@protontech/openpgp 5.9.0 → 5.9.1-1

package/dist/openpgp.mjs

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.9.0 - 2023-05-15 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.9.1-1 - 2023-09-06 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
 const doneWritingPromise = Symbol('doneWritingPromise');
@@ -2929,7 +2929,7 @@ var config = {
    * @memberof module:config
    * @property {String} versionString A version string to be included in armored messages
    */
-  versionString: 'OpenPGP.js 5.9.0',
+  versionString: 'OpenPGP.js 5.9.1-1',
   /**
    * @memberof module:config
    * @property {String} commentString A comment string to be included in armored messages
@@ -15997,10 +15997,12 @@ class Argon2S2K {
     const decodedM = 2 << (this.encodedM - 1);
 
     try {
-      if (!argon2Promise) { // first load
-        loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index; })).default;
-        argon2Promise = loadArgonWasmModule();
-      }
+      // on first load, the argon2 lib is imported and the WASM module is initialized.
+      // the two steps need to be atomic to avoid race conditions causing multiple wasm modules
+      // being loaded when `argon2Promise` is not initialized.
+      loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index; })).default;
+      argon2Promise = argon2Promise || loadArgonWasmModule();
+
       // important to keep local ref to argon2 in case the module is reloaded by another instance
       const argon2 = await argon2Promise;
 
@@ -16020,6 +16022,7 @@ class Argon2S2K {
       if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {
         // it will be awaited if needed at the next `produceKey` invocation
         argon2Promise = loadArgonWasmModule();
+        argon2Promise.catch(() => {});
       }
       return hash;
     } catch (e) {
@@ -27551,7 +27554,9 @@ async function createBindingSignature(subkey, primaryKey, options, config) {
       signatureType: enums.signature.keyBinding
     }, options.date, undefined, undefined, undefined, config);
   } else {
-    subkeySignaturePacket.keyFlags = [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];
+    subkeySignaturePacket.keyFlags = options.forwarding ?
+      [enums.keyFlags.forwardedCommunication] :
+      [enums.keyFlags.encryptCommunication | enums.keyFlags.encryptStorage];
   }
   if (options.keyExpirationTime > 0) {
     subkeySignaturePacket.keyExpirationTime = options.keyExpirationTime;
@@ -27789,6 +27794,10 @@ function sanitizeKeyOptions(options, subkeyDefaults = {}) {
   options.date = options.date || subkeyDefaults.date;
 
   options.sign = options.sign || false;
+  options.forwarding = options.forwarding || false;
+  if (options.sign && options.forwarding) {
+    throw new Error('Incompatible options: "sign" and "forwarding" cannot be set together');
+  }
 
   switch (options.type) {
     case 'ecc':
@@ -27845,7 +27854,12 @@ function isValidEncryptionKeyPacket(keyPacket, signature) {
 }
 
 function isValidDecryptionKeyPacket(signature, config) {
-  if (config.allowInsecureDecryptionWithSigningKeys) {
+  const isSigningKey = !signature.keyFlags ||
+    (signature.keyFlags[0] & enums.keyFlags.sign) !== 0 ||
+    (signature.keyFlags[0] & enums.keyFlags.certifyKeys) !== 0 ||
+    (signature.keyFlags[0] & enums.keyFlags.authentication) !== 0;
+
+  if (isSigningKey && config.allowInsecureDecryptionWithSigningKeys) {
     // This is only relevant for RSA keys, all other signing algorithms cannot decrypt
     return true;
   }
@@ -29444,7 +29458,8 @@ async function reformat(options, config) {
         getLatestValidSignature(subkey.bindingSignatures, secretKeyPacket, enums.signature.subkeyBinding, dataToVerify, null, config)
       ).catch(() => ({}));
       return {
-        sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData)
+        sign: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.signData),
+        forwarding: bindingSignature.keyFlags && (bindingSignature.keyFlags[0] & enums.keyFlags.forwardedCommunication)
       };
     }));
   }
@@ -44666,8 +44681,9 @@ async function wasmLoader(memory, getSIMD, getNonSIMD) {
   const importObject = { env: { memory } };
   if (isSIMDSupported === undefined) {
     try {
-      isSIMDSupported = true; // will be overwritten in the catch
-      return await getSIMD(importObject);
+      const loaded = await getSIMD(importObject);
+      isSIMDSupported = true;
+      return loaded;
     } catch(e) {
       isSIMDSupported = false;
     }

package/openpgp.d.ts

@@ -317,6 +317,7 @@ interface Config {
   aeadProtect: boolean;
   allowUnauthenticatedMessages: boolean;
   allowUnauthenticatedStream: boolean;
+  allowForwardedMessages: boolean;
   checksumRequired: boolean;
   minRSABits: number;
   passwordCollisionCheck: boolean;
@@ -706,6 +707,7 @@ interface SubkeyOptions {
   keyExpirationTime?: number;
   date?: Date;
   sign?: boolean;
+  forwarding?: boolean;
   config?: PartialConfig;
 }
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@protontech/openpgp",
   "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
-  "version": "5.9.0",
+  "version": "5.9.1-1",
   "license": "LGPL-3.0+",
   "homepage": "https://openpgpjs.org/",
   "engines": {
@@ -66,7 +66,7 @@
     "@rollup/plugin-replace": "^2.3.2",
     "@rollup/plugin-wasm": "^6.1.2",
     "@types/chai": "^4.2.14",
-    "argon2id": "^1.0.0",
+    "argon2id": "^1.0.1",
     "benchmark": "^2.1.4",
     "bn.js": "^4.11.8",
     "chai": "^4.3.6",