From 544fae4aad9229de7d5c4a1af0a30081e0974c69 Mon Sep 17 00:00:00 2001
From: Tankred Hase <tankred@whiteout.io>
Date: Thu, 5 Dec 2013 23:23:32 +0100
Subject: [PATCH] fix signature bug in openpgp.js and integrate into pgp module

---
 src/js/crypto/pgp.js       |  2 --
 src/lib/openpgp/openpgp.js | 24 +++++++++++-------------
 test/new-unit/pgp-test.js  |  2 +-
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/src/js/crypto/pgp.js b/src/js/crypto/pgp.js
index f263504..8d87979 100644
--- a/src/js/crypto/pgp.js
+++ b/src/js/crypto/pgp.js
@@ -160,8 +160,6 @@ define(function(require) {
         }
 
         try {
-            // format: \n -> \r\n
-            plaintext = plaintext.replace(/\r\n/g, '\n').replace(/[\t ]+\n/g, "\n").replace(/\n/g, '\r\n');
             // encrypt and sign the plaintext
             ct = openpgp.write_signed_and_encrypted_message(privateKey, receiverKeys, plaintext);
         } catch (err) {
diff --git a/src/lib/openpgp/openpgp.js b/src/lib/openpgp/openpgp.js
index 40f0274..e73008f 100644
--- a/src/lib/openpgp/openpgp.js
+++ b/src/lib/openpgp/openpgp.js
@@ -7598,7 +7598,7 @@ function openpgp_encoding_deArmor(text) {
 		// splittedtext[indexBase] - the message
 		// splittedtext[indexBase + 1] - the signature and checksum
 
-		var msg = openpgp_encoding_split_headers(splittedtext[indexBase].replace(/^- /mg, ''));
+		var msg = openpgp_encoding_split_headers(splittedtext[indexBase].replace(/^- /mg, '').replace(/[\t ]+\n/g, "\n"));
 		var sig = openpgp_encoding_split_headers(splittedtext[indexBase + 1].replace(/^- /mg, ''));
 		var sig_sum = openpgp_encoding_split_checksum(sig.body);
 
@@ -8310,7 +8310,7 @@ function _openpgp () {
 	 */
 	function write_signed_and_encrypted_message(privatekey, publickeys, messagetext) {
 		var result = "";
-		var literal = new openpgp_packet_literaldata().write_packet(messagetext.replace(/\r\n/g,"\n").replace(/\n/g,"\r\n"));
+		var literal = new openpgp_packet_literaldata().write_packet(messagetext.replace(/\r/g,'').replace(/\n/g,"\r\n"));
 		util.print_debug_hexstr_dump("literal_packet: |"+literal+"|\n",literal);
 		for (var i = 0; i < publickeys.length; i++) {
 			var onepasssignature = new openpgp_packet_onepasssignature();
@@ -8367,7 +8367,7 @@ function _openpgp () {
 	 */
 	function write_encrypted_message(publickeys, messagetext) {
 		var result = "";
-		var literal = new openpgp_packet_literaldata().write_packet(messagetext.replace(/\r\n/g,"\n").replace(/\n/g,"\r\n"));
+		var literal = new openpgp_packet_literaldata().write_packet(messagetext.replace(/\r/g,'').replace(/\n/g,"\r\n"));
 		util.print_debug_hexstr_dump("literal_packet: |"+literal+"|\n",literal);
 		result = literal;
 		
@@ -8410,9 +8410,10 @@ function _openpgp () {
 	 * This can be directly used to OpenPGP armor the message
 	 */
 	function write_signed_message(privatekey, messagetext) {
-		var sig = new openpgp_packet_signature().write_message_signature(1, messagetext.replace(/\r\n/g,"\n").replace(/\n/g,"\r\n"), privatekey);
-		var result = {text: messagetext.replace(/\r\n/g,"\n").replace(/\n/g,"\r\n"), openpgp: sig.openpgp, hash: sig.hash};
-		return openpgp_encoding_armor(2,result, null, null)
+		var canonicalMsgText = messagetext.replace(/\r/g,'').replace(/[\t ]+\n/g, "\n").replace(/\n/g,"\r\n");
+		var sig = new openpgp_packet_signature().write_message_signature(1, canonicalMsgText, privatekey);
+		var result = {text: canonicalMsgText, openpgp: sig.openpgp, hash: sig.hash};
+		return openpgp_encoding_armor(2, result, null, null)
 	}
 	
 	/**
@@ -12130,21 +12131,18 @@ function openpgp_packet_signature() {
 			break;
 
 		case 1: // 0x01: Signature of a canonical text document.
-			var tohash = data
-				.replace(/\r\n/g,"\n")
-				.replace(/[\t ]+\n/g, "\n")
-				.replace(/\n/g,"\r\n");
+			var canonicalMsgText = data.replace(/\r/g,'').replace(/\n/g,"\r\n");
 			if (openpgp.config.debug) {
-				util.print_debug('tohash: '+util.hexdump(tohash));
+				util.print_debug('canonicalMsgText: '+util.hexdump(canonicalMsgText));
 				util.print_debug('signatureData: '+util.hexdump(this.signatureData));
 				util.print_debug('trailer: '+util.hexdump(trailer));
 			}
 			if (this.version == 4) {
 				this.verified = openpgp_crypto_verifySignature(this.publicKeyAlgorithm, this.hashAlgorithm, 
-					this.MPIs, key.obj.publicKeyPacket.MPIs, tohash+this.signatureData+trailer);
+					this.MPIs, key.obj.publicKeyPacket.MPIs, canonicalMsgText+this.signatureData+trailer);
 			} else if (this.version == 3) {
 				this.verified = openpgp_crypto_verifySignature(this.publicKeyAlgorithm, this.hashAlgorithm, 
-					this.MPIs, key.obj.publicKeyPacket.MPIs, tohash+this.signatureData);
+					this.MPIs, key.obj.publicKeyPacket.MPIs, canonicalMsgText+this.signatureData);
 			} else {
 				this.verified = false;
 			}
diff --git a/test/new-unit/pgp-test.js b/test/new-unit/pgp-test.js
index c33a97b..d1f177a 100644
--- a/test/new-unit/pgp-test.js
+++ b/test/new-unit/pgp-test.js
@@ -199,7 +199,7 @@ define(function(require) {
                 it('should work', function(done) {
                     pgp.decrypt(ciphertext, pubkey, function(err, pt) {
                         expect(err).to.not.exist;
-                        expect(pt).to.equal(message.replace(/\r\n/g, '\n').replace(/[\t ]+\n/g, "\n").replace(/\n/g, '\r\n'));
+                        expect(pt).to.equal(message.replace(/\r\n/g, '\n').replace(/\n/g, '\r\n'));
                         done();
                     });
                 });