crypto-refresh: add support for new Ed25519/X25519 keys, signatures and messages
#1620
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
larabr
force-pushed
the
new-25519
branch
5 times, most recently
from
ed0b0e4
to
c7003f9
Compare
11 tasks
larabr
force-pushed
the
new-25519
branch
3 times, most recently
from
dd814b5
to
785b47b
Compare
larabr
commented
May 2, 2023
larabr
commented
May 2, 2023
larabr
commented
May 2, 2023
larabr
commented
Jul 13, 2023
larabr
commented
Jul 13, 2023
This addition is backwards compatible. We offer no way to generate v4 keys in the new format.
twiss
reviewed
Jul 13, 2023
Comment on lines
+348
to
+355
| await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() | ||
| .catch(() => null) // ignore key strength requirements | ||
| .then(maybeKey => { | ||
| if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) { | ||
| throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); | ||
| } | ||
| }) | ||
| )); |
There was a problem hiding this comment.
I think it would be safer to just use AES128 in this scenario. After all, we're always allowed to use that, and the config is called preferredSymmetricAlgorithm, it's not a guarantee it will be used (and in this case we can just say that the key doesn't support it - although tbh it would be a bit strange if the key's algorithm preferences claim otherwise).
There was a problem hiding this comment.
This is an edge case which requires passing config.preferredSymmetricAlgorithm with a non-AES algo as well as (all) encryptionKeys with that algo appearing in the prefs.
So I think a specific error can make sense in this case, also considering that AES-128 is not the best fallback for x488, so users might want to go with AES-256 at that point? 🤞
larabr
force-pushed
the
new-25519
branch
2 times, most recently
from
7dc1b9e
to
460a491
Compare
twiss
reviewed
Jul 24, 2023
Comment on lines
+1
to
+17
| // OpenPGP.js - An OpenPGP implementation in javascript | ||
| // Copyright (C) 2018 Proton Technologies AG | ||
| // | ||
| // This library is free software; you can redistribute it and/or | ||
| // modify it under the terms of the GNU Lesser General Public | ||
| // License as published by the Free Software Foundation; either | ||
| // version 3.0 of the License, or (at your option) any later version. | ||
| // | ||
| // This library is distributed in the hope that it will be useful, | ||
| // but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
| // Lesser General Public License for more details. | ||
| // | ||
| // You should have received a copy of the GNU Lesser General Public | ||
| // License along with this library; if not, write to the Free Software | ||
| // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | ||
|
|
There was a problem hiding this comment.
Suggested change
| // OpenPGP.js - An OpenPGP implementation in javascript | |
| // Copyright (C) 2018 Proton Technologies AG | |
| // | |
| // This library is free software; you can redistribute it and/or | |
| // modify it under the terms of the GNU Lesser General Public | |
| // License as published by the Free Software Foundation; either | |
| // version 3.0 of the License, or (at your option) any later version. | |
| // | |
| // This library is distributed in the hope that it will be useful, | |
| // but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| // Lesser General Public License for more details. | |
| // | |
| // You should have received a copy of the GNU Lesser General Public | |
| // License along with this library; if not, write to the Free Software | |
| // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
There was a problem hiding this comment.
This was already there, I just renamed the file. Maybe we should review these copyright notes in a separate PR?
|
|
||
| const webCrypto = util.getWebCrypto(); | ||
| const nodeCrypto = util.getNodeCrypto(); | ||
| const nodeSubtleCrypto = nodeCrypto && nodeCrypto.webcrypto && nodeCrypto.webcrypto.subtle; |
There was a problem hiding this comment.
(For now this is fine but maybe long-term we can just make getWebCrypto return Node's Web Crypto too? And then the code can decide by the ordering which they prefer between Node Crypto and Node Web Crypto.)
As specified in openpgp-crypto-refresh-09. Instead of encoding the symmetric key algorithm in the PKESK ciphertext (requiring padding), the symmetric key algorithm is left unencrypted. Co-authored-by: Lukas Burkhalter <lukas.burkhalter@proton.ch>
Fail on PKESK parsing as well as session key generation and encryption
Following the addition of the new format for Montgomery curves, which do not rely on OIDs.
SubtleCrypto not available in the latter due to stricter secure context checks
twiss
approved these changes
Jul 25, 2023
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This addition is backwards compatible. We offer no way to generate v4 keys in the new format, since existing implementations might not support them.
TODO
merge after introducing support for intended recipient (no longer needed after spec's kdf change)change base branch (to be merged into v6)we merge to v5 as there are no breaking changes