FlowCrypt · tomholub · Feb 7, 2023 · Sep 29, 2022 · Oct 1, 2022 · Oct 6, 2022
@@ -16,7 +16,9 @@
     "outDir": "../build/_/content_scripts",
     "baseUrl": "../extension",
     "paths": {
-      "dompurify": ["types/purify.d.ts"]
+      "dompurify": ["types/purify.d.ts"],
+      "openpgp": ["../node_modules/openpgp/openpgp.d.ts"],
+      "@openpgp/web-stream-tools": ["../node_modules/@openpgp/web-stream-tools/web-stream-tools.d.ts"]
     },
     "typeRoots": ["../extension/types", "../extension/js/common/core/types"]
   },

@@ -0,0 +1,22 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "lib": [
+      "es6",
+      "dom"
+    ],
+    "allowJs": true,
+    "alwaysStrict": true,
+    "noImplicitAny": true,
+    "strictNullChecks": true,
+    "allowSyntheticDefaultImports": true,
+    "esModuleInterop": true,
+    "module": "commonjs",
+    "sourceMap": true,
+    "outDir": "../build/streams",
+    "skipLibCheck": true
+  },
+  "include": [
+    "../node_modules/@openpgp/web-stream-tools/lib/*.js"
+  ]
+}
@@ -10,7 +10,13 @@
     "module": "commonjs",
     "sourceMap": true,
     "outDir": "../build/test",
-    "skipLibCheck": true
+    "skipLibCheck": true,
+    "paths": {
+      "@openpgp/web-stream-tools": [
+        "../node_modules/@openpgp/web-stream-tools/web-stream-tools.d.ts",
+        "../build/streams/streams.js"
+      ]
+    }
   },
   "files": [
     "../extension/types/node-forge.d.ts",

@@ -20,6 +20,7 @@ import { Url } from '../../js/common/core/common.js';
 import * as forge from 'node-forge';
 import { Gmail } from '../../js/common/api/email-provider/gmail/gmail.js';
 import { PgpHash } from '../../js/common/core/crypto/pgp/pgp-hash.js';
+import { PgpArmor } from '../../js/common/core/crypto/pgp/pgp-armor.js';
 
 /**
  * importing all libs that are tested in ci tests
@@ -43,6 +44,7 @@ const libs: unknown[] = [
   Catch,
   Gmail,
   PgpHash,
+  PgpArmor,
 ];
 /* eslint-disable @typescript-eslint/no-explicit-any */
 // add them to global scope so ci can use them

@@ -123,8 +123,8 @@ Catch.try(async () => {
     const pwd = prompt('Please enter encryption password');
     if (pwd) {
       print('encrypting..');
-      const encrypted = await opgp.encrypt({ armor: false, message: opgp.message.fromBinary(data), passwords: [pwd] });
-      save(encrypted.message.packets.write());
+      const encrypted = await opgp.encrypt({ format: 'binary', message: await opgp.createMessage({ binary: data }), passwords: [pwd] });
+      save(encrypted); // todo: test
     } else {
       save(data);
     }

@@ -233,23 +233,18 @@ export class EncryptedMsgMailFormatter extends BaseMailFormatter {
     return attachments;
   };
 
-  private encryptDataArmor = async (
-    data: Buf,
-    pwd: string | undefined,
-    pubs: PubkeyResult[],
-    signingPrv?: Key
-  ): Promise<PgpMsgMethod.EncryptAnyArmorResult> => {
+  private encryptDataArmor = async (data: Buf, pwd: string | undefined, pubs: PubkeyResult[], signingPrv?: Key): Promise<PgpMsgMethod.EncryptResult> => {
     const pgpPubs = pubs.filter(pub => pub.pubkey.family === 'openpgp');
     const encryptAsOfDate = await this.encryptMsgAsOfDateIfSomeAreExpiredAndUserConfirmedModal(pgpPubs);
     const pubsForEncryption = pubs.map(entry => entry.pubkey);
-    return (await MsgUtil.encryptMessage({
+    return await MsgUtil.encryptMessage({
       pubkeys: pubsForEncryption,
       signingPrv,
       pwd,
       data,
       armor: true,
       date: encryptAsOfDate,
-    })) as PgpMsgMethod.EncryptAnyArmorResult;
+    });
   };
 
   private getPwdMsgSendableBodyWithOnlineReplyMsgToken = async (

@@ -165,10 +165,9 @@ export class ComposeView extends View {
     const storage = await AcctStore.get(this.acctEmail, ['sendAs', 'hide_message_password', 'fesUrl']);
     this.clientConfiguration = await ClientConfiguration.newInstance(this.acctEmail);
     if (this.clientConfiguration.shouldHideArmorMeta()) {
-      opgp.config.show_comment = false;
-      opgp.config.show_version = false;
+      opgp.config.showComment = false;
+      opgp.config.showVersion = false;
     }
-    opgp.initWorker({ path: '/lib/openpgp.worker.js' });
     this.pubLookup = new PubLookup(this.clientConfiguration);
     this.tabId = await BrowserMsg.requiredTabId();
     this.factory = new XssSafeFactory(this.acctEmail, this.tabId);

