diff --git a/openpgp.d.ts b/openpgp.d.ts index 10c8d710..8801d0e3 100644 --- a/openpgp.d.ts +++ b/openpgp.d.ts @@ -735,7 +735,7 @@ export interface VerifyMessageResult = MaybeStream} ASCII armor. */ armor(config = defaultConfig) { - // emit header if one of the signatures has a version not 6 - const emitHeader = this.signature.packets.some(packet => packet.version !== 6); - const hash = emitHeader ? + // emit header and checksum if one of the signatures has a version not 6 + const emitHeaderAndChecksum = this.signature.packets.some(packet => packet.version !== 6); + const hash = emitHeaderAndChecksum ? Array.from(new Set(this.signature.packets.map( packet => enums.read(enums.hash, packet.hashAlgorithm).toUpperCase() ))).join() : @@ -124,7 +124,9 @@ export class CleartextMessage { text: this.text, data: this.signature.packets.write() }; - return armor(enums.armor.signed, body, undefined, undefined, undefined, config); + + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + return armor(enums.armor.signed, body, undefined, undefined, undefined, emitHeaderAndChecksum, config); } } diff --git a/src/encoding/armor.js b/src/encoding/armor.js index 3820364d..5404d8f6 100644 --- a/src/encoding/armor.js +++ b/src/encoding/armor.js @@ -334,10 +334,13 @@ export function unarmor(input) { * @param {Integer} [partIndex] * @param {Integer} [partTotal] * @param {String} [customComment] - Additional comment to add to the armored string + * @param {Boolean} [emitChecksum] - Whether to compute and include the CRC checksum + * (NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks) + * @param {Object} [config] - Full configuration, defaults to openpgp.config * @returns {String | ReadableStream} Armored text. * @static */ -export function armor(messageType, body, partIndex, partTotal, customComment, config = defaultConfig) { +export function armor(messageType, body, partIndex, partTotal, customComment, emitChecksum = false, config = defaultConfig) { let text; let hash; if (messageType === enums.armor.signed) { @@ -345,18 +348,24 @@ export function armor(messageType, body, partIndex, partTotal, customComment, co hash = body.hash; body = body.data; } + // unless explicitly forbidden by the spec, we need to include the checksum to work around a GnuPG bug + // where data fails to be decoded if the base64 ends with no padding chars (=) (see https://dev.gnupg.org/T7071) + const maybeBodyClone = emitChecksum && stream.passiveClone(body); + const result = []; switch (messageType) { case enums.armor.multipartSection: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); result.push(addheader(customComment, config)); result.push(base64.encode(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '/' + partTotal + '-----\n'); break; case enums.armor.multipartLast: result.push('-----BEGIN PGP MESSAGE, PART ' + partIndex + '-----\n'); result.push(addheader(customComment, config)); result.push(base64.encode(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n'); break; case enums.armor.signed: @@ -366,38 +375,37 @@ export function armor(messageType, body, partIndex, partTotal, customComment, co result.push('\n-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config)); result.push(base64.encode(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; case enums.armor.message: result.push('-----BEGIN PGP MESSAGE-----\n'); result.push(addheader(customComment, config)); result.push(base64.encode(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP MESSAGE-----\n'); break; case enums.armor.publicKey: result.push('-----BEGIN PGP PUBLIC KEY BLOCK-----\n'); result.push(addheader(customComment, config)); result.push(base64.encode(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PUBLIC KEY BLOCK-----\n'); break; case enums.armor.privateKey: result.push('-----BEGIN PGP PRIVATE KEY BLOCK-----\n'); result.push(addheader(customComment, config)); result.push(base64.encode(body)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP PRIVATE KEY BLOCK-----\n'); break; - case enums.armor.signature: { - const bodyClone = stream.passiveClone(body); + case enums.armor.signature: result.push('-----BEGIN PGP SIGNATURE-----\n'); result.push(addheader(customComment, config)); result.push(base64.encode(body)); - // GPG v2 fails to parse signatures without checksums - result.push('=', getCheckSum(bodyClone)); + maybeBodyClone && result.push('=', getCheckSum(maybeBodyClone)); result.push('-----END PGP SIGNATURE-----\n'); break; - } - default: - throw new Error('Unknown armor type'); } return util.concat(result); diff --git a/src/key/key.js b/src/key/key.js index 3c7475ad..3964c5eb 100644 --- a/src/key/key.js +++ b/src/key/key.js @@ -612,7 +612,9 @@ class Key { const revocationSignature = await helper.getLatestValidSignature(this.revocationSignatures, this.keyPacket, enums.signature.keyRevocation, dataToVerify, date, config); const packetlist = new PacketList(); packetlist.push(revocationSignature); - return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate'); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, packetlist.write(), null, null, 'This is a revocation certificate', emitChecksum); } /** diff --git a/src/key/private_key.js b/src/key/private_key.js index 3c6fe474..904c09a0 100644 --- a/src/key/private_key.js +++ b/src/key/private_key.js @@ -64,7 +64,9 @@ class PrivateKey extends PublicKey { * @returns {ReadableStream} ASCII armor. */ armor(config = defaultConfig) { - return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, config); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.privateKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config); } /** diff --git a/src/key/public_key.js b/src/key/public_key.js index 66eac924..7996a32c 100644 --- a/src/key/public_key.js +++ b/src/key/public_key.js @@ -61,7 +61,9 @@ class PublicKey extends Key { * @returns {ReadableStream} ASCII armor. */ armor(config = defaultConfig) { - return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, config); + // An ASCII-armored Transferable Public Key packet sequence of a v6 key MUST NOT contain a CRC24 footer. + const emitChecksum = this.keyPacket.version !