Bump playwright from 1.51.0 to 1.51.1 (#1834)

Bumps [playwright](https://github.com/microsoft/playwright) from 1.51.0 to 1.51.1.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.51.0...v1.51.1)

---
updated-dependencies:
- dependency-name: playwright
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/dependabot.yml

@@ -1,6 +1,10 @@
 version: 2
 updates:
   - package-ecosystem: "npm"
+    # The redundant target-branch directive is needed to set two different update schedules for npm,
+    # working around a dependabot limitation:
+    # see https://github.com/dependabot/dependabot-core/issues/1778#issuecomment-1988140219 .
+    target-branch: main
     directory: "/"
     schedule:
       interval: "daily"

.github/workflows/benchmark.yml

@@ -2,7 +2,7 @@ name: Performance Regression Test
 
 on:
   pull_request:
-    branches: [main, v6]
+    branches: [main]
 
 jobs:
   benchmark:

.github/workflows/docs.yml

@@ -4,7 +4,7 @@ on:
   push:
     branches: [main]
   pull_request:
-    branches: [main, v6]
+    branches: [main]
 
 jobs:
   lint:

.github/workflows/sop-test-suite.yml

@@ -2,7 +2,7 @@ name: SOP interoperability test suite
 
 on:
   pull_request:
-    branches: [ main, v6 ]
+    branches: [ main ]
 
 jobs:
 

.github/workflows/tests.yml

@@ -4,7 +4,7 @@ on:
   push:
     branches: [main]
   pull_request:
-    branches: [main, v6]
+    branches: [main]
 
 jobs:
   build: # cache both dist and tests (non-lightweight only), based on commit hash
@@ -106,6 +106,7 @@ jobs:
           npx playwright install --with-deps firefox
 
       - name: Install WebKit # caching not possible, external shared libraries required
+        if: ${{ matrix.runner == 'macos-latest' }} # do not install on ubuntu, since the X25519 WebCrypto implementation has issues
         run: npx playwright install --with-deps webkit
 
       - name: Run browser tests

openpgp.d.ts

@@ -94,7 +94,7 @@ export class PrivateKey extends PublicKey {
   public revoke(reason?: ReasonForRevocation, date?: Date, config?: Config): Promise<PrivateKey>;
   public isDecrypted(): boolean;
   public addSubkey(options: SubkeyOptions): Promise<PrivateKey>;
-  public getDecryptionKeys(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise<PrivateKey | Subkey>;
+  public getDecryptionKeys(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise<(PrivateKey | Subkey)[]>;
   public update(sourceKey: PublicKey, date?: Date, config?: Config): Promise<PrivateKey>;
 }
 
@@ -702,7 +702,7 @@ export type EllipticCurveName = 'ed25519Legacy' | 'curve25519Legacy' | 'nistP256
 interface GenerateKeyOptions {
   userIDs: MaybeArray<UserID>;
   passphrase?: string;
-  type?: 'ecc' | 'rsa';
+  type?: 'ecc' | 'rsa' | 'curve25519' | 'curve448';
   curve?: EllipticCurveName;
   rsaBits?: number;
   keyExpirationTime?: number;
@@ -713,14 +713,8 @@ interface GenerateKeyOptions {
 }
 export type KeyOptions = GenerateKeyOptions;
 
-export interface SubkeyOptions {
-  type?: 'ecc' | 'rsa';
-  curve?: EllipticCurveName;
-  rsaBits?: number;
-  keyExpirationTime?: number;
-  date?: Date;
+export interface SubkeyOptions extends Pick<GenerateKeyOptions, 'type' | 'curve' | 'rsaBits' | 'keyExpirationTime' | 'date' | 'config'> {
   sign?: boolean;
-  config?: PartialConfig;
 }
 
 export declare class KeyID {
@@ -922,6 +916,8 @@ export namespace enums {
   export enum aead {
     eax = 1,
     ocb = 2,
+    gcm = 3,
+    /** @deprecated use `gcm` instead */
     experimentalGCM = 100 // Private algorithm
   }
 

