Rename config.useIndutnyElliptic to .useEllipticFallback

To reflect change of underlying library
This commit is contained in:
larabr 2023-10-06 17:23:55 +02:00
parent 909d44f436
commit 7295a2e7b3
7 changed files with 21 additions and 17 deletions

2
openpgp.d.ts vendored
View File

@ -336,7 +336,7 @@ interface Config {
s2kArgon2Params: { passes: number, parallelism: number; memoryExponent: number; }; s2kArgon2Params: { passes: number, parallelism: number; memoryExponent: number; };
maxUserIDLength: number; maxUserIDLength: number;
knownNotations: string[]; knownNotations: string[];
useIndutnyElliptic: boolean; useEllipticFallback: boolean;
rejectHashAlgorithms: Set<enums.hash>; rejectHashAlgorithms: Set<enums.hash>;
rejectMessageHashAlgorithms: Set<enums.hash>; rejectMessageHashAlgorithms: Set<enums.hash>;
rejectPublicKeyAlgorithms: Set<enums.publicKey>; rejectPublicKeyAlgorithms: Set<enums.publicKey>;

View File

@ -246,13 +246,12 @@ export default {
*/ */
knownNotations: [], knownNotations: [],
/** /**
* Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API. * Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API.
* When false, certain standard curves will not be supported (depending on the platform). * When false, certain standard curves will not be supported (depending on the platform).
* Note: the indutny/elliptic curve library is not designed to be constant time.
* @memberof module:config * @memberof module:config
* @property {Boolean} useIndutnyElliptic * @property {Boolean} useEllipticFallback
*/ */
useIndutnyElliptic: true, useEllipticFallback: true,
/** /**
* Reject insecure hash algorithms * Reject insecure hash algorithms
* @memberof module:config * @memberof module:config

View File

@ -33,6 +33,7 @@ import util from '../../../util';
import { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64'; import { uint8ArrayToB64, b64ToUint8Array } from '../../../encoding/base64';
import OID from '../../../type/oid'; import OID from '../../../type/oid';
import { UnsupportedError } from '../../../packet/packet'; import { UnsupportedError } from '../../../packet/packet';
import defaultConfig from '../../../config';
const webCrypto = util.getWebCrypto(); const webCrypto = util.getWebCrypto();
const nodeCrypto = util.getNodeCrypto(); const nodeCrypto = util.getNodeCrypto();
@ -65,6 +66,10 @@ const nobleCurvess = {
[enums.curve.brainpoolP512r1]: brainpoolP512r1 [enums.curve.brainpoolP512r1]: brainpoolP512r1
}; };
export const getNobleCurve = curveName => { export const getNobleCurve = curveName => {
if (!defaultConfig.useEllipticFallback) {
// TODO make import dynamic
throw new Error('This curve is only supported in the full build of OpenPGP.js');
}
const curve = nobleCurvess[curveName]; const curve = nobleCurvess[curveName];
if (!curve) throw new Error('Unsupported curve'); if (!curve) throw new Error('Unsupported curve');
return curve; return curve;

View File

@ -72,7 +72,7 @@ export default () => describe('ECDH key exchange @lightweight', function () {
)).to.be.rejectedWith(Error, /Unknown curve/).notify(done); )).to.be.rejectedWith(Error, /Unknown curve/).notify(done);
}); });
it('Invalid ephemeral key', function (done) { it('Invalid ephemeral key', function (done) {
if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip(); this.skip();
} }
expect(decrypt_message( expect(decrypt_message(
@ -80,7 +80,7 @@ export default () => describe('ECDH key exchange @lightweight', function () {
)).to.be.rejectedWith(Error, /Private key is not valid for specified curve|second arg must be public key/).notify(done); )).to.be.rejectedWith(Error, /Private key is not valid for specified curve|second arg must be public key/).notify(done);
}); });
it('Invalid elliptic public key', function (done) { it('Invalid elliptic public key', function (done) {
if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip(); this.skip();
} }
expect(decrypt_message( expect(decrypt_message(
@ -88,7 +88,7 @@ export default () => describe('ECDH key exchange @lightweight', function () {
)).to.be.rejectedWith(/Public key is not valid for specified curve|Failed to translate Buffer to a EC_POINT|bad point/).notify(done); )).to.be.rejectedWith(/Public key is not valid for specified curve|Failed to translate Buffer to a EC_POINT|bad point/).notify(done);
}); });
it('Invalid key data integrity', function (done) { it('Invalid key data integrity', function (done) {
if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip(); this.skip();
} }
expect(decrypt_message( expect(decrypt_message(
@ -136,7 +136,7 @@ export default () => describe('ECDH key exchange @lightweight', function () {
const ecdh = elliptic_curves.ecdh; const ecdh = elliptic_curves.ecdh;
it('Invalid curve', async function () { it('Invalid curve', async function () {
if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip(); this.skip();
} }
const curve = new elliptic_curves.CurveWithOID('secp256k1'); const curve = new elliptic_curves.CurveWithOID('secp256k1');