@@ -128,7 +128,7 @@ View.run(
       if (!(await Ui.modal.confirm(revokeConfirmMsg))) {
         return;
       }
-      const revokedArmored = await KeyUtil.revoke(prv);
+      const revokedArmored = await KeyUtil.getOrCreateRevocationCertificate(prv);
       if (!revokedArmored) {
         await Ui.modal.error(`Could not produce revocation cert (empty)`);
         return;

@@ -126,8 +126,8 @@ export class SetupView extends View {
     this.storage.email_provider = this.storage.email_provider || 'gmail';
     this.clientConfiguration = await ClientConfiguration.newInstance(this.acctEmail);
     if (this.clientConfiguration.shouldHideArmorMeta() && typeof opgp !== 'undefined') {
-      opgp.config.show_comment = false;
-      opgp.config.show_version = false;
+      opgp.config.showComment = false;
+      opgp.config.showVersion = false;
     }
     this.pubLookup = new PubLookup(this.clientConfiguration);
     if (this.clientConfiguration.usesKeyManager() && this.idToken) {

@@ -6,7 +6,6 @@ import { GoogleAuth } from '../common/api/email-provider/gmail/google-auth.js';
 import { Bm, BrowserMsg } from '../common/browser/browser-msg.js';
 import { emailKeyIndex } from '../common/core/common.js';
 import { VERSION } from '../common/core/const.js';
-import { opgp } from '../common/core/crypto/pgp/openpgpjs-custom.js';
 import { ExpirationCache } from '../common/core/expiration-cache.js';
 import { processAndStoreKeysFromEkmLocally, getLocalKeyExpiration } from '../common/helpers.js';
 import { Catch } from '../common/platform/catch.js';
@@ -20,8 +19,6 @@ import { migrateGlobal, moveContactsToEmailsAndPubkeys, updateOpgpRevocations, u
 
 console.info('background_process.js starting');
 
-opgp.initWorker({ path: '/lib/openpgp.worker.js' });
-
 (async () => {
   let db: IDBDatabase;
   let storage: GlobalStoreDict;

@@ -346,7 +346,7 @@ export class BrowserMsg {
     BrowserMsg.bgAddListener('pgpMsgDiagnosePubkeys', MsgUtil.diagnosePubkeys);
     BrowserMsg.bgAddListener('pgpMsgDecrypt', MsgUtil.decryptMessage);
     BrowserMsg.bgAddListener('pgpMsgVerifyDetached', MsgUtil.verifyDetached);
-    BrowserMsg.bgAddListener('pgpMsgType', MsgUtil.type);
+    BrowserMsg.bgAddListener('pgpMsgType', async (r: Bm.PgpMsgType) => MsgUtil.type(r));
     BrowserMsg.bgAddListener('saveFetchedPubkeys', saveFetchedPubkeysIfNewerThanInStorage);
     BrowserMsg.bgAddListener('pgpKeyBinaryToArmored', async (r: Bm.PgpKeyBinaryToArmored) => ({
       keys: await KeyUtil.parseAndArmorKeys(r.binaryKeysData),

@@ -8,6 +8,7 @@ import { MsgBlockParser } from '../msg-block-parser.js';
 import { PgpArmor } from './pgp/pgp-armor.js';
 import { opgp } from './pgp/openpgpjs-custom.js';
 import { OpenPGPKey } from './pgp/openpgp-key.js';
+import type * as OpenPGP from 'openpgp';
 import { SmimeKey } from './smime/smime-key.js';
 import { MsgBlock } from '../msg-block.js';
 import { EmailParts } from '../common.js';
@@ -95,7 +96,7 @@ export interface KeyInfoWithIdentityAndOptionalPp extends KeyInfoWithIdentity {
 
 export type KeyAlgo = 'curve25519' | 'rsa2048' | 'rsa3072' | 'rsa4096';
 