package-lock.json

@@ -1,16 +1,16 @@
 {
   "name": "openpgp",
-  "version": "6.0.0",
+  "version": "6.1.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "openpgp",
-      "version": "6.0.0",
+      "version": "6.1.0",
       "license": "LGPL-3.0+",
       "devDependencies": {
-        "@noble/ciphers": "^1.0.0",
-        "@noble/curves": "^1.6.0",
+        "@noble/ciphers": "^1.2.1",
+        "@noble/curves": "^1.8.1",
         "@noble/hashes": "^1.5.0",
         "@openpgp/jsdoc": "^3.6.11",
         "@openpgp/seek-bzip": "^1.0.5-git",
@@ -45,9 +45,9 @@
         "eslint-plugin-chai-friendly": "^0.7.4",
         "eslint-plugin-import": "^2.31.0",
         "eslint-plugin-unicorn": "^48.0.1",
-        "fflate": "^0.7.4",
+        "fflate": "^0.8.2",
         "mocha": "^10.7.3",
-        "playwright": "^1.48.2",
+        "playwright": "^1.51.1",
         "rollup": "^4.24.2",
         "sinon": "^18.0.1",
         "ts-node": "^10.9.2",
@@ -929,9 +929,9 @@
       }
     },
     "node_modules/@noble/ciphers": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-1.0.0.tgz",
-      "integrity": "sha512-wH5EHOmLi0rEazphPbecAzmjd12I6/Yv/SiHdkA9LSycsQk7RuuTp7am5/o62qYr0RScE7Pc9icXGBbsr6cesA==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-1.2.1.tgz",
+      "integrity": "sha512-rONPWMC7PeExE077uLE4oqWrZ1IvAfz3oH9LibVAcVCopJiA9R62uavnbEzdkVmJYI6M6Zgkbeb07+tWjlq2XA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -942,12 +942,13 @@
       }
     },
     "node_modules/@noble/curves": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.6.0.tgz",
-      "integrity": "sha512-TlaHRXDehJuRNR9TfZDNQ45mMEd5dwUwmicsafcIX4SsNiqnCHKjE/1alYPd/lDRVhxdhUAlv8uEhMCI5zjIJQ==",
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.8.1.tgz",
+      "integrity": "sha512-warwspo+UYUPep0Q+vtdVB4Ugn8GGQj8iyB3gnRWsztmUHTI3S1nhdiWNsPUGL0vud7JlRRk1XEu7Lq1KGTnMQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "@noble/hashes": "1.5.0"
+        "@noble/hashes": "1.7.1"
       },
       "engines": {
         "node": "^14.21.3 || >=16"
@@ -957,10 +958,11 @@
       }
     },
     "node_modules/@noble/hashes": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.5.0.tgz",
-      "integrity": "sha512-1j6kQFb7QRru7eKN3ZDvRcP13rugwdxZqCjbiAVZfIJwgj2A65UmT4TgARXGlXgnRkORLTDTrO19ZErt7+QXgA==",
+      "version": "1.7.1",
+      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.7.1.tgz",
+      "integrity": "sha512-B8XBPsn4vT/KJAGqDzbwztd+6Yte3P4V7iafm24bxgDe/mlRuK6xmWPuCNrKt2vDafZ8MfJLlchDG/vYafQEjQ==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": "^14.21.3 || >=16"
       },
@@ -2761,24 +2763,11 @@
         "node": ">=18.0.0"
       }
     },
-    "node_modules/@web/test-runner-commands": {
-      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/@web/test-runner-commands/-/test-runner-commands-0.9.0.tgz",
-      "integrity": "sha512-zeLI6QdH0jzzJMDV5O42Pd8WLJtYqovgdt0JdytgHc0d1EpzXDsc7NTCJSImboc2NcayIsWAvvGGeRF69SMMYg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@web/test-runner-core": "^0.13.0",
-        "mkdirp": "^1.0.4"
-      },
-      "engines": {
-        "node": ">=18.0.0"
-      }
-    },
-    "node_modules/@web/test-runner-core": {
-      "version": "0.13.3",
-      "resolved": "https://registry.npmjs.org/@web/test-runner-core/-/test-runner-core-0.13.3.tgz",
-      "integrity": "sha512-ilDqF/v2sj0sD69FNSIDT7uw4M1yTVedLBt32/lXy3MMi6suCM7m/ZlhsBy8PXhf879WMvzBOl/vhJBpEMB9vA==",
+    "node_modules/@web/test-runner-chrome/node_modules/@web/test-runner-core": {
+      "name": "@openpgp/wtr-test-runner-core",
+      "version": "0.13.4-patch.0",
+      "resolved": "https://registry.npmjs.org/@openpgp/wtr-test-runner-core/-/wtr-test-runner-core-0.13.4-patch.0.tgz",
+      "integrity": "sha512-vcQXfDvDyVhQo4IpqHk/ksNayC/hKNjaN7ykXygtrGmOSdsVs1IGopNVzOgjjeISpZUytHnivJNEMtNWNPGgrg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2790,8 +2779,8 @@
         "@types/istanbul-lib-coverage": "^2.0.3",
         "@types/istanbul-reports": "^3.0.0",
         "@web/browser-logs": "^0.4.0",
-        "@web/dev-server-core": "^0.7.2",
-        "chokidar": "^3.4.3",
+        "@web/dev-server-core": "^0.7.3",
+        "chokidar": "^4.0.1",
         "cli-cursor": "^3.1.0",
         "co-body": "^6.1.0",
         "convert-source-map": "^2.0.0",
@@ -2813,11 +2802,11 @@
         "node": ">=18.0.0"
       }
     },
-    "node_modules/@web/test-runner-core/node_modules/@web/dev-server-core/node_modules/chokidar": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.1.tgz",
-      "integrity": "sha512-n8enUVCED/KVRQlab1hr3MVpcVMvxtZjmEa956u+4YijlmQED223XMSYj2tLuKvr4jcCTzNNMpQDUer72MMmzA==",
-      "extraneous": true,
+    "node_modules/@web/test-runner-chrome/node_modules/chokidar": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
+      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+      "dev": true,
       "license": "MIT",
       "dependencies": {
         "readdirp": "^4.0.1"
@@ -2829,7 +2818,114 @@
         "url": "https://paulmillr.com/funding/"
       }
     },
-    "node_modules/@web/test-runner-core/node_modules/source-map": {
+    "node_modules/@web/test-runner-chrome/node_modules/readdirp": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.1.tgz",
+      "integrity": "sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.18.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-chrome/node_modules/source-map": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
+      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@web/test-runner-commands": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/@web/test-runner-commands/-/test-runner-commands-0.9.0.tgz",
+      "integrity": "sha512-zeLI6QdH0jzzJMDV5O42Pd8WLJtYqovgdt0JdytgHc0d1EpzXDsc7NTCJSImboc2NcayIsWAvvGGeRF69SMMYg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@web/test-runner-core": "^0.13.0",
+        "mkdirp": "^1.0.4"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@web/test-runner-commands/node_modules/@web/test-runner-core": {
+      "name": "@openpgp/wtr-test-runner-core",
+      "version": "0.13.4-patch.0",
+      "resolved": "https://registry.npmjs.org/@openpgp/wtr-test-runner-core/-/wtr-test-runner-core-0.13.4-patch.0.tgz",
+      "integrity": "sha512-vcQXfDvDyVhQo4IpqHk/ksNayC/hKNjaN7ykXygtrGmOSdsVs1IGopNVzOgjjeISpZUytHnivJNEMtNWNPGgrg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.11",
+        "@types/babel__code-frame": "^7.0.2",
+        "@types/co-body": "^6.1.0",
+        "@types/convert-source-map": "^2.0.0",
+        "@types/debounce": "^1.2.0",
+        "@types/istanbul-lib-coverage": "^2.0.3",
+        "@types/istanbul-reports": "^3.0.0",
+        "@web/browser-logs": "^0.4.0",
+        "@web/dev-server-core": "^0.7.3",
+        "chokidar": "^4.0.1",
+        "cli-cursor": "^3.1.0",
+        "co-body": "^6.1.0",
+        "convert-source-map": "^2.0.0",
+        "debounce": "^1.2.0",
+        "dependency-graph": "^0.11.0",
+        "globby": "^11.0.1",
+        "internal-ip": "^6.2.0",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-report": "^3.0.1",
+        "istanbul-reports": "^3.0.2",
+        "log-update": "^4.0.0",
+        "nanocolors": "^0.2.1",
+        "nanoid": "^3.1.25",
+        "open": "^8.0.2",
+        "picomatch": "^2.2.2",
+        "source-map": "^0.7.3"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@web/test-runner-commands/node_modules/chokidar": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
+      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "readdirp": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 14.16.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-commands/node_modules/readdirp": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.1.tgz",
+      "integrity": "sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.18.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-commands/node_modules/source-map": {
       "version": "0.7.4",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
       "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
@@ -2856,6 +2952,85 @@
         "node": ">=18.0.0"
       }
     },
+    "node_modules/@web/test-runner-coverage-v8/node_modules/@web/test-runner-core": {
+      "name": "@openpgp/wtr-test-runner-core",
+      "version": "0.13.4-patch.0",
+      "resolved": "https://registry.npmjs.org/@openpgp/wtr-test-runner-core/-/wtr-test-runner-core-0.13.4-patch.0.tgz",
+      "integrity": "sha512-vcQXfDvDyVhQo4IpqHk/ksNayC/hKNjaN7ykXygtrGmOSdsVs1IGopNVzOgjjeISpZUytHnivJNEMtNWNPGgrg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.11",
+        "@types/babel__code-frame": "^7.0.2",
+        "@types/co-body": "^6.1.0",
+        "@types/convert-source-map": "^2.0.0",
+        "@types/debounce": "^1.2.0",
+        "@types/istanbul-lib-coverage": "^2.0.3",
+        "@types/istanbul-reports": "^3.0.0",
+        "@web/browser-logs": "^0.4.0",
+        "@web/dev-server-core": "^0.7.3",
+        "chokidar": "^4.0.1",
+        "cli-cursor": "^3.1.0",
+        "co-body": "^6.1.0",
+        "convert-source-map": "^2.0.0",
+        "debounce": "^1.2.0",
+        "dependency-graph": "^0.11.0",
+        "globby": "^11.0.1",
+        "internal-ip": "^6.2.0",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-report": "^3.0.1",
+        "istanbul-reports": "^3.0.2",
+        "log-update": "^4.0.0",
+        "nanocolors": "^0.2.1",
+        "nanoid": "^3.1.25",
+        "open": "^8.0.2",
+        "picomatch": "^2.2.2",
+        "source-map": "^0.7.3"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@web/test-runner-coverage-v8/node_modules/chokidar": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
+      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "readdirp": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 14.16.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-coverage-v8/node_modules/readdirp": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.1.tgz",
+      "integrity": "sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.18.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-coverage-v8/node_modules/source-map": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
+      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
     "node_modules/@web/test-runner-mocha": {
       "version": "0.9.0",
       "resolved": "https://registry.npmjs.org/@web/test-runner-mocha/-/test-runner-mocha-0.9.0.tgz",
@@ -2869,6 +3044,85 @@
         "node": ">=18.0.0"
       }
     },
+    "node_modules/@web/test-runner-mocha/node_modules/@web/test-runner-core": {
+      "name": "@openpgp/wtr-test-runner-core",
+      "version": "0.13.4-patch.0",
+      "resolved": "https://registry.npmjs.org/@openpgp/wtr-test-runner-core/-/wtr-test-runner-core-0.13.4-patch.0.tgz",
+      "integrity": "sha512-vcQXfDvDyVhQo4IpqHk/ksNayC/hKNjaN7ykXygtrGmOSdsVs1IGopNVzOgjjeISpZUytHnivJNEMtNWNPGgrg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.11",
+        "@types/babel__code-frame": "^7.0.2",
+        "@types/co-body": "^6.1.0",
+        "@types/convert-source-map": "^2.0.0",
+        "@types/debounce": "^1.2.0",
+        "@types/istanbul-lib-coverage": "^2.0.3",
+        "@types/istanbul-reports": "^3.0.0",
+        "@web/browser-logs": "^0.4.0",
+        "@web/dev-server-core": "^0.7.3",
+        "chokidar": "^4.0.1",
+        "cli-cursor": "^3.1.0",
+        "co-body": "^6.1.0",
+        "convert-source-map": "^2.0.0",
+        "debounce": "^1.2.0",
+        "dependency-graph": "^0.11.0",
+        "globby": "^11.0.1",
+        "internal-ip": "^6.2.0",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-report": "^3.0.1",
+        "istanbul-reports": "^3.0.2",
+        "log-update": "^4.0.0",
+        "nanocolors": "^0.2.1",
+        "nanoid": "^3.1.25",
+        "open": "^8.0.2",
+        "picomatch": "^2.2.2",
+        "source-map": "^0.7.3"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@web/test-runner-mocha/node_modules/chokidar": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
+      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "readdirp": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 14.16.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-mocha/node_modules/readdirp": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.1.tgz",
+      "integrity": "sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.18.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-mocha/node_modules/source-map": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
+      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
     "node_modules/@web/test-runner-playwright": {
       "version": "0.11.0",
       "resolved": "https://registry.npmjs.org/@web/test-runner-playwright/-/test-runner-playwright-0.11.0.tgz",
@@ -2884,6 +3138,85 @@
         "node": ">=18.0.0"
       }
     },
+    "node_modules/@web/test-runner-playwright/node_modules/@web/test-runner-core": {
+      "name": "@openpgp/wtr-test-runner-core",
+      "version": "0.13.4-patch.0",
+      "resolved": "https://registry.npmjs.org/@openpgp/wtr-test-runner-core/-/wtr-test-runner-core-0.13.4-patch.0.tgz",
+      "integrity": "sha512-vcQXfDvDyVhQo4IpqHk/ksNayC/hKNjaN7ykXygtrGmOSdsVs1IGopNVzOgjjeISpZUytHnivJNEMtNWNPGgrg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.11",
+        "@types/babel__code-frame": "^7.0.2",
+        "@types/co-body": "^6.1.0",
+        "@types/convert-source-map": "^2.0.0",
+        "@types/debounce": "^1.2.0",
+        "@types/istanbul-lib-coverage": "^2.0.3",
+        "@types/istanbul-reports": "^3.0.0",
+        "@web/browser-logs": "^0.4.0",
+        "@web/dev-server-core": "^0.7.3",
+        "chokidar": "^4.0.1",
+        "cli-cursor": "^3.1.0",
+        "co-body": "^6.1.0",
+        "convert-source-map": "^2.0.0",
+        "debounce": "^1.2.0",
+        "dependency-graph": "^0.11.0",
+        "globby": "^11.0.1",
+        "internal-ip": "^6.2.0",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-report": "^3.0.1",
+        "istanbul-reports": "^3.0.2",
+        "log-update": "^4.0.0",
+        "nanocolors": "^0.2.1",
+        "nanoid": "^3.1.25",
+        "open": "^8.0.2",
+        "picomatch": "^2.2.2",
+        "source-map": "^0.7.3"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@web/test-runner-playwright/node_modules/chokidar": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
+      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "readdirp": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 14.16.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-playwright/node_modules/readdirp": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.1.tgz",
+      "integrity": "sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.18.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-playwright/node_modules/source-map": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
+      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
     "node_modules/@web/test-runner-webdriver": {
       "version": "0.8.0",
       "resolved": "https://registry.npmjs.org/@web/test-runner-webdriver/-/test-runner-webdriver-0.8.0.tgz",
@@ -2898,6 +3231,154 @@
         "node": ">=18.0.0"
       }
     },
+    "node_modules/@web/test-runner-webdriver/node_modules/@web/test-runner-core": {
+      "name": "@openpgp/wtr-test-runner-core",
+      "version": "0.13.4-patch.0",
+      "resolved": "https://registry.npmjs.org/@openpgp/wtr-test-runner-core/-/wtr-test-runner-core-0.13.4-patch.0.tgz",
+      "integrity": "sha512-vcQXfDvDyVhQo4IpqHk/ksNayC/hKNjaN7ykXygtrGmOSdsVs1IGopNVzOgjjeISpZUytHnivJNEMtNWNPGgrg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.11",
+        "@types/babel__code-frame": "^7.0.2",
+        "@types/co-body": "^6.1.0",
+        "@types/convert-source-map": "^2.0.0",
+        "@types/debounce": "^1.2.0",
+        "@types/istanbul-lib-coverage": "^2.0.3",
+        "@types/istanbul-reports": "^3.0.0",
+        "@web/browser-logs": "^0.4.0",
+        "@web/dev-server-core": "^0.7.3",
+        "chokidar": "^4.0.1",
+        "cli-cursor": "^3.1.0",
+        "co-body": "^6.1.0",
+        "convert-source-map": "^2.0.0",
+        "debounce": "^1.2.0",
+        "dependency-graph": "^0.11.0",
+        "globby": "^11.0.1",
+        "internal-ip": "^6.2.0",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-report": "^3.0.1",
+        "istanbul-reports": "^3.0.2",
+        "log-update": "^4.0.0",
+        "nanocolors": "^0.2.1",
+        "nanoid": "^3.1.25",
+        "open": "^8.0.2",
+        "picomatch": "^2.2.2",
+        "source-map": "^0.7.3"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@web/test-runner-webdriver/node_modules/chokidar": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
+      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "readdirp": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 14.16.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-webdriver/node_modules/readdirp": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.1.tgz",
+      "integrity": "sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.18.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner-webdriver/node_modules/source-map": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
+      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@web/test-runner/node_modules/@web/test-runner-core": {
+      "name": "@openpgp/wtr-test-runner-core",
+      "version": "0.13.4-patch.0",
+      "resolved": "https://registry.npmjs.org/@openpgp/wtr-test-runner-core/-/wtr-test-runner-core-0.13.4-patch.0.tgz",
+      "integrity": "sha512-vcQXfDvDyVhQo4IpqHk/ksNayC/hKNjaN7ykXygtrGmOSdsVs1IGopNVzOgjjeISpZUytHnivJNEMtNWNPGgrg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.11",
+        "@types/babel__code-frame": "^7.0.2",
+        "@types/co-body": "^6.1.0",
+        "@types/convert-source-map": "^2.0.0",
+        "@types/debounce": "^1.2.0",
+        "@types/istanbul-lib-coverage": "^2.0.3",
+        "@types/istanbul-reports": "^3.0.0",
+        "@web/browser-logs": "^0.4.0",
+        "@web/dev-server-core": "^0.7.3",
+        "chokidar": "^4.0.1",
+        "cli-cursor": "^3.1.0",
+        "co-body": "^6.1.0",
+        "convert-source-map": "^2.0.0",
+        "debounce": "^1.2.0",
+        "dependency-graph": "^0.11.0",
+        "globby": "^11.0.1",
+        "internal-ip": "^6.2.0",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-report": "^3.0.1",
+        "istanbul-reports": "^3.0.2",
+        "log-update": "^4.0.0",
+        "nanocolors": "^0.2.1",
+        "nanoid": "^3.1.25",
+        "open": "^8.0.2",
+        "picomatch": "^2.2.2",
+        "source-map": "^0.7.3"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@web/test-runner/node_modules/chokidar": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
+      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "readdirp": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 14.16.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/@web/test-runner/node_modules/readdirp": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.1.tgz",
+      "integrity": "sha512-h80JrZu/MHUZCyHu5ciuoI0+WxsCxzxJTILn6Fs8rxSnFPh+UVHYfeIxK1nVGugMqkfC4vJcBOYbkfkwYK0+gw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.18.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
     "node_modules/@web/test-runner/node_modules/source-map": {
       "version": "0.7.4",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
@@ -6073,10 +6554,11 @@
       }
     },
     "node_modules/fflate": {
-      "version": "0.7.4",
-      "resolved": "https://registry.npmjs.org/fflate/-/fflate-0.7.4.tgz",
-      "integrity": "sha512-5u2V/CDW15QM1XbbgS+0DfPxVB+jUKhWEKuuFuHncbk3tEEqzmoXL+2KyOFuKGqOnmdIy0/davWF1CkuwtibCw==",
-      "dev": true
+      "version": "0.8.2",
+      "resolved": "https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz",
+      "integrity": "sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==",
+      "dev": true,
+      "license": "MIT"
     },
     "node_modules/file-entry-cache": {
       "version": "6.0.1",
@@ -9513,13 +9995,13 @@
       "dev": true
     },
     "node_modules/playwright": {
-      "version": "1.48.2",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.48.2.tgz",
-      "integrity": "sha512-NjYvYgp4BPmiwfe31j4gHLa3J7bD2WiBz8Lk2RoSsmX38SVIARZ18VYjxLjAcDsAhA+F4iSEXTSGgjua0rrlgQ==",
+      "version": "1.51.1",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.1.tgz",
+      "integrity": "sha512-kkx+MB2KQRkyxjYPc3a0wLZZoDczmppyGJIvQ43l+aZihkaVvmu/21kiyaHeHjiFxjxNNFnUncKmcGIyOojsaw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.48.2"
+        "playwright-core": "1.51.1"
       },
       "bin": {
         "playwright": "cli.js"
@@ -9532,9 +10014,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.48.2",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.48.2.tgz",
-      "integrity": "sha512-sjjw+qrLFlriJo64du+EK0kJgZzoQPsabGF4lBvsid+3CNIZIYLgnMj9V6JY5VhM2Peh20DJWIVpVljLLnlawA==",
+      "version": "1.51.1",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.1.tgz",
+      "integrity": "sha512-/crRMj8+j/Nq5s8QcvegseuyeZPxpQCZb6HNk3Sos3BlZyAknRjoyJPFWkpNn8v0+P3WiwqFF8P+zQo4eqiNuw==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {

package.json

@@ -1,7 +1,7 @@
 {
   "name": "openpgp",
   "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
-  "version": "6.0.0",
+  "version": "6.1.0",
   "license": "LGPL-3.0+",
   "homepage": "https://openpgpjs.org/",
   "engines": {
@@ -22,9 +22,9 @@
   "exports": {
     ".": {
       "types": "./openpgp.d.ts",
+      "browser": "./dist/openpgp.min.mjs",
       "import": "./dist/node/openpgp.mjs",
-      "require": "./dist/node/openpgp.min.cjs",
-      "browser": "./dist/openpgp.min.mjs"
+      "require": "./dist/node/openpgp.min.cjs"
     },
     "./lightweight": {
       "types": "./openpgp.d.ts",
@@ -59,11 +59,11 @@
     "docs": "jsdoc --configure .jsdocrc.cjs --destination docs --recurse README.md src && printf '%s' 'docs.openpgpjs.org' > docs/CNAME",
     "preversion": "rm -rf dist docs node_modules && npm ci && npm test",
     "version": "npm run docs && git add -A docs",
-    "postversion": "git push && git push --tags && npm publish"
+    "postversion": "git push --follow-tags && npm publish"
   },
   "devDependencies": {
-    "@noble/ciphers": "^1.0.0",
-    "@noble/curves": "^1.6.0",
+    "@noble/ciphers": "^1.2.1",
+    "@noble/curves": "^1.8.1",
     "@noble/hashes": "^1.5.0",
     "@openpgp/jsdoc": "^3.6.11",
     "@openpgp/seek-bzip": "^1.0.5-git",
@@ -98,9 +98,9 @@
     "eslint-plugin-chai-friendly": "^0.7.4",
     "eslint-plugin-import": "^2.31.0",
     "eslint-plugin-unicorn": "^48.0.1",
-    "fflate": "^0.7.4",
+    "fflate": "^0.8.2",
     "mocha": "^10.7.3",
-    "playwright": "^1.48.2",
+    "playwright": "^1.51.1",
     "rollup": "^4.24.2",
     "sinon": "^18.0.1",
     "ts-node": "^10.9.2",
@@ -110,7 +110,8 @@
     "web-streams-polyfill": "^4.0.0"
   },
   "overrides": {
-    "@web/dev-server-core": "npm:@openpgp/wtr-dev-server-core@0.7.3-patch.1"
+    "@web/dev-server-core": "npm:@openpgp/wtr-dev-server-core@0.7.3-patch.1",
+    "@web/test-runner-core": "npm:@openpgp/wtr-test-runner-core@0.13.4-patch.0"
   },
   "repository": {
     "type": "git",

src/crypto/cipher/index.js

@@ -11,7 +11,8 @@ export async function getLegacyCipher(algo) {
     case enums.symmetric.twofish:
     case enums.symmetric.tripledes: {
       const { legacyCiphers } = await import('./legacy_ciphers');
-      const cipher = legacyCiphers.get(algo);
+      const algoName = enums.read(enums.symmetric, algo);
+      const cipher = legacyCiphers.get(algoName);
       if (!cipher) {
         throw new Error('Unsupported cipher algorithm');
       }

src/crypto/cipher/legacy_ciphers.js

@@ -3,15 +3,16 @@
  * Separate dynamic imports are not convenient as they result in multiple chunks.
  */
 
-import { TripleDES } from './des';
-import CAST5 from './cast5';
-import TwoFish from './twofish';
-import BlowFish from './blowfish';
-import enums from '../../enums';
+import { TripleDES as tripledes } from './des';
+import cast5 from './cast5';
+import twofish from './twofish';
+import blowfish from './blowfish';
 
