diff --git a/openpgp.d.ts b/openpgp.d.ts index 3082030f..d50d8a49 100644 --- a/openpgp.d.ts +++ b/openpgp.d.ts @@ -336,7 +336,7 @@ interface Config { s2kArgon2Params: { passes: number, parallelism: number; memoryExponent: number; }; maxUserIDLength: number; knownNotations: string[]; - useIndutnyElliptic: boolean; + useEllipticFallback: boolean; rejectHashAlgorithms: Set; rejectMessageHashAlgorithms: Set; rejectPublicKeyAlgorithms: Set; diff --git a/src/config/config.js b/src/config/config.js index e448cbda..c03c0cad 100644 --- a/src/config/config.js +++ b/src/config/config.js @@ -246,13 +246,12 @@ export default { */ knownNotations: [], /** - * Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API. + * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API. * When false, certain standard curves will not be supported (depending on the platform). - * Note: the indutny/elliptic curve library is not designed to be constant time. * @memberof module:config - * @property {Boolean} useIndutnyElliptic + * @property {Boolean} useEllipticFallback */ - useIndutnyElliptic: true, + useEllipticFallback: true, /** * Reject insecure hash algorithms * @memberof module:config diff --git a/src/crypto/public_key/elliptic/oid_curves.js b/src/crypto/public_key/elliptic/oid_curves.js index d6561d5a..0ad88cba 100644 --- a/src/crypto/public_key/elliptic/oid_curves.js +++ b/src/crypto/public_key/elliptic/oid_curves.js @@ -33,6 +33,7 @@ import util from '../../../util'; import { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64'; import OID from '../../../type/oid'; import { UnsupportedError } from '../../../packet/packet'; +import defaultConfig from '../../../config'; const webCrypto = util.getWebCrypto(); const nodeCrypto = util.getNodeCrypto(); @@ -65,6 +66,10 @@ const nobleCurvess = { [enums.curve.brainpoolP512r1]: brainpoolP512r1 }; export const getNobleCurve = curveName => { + if (!defaultConfig.useEllipticFallback) { + // TODO make import dynamic + throw new Error('This curve is only supported in the full build of OpenPGP.js'); + } const curve = nobleCurvess[curveName]; if (!curve) throw new Error('Unsupported curve'); return curve; diff --git a/test/crypto/ecdh.js b/test/crypto/ecdh.js index c3b4536f..8b4c7a82 100644 --- a/test/crypto/ecdh.js +++ b/test/crypto/ecdh.js @@ -72,7 +72,7 @@ export default () => describe('ECDH key exchange @lightweight', function () { )).to.be.rejectedWith(Error, /Unknown curve/).notify(done); }); it('Invalid ephemeral key', function (done) { - if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); } expect(decrypt_message( @@ -80,7 +80,7 @@ export default () => describe('ECDH key exchange @lightweight', function () { )).to.be.rejectedWith(Error, /Private key is not valid for specified curve|second arg must be public key/).notify(done); }); it('Invalid elliptic public key', function (done) { - if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); } expect(decrypt_message( @@ -88,7 +88,7 @@ export default () => describe('ECDH key exchange @lightweight', function () { )).to.be.rejectedWith(/Public key is not valid for specified curve|Failed to translate Buffer to a EC_POINT|bad point/).notify(done); }); it('Invalid key data integrity', function (done) { - if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); } expect(decrypt_message( @@ -136,7 +136,7 @@ export default () => describe('ECDH key exchange @lightweight', function () { const ecdh = elliptic_curves.ecdh; it('Invalid curve', async function () { - if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); } const curve = new elliptic_curves.CurveWithOID('secp256k1'); diff --git a/test/crypto/elliptic.js b/test/crypto/elliptic.js index a434c543..c755524e 100644 --- a/test/crypto/elliptic.js +++ b/test/crypto/elliptic.js @@ -68,10 +68,10 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi done(); }); it('Creating KeyPair', function () { - if (!config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); } - const names = config.useIndutnyElliptic ? ['p256', 'p384', 'p521', 'secp256k1', 'curve25519Legacy', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'] : + const names = config.useEllipticFallback ? ['p256', 'p384', 'p521', 'secp256k1', 'curve25519Legacy', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'] : ['p256', 'p384', 'p521', 'curve25519Legacy']; return Promise.all(names.map(function (name) { const curve = new elliptic_curves.CurveWithOID(name); @@ -186,7 +186,7 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi )).to.be.rejectedWith(Error, /Unknown curve/); }); it('secp256k1 - Invalid public key', async function () { - if (!config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); // webcrypto does not implement secp256k1: JS fallback tested instead } await expect(verify_signature( @@ -197,7 +197,7 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi )).to.eventually.be.false; }); it('secp256k1 - Invalid point', async function () { - if (!config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); // webcrypto does not implement secp256k1: JS fallback tested instead } await expect(verify_signature( @@ -205,7 +205,7 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi )).to.eventually.be.false; }); it('secp256k1 - Invalid signature', function (done) { - if (!config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); // webcrypto does not implement secp256k1: JS fallback tested instead } expect(verify_signature( diff --git a/test/general/brainpool.js b/test/general/brainpool.js index 903e4a66..1cd3f78f 100644 --- a/test/general/brainpool.js +++ b/test/general/brainpool.js @@ -13,7 +13,7 @@ export default () => (openpgp.config.ci ? describe.skip : describe)('Brainpool C let rejectCurvesVal; before(function() { //only x25519 crypto is fully functional in lightbuild - if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) { this.skip(); // eslint-disable-line no-invalid-this } }); @@ -283,7 +283,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g= }); tryTests('Brainpool Omnibus Tests @lightweight', omnibus, { - if: openpgp.config.useIndutnyElliptic || util.getNodeCrypto() + if: openpgp.config.useEllipticFallback || util.getNodeCrypto() }); }); diff --git a/test/general/ecc_secp256k1.js b/test/general/ecc_secp256k1.js index da457640..8b4674d8 100644 --- a/test/general/ecc_secp256k1.js +++ b/test/general/ecc_secp256k1.js @@ -6,7 +6,7 @@ import openpgp from '../initOpenpgp.js'; import util from '../../src/util.js'; export default () => describe('Elliptic Curve Cryptography for secp256k1 curve @lightweight', function () { - if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { + if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) { before(function() { this.skip(); // eslint-disable-line no-invalid-this });