81 Commits

Author SHA1 Message Date
larabr
7f37a8aaca
Add config parameter to top-level functions (#1241)
Refactor functions to take the configuration as a parameter.

This allows setting a config option for a single function call, whereas
setting `openpgp.config` could lead to concurrency-related issues when
multiple async function calls are made at the same time.

`openpgp.config` is used as default for unset config values in top-level
functions.
`openpgp.config` is used as default config object in low-level functions
(i.e., when calling a low-level function, it may be required to pass
`{ ...openpgp.config, modifiedConfig: modifiedValue }`).

Also,

- remove `config.rsaBlinding`: blinding is now always applied to RSA decryption
- remove `config.debug`: debugging mode can be enabled by setting
  `process.env.NODE_ENV = 'development'`
- remove `config.useNative`: native crypto is always used when available
2021-02-26 20:04:54 +01:00
Daniel Huigens
b6edfe646b Lint all tests (#1235) 2021-02-12 23:00:22 +01:00
Daniel Huigens
b3e08fdc26 Don't export default objects / namespaces
Import individual functions, instead.
2021-02-09 19:25:20 +01:00
Dan Ristea
10aa1aa5cb JSdoc types & ESLint fixes (#1132) 2021-02-09 19:25:20 +01:00
Daniel Huigens
aea7aa953a Use ES6 classes 2021-02-09 19:25:20 +01:00
Daniel Huigens
fb3d23427d Allow dead code elimination 2021-02-09 19:25:20 +01:00
Ilya Chesnokov
e16807505f Switch util function names to camelCase (#1091) 2021-02-09 19:25:20 +01:00
larabr
8823603396 Remove worker (#1072) 2021-02-09 19:25:20 +01:00
Ilya Chesnokov
6e7f399eb3 Use Web Crypto & Node crypto for RSA signing and verifying (#999)
Also, when generating RSA keys in JS, generate them with p < q, as per
the spec.

Also, when generating RSA keys using Web Crypto or Node crypto, swap the
generated p and q around, so that will satisfy p < q in most browsers
(but not old Microsoft Edge, 50% of the time) and so that we can use the
generated u coefficient (p^-1 mod q in OpenPGP, q^-1 mod p in RFC3447).

Then, when signing and verifying, swap p and q again, so that the key
hopefully satisfies Safari's requirement that p > q, and so that we can
keep using u again.
2019-11-18 14:59:01 +01:00
Daniel Huigens
df8364930b Fix one-pass signature verification when using a Worker 2019-05-03 18:40:31 +02:00
Daniel Huigens
5dcaf85f5a Optimize reading large messages with lots of tiny partial body parts (#864)
* Fix pako decompression