-export const legacyCiphers = new Map([
-  [enums.symmetric.tripledes, TripleDES],
-  [enums.symmetric.cast5, CAST5],
-  [enums.symmetric.blowfish, BlowFish],
-  [enums.symmetric.twofish, TwoFish]
-]);
+// We avoid importing 'enums' as this module is lazy loaded, and doing so could mess up
+// chunking for the lightweight build
+export const legacyCiphers = new Map(Object.entries({
+  tripledes,
+  cast5,
+  twofish,
+  blowfish
+}));

src/crypto/cipherMode/cfb.js

@@ -23,10 +23,11 @@
 
 import { cfb as nobleAesCfb, unsafe as nobleAesHelpers } from '@noble/ciphers/aes';
 
-import * as stream from '@openpgp/web-stream-tools';
+import { transform as streamTransform } from '@openpgp/web-stream-tools';
 import util from '../../util';
 import enums from '../../enums';
 import { getLegacyCipher, getCipherParams } from '../cipher';
+import { getRandomBytes } from '../random';
 
 const webCrypto = util.getWebCrypto();
 const nodeCrypto = util.getNodeCrypto();
@@ -43,6 +44,20 @@ const nodeAlgos = {
   /* twofish is not implemented in OpenSSL */
 };
 
+/**
+ * Generates a random byte prefix for the specified algorithm
+ * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.
+ * @param {module:enums.symmetric} algo - Symmetric encryption algorithm
+ * @returns {Promise<Uint8Array>} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.
+ * @async
+ */
+export async function getPrefixRandom(algo) {
+  const { blockSize } = getCipherParams(algo);
+  const prefixrandom = await getRandomBytes(blockSize);
+  const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);
+  return util.concat([prefixrandom, repeat]);
+}
+
 /**
  * CFB encryption
  * @param {enums.symmetric} algo - block cipher algorithm
@@ -84,7 +99,7 @@ export async function encrypt(algo, key, plaintext, iv, config) {
     }
     return ciphertext.subarray(0, j);
   };
-  return stream.transform(plaintext, process, process);
+  return streamTransform(plaintext, process, process);
 }
 
 /**
@@ -127,7 +142,7 @@ export async function decrypt(algo, key, ciphertext, iv) {
     }
     return plaintext.subarray(0, j);
   };
-  return stream.transform(ciphertext, process, process);
+  return streamTransform(ciphertext, process, process);
 }
 
 class WebCryptoEncryptor {
@@ -331,10 +346,10 @@ class NobleStreamProcessor {
 async function aesEncrypt(algo, key, pt, iv) {
   if (webCrypto && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys
     const cfb = new WebCryptoEncryptor(algo, key, iv);
-    return util.isStream(pt) ? stream.transform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt);
-  } else if (util.isStream(pt)) { // async callbacks are not accepted by stream.transform unless the input is a stream
+    return util.isStream(pt) ? streamTransform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt);
+  } else if (util.isStream(pt)) { // async callbacks are not accepted by streamTransform unless the input is a stream
     const cfb = new NobleStreamProcessor(true, algo, key, iv);
-    return stream.transform(pt, value => cfb.processChunk(value), () => cfb.finish());
+    return streamTransform(pt, value => cfb.processChunk(value), () => cfb.finish());
   }
   return nobleAesCfb(key, iv).encrypt(pt);
 }
@@ -342,7 +357,7 @@ async function aesEncrypt(algo, key, pt, iv) {
 async function aesDecrypt(algo, key, ct, iv) {
   if (util.isStream(ct)) {
     const cfb = new NobleStreamProcessor(false, algo, key, iv);
-    return stream.transform(ct, value => cfb.processChunk(value), () => cfb.finish());
+    return streamTransform(ct, value => cfb.processChunk(value), () => cfb.finish());
   }
   return nobleAesCfb(key, iv).decrypt(ct);
 }
@@ -359,11 +374,11 @@ const getUint32Array = arr => new Uint32Array(arr.buffer, arr.byteOffset, Math.f
 function nodeEncrypt(algo, key, pt, iv) {
   const algoName = enums.read(enums.symmetric, algo);
   const cipherObj = new nodeCrypto.createCipheriv(nodeAlgos[algoName], key, iv);
-  return stream.transform(pt, value => new Uint8Array(cipherObj.update(value)));
+  return streamTransform(pt, value => new Uint8Array(cipherObj.update(value)));
 }
 
 function nodeDecrypt(algo, key, ct, iv) {
   const algoName = enums.read(enums.symmetric, algo);
   const decipherObj = new nodeCrypto.createDecipheriv(nodeAlgos[algoName], key, iv);
-  return stream.transform(ct, value => new Uint8Array(decipherObj.update(value)));
+  return streamTransform(ct, value => new Uint8Array(decipherObj.update(value)));
 }

src/crypto/cipherMode/index.js

@@ -0,0 +1,35 @@
+/**
+ * @fileoverview Cipher modes
+ * @module crypto/cipherMode
+ */
+
+export * as cfb from './cfb';
+import eax from './eax';
+import ocb from './ocb';
+import gcm from './gcm';
+import enums from '../../enums';
+
+/**
+* Get implementation of the given AEAD mode
+* @param {enums.aead} algo
+* @param {Boolean} [acceptExperimentalGCM] - whether to allow the non-standard, legacy `experimentalGCM` algo
+* @returns {Object}
+* @throws {Error} on invalid algo
+*/
+export function getAEADMode(algo, acceptExperimentalGCM = false) {
+  switch (algo) {
+    case enums.aead.eax:
+      return eax;
+    case enums.aead.ocb:
+      return ocb;
+    case enums.aead.gcm:
+      return gcm;
+    case enums.aead.experimentalGCM:
+      if (!acceptExperimentalGCM) {
+        throw new Error('Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead');
+      }
+      return gcm;
+    default:
+      throw new Error('Unsupported AEAD mode');
+  }
+}

src/crypto/cipherMode/ocb.js

@@ -73,9 +73,8 @@ async function OCB(cipher, key) {
   // `encipher` and `decipher` cannot be async, since `crypt` shares state across calls,
   // hence its execution cannot be broken up.
   // As a result, WebCrypto cannot currently be used for `encipher`.
-  const aes = nobleAesCbc(key, zeroBlock, { disablePadding: true });
-  const encipher = block => aes.encrypt(block);
-  const decipher = block => aes.decrypt(block);
+  const encipher = block => nobleAesCbc(key, zeroBlock, { disablePadding: true }).encrypt(block);
+  const decipher = block => nobleAesCbc(key, zeroBlock, { disablePadding: true }).decrypt(block);
   let mask;
 
   constructKeyVariables(cipher, key);