== 6; + return armor(enums.armor.publicKey, this.toPacketList().write(), undefined, undefined, undefined, emitChecksum, config); } } diff --git a/src/message.js b/src/message.js index 159c003e..113d5623 100644 --- a/src/message.js +++ b/src/message.js @@ -680,7 +680,13 @@ export class Message { * @returns {ReadableStream} ASCII armor. */ armor(config = defaultConfig) { - return armor(enums.armor.message, this.write(), null, null, null, config); + const trailingPacket = this.packets[this.packets.length - 1]; + // An ASCII-armored Encrypted Message packet sequence that ends in an v2 SEIPD packet MUST NOT contain a CRC24 footer. + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = trailingPacket.constructor.tag === SymEncryptedIntegrityProtectedDataPacket.tag ? + trailingPacket.version !== 2 : + this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.message, this.write(), null, null, null, emitChecksum, config); } } diff --git a/src/signature.js b/src/signature.js index ae9e5623..f3e14e85 100644 --- a/src/signature.js +++ b/src/signature.js @@ -49,7 +49,9 @@ export class Signature { * @returns {ReadableStream} ASCII armor. */ armor(config = defaultConfig) { - return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, config); + // An ASCII-armored sequence of Signature packets that only includes v6 Signature packets MUST NOT contain a CRC24 footer. + const emitChecksum = this.packets.some(packet => packet.constructor.tag === SignaturePacket.tag && packet.version !== 6); + return armor(enums.armor.signature, this.write(), undefined, undefined, undefined, emitChecksum, config); } /** diff --git a/test/general/armor.js b/test/general/armor.js index 62773792..01df7c05 100644 --- a/test/general/armor.js +++ b/test/general/armor.js @@ -255,6 +255,40 @@ export default () => describe('ASCII armor', function() { expect(msg.text).to.equal('\r\nsign this'); }); + it('Selectively output CRC checksum', async function () { + const includesArmorChecksum = armoredData => { + const lines = armoredData.split('\n'); + const lastDataLine = lines[lines.length - 3]; + return (lastDataLine[0] === '=' && lastDataLine.length === 5); + }; + + // unless explicitly forbidden by the spec, we include the checksum to work around a GnuPG bug (https://dev.gnupg.org/T7071) + const { privateKey: v4Key } = await openpgp.generateKey({ userIDs: { email: 'v4@armor.test' }, format: 'object' }); + expect(includesArmorChecksum(v4Key.armor())).to.be.true; + const { privateKey: v6Key } = await openpgp.generateKey({ userIDs: { email: 'v6@armor.test' }, config: { v6Keys: true, aeadProtect: true }, format: 'object' }); + expect(includesArmorChecksum(v6Key.armor())).to.be.false; + + const messageWithSEIPDv1 = await openpgp.encrypt({ message: await openpgp.createMessage({ text: 'test' }), encryptionKeys: v4Key }); + expect(includesArmorChecksum(messageWithSEIPDv1)).to.be.true; + const messageWithSEIPDv2 = await openpgp.encrypt({ message: await openpgp.createMessage({ text: 'test' }), encryptionKeys: v6Key }); + expect(includesArmorChecksum(messageWithSEIPDv2)).to.be.false; + + const signatureV4V6 = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), signingKeys: [v4Key, v6Key] }); + expect(includesArmorChecksum(signatureV4V6)).to.be.true; + const signatureV6 = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), signingKeys: v6Key }); + expect(includesArmorChecksum(signatureV6)).to.be.false; + + const detachedSignatureV4V6 = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), signingKeys: [v4Key, v6Key], detached: true }); + expect(includesArmorChecksum(detachedSignatureV4V6)).to.be.true; + const detachedSignatureV6 = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), signingKeys: v6Key, detached: true }); + expect(includesArmorChecksum(detachedSignatureV6)).to.be.false; + + const cleartextSignatureV4V6 = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: 'test' }), signingKeys: [v4Key, v6Key] }); + expect(includesArmorChecksum(cleartextSignatureV4V6)).to.be.true; + const cleartextSignatureV6 = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: 'test' }), signingKeys: v6Key }); + expect(includesArmorChecksum(cleartextSignatureV6)).to.be.false; + }); + it('Do not add extraneous blank line when base64 ends on line break', async function () { const pubKey = `-----BEGIN PGP PUBLIC KEY BLOCK----- diff --git a/test/general/key.js b/test/general/key.js index 1060ac87..570671fd 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -4024,7 +4024,7 @@ CNa5yq6lyexhsn2Vs8DsX+SOSUyNJiy5FyIJ const input = await openpgp.unarmor(revocation_certificate_arm4); const packetlist = await openpgp.PacketList.fromBinary(input.data, util.constructAllowedPackets([openpgp.SignaturePacket]), openpgp.config); - const armored = openpgp.armor(openpgp.enums.armor.publicKey, packetlist.write()); + const armored = openpgp.armor(openpgp.enums.armor.publicKey, packetlist.write(), undefined, undefined, undefined, true); expect(revocationCertificate.replace(/^Comment: .*$\n/mg, '')).to.equal(armored.replace(/^Comment: .*$\n/mg, '')); });