (function (exports) {
   'use strict';
 
@@ -2932,7 +2932,7 @@ var openpgp = (function (exports) {
      * @memberof module:config
      * @property {String} versionString A version string to be included in armored messages
      */
-    versionString: 'OpenPGP.js 5.9.0',
+    versionString: 'OpenPGP.js 5.9.1-1',
     /**
      * @memberof module:config
      * @property {String} commentString A comment string to be included in armored messages
@@ -16000,10 +16000,12 @@ var openpgp = (function (exports) {
       const decodedM = 2 << (this.encodedM - 1);
 
       try {
-        if (!argon2Promise) { // first load
-          loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index; })).default;
-          argon2Promise = loadArgonWasmModule();
-        }
+        // on first load, the argon2 lib is imported and the WASM module is initialized.
+        // the two steps need to be atomic to avoid race conditions causing multiple wasm modules
+        // being loaded when `argon2Promise` is not initialized.
+        loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index; })).default;
+        argon2Promise = argon2Promise || loadArgonWasmModule();
+
         // important to keep local ref to argon2 in case the module is reloaded by another instance
         const argon2 = await argon2Promise;
 
@@ -16023,6 +16025,7 @@ var openpgp = (function (exports) {
         if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {
           // it will be awaited if needed at the next `produceKey` invocation
           argon2Promise = loadArgonWasmModule();
+          argon2Promise.catch(() => {});
         }
         return hash;
       } catch (e) {
@@ -27554,7 +27557,9 @@ var openpgp = (function (exports) {
         signatureType: enums.signature.keyBinding
       }, options.date, undefined, undefined, undefined, config);
     } else {
-      subkeySignaturePacket.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];
+      subkeySignaturePacket.keyFlags = options.forwarding ?
+        [enums.keyFlags.forwardedCommunication] :
+        [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];
     }
     if (options.keyExpirationTime > 0) {
       subkeySignaturePacket.keyExpirationTime = options.keyExpirationTime;
@@ -27792,6 +27797,10 @@ var openpgp = (function (exports) {
     options.date = options.date || subkeyDefaults.date;
 
     options.sign = options.sign || false;
+    options.forwarding = options.forwarding || false;
+    if (options.sign && options.forwarding) {
+      throw new Error('Incompatible options: "sign" and "forwarding" cannot be set together');
+    }
 
     switch (options.type) {
       case 'ecc':
@@ -27848,7 +27857,12 @@ var openpgp = (function (exports) {
   }
 
   function isValidDecryptionKeyPacket(signature, config) {
-    if (config.allowInsecureDecryptionWithSigningKeys) {
+    const isSigningKey = !signature.keyFlags ||
+      (signature.keyFlags[0] & enums.keyFlags.sign) !== 0 ||
+      (signature.keyFlags[0] & enums.keyFlags.certifyKeys) !== 0 ||
+      (signature.keyFlags[0] & enums.keyFlags.authentication) !== 0;
+
+    if (isSigningKey && config.allowInsecureDecryptionWithSigningKeys) {
       // This is only relevant for RSA keys, all other signing algorithms cannot decrypt
       return true;
     }
@@ -29447,7 +29461,8 @@ var openpgp = (function (exports) {
           getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)
         ).catch(() => ({}));
         return {
-          sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)
+          sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData),
+          forwarding: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.forwardedCommunication)
         };
       }));
     }
@@ -44669,8 +44684,9 @@ var openpgp = (function (exports) {
     const importObject = { env: { memory } };
     if (isSIMDSupported === undefined) {
       try {
-        isSIMDSupported = true; // will be overwritten in the catch
-        return await getSIMD(importObject);
+        const loaded = await getSIMD(importObject);
+        isSIMDSupported = true;
+        return loaded;
       } catch(e) {
         isSIMDSupported = false;
       }