src/crypto/crypto.js

@@ -23,8 +23,7 @@
  * @module crypto/crypto
  */
 
-import publicKey from './public_key';
-import mode from './mode';
+import { rsa, elliptic, elgamal, dsa } from './public_key';
 import { getRandomBytes } from './random';
 import { getCipherParams } from './cipher';
 import ECDHSymkey from '../type/ecdh_symkey';
@@ -51,16 +50,16 @@ export async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, dat
     case enums.publicKey.rsaEncrypt:
     case enums.publicKey.rsaEncryptSign: {
       const { n, e } = publicParams;
-      const c = await publicKey.rsa.encrypt(data, n, e);
+      const c = await rsa.encrypt(data, n, e);
       return { c };
     }
     case enums.publicKey.elgamal: {
       const { p, g, y } = publicParams;
-      return publicKey.elgamal.encrypt(data, p, g, y);
+      return elgamal.encrypt(data, p, g, y);
     }
     case enums.publicKey.ecdh: {
       const { oid, Q, kdfParams } = publicParams;
-      const { publicKey: V, wrappedKey: C } = await publicKey.elliptic.ecdh.encrypt(
+      const { publicKey: V, wrappedKey: C } = await elliptic.ecdh.encrypt(
         oid, kdfParams, data, Q, fingerprint);
       return { V, C: new ECDHSymkey(C) };
     }
@@ -71,7 +70,7 @@ export async function publicKeyEncrypt(keyAlgo, symmetricAlgo, publicParams, dat
         throw new Error('X25519 and X448 keys can only encrypt AES session keys');
       }
       const { A } = publicParams;
-      const { ephemeralPublicKey, wrappedKey } = await publicKey.elliptic.ecdhX.encrypt(
+      const { ephemeralPublicKey, wrappedKey } = await elliptic.ecdhX.encrypt(
         keyAlgo, data, A);
       const C = ECDHXSymmetricKey.fromObject({ algorithm: symmetricAlgo, wrappedKey });
       return { ephemeralPublicKey, C };
@@ -102,19 +101,19 @@ export async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams,
       const { c } = sessionKeyParams;
       const { n, e } = publicKeyParams;
       const { d, p, q, u } = privateKeyParams;
-      return publicKey.rsa.decrypt(c, n, e, d, p, q, u, randomPayload);
+      return rsa.decrypt(c, n, e, d, p, q, u, randomPayload);
     }
     case enums.publicKey.elgamal: {
       const { c1, c2 } = sessionKeyParams;
       const p = publicKeyParams.p;
       const x = privateKeyParams.x;
-      return publicKey.elgamal.decrypt(c1, c2, p, x, randomPayload);
+      return elgamal.decrypt(c1, c2, p, x, randomPayload);
     }
     case enums.publicKey.ecdh: {
       const { oid, Q, kdfParams } = publicKeyParams;
       const { d } = privateKeyParams;
       const { V, C } = sessionKeyParams;
-      return publicKey.elliptic.ecdh.decrypt(
+      return elliptic.ecdh.decrypt(
         oid, kdfParams, V, C.data, Q, d, fingerprint);
     }
     case enums.publicKey.x25519:
@@ -125,7 +124,7 @@ export async function publicKeyDecrypt(algo, publicKeyParams, privateKeyParams,
       if (C.algorithm !== null && !util.isAES(C.algorithm)) {
         throw new Error('AES session key expected');
       }
-      return publicKey.elliptic.ecdhX.decrypt(
+      return elliptic.ecdhX.decrypt(
         algo, ephemeralPublicKey, C.wrappedKey, A, k);
     }
     default:
@@ -338,22 +337,22 @@ export function generateParams(algo, bits, oid) {
     case enums.publicKey.rsaEncrypt:
     case enums.publicKey.rsaEncryptSign:
     case enums.publicKey.rsaSign:
-      return publicKey.rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({
+      return rsa.generate(bits, 65537).then(({ n, e, d, p, q, u }) => ({
         privateParams: { d, p, q, u },
         publicParams: { n, e }
       }));
     case enums.publicKey.ecdsa:
-      return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({
+      return elliptic.generate(oid).then(({ oid, Q, secret }) => ({
         privateParams: { d: secret },
         publicParams: { oid: new OID(oid), Q }
       }));
     case enums.publicKey.eddsaLegacy:
-      return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({
+      return elliptic.generate(oid).then(({ oid, Q, secret }) => ({
         privateParams: { seed: secret },
         publicParams: { oid: new OID(oid), Q }
       }));
     case enums.publicKey.ecdh:
-      return publicKey.elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({
+      return elliptic.generate(oid).then(({ oid, Q, secret, hash, cipher }) => ({
         privateParams: { d: secret },
         publicParams: {
           oid: new OID(oid),
@@ -363,13 +362,13 @@ export function generateParams(algo, bits, oid) {
       }));
     case enums.publicKey.ed25519:
     case enums.publicKey.ed448:
-      return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({
+      return elliptic.eddsa.generate(algo).then(({ A, seed }) => ({
         privateParams: { seed },
         publicParams: { A }
       }));
     case enums.publicKey.x25519:
     case enums.publicKey.x448:
-      return publicKey.elliptic.ecdhX.generate(algo).then(({ A, k }) => ({
+      return elliptic.ecdhX.generate(algo).then(({ A, k }) => ({
         privateParams: { k },
         publicParams: { A }
       }));
@@ -399,21 +398,21 @@ export async function validateParams(algo, publicParams, privateParams) {
     case enums.publicKey.rsaSign: {
       const { n, e } = publicParams;
       const { d, p, q, u } = privateParams;
-      return publicKey.rsa.validateParams(n, e, d, p, q, u);
+      return rsa.validateParams(n, e, d, p, q, u);
     }
     case enums.publicKey.dsa: {
       const { p, q, g, y } = publicParams;
       const { x } = privateParams;
-      return publicKey.dsa.validateParams(p, q, g, y, x);
+      return dsa.validateParams(p, q, g, y, x);
     }
     case enums.publicKey.elgamal: {
       const { p, g, y } = publicParams;
       const { x } = privateParams;
-      return publicKey.elgamal.validateParams(p, g, y, x);
+      return elgamal.validateParams(p, g, y, x);
     }
     case enums.publicKey.ecdsa:
     case enums.publicKey.ecdh: {
-      const algoModule = publicKey.elliptic[enums.read(enums.publicKey, algo)];
+      const algoModule = elliptic[enums.read(enums.publicKey, algo)];
       const { oid, Q } = publicParams;
       const { d } = privateParams;
       return algoModule.validateParams(oid, Q, d);
@@ -421,39 +420,25 @@ export async function validateParams(algo, publicParams, privateParams) {
     case enums.publicKey.eddsaLegacy: {
       const { Q, oid } = publicParams;
       const { seed } = privateParams;
-      return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed);
+      return elliptic.eddsaLegacy.validateParams(oid, Q, seed);
     }
     case enums.publicKey.ed25519:
     case enums.publicKey.ed448: {
       const { A } = publicParams;
       const { seed } = privateParams;
-      return publicKey.elliptic.eddsa.validateParams(algo, A, seed);
+      return elliptic.eddsa.validateParams(algo, A, seed);
     }
     case enums.publicKey.x25519:
     case enums.publicKey.x448: {
       const { A } = publicParams;
       const { k } = privateParams;
-      return publicKey.elliptic.ecdhX.validateParams(algo, A, k);
+      return elliptic.ecdhX.validateParams(algo, A, k);
     }
     default:
       throw new Error('Unknown public key algorithm.');
   }
 }
 
-/**
- * Generates a random byte prefix for the specified algorithm
- * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.
- * @param {module:enums.symmetric} algo - Symmetric encryption algorithm
- * @returns {Promise<Uint8Array>} Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.
- * @async
- */
-export async function getPrefixRandom(algo) {
-  const { blockSize } = getCipherParams(algo);
-  const prefixrandom = await getRandomBytes(blockSize);
-  const repeat = new Uint8Array([prefixrandom[prefixrandom.length - 2], prefixrandom[prefixrandom.length - 1]]);
-  return util.concat([prefixrandom, repeat]);
-}
-
 /**
  * Generating a session key for the specified symmetric algorithm
  * See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.
@@ -465,17 +450,6 @@ export function generateSessionKey(algo) {
   return getRandomBytes(keySize);
 }
 
-/**
- * Get implementation of the given AEAD mode
- * @param {enums.aead} algo
- * @returns {Object}
- * @throws {Error} on invalid algo
- */
-export function getAEADMode(algo) {
-  const algoName = enums.read(enums.aead, algo);
-  return mode[algoName];
-}
-
 /**
  * Check whether the given curve OID is supported
  * @param {module:type/oid} oid - EC object identifier
@@ -499,13 +473,13 @@ export function getCurvePayloadSize(algo, oid) {
     case enums.publicKey.ecdsa:
     case enums.publicKey.ecdh:
     case enums.publicKey.eddsaLegacy:
-      return new publicKey.elliptic.CurveWithOID(oid).payloadSize;
+      return new elliptic.CurveWithOID(oid).payloadSize;
     case enums.publicKey.ed25519:
     case enums.publicKey.ed448:
-      return publicKey.elliptic.eddsa.getPayloadSize(algo);
+      return elliptic.eddsa.getPayloadSize(algo);
     case enums.publicKey.x25519:
     case enums.publicKey.x448:
-      return publicKey.elliptic.ecdhX.getPayloadSize(algo);
+      return elliptic.ecdhX.getPayloadSize(algo);
     default:
       throw new Error('Unknown elliptic algo');
   }
@@ -520,14 +494,12 @@ export function getPreferredCurveHashAlgo(algo, oid) {
   switch (algo) {
     case enums.publicKey.ecdsa:
     case enums.publicKey.eddsaLegacy:
-      return publicKey.elliptic.getPreferredHashAlgo(oid);
+      return elliptic.getPreferredHashAlgo(oid);
     case enums.publicKey.ed25519:
     case enums.publicKey.ed448:
-      return publicKey.elliptic.eddsa.getPreferredHashAlgo(algo);
+      return elliptic.eddsa.getPreferredHashAlgo(algo);
     default:
       throw new Error('Unknown elliptic signing algo');
   }
 }
 
-
-export { getCipherParams };

src/crypto/hash/index.js

@@ -5,8 +5,7 @@
  * @module crypto/hash
  */
 
-import * as stream from '@openpgp/web-stream-tools';
-import md5 from './md5';
+import { transform as streamTransform, isArrayStream, readToEnd as streamReadToEnd } from '@openpgp/web-stream-tools';
 import util from '../../util';
 import enums from '../../enums';
 
@@ -20,7 +19,7 @@ function nodeHash(type) {
   }
   return async function (data) {
     const shasum = nodeCrypto.createHash(type);
-    return stream.transform(data, value => {
+    return streamTransform(data, value => {
       shasum.update(value);
     }, () => new Uint8Array(shasum.digest()));
   };
@@ -35,14 +34,14 @@ function nobleHash(nobleHashName, webCryptoHashName) {
   };
 
   return async function(data) {
-    if (stream.isArrayStream(data)) {
-      data = await stream.readToEnd(data);
+    if (isArrayStream(data)) {
+      data = await streamReadToEnd(data);
     }
     if (util.isStream(data)) {
       const hash = await getNobleHash();
 
       const hashInstance = hash.create();
-      return stream.transform(data, value => {
+      return streamTransform(data, value => {
         hashInstance.update(value);
       }, () => hashInstance.digest());
     } else if (webCrypto && webCryptoHashName) {
@@ -55,76 +54,72 @@ function nobleHash(nobleHashName, webCryptoHashName) {
   };
 }
 
-export default {
+const md5 = nodeHash('md5') || nobleHash('md5');
+const sha1 = nodeHash('sha1') || nobleHash('sha1', 'SHA-1');
+const sha224 = nodeHash('sha224') || nobleHash('sha224');
+const sha256 = nodeHash('sha256') || nobleHash('sha256', 'SHA-256');
+const sha384 = nodeHash('sha384') || nobleHash('sha384', 'SHA-384');
+const sha512 = nodeHash('sha512') || nobleHash('sha512', 'SHA-512');
+const ripemd = nodeHash('ripemd160') || nobleHash('ripemd160');
+const sha3_256 = nodeHash('sha3-256') || nobleHash('sha3_256');
+const sha3_512 = nodeHash('sha3-512') || nobleHash('sha3_512');
 