* Optimize base64-decoding

* Don't stream-parse packets when not stream-reading data
2019-02-21 08:33:55 -08:00
Daniel Huigens
e727097bb0 Always look at the same literal data packet in getText() and verify() 2018-12-17 12:27:05 -05:00
Daniel Huigens
1071cb9bca Fix cloning embedded signatures 2018-11-05 16:32:30 +01:00
Daniel Huigens
6f9670cc65 Clarify comment explaining packetlist's usage of supportsStreaming 2018-10-10 18:21:02 +02:00
Daniel Huigens
bc6118980f Throw on parse errors in integrity protected encrypted packets 2018-10-05 12:40:05 +02:00
Daniel Huigens
a1c47ecdea Indicate an error when parsing a key with an authorized revocation key
Since we will ignore revocation signatures from authorized revocation keys,
it is dangerous to use these keys.
2018-09-22 23:03:10 +02:00
Daniel Huigens
52c4fa9639 Move streams library to a separate package 2018-08-14 16:35:40 +02:00
Daniel Huigens
ca537e439d Comments & code style 2018-08-14 16:35:38 +02:00
Daniel Huigens
4d82d25559 Pass more tests
We now use streams internally in more places.
2018-08-10 14:46:26 +02:00
Daniel Huigens
55fd292fba Fix armor errors
Also, fix error handling in transformPair()
2018-08-10 14:46:25 +02:00
Daniel Huigens
589b666ac7 Don't clone stream in packet.parse() 2018-08-10 14:46:24 +02:00
Daniel Huigens
ddda6a0b16 Implement cancellation by manually linking together input and output streams 2018-08-10 14:46:24 +02:00
Daniel Huigens
51c897b073 Cancelling 2018-08-10 14:46:23 +02:00
Daniel Huigens
a6a701df7f Streaming signing 2018-08-10 14:46:23 +02:00
Daniel Huigens
9c1c28bc59 Add option to read unauthenticated data from stream 2018-08-10 14:46:23 +02:00
Daniel Huigens
ade2627bca Streaming verify one-pass signatures 2018-08-10 14:44:01 +02:00
Daniel Huigens
9fcc075f0b Streaming decrypt non-partial-length-encoded packets 2018-08-10 14:44:01 +02:00
Daniel Huigens
05479e6e6b Don't warn about await in loops 2018-08-10 14:44:01 +02:00
Daniel Huigens
3475843d82 Don't hack util.concatUint8Array() to handle Streams
Use util.concat() instead.
2018-08-10 14:44:01 +02:00
Daniel Huigens
1f30556674 Split stream.transform into using two helper functions 2018-08-10 14:44:01 +02:00
Daniel Huigens
4ada3fa590 Don't mutate prototypes of Uint8Array, ReadableStream and ReadableStreamDefaultWriter 2018-08-10 14:44:01 +02:00
Daniel Huigens
0372bf78f1 Make (de)armoring and packet reading asynchronous 2018-08-10 14:44:01 +02:00
Daniel Huigens
403bdc5346 Streaming decryption (Web) 2018-08-10 14:44:01 +02:00
Daniel Huigens
b4f5976242 Writing partial lengths 2018-08-10 14:44:01 +02:00
Daniel Huigens
95b9e5188a Remove some ESLint silencers 2018-05-01 17:36:15 +02:00
Daniel Huigens
5d43b44e50 Log swallowed errors in debug mode 2018-04-27 14:06:14 +02:00
Mahrud Sayrafi
96c9cd0d73
Fixes dead links in the documentation 2018-03-13 00:13:04 -07:00
Mahrud Sayrafi
4ded3f9d58
Documentation improvements in src/packet 2018-03-09 08:01:06 -08:00
Mahrud Sayrafi
a5e7562066
Many documentation improvements; more to come 2018-03-08 19:27:57 -08:00
Mahrud Sayrafi
08da24de27
documentation fixes 2018-03-08 10:55:58 -08:00
Mahrud Sayrafi
ec22dabac3 Slightly simplifies key.js; adds key.verifyKeyPackets which should be run before getEncryption/SigningKeyPacket 2018-03-08 10:01:54 +01:00
Bart Butler
1cd9018346 some cleanup 2018-03-06 10:04:33 -08:00
BafS
b672f1936a Use let and const ES6 features.
Remove var, for let or const if possible, clean some syntax, enforce one var per declaration and semicolons
2018-02-13 23:33:09 +01:00
BafS
de6ffc2f76 Remove 'user strict'
'use strict' is unnecessary inside modules because module code is always strict mode code. Ref: https://www.ecma-international.org/ecma-262/6.0/#sec-strict-mode-code
2018-02-13 23:33:09 +01:00
Mahrud Sayrafi
d851398b0c
Merge branch 'master' into http-to-https 2018-02-08 10:56:46 -08:00
Mahrud Sayrafi
1383107202
Fixed and unmuted a few eslint errors, ~10 remain 2018-02-07 04:23:16 -08:00
Daniel Kahn Gillmor
4da28fcc29 move from http to https where possible.
There are dozens of links in the OpenPGP.js codebase that are http but
could be replaced with https links.  I've converted as many of them as
i could find.
2018-02-01 09:58:06 -05:00
Mahrud Sayrafi
5cb89f4f25 Addresses various review comments by @sanjanarajan
* Various FIXME tags are removed
 * In curve.js:
  - webCrypto/nodeCrypto fallback bug is fixed
  - Curve25519 has keyType ecdsa (won't be used for signing, but technically can be)
  - webGenKeyPair is simplifed
 * In base64.js:
  - documentation added and arguments simplified
 * In ecdsa.js and eddsa.js:
  - hash_algo is now at least as strong as the default curve hash
  - simplified the code by moving webSign/nodeSign and webVerify/nodeVerify to live in key.js (ht @ismaelbej)
 * In message.js:
  - in decryptSessionKey, loops break once a key packet is decrypted
 * In key.js:
  - getPreferredHashAlgorithm returns the best hash algorithm
  - enums are used for curve selection
2018-01-30 18:36:26 +01:00
Mahrud Sayrafi
21ae66c604 encrypt/decrypt/sign/verify will always return promises
Note: publicKeyEncryptedSessionKey uses promises, symEncryptedSessionKey does not
2018-01-30 18:33:55 +01:00
Mahrud Sayrafi
11a2d0070b ESLint is happy! 2018-01-30 18:31:30 +01:00