View File

@ -68,10 +68,10 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi
done(); done();
}); });
it('Creating KeyPair', function () { it('Creating KeyPair', function () {
if (!config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip(); this.skip();
} }
const names = config.useIndutnyElliptic ? ['p256', 'p384', 'p521', 'secp256k1', 'curve25519Legacy', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'] : const names = config.useEllipticFallback ? ['p256', 'p384', 'p521', 'secp256k1', 'curve25519Legacy', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'] :
['p256', 'p384', 'p521', 'curve25519Legacy']; ['p256', 'p384', 'p521', 'curve25519Legacy'];
return Promise.all(names.map(function (name) { return Promise.all(names.map(function (name) {
const curve = new elliptic_curves.CurveWithOID(name); const curve = new elliptic_curves.CurveWithOID(name);
@ -186,7 +186,7 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi
)).to.be.rejectedWith(Error, /Unknown curve/); )).to.be.rejectedWith(Error, /Unknown curve/);
}); });
it('secp256k1 - Invalid public key', async function () { it('secp256k1 - Invalid public key', async function () {
if (!config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip(); // webcrypto does not implement secp256k1: JS fallback tested instead this.skip(); // webcrypto does not implement secp256k1: JS fallback tested instead
} }
await expect(verify_signature( await expect(verify_signature(
@ -197,7 +197,7 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi
)).to.eventually.be.false; )).to.eventually.be.false;
}); });
it('secp256k1 - Invalid point', async function () { it('secp256k1 - Invalid point', async function () {
if (!config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip(); // webcrypto does not implement secp256k1: JS fallback tested instead this.skip(); // webcrypto does not implement secp256k1: JS fallback tested instead
} }
await expect(verify_signature( await expect(verify_signature(
@ -205,7 +205,7 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi
)).to.eventually.be.false; )).to.eventually.be.false;
}); });
it('secp256k1 - Invalid signature', function (done) { it('secp256k1 - Invalid signature', function (done) {
if (!config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip(); // webcrypto does not implement secp256k1: JS fallback tested instead this.skip(); // webcrypto does not implement secp256k1: JS fallback tested instead
} }
expect(verify_signature( expect(verify_signature(

View File

@ -13,7 +13,7 @@ export default () => (openpgp.config.ci ? describe.skip : describe)('Brainpool C
let rejectCurvesVal; let rejectCurvesVal;
before(function() { before(function() {
//only x25519 crypto is fully functional in lightbuild //only x25519 crypto is fully functional in lightbuild
if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip(); // eslint-disable-line no-invalid-this this.skip(); // eslint-disable-line no-invalid-this
} }
}); });
@ -283,7 +283,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
}); });
tryTests('Brainpool Omnibus Tests @lightweight', omnibus, { tryTests('Brainpool Omnibus Tests @lightweight', omnibus, {
if: openpgp.config.useIndutnyElliptic || util.getNodeCrypto() if: openpgp.config.useEllipticFallback || util.getNodeCrypto()
}); });
}); });

View File

@ -6,7 +6,7 @@ import openpgp from '../initOpenpgp.js';
import util from '../../src/util.js'; import util from '../../src/util.js';
export default () => describe('Elliptic Curve Cryptography for secp256k1 curve @lightweight', function () { export default () => describe('Elliptic Curve Cryptography for secp256k1 curve @lightweight', function () {
if (!openpgp.config.useIndutnyElliptic && !util.getNodeCrypto()) { if (!openpgp.config.useEllipticFallback && !util.getNodeCrypto()) {
before(function() { before(function() {
this.skip(); // eslint-disable-line no-invalid-this this.skip(); // eslint-disable-line no-invalid-this
}); });