-  /** @see module:md5 */
-  md5: nodeHash('md5') || md5,
-  sha1: nodeHash('sha1') || nobleHash('sha1', 'SHA-1'),
-  sha224: nodeHash('sha224') || nobleHash('sha224'),
-  sha256: nodeHash('sha256') || nobleHash('sha256', 'SHA-256'),
-  sha384: nodeHash('sha384') || nobleHash('sha384', 'SHA-384'),
-  sha512: nodeHash('sha512') || nobleHash('sha512', 'SHA-512'),
-  ripemd: nodeHash('ripemd160') || nobleHash('ripemd160'),
-  sha3_256: nodeHash('sha3-256') || nobleHash('sha3_256'),
-  sha3_512: nodeHash('sha3-512') || nobleHash('sha3_512'),
-
-  /**
-   * Create a hash on the specified data using the specified algorithm
-   * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})
-   * @param {Uint8Array} data - Data to be hashed
-   * @returns {Promise<Uint8Array>} Hash value.
-   */
-  digest: function(algo, data) {
-    switch (algo) {
-      case enums.hash.md5:
-        return this.md5(data);
-      case enums.hash.sha1:
-        return this.sha1(data);
-      case enums.hash.ripemd:
-        return this.ripemd(data);
-      case enums.hash.sha256:
-        return this.sha256(data);
-      case enums.hash.sha384:
-        return this.sha384(data);
-      case enums.hash.sha512:
-        return this.sha512(data);
-      case enums.hash.sha224:
-        return this.sha224(data);
-      case enums.hash.sha3_256:
-        return this.sha3_256(data);
-      case enums.hash.sha3_512:
-        return this.sha3_512(data);
-      default:
-        throw new Error('Unsupported hash function');
-    }
-  },
-
-  /**
-   * Returns the hash size in bytes of the specified hash algorithm type
-   * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})
-   * @returns {Integer} Size in bytes of the resulting hash.
-   */
-  getHashByteLength: function(algo) {
-    switch (algo) {
-      case enums.hash.md5:
-        return 16;
-      case enums.hash.sha1:
-      case enums.hash.ripemd:
-        return 20;
-      case enums.hash.sha256:
-        return 32;
-      case enums.hash.sha384:
-        return 48;
-      case enums.hash.sha512:
-        return 64;
-      case enums.hash.sha224:
-        return 28;
-      case enums.hash.sha3_256:
-        return 32;
-      case enums.hash.sha3_512:
-        return 64;
-      default:
-        throw new Error('Invalid hash algorithm.');
-    }
+/**
+ * Create a hash on the specified data using the specified algorithm
+ * @param {module:enums.hash} algo - Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})
+ * @param {Uint8Array} data - Data to be hashed
+ * @returns {Promise<Uint8Array>} Hash value.
+ */
+export function computeDigest(algo, data) {
+  switch (algo) {
+    case enums.hash.md5:
+      return md5(data);
+    case enums.hash.sha1:
+      return sha1(data);
+    case enums.hash.ripemd:
+      return ripemd(data);
+    case enums.hash.sha256:
+      return sha256(data);
+    case enums.hash.sha384:
+      return sha384(data);
+    case enums.hash.sha512:
+      return sha512(data);
+    case enums.hash.sha224:
+      return sha224(data);
+    case enums.hash.sha3_256:
+      return sha3_256(data);
+    case enums.hash.sha3_512:
+      return sha3_512(data);
+    default:
+      throw new Error('Unsupported hash function');
   }
-};
+}
+
+/**
+ * Returns the hash size in bytes of the specified hash algorithm type
+ * @param {module:enums.hash} algo - Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})
+ * @returns {Integer} Size in bytes of the resulting hash.
+ */
+export function getHashByteLength(algo) {
+  switch (algo) {
+    case enums.hash.md5:
+      return 16;
+    case enums.hash.sha1:
+    case enums.hash.ripemd:
+      return 20;
+    case enums.hash.sha256:
+      return 32;
+    case enums.hash.sha384:
+      return 48;
+    case enums.hash.sha512:
+      return 64;
+    case enums.hash.sha224:
+      return 28;
+    case enums.hash.sha3_256:
+      return 32;
+    case enums.hash.sha3_512:
+      return 64;
+    default:
+      throw new Error('Invalid hash algorithm.');
+  }
+}

src/crypto/hash/md5.js

@@ -1,201 +0,0 @@
-/**
- * A fast MD5 JavaScript implementation
- * Copyright (c) 2012 Joseph Myers
- * http://www.myersdaily.org/joseph/javascript/md5-text.html
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purposes and without
- * fee is hereby granted provided that this copyright notice
- * appears in all copies.
- *
- * Of course, this soft is provided "as is" without express or implied
- * warranty of any kind.
- */
-
-import util from '../../util';
-
-// MD5 Digest
-async function md5(entree) {
-  const digest = md51(util.uint8ArrayToString(entree));
-  return util.hexToUint8Array(hex(digest));
-}
-
-function md5cycle(x, k) {
-  let a = x[0];
-  let b = x[1];
-  let c = x[2];
-  let d = x[3];
-
-  a = ff(a, b, c, d, k[0], 7, -680876936);
-  d = ff(d, a, b, c, k[1], 12, -389564586);
-  c = ff(c, d, a, b, k[2], 17, 606105819);
-  b = ff(b, c, d, a, k[3], 22, -1044525330);
-  a = ff(a, b, c, d, k[4], 7, -176418897);
-  d = ff(d, a, b, c, k[5], 12, 1200080426);
-  c = ff(c, d, a, b, k[6], 17, -1473231341);
-  b = ff(b, c, d, a, k[7], 22, -45705983);
-  a = ff(a, b, c, d, k[8], 7, 1770035416);
-  d = ff(d, a, b, c, k[9], 12, -1958414417);
-  c = ff(c, d, a, b, k[10], 17, -42063);
-  b = ff(b, c, d, a, k[11], 22, -1990404162);
-  a = ff(a, b, c, d, k[12], 7, 1804603682);
-  d = ff(d, a, b, c, k[13], 12, -40341101);
-  c = ff(c, d, a, b, k[14], 17, -1502002290);
-  b = ff(b, c, d, a, k[15], 22, 1236535329);
-
-  a = gg(a, b, c, d, k[1], 5, -165796510);
-  d = gg(d, a, b, c, k[6], 9, -1069501632);
-  c = gg(c, d, a, b, k[11], 14, 643717713);
-  b = gg(b, c, d, a, k[0], 20, -373897302);
-  a = gg(a, b, c, d, k[5], 5, -701558691);
-  d = gg(d, a, b, c, k[10], 9, 38016083);
-  c = gg(c, d, a, b, k[15], 14, -660478335);
-  b = gg(b, c, d, a, k[4], 20, -405537848);
-  a = gg(a, b, c, d, k[9], 5, 568446438);
-  d = gg(d, a, b, c, k[14], 9, -1019803690);
-  c = gg(c, d, a, b, k[3], 14, -187363961);
-  b = gg(b, c, d, a, k[8], 20, 1163531501);
-  a = gg(a, b, c, d, k[13], 5, -1444681467);
-  d = gg(d, a, b, c, k[2], 9, -51403784);
-  c = gg(c, d, a, b, k[7], 14, 1735328473);
-  b = gg(b, c, d, a, k[12], 20, -1926607734);
-
-  a = hh(a, b, c, d, k[5], 4, -378558);
-  d = hh(d, a, b, c, k[8], 11, -2022574463);
-  c = hh(c, d, a, b, k[11], 16, 1839030562);
-  b = hh(b, c, d, a, k[14], 23, -35309556);
-  a = hh(a, b, c, d, k[1], 4, -1530992060);
-  d = hh(d, a, b, c, k[4], 11, 1272893353);
-  c = hh(c, d, a, b, k[7], 16, -155497632);
-  b = hh(b, c, d, a, k[10], 23, -1094730640);
-  a = hh(a, b, c, d, k[13], 4, 681279174);
-  d = hh(d, a, b, c, k[0], 11, -358537222);
-  c = hh(c, d, a, b, k[3], 16, -722521979);
-  b = hh(b, c, d, a, k[6], 23, 76029189);
-  a = hh(a, b, c, d, k[9], 4, -640364487);
-  d = hh(d, a, b, c, k[12], 11, -421815835);
-  c = hh(c, d, a, b, k[15], 16, 530742520);
-  b = hh(b, c, d, a, k[2], 23, -995338651);
-
-  a = ii(a, b, c, d, k[0], 6, -198630844);
-  d = ii(d, a, b, c, k[7], 10, 1126891415);
-  c = ii(c, d, a, b, k[14], 15, -1416354905);
-  b = ii(b, c, d, a, k[5], 21, -57434055);
-  a = ii(a, b, c, d, k[12], 6, 1700485571);
-  d = ii(d, a, b, c, k[3], 10, -1894986606);
-  c = ii(c, d, a, b, k[10], 15, -1051523);
-  b = ii(b, c, d, a, k[1], 21, -2054922799);
-  a = ii(a, b, c, d, k[8], 6, 1873313359);
-  d = ii(d, a, b, c, k[15], 10, -30611744);
-  c = ii(c, d, a, b, k[6], 15, -1560198380);
-  b = ii(b, c, d, a, k[13], 21, 1309151649);
-  a = ii(a, b, c, d, k[4], 6, -145523070);
-  d = ii(d, a, b, c, k[11], 10, -1120210379);
-  c = ii(c, d, a, b, k[2], 15, 718787259);
-  b = ii(b, c, d, a, k[9], 21, -343485551);
-
-  x[0] = add32(a, x[0]);
-  x[1] = add32(b, x[1]);
-  x[2] = add32(c, x[2]);
-  x[3] = add32(d, x[3]);
-}
-
-function cmn(q, a, b, x, s, t) {
-  a = add32(add32(a, q), add32(x, t));
-  return add32((a << s) | (a >>> (32 - s)), b);
-}
-
-function ff(a, b, c, d, x, s, t) {
-  return cmn((b & c) | ((~b) & d), a, b, x, s, t);
-}
-
-function gg(a, b, c, d, x, s, t) {
-  return cmn((b & d) | (c & (~d)), a, b, x, s, t);
-}
-
-function hh(a, b, c, d, x, s, t) {
-  return cmn(b ^ c ^ d, a, b, x, s, t);
-}
-
-function ii(a, b, c, d, x, s, t) {
-  return cmn(c ^ (b | (~d)), a, b, x, s, t);
-}
-
-function md51(s) {
-  const n = s.length;
-  const state = [1732584193, -271733879, -1732584194, 271733878];
-  let i;
-  for (i = 64; i <= s.length; i += 64) {
-    md5cycle(state, md5blk(s.substring(i - 64, i)));
-  }
-  s = s.substring(i - 64);
-  const tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
-  for (i = 0; i < s.length; i++) {
-    tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3);
-  }
-  tail[i >> 2] |= 0x80 << ((i % 4) << 3);
-  if (i > 55) {
-    md5cycle(state, tail);
-    for (i = 0; i < 16; i++) {
-      tail[i] = 0;
-    }
-  }
-  tail[14] = n * 8;
-  md5cycle(state, tail);
-  return state;
-}
-
-/* there needs to be support for Unicode here,
- * unless we pretend that we can redefine the MD-5
- * algorithm for multi-byte characters (perhaps
- * by adding every four 16-bit characters and
- * shortening the sum to 32 bits). Otherwise
- * I suggest performing MD-5 as if every character
- * was two bytes--e.g., 0040 0025 = @%--but then
- * how will an ordinary MD-5 sum be matched?
- * There is no way to standardize text to something
- * like UTF-8 before transformation; speed cost is
- * utterly prohibitive. The JavaScript standard
- * itself needs to look at this: it should start
- * providing access to strings as preformed UTF-8
- * 8-bit unsigned value arrays.
- */
-function md5blk(s) { /* I figured global was faster.   */
-  const md5blks = [];
-  let i; /* Andy King said do it this way. */
-  for (i = 0; i < 64; i += 4) {
-    md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) <<
-      24);
-  }
-  return md5blks;
-}
-
-const hex_chr = '0123456789abcdef'.split('');
-
-function rhex(n) {
-  let s = '';
-  let j = 0;
-  for (; j < 4; j++) {
-    s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F];
-  }
-  return s;
-}
-
-function hex(x) {
-  for (let i = 0; i < x.length; i++) {
-    x[i] = rhex(x[i]);
-  }
-  return x.join('');
-}
-
-/* this function is much faster,
-so if possible we use it. Some IEs
-are the only ones I know of that
-need the idiotic second function,
-generated by an if clause.  */
-
-function add32(a, b) {
-  return (a + b) & 0xFFFFFFFF;
-}
-
-export default md5;