-export type PrvPacket = OpenPGP.packet.SecretKey | OpenPGP.packet.SecretSubkey;
+export type PrvPacket = OpenPGP.SecretKeyPacket | OpenPGP.SecretSubkeyPacket;
 
 export class UnexpectedKeyTypeError extends Error {}
 
@@ -203,7 +204,7 @@ export class KeyUtil {
       allErr: Error[] = [];
     let uncheckedOpgpKeyCount = 0;
     try {
-      const { keys, err } = await opgp.key.read(key);
+      const keys = await opgp.readKeys({ binaryKeys: key }); // todo: opgp.readKey ?
       uncheckedOpgpKeyCount = keys.length;
       for (const key of keys) {
         try {
@@ -221,9 +222,9 @@ export class KeyUtil {
           allErr.push(e as Error);
         }
       }
-      if (err) {
+      /* todo: re-throw? if (err) {
         allErr.push(...err);
-      }
+      } */
     } catch (e) {
       allErr.push(e as Error);
     }
@@ -246,14 +247,21 @@ export class KeyUtil {
     throw new Error(err.length ? err.map((e, i) => i + 1 + '. ' + e.message).join('\n') : 'Should not happen: no keys and no errors.');
   };
 
-  public static armor = (pubkey: Key): string => {
-    const armored = (pubkey as unknown as { rawArmored: string }).rawArmored;
+  public static armor = (key: Key): string => {
+    const armored = (key as unknown as { rawArmored: string }).rawArmored;
     if (!armored) {
       throw new Error('The Key object has no rawArmored field.');
     }
     return armored;
   };
 
+  // remove crypto-library objects (useful when sending the object to/from background)
+  public static pack = (key: Key): void => {
+    if (key.family === 'openpgp') {
+      OpenPGPKey.pack(key);
+    }
+  };
+
   public static diagnose = async (key: Key, passphrase: string): Promise<Map<string, string>> => {
     let result = new Map<string, string>();
     result.set(`Key type`, key.family);
@@ -303,16 +311,17 @@ export class KeyUtil {
   };
 
   // todo - this should be made to tolerate smime keys
-  public static normalize = async (armored: string): Promise<{ normalized: string; keys: OpenPGP.key.Key[] }> => {
+  public static normalize = async (type: 'publicKey' | 'privateKey', armored: string): Promise<{ normalized: string; keys: OpenPGP.Key[] }> => {
     try {
-      let keys: OpenPGP.key.Key[] = [];
+      let keys: OpenPGP.Key[] = [];
       armored = PgpArmor.normalize(armored, 'key');
       if (RegExp(PgpArmor.headers('publicKey', 're').begin).test(armored)) {
-        keys = (await opgp.key.readArmored(armored)).keys;
+        keys = await opgp.readKeys({ armoredKeys: armored });
       } else if (RegExp(PgpArmor.headers('privateKey', 're').begin).test(armored)) {
-        keys = (await opgp.key.readArmored(armored)).keys;
+        keys = await opgp.readKeys({ armoredKeys: armored });
       } else if (RegExp(PgpArmor.headers('encryptedMsg', 're').begin).test(armored)) {
-        keys = [new opgp.key.Key((await opgp.message.readArmored(armored)).packets)];
+        const packets = (await opgp.readMessage({ armoredMessage: armored })).packets;
+        keys = [type === 'publicKey' ? new opgp.PublicKey(packets) : new opgp.PrivateKey(packets)];
       }
       for (const k of keys) {
         for (const u of k.users) {
@@ -350,7 +359,7 @@ export class KeyUtil {
   public static decrypt = async (
     key: Key,
     passphrase: string,
-    optionalKeyid?: OpenPGP.Keyid,
+    optionalKeyid?: OpenPGP.KeyID,
     optionalBehaviorFlag?: 'OK-IF-ALREADY-DECRYPTED'
   ): Promise<boolean> => {
     if (key.family === 'openpgp') {
@@ -385,11 +394,11 @@ export class KeyUtil {
     }
   };
 
-  public static revoke = async (key: Key): Promise<string | undefined> => {
+  public static getOrCreateRevocationCertificate = async (key: Key): Promise<string | undefined> => {
     if (key.family === 'openpgp') {
-      return await OpenPGPKey.revoke(key);
+      return await OpenPGPKey.getOrCreateRevocationCertificate(key);
     } else {
-      throw new Error(`KeyUtil.revoke does not support key family ${key.family}`);
+      throw new Error(`KeyUtil.getOrCreateRevocationCertificate does not support key family ${key.family}`);
     }
   };