src/crypto/hash/md5.ts

@@ -0,0 +1,80 @@
+// Copied from https://github.com/paulmillr/noble-hashes/blob/main/test/misc/md5.ts
+
+import { HashMD } from '@noble/hashes/_md';
+import { rotl, wrapConstructor } from '@noble/hashes/utils';
+
+// Per-round constants
+const K = Array.from({ length: 64 }, (_, i) => Math.floor(2 ** 32 * Math.abs(Math.sin(i + 1))));
+// Choice: a ? b : c
+const Chi = (a: number, b: number, c: number) => (a & b) ^ (~a & c);
+// Initial state (same as sha1, but 4 u32 instead of 5)
+const IV = /* @__PURE__ */ new Uint32Array([0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476]);
+// Temporary buffer, not used to store anything between runs
+// Named this way for SHA1 compat
+const MD5_W = /* @__PURE__ */ new Uint32Array(16);
+class MD5 extends HashMD<MD5> {
+  private A = IV[0] | 0;
+  private B = IV[1] | 0;
+  private C = IV[2] | 0;
+  private D = IV[3] | 0;
+  constructor() {
+    super(64, 16, 8, true);
+  }
+  protected get(): [number, number, number, number] {
+    const { A, B, C, D } = this;
+    return [A, B, C, D];
+  }
+  protected set(A: number, B: number, C: number, D: number) {
+    this.A = A | 0;
+    this.B = B | 0;
+    this.C = C | 0;
+    this.D = D | 0;
+  }
+  protected process(view: DataView, offset: number): void {
+    for (let i = 0; i < 16; i++, offset += 4) MD5_W[i] = view.getUint32(offset, true);
+    // Compression function main loop, 64 rounds
+    let { A, B, C, D } = this;
+    for (let i = 0; i < 64; i++) {
+      // eslint-disable-next-line one-var, one-var-declaration-per-line
+      let F, g, s;
+      if (i < 16) {
+        // eslint-disable-next-line new-cap
+        F = Chi(B, C, D);
+        g = i;
+        s = [7, 12, 17, 22];
+      } else if (i < 32) {
+        // eslint-disable-next-line new-cap
+        F = Chi(D, B, C);
+        g = (5 * i + 1) % 16;
+        s = [5, 9, 14, 20];
+      } else if (i < 48) {
+        F = B ^ C ^ D;
+        g = (3 * i + 5) % 16;
+        s = [4, 11, 16, 23];
+      } else {
+        F = C ^ (B | ~D);
+        g = (7 * i) % 16;
+        s = [6, 10, 15, 21];
+      }
+      F = F + A + K[i] + MD5_W[g];
+      A = D;
+      D = C;
+      C = B;
+      B = B + rotl(F, s[i % 4]);
+    }
+    // Add the compressed chunk to the current hash value
+    A = (A + this.A) | 0;
+    B = (B + this.B) | 0;
+    C = (C + this.C) | 0;
+    D = (D + this.D) | 0;
+    this.set(A, B, C, D);
+  }
+  protected roundClean() {
+    MD5_W.fill(0);
+  }
+  destroy() {
+    this.set(0, 0, 0, 0);
+    this.buffer.fill(0);
+  }
+}
+export const md5 = /* @__PURE__ */ wrapConstructor(() => new MD5());

src/crypto/hash/noble_hashes.js

@@ -9,8 +9,10 @@ import { sha224, sha256 } from '@noble/hashes/sha256';
 import { sha384, sha512 } from '@noble/hashes/sha512';
 import { sha3_256, sha3_512 } from '@noble/hashes/sha3';
 import { ripemd160 } from '@noble/hashes/ripemd160';
+import { md5 } from './md5';
 
 export const nobleHashes = new Map(Object.entries({
+  md5,
   sha1,
   sha224,
   sha256,

src/crypto/index.js

@@ -9,39 +9,10 @@
  * @module crypto
  */
 
-import * as cipher from './cipher';
-import hash from './hash';
-import mode from './mode';
-import publicKey from './public_key';
-import * as signature from './signature';
-import * as random from './random';
-import * as pkcs1 from './pkcs1';
-import * as pkcs5 from './pkcs5';
-import * as crypto from './crypto';
-import * as aesKW from './aes_kw';
-
-// TODO move cfb and gcm to cipher
-const mod = {
-  /** @see module:crypto/cipher */
-  cipher: cipher,
-  /** @see module:crypto/hash */
-  hash: hash,
-  /** @see module:crypto/mode */
-  mode: mode,
-  /** @see module:crypto/public_key */
-  publicKey: publicKey,
-  /** @see module:crypto/signature */
-  signature: signature,
-  /** @see module:crypto/random */
-  random: random,
-  /** @see module:crypto/pkcs1 */
-  pkcs1: pkcs1,
-  /** @see module:crypto/pkcs5 */
-  pkcs5: pkcs5,
-  /** @see module:crypto/aes_kw */
-  aesKW: aesKW
-};
-
-Object.assign(mod, crypto);
-
-export default mod;
+export * from './crypto';
+export { getCipherParams } from './cipher';
+export * from './hash';
+export * as cipherMode from './cipherMode';
+export * as publicKey from './public_key';
+export * as signature from './signature';
+export { getRandomBytes } from './random';

src/crypto/mode/index.js

@@ -1,21 +0,0 @@
-/**
- * @fileoverview Cipher modes
- * @module crypto/mode
- */
-
-import * as cfb from './cfb';
-import eax from './eax';
-import ocb from './ocb';
-import gcm from './gcm';
-
-export default {
-  /** @see module:crypto/mode/cfb */
-  cfb: cfb,
-  /** @see module:crypto/mode/gcm */
-  gcm: gcm,
-  experimentalGCM: gcm,
-  /** @see module:crypto/mode/eax */
-  eax: eax,
-  /** @see module:crypto/mode/ocb */
-  ocb: ocb
-};

src/crypto/pkcs1.js

@@ -24,7 +24,7 @@
  */
 
 import { getRandomBytes } from './random';
-import hash from './hash';
+import { getHashByteLength } from './hash';
 import util from '../util';
 
 /**
@@ -134,7 +134,7 @@ export function emeDecode(encoded, randomPayload) {
  */
 export function emsaEncode(algo, hashed, emLen) {
   let i;
-  if (hashed.length !== hash.getHashByteLength(algo)) {
+  if (hashed.length !== getHashByteLength(algo)) {
     throw new Error('Invalid hash length');
   }
   // produce an ASN.1 DER value for the hash function used.

src/crypto/public_key/elliptic/ecdh.js

@@ -22,7 +22,7 @@
 
 import { CurveWithOID, jwkToRawPublic, rawPublicToJWK, privateToJWK, validateStandardParams, checkPublicPointEnconding } from './oid_curves';
 import * as aesKW from '../../aes_kw';
-import hash from '../../hash';
+import { computeDigest } from '../../hash';
 import enums from '../../../enums';
 import util from '../../../util';
 import { b64ToUint8Array } from '../../../encoding/base64';
@@ -72,7 +72,7 @@ async function kdf(hashAlgo, X, length, param, stripLeading = false, stripTraili
     for (i = X.length - 1; i >= 0 && X[i] === 0; i--);
     X = X.subarray(0, i + 1);
   }
-  const digest = await hash.digest(hashAlgo, util.concatUint8Array([
+  const digest = await computeDigest(hashAlgo, util.concatUint8Array([
     new Uint8Array([0, 0, 0, 1]),
     X,
     param

src/crypto/public_key/elliptic/ecdh_x.js

@@ -11,6 +11,7 @@ import enums from '../../../enums';
 import util from '../../../util';
 import computeHKDF from '../../hkdf';
 import { getCipherParams } from '../../cipher';
+import { b64ToUint8Array, uint8ArrayToB64 } from '../../../encoding/base64';
 
 const HKDF_INFO = {
   x25519: util.encodeUTF8('OpenPGP X25519'),
@@ -24,12 +25,27 @@ const HKDF_INFO = {
  */
 export async function generate(algo) {
   switch (algo) {
-    case enums.publicKey.x25519: {
-      // k stays in little-endian, unlike legacy ECDH over curve25519
-      const k = getRandomBytes(32);
-      const { publicKey: A } = x25519.box.keyPair.fromSecretKey(k);
-      return { A, k };
-    }
+    case enums.publicKey.x25519:
+      try {
+        const webCrypto = util.getWebCrypto();
+        const webCryptoKey = await webCrypto.generateKey('X25519', true, ['deriveKey', 'deriveBits']);
+
+        const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);
+        const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);
+
+        return {
+          A: new Uint8Array(b64ToUint8Array(publicKey.x)),
+          k: b64ToUint8Array(privateKey.d)
+        };
+      } catch (err) {
+        if (err.name !== 'NotSupportedError') {
+          throw err;
+        }
+        // k stays in little-endian, unlike legacy ECDH over curve25519
+        const k = getRandomBytes(32);
+        const { publicKey: A } = x25519.box.keyPair.fromSecretKey(k);
+        return { A, k };
+      }
 
     case enums.publicKey.x448: {
       const x448 = await util.getNobleCurve(enums.publicKey.x448);
@@ -171,13 +187,32 @@ export function getPayloadSize(algo) {
  */
 export async function generateEphemeralEncryptionMaterial(algo, recipientA) {
   switch (algo) {
-    case enums.publicKey.x25519: {
-      const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo));
-      const sharedSecret = x25519.scalarMult(ephemeralSecretKey, recipientA);
-      assertNonZeroArray(sharedSecret);
-      const { publicKey: ephemeralPublicKey } = x25519.box.keyPair.fromSecretKey(ephemeralSecretKey);
-      return { ephemeralPublicKey, sharedSecret };
-    }
+    case enums.publicKey.x25519:
+      try {
+        const webCrypto = util.getWebCrypto();
+        const jwk = publicKeyToJWK(algo, recipientA);
+        const ephemeralKeyPair = await webCrypto.generateKey('X25519', true, ['deriveKey', 'deriveBits']);
+        const recipientPublicKey = await webCrypto.importKey('jwk', jwk, 'X25519', false, []);
+        const sharedSecretBuffer = await webCrypto.deriveBits(
+          { name: 'X25519', public: recipientPublicKey },
+          ephemeralKeyPair.privateKey,
+          getPayloadSize(algo) * 8 // in bits
+        );
+        const ephemeralPublicKeyJwt = await webCrypto.exportKey('jwk', ephemeralKeyPair.publicKey);
+        return {
+          sharedSecret: new Uint8Array(sharedSecretBuffer),
+          ephemeralPublicKey: new Uint8Array(b64ToUint8Array(ephemeralPublicKeyJwt.x))
+        };
+      } catch (err) {
+        if (err.name !== 'NotSupportedError') {
+          throw err;
+        }
+        const ephemeralSecretKey = getRandomBytes(getPayloadSize(algo));
+        const sharedSecret = x25519.scalarMult(ephemeralSecretKey, recipientA);
+        assertNonZeroArray(sharedSecret);
+        const { publicKey: ephemeralPublicKey } = x25519.box.keyPair.fromSecretKey(ephemeralSecretKey);
+        return { ephemeralPublicKey, sharedSecret };
+      }
     case enums.publicKey.x448: {
       const x448 = await util.getNobleCurve(enums.publicKey.x448);
       const ephemeralSecretKey = x448.utils.randomPrivateKey();
@@ -193,11 +228,27 @@ export async function generateEphemeralEncryptionMaterial(algo, recipientA) {
 
 export async function recomputeSharedSecret(algo, ephemeralPublicKey, A, k) {
   switch (algo) {
-    case enums.publicKey.x25519: {
-      const sharedSecret = x25519.scalarMult(k, ephemeralPublicKey);
-      assertNonZeroArray(sharedSecret);
-      return sharedSecret;
-    }
+    case enums.publicKey.x25519:
+      try {
+        const webCrypto = util.getWebCrypto();
+        const privateKeyJWK = privateKeyToJWK(algo, A, k);
+        const ephemeralPublicKeyJWK = publicKeyToJWK(algo, ephemeralPublicKey);
+        const privateKey = await webCrypto.importKey('jwk', privateKeyJWK, 'X25519', false, ['deriveKey', 'deriveBits']);
+        const ephemeralPublicKeyReference = await webCrypto.importKey('jwk', ephemeralPublicKeyJWK, 'X25519', false, []);
+        const sharedSecretBuffer = await webCrypto.deriveBits(
+          { name: 'X25519', public: ephemeralPublicKeyReference },
+          privateKey,
+          getPayloadSize(algo) * 8 // in bits
+        );
+        return new Uint8Array(sharedSecretBuffer);
+      } catch (err) {
+        if (err.name !== 'NotSupportedError') {
+          throw err;
+        }
+        const sharedSecret = x25519.scalarMult(k, ephemeralPublicKey);
+        assertNonZeroArray(sharedSecret);
+        return sharedSecret;
+      }
     case enums.publicKey.x448: {
       const x448 = await util.getNobleCurve(enums.publicKey.x448);
       const sharedSecret = x448.getSharedSecret(k, ephemeralPublicKey);
@@ -224,3 +275,32 @@ function assertNonZeroArray(sharedSecret) {
     throw new Error('Unexpected low order point');
   }
 }
+
+
+function publicKeyToJWK(algo, publicKey) {
+  switch (algo) {
+    case enums.publicKey.x25519: {
+      const jwk = {
+        kty: 'OKP',
+        crv: 'X25519',
+        x: uint8ArrayToB64(publicKey, true),
+        ext: true
+      };
+      return jwk;
+    }
+    default:
+      throw new Error('Unsupported ECDH algorithm');
+  }
+}
+
+function privateKeyToJWK(algo, publicKey, privateKey) {
+  switch (algo) {
+    case enums.publicKey.x25519: {
+      const jwk = publicKeyToJWK(algo, publicKey);
+      jwk.d = uint8ArrayToB64(privateKey, true);
+      return jwk;
+    }
+    default:
+      throw new Error('Unsupported ECDH algorithm');
+  }
+}

src/crypto/public_key/elliptic/ecdsa.js

@@ -23,7 +23,7 @@
 import enums from '../../../enums';
 import util from '../../../util';
 import { getRandomBytes } from '../../random';
-import hash from '../../hash';
+import { computeDigest } from '../../hash';
 import { CurveWithOID, webCurves, privateToJWK, rawPublicToJWK, validateStandardParams, nodeCurves, checkPublicPointEnconding } from './oid_curves';
 import { bigIntToUint8Array } from '../../biginteger';
 
@@ -156,7 +156,7 @@ export async function validateParams(oid, Q, d) {
     case 'node': {
       const message = getRandomBytes(8);
       const hashAlgo = enums.hash.sha256;
-      const hashed = await hash.digest(hashAlgo, message);
+      const hashed = await computeDigest(hashAlgo, message);
       try {
         const signature = await sign(oid, hashAlgo, message, Q, d, hashed);
         // eslint-disable-next-line @typescript-eslint/return-await

src/crypto/public_key/elliptic/eddsa.js

@@ -23,7 +23,7 @@
 import ed25519 from '@openpgp/tweetnacl';
 import util from '../../../util';
 import enums from '../../../enums';
-import hash from '../../hash';
+import { getHashByteLength } from '../../hash';
 import { getRandomBytes } from '../../random';
 import { b64ToUint8Array, uint8ArrayToB64 } from '../../../encoding/base64';
 
@@ -81,7 +81,7 @@ export async function generate(algo) {
  * @async
  */
 export async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) {
-  if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {
+  if (getHashByteLength(hashAlgo) < getHashByteLength(getPreferredHashAlgo(algo))) {
     // Enforce digest sizes:
     // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4
     // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4
@@ -131,7 +131,7 @@ export async function sign(algo, hashAlgo, message, publicKey, privateKey, hashe
  * @async
  */
 export async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) {
-  if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(getPreferredHashAlgo(algo))) {
+  if (getHashByteLength(hashAlgo) < getHashByteLength(getPreferredHashAlgo(algo))) {
     // Enforce digest sizes:
     // - Ed25519: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.4-4
     // - Ed448: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.5-4

src/crypto/public_key/elliptic/eddsa_legacy.js

@@ -24,7 +24,7 @@
 import nacl from '@openpgp/tweetnacl';
 import util from '../../../util';
 import enums from '../../../enums';
-import hash from '../../hash';
+import { getHashByteLength } from '../../hash';
 import { CurveWithOID, checkPublicPointEnconding } from './oid_curves';
 import { sign as eddsaSign, verify as eddsaVerify } from './eddsa';
 
@@ -45,7 +45,7 @@ import { sign as eddsaSign, verify as eddsaVerify } from './eddsa';
 export async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) {
   const curve = new CurveWithOID(oid);
   checkPublicPointEnconding(curve, publicKey);
-  if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {
+  if (getHashByteLength(hashAlgo) < getHashByteLength(enums.hash.sha256)) {
     // Enforce digest sizes, since the constraint was already present in RFC4880bis:
     // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2
     // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3
@@ -74,7 +74,7 @@ export async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed
 export async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) {
   const curve = new CurveWithOID(oid);
   checkPublicPointEnconding(curve, publicKey);
-  if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) {
+  if (getHashByteLength(hashAlgo) < getHashByteLength(enums.hash.sha256)) {
     // Enforce digest sizes, since the constraint was already present in RFC4880bis:
     // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2
     // and https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.3-3

src/crypto/public_key/index.js

@@ -3,18 +3,7 @@
  * @module crypto/public_key
  */
 
-import * as rsa from './rsa';
-import * as elgamal from './elgamal';
-import * as elliptic from './elliptic';
-import * as dsa from './dsa';
-
-export default {
-  /** @see module:crypto/public_key/rsa */
-  rsa: rsa,
-  /** @see module:crypto/public_key/elgamal */
-  elgamal: elgamal,
-  /** @see module:crypto/public_key/elliptic */
-  elliptic: elliptic,
-  /** @see module:crypto/public_key/dsa */
-  dsa: dsa
-};
+export * as rsa from './rsa';
+export * as elgamal from './elgamal';
+export * as elliptic from './elliptic';
+export * as dsa from './dsa';