From 38863585920b4507b2da09561be240624359c24c Mon Sep 17 00:00:00 2001 From: larabr Date: Fri, 9 Jul 2021 17:44:34 +0200 Subject: [PATCH] Remove `valid` and `error` from the verification result of `openpgp.verify` and `decrypt` (#1348) This change is to make the code more consistent between the streaming and non-streaming cases. The validity of a signature (or the corresponding verification error) can be determined through the existing `verified` property. --- README.md | 51 +++++++----- openpgp.d.ts | 14 ++-- src/cleartext.js | 2 +- src/message.js | 8 +- src/openpgp.js | 29 +------ test/general/brainpool.js | 22 +++--- test/general/config.js | 17 ++-- test/general/ecc_nist.js | 12 +-- test/general/ecc_secp256k1.js | 10 +-- test/general/key.js | 8 +- test/general/openpgp.js | 143 ++++++++++++++++------------------ test/general/signature.js | 121 ++++++++++++++-------------- test/general/streaming.js | 6 +- test/general/x25519.js | 18 ++--- test/security/subkey_trust.js | 3 +- test/worker/worker_example.js | 4 +- 16 files changed, 222 insertions(+), 246 deletions(-) diff --git a/README.md b/README.md index 34d7a8bd..09ea0d27 100644 --- a/README.md +++ b/README.md @@ -233,7 +233,13 @@ const openpgp = require('openpgp'); // use as CommonJS, AMD, ES6 module or via w decryptionKeys: privateKey }); console.log(decrypted); // 'Hello, World!' - console.log(signatures[0].valid) // signature validity (signed messages only) + // check signature validity (signed messages only) + try { + await signatures[0].verified; // throws on invalid signature + console.log('Signature is valid'); + } catch (e) { + throw new Error('Signature could not be verified: ' + e.message); + } })(); ``` @@ -441,6 +447,7 @@ and a subkey for encryption using Curve25519. userIDs: [{ name: 'Jon Smith', email: 'jon@example.com' }], // you can pass multiple user IDs passphrase: 'super long and hard to guess secret', // protects the private key format: 'armor' // output key format, defaults to 'armor' (other options: 'binary' or 'object') + }); console.log(privateKey); // '-----BEGIN PGP PRIVATE KEY BLOCK ... ' console.log(publicKey); // '-----BEGIN PGP PUBLIC KEY BLOCK ... ' @@ -515,15 +522,16 @@ Using the private key: const signedMessage = await openpgp.readCleartextMessage({ cleartextMessage // parse armored message }); - const verified = await openpgp.verify({ + const verificationResult = await openpgp.verify({ message: signedMessage, verificationKeys: publicKey }); - const { valid } = verified.signatures[0]; - if (valid) { - console.log('signed by key id ' + verified.signatures[0].keyID.toHex()); - } else { - throw new Error('signature could not be verified'); + const { verified, keyID } = verificationResult.signatures[0]; + try { + await verified; // throws on invalid signature + console.log('Signed by key id ' + keyID.toHex()); + } catch (e) { + throw new Error('Signature could not be verified: ' + e.message); } })(); ``` @@ -558,16 +566,17 @@ Using the private key: const signature = await openpgp.readSignature({ armoredSignature: detachedSignature // parse detached signature }); - const verified = await openpgp.verify({ + const verificationResult = await openpgp.verify({ message, // Message object signature, verificationKeys: publicKey }); - const { valid } = verified.signatures[0]; - if (valid) { - console.log('signed by key id ' + verified.signatures[0].keyID.toHex()); - } else { - throw new Error('signature could not be verified'); + const { verified, keyID } = verificationResult.signatures[0]; + try { + await verified; // throws on invalid signature + console.log('Signed by key id ' + keyID.toHex()); + } catch (e) { + throw new Error('Signature could not be verified: ' + e.message); } })(); ``` @@ -603,21 +612,21 @@ Using the private key: }); console.log(signatureArmored); // ReadableStream containing '-----BEGIN PGP MESSAGE ... END PGP MESSAGE-----' - const verified = await openpgp.verify({ + const verificationResult = await openpgp.verify({ message: await openpgp.readMessage({ armoredMessage: signatureArmored }), // parse armored signature verificationKeys: await openpgp.readKey({ armoredKey: publicKeyArmored }) }); - for await (const chunk of verified.data) {} - // Note: you *have* to read `verified.data` in some way or other, + for await (const chunk of verificationResult.data) {} + // Note: you *have* to read `verificationResult.data` in some way or other, // even if you don't need it, as that is what triggers the // verification of the data. - const valid = await verified.signatures[0].verified; - if (valid) { - console.log('signed by key id ' + verified.signatures[0].keyID.toHex()); - } else { - throw new Error('signature could not be verified'); + try { + await verificationResult.signatures[0].verified; // throws on invalid signature + console.log('Signed by key id ' + verificationResult.signatures[0].keyID.toHex()); + } catch (e) { + throw new Error('Signature could not be verified: ' + e.message); } })(); ``` diff --git a/openpgp.d.ts b/openpgp.d.ts index aa855626..a0c418aa 100644 --- a/openpgp.d.ts +++ b/openpgp.d.ts @@ -38,8 +38,8 @@ export function revokeKey(options: { key: PublicKey, revocationCertificate: stri export abstract class Key { public readonly keyPacket: PublicKeyPacket | SecretKeyPacket; - public subkeys: Subkey[]; - public users: User[]; + public subkeys: Subkey[]; // do not add/replace users directly + public users: User[]; // do not add/replace subkeys directly public revocationSignatures: SignaturePacket[]; public write(): Uint8Array; public armor(config?: Config): string; @@ -58,7 +58,7 @@ export abstract class Key { public verifyPrimaryUser(publicKeys: PublicKey[], date?: Date, userIDs?: UserID, config?: Config): Promise<{ keyID: KeyID, valid: boolean | null }[]>; public verifyAllUsers(publicKeys: PublicKey[], date?: Date, config?: Config): Promise<{ userID: string, keyID: KeyID, valid: boolean | null }[]>; public isRevoked(signature: SignaturePacket, key?: AnyKeyPacket, date?: Date, config?: Config): Promise; - public getRevocationCertificate(date?: Date, config?: Config): Promise | string | undefined>; + public getRevocationCertificate(date?: Date, config?: Config): Promise | undefined>; public getEncryptionKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise; public getSigningKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise; public getKeys(keyID?: KeyID): (this | Subkey)[]; @@ -132,7 +132,7 @@ export class Signature { interface VerificationResult { keyID: KeyID; - verified: Promise; + verified: Promise; // throws on invalid signature signature: Promise; } @@ -265,7 +265,7 @@ export class Message> { /** Get literal data that is the body of the message */ - public getLiteralData(): Uint8Array | Stream | null; + public getLiteralData(): MaybeStream | null; /** Returns the key IDs of the keys that signed the message */ @@ -273,7 +273,7 @@ export class Message> { /** Get literal data as text */ - public getText(): string | Stream | null; + public getText(): MaybeStream | null; public getFilename(): string | null; @@ -603,7 +603,7 @@ interface DecryptOptions { /** (optional) passwords to decrypt the message */ passwords?: MaybeArray; /** (optional) session keys in the form: { data:Uint8Array, algorithm:String } */ - sessionKeys?: SessionKey | SessionKey[]; + sessionKeys?: MaybeArray; /** (optional) array of public keys or single key, to verify signatures */ verificationKeys?: MaybeArray; /** (optional) whether data decryption should fail if the message is not signed with the provided publicKeys */ diff --git a/src/cleartext.js b/src/cleartext.js index 9d1cea64..98ceb4c4 100644 --- a/src/cleartext.js +++ b/src/cleartext.js @@ -83,7 +83,7 @@ export class CleartextMessage { * @returns {Promise, - * verified: Promise + * verified: Promise * }>>} List of signer's keyID and validity of signature. * @async */ diff --git a/src/message.js b/src/message.js index 455c8587..825f62e3 100644 --- a/src/message.js +++ b/src/message.js @@ -535,7 +535,7 @@ export class Message { * @returns {Promise, - * verified: Promise + * verified: Promise * }>>} List of signer's keyID and validity of signatures. * @async */ @@ -592,7 +592,7 @@ export class Message { * @returns {Promise, - * verified: Promise + * verified: Promise * }>>} List of signer's keyID and validity of signature. * @async */ @@ -699,7 +699,7 @@ export async function createSignaturePackets(literalDataPacket, signingKeys, sig * @returns {Promise<{ * keyID: module:type/keyid~KeyID, * signature: Promise, - * verified: Promise + * verified: Promise * }>} signer's keyID and validity of signature * @async * @private @@ -767,7 +767,7 @@ async function createVerificationObject(signature, literalDataList, verification * @returns {Promise, - * verified: Promise + * verified: Promise * }>>} list of signer's keyID and validity of signatures * @async * @private diff --git a/src/openpgp.js b/src/openpgp.js index 2bf90cfe..3ef5ced0 100644 --- a/src/openpgp.js +++ b/src/openpgp.js @@ -300,8 +300,8 @@ export async function encrypt({ message, encryptionKeys, signingKeys, passwords, * signatures: [ * { * keyID: module:type/keyid~KeyID, - * verified: Promise, - * valid: Boolean (if `message` was not created from a stream) + * verified: Promise, + * signature: Promise * }, ... * ] * } @@ -340,7 +340,6 @@ export async function decrypt({ message, decryptionKeys, passwords, sessionKeys, ]); } result.data = await convertStream(result.data, message.fromStream, format); - if (!message.fromStream) await prepareSignatures(result.signatures); return result; } catch (err) { throw util.wrapError('Error decrypting message', err); @@ -422,8 +421,8 @@ export async function sign({ message, signingKeys, armor = true, detached = fals * signatures: [ * { * keyID: module:type/keyid~KeyID, - * verified: Promise, - * valid: Boolean (if `message` was not created from a stream) + * verified: Promise, + * signature: Promise * }, ... * ] * } @@ -460,7 +459,6 @@ export async function verify({ message, verificationKeys, expectSigned = false, ]); } result.data = await convertStream(result.data, message.fromStream, format); - if (!message.fromStream) await prepareSignatures(result.signatures); return result; } catch (err) { throw util.wrapError('Error verifying signed message', err); @@ -653,25 +651,6 @@ function linkStreams(result, message) { }); } -/** - * Wait until signature objects have been verified - * @param {Object} signatures - list of signatures - * @async - * @private - */ -async function prepareSignatures(signatures) { - await Promise.all(signatures.map(async signature => { - signature.signature = await signature.signature; - try { - signature.valid = await signature.verified; - } catch (e) { - signature.valid = false; - signature.error = e; - util.printDebugError(e); - } - })); -} - /** * Convert the key object to the given format * @param {Key} key diff --git a/test/general/brainpool.js b/test/general/brainpool.js index 4468fcab..30c16b2c 100644 --- a/test/general/brainpool.js +++ b/test/general/brainpool.js @@ -203,11 +203,11 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g= it('Verify clear signed message', async function () { const pub = await load_pub_key('juliet'); const msg = await openpgp.readCleartextMessage({ cleartextMessage: data.juliet.message_signed }); - return openpgp.verify({ verificationKeys: [pub], message: msg }).then(function(result) { + return openpgp.verify({ verificationKeys: [pub], message: msg }).then(async function(result) { expect(result).to.exist; expect(result.data).to.equal(data.juliet.message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); }); it('Sign message', async function () { @@ -220,7 +220,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g= expect(result).to.exist; expect(result.data).to.equal(data.romeo.message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Decrypt and verify message', async function () { const juliet = await load_pub_key('juliet'); @@ -231,7 +231,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g= expect(result).to.exist; expect(result.data).to.equal(data.romeo.message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Decrypt and verify message with leading zero in hash', async function () { const juliet = await load_priv_key('juliet'); @@ -242,7 +242,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g= expect(result).to.exist; expect(result.data).to.equal(data.romeo.message_with_leading_zero_in_hash); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Decrypt and verify message with leading zero in hash signed with old elliptic algorithm', async function () { //this test would not work with nodeCrypto, since message is signed with leading zero stripped from the hash @@ -256,7 +256,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g= expect(result).to.exist; expect(result.data).to.equal(data.romeo.message_with_leading_zero_in_hash_old_elliptic_implementation); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Encrypt and sign message', async function () { @@ -272,7 +272,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g= expect(result).to.exist; expect(result.data).to.equal(data.romeo.message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); tryTests('Brainpool Omnibus Tests @lightweight', omnibus, { @@ -292,13 +292,13 @@ function omnibus() { await openpgp.verify({ message: await openpgp.readCleartextMessage({ cleartextMessage }), verificationKeys: pubHi - }).then(output => expect(output.signatures[0].valid).to.be.true); + }).then(output => expect(output.signatures[0].verified).to.eventually.be.true); // Verifying detached signature await openpgp.verify({ message: await openpgp.createMessage({ text: util.removeTrailingSpaces(testData) }), verificationKeys: pubHi, signature: (await openpgp.readCleartextMessage({ cleartextMessage })).signature - }).then(output => expect(output.signatures[0].valid).to.be.true); + }).then(output => expect(output.signatures[0].verified).to.eventually.be.true); // Encrypting and signing const encrypted = await openpgp.encrypt({ @@ -311,9 +311,9 @@ function omnibus() { message: await openpgp.readMessage({ armoredMessage: encrypted }), decryptionKeys: bye, verificationKeys: [pubHi] - }).then(output => { + }).then(async output => { expect(output.data).to.equal(testData2); - expect(output.signatures[0].valid).to.be.true; + await expect(output.signatures[0].verified).to.eventually.be.true; }); }); } diff --git a/test/general/config.js b/test/general/config.js index 9d487614..ae66d181 100644 --- a/test/general/config.js +++ b/test/general/config.js @@ -249,7 +249,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z verificationKeys: [key] }); expect(data).to.equal(plaintext); - expect(signatures[0].valid).to.be.true; + expect(await signatures[0].verified).to.be.true; const { data: data2, signatures: signatures2 } = await openpgp.decrypt({ message: await openpgp.readMessage({ armoredMessage }), @@ -258,8 +258,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z config: { minRSABits: 4096 } }); expect(data2).to.equal(plaintext); - expect(signatures2[0].valid).to.be.false; - expect(signatures2[0].error).to.match(/keys shorter than 4096 bits are considered too weak/); + await expect(signatures2[0].verified).to.be.rejectedWith(/keys shorter than 4096 bits are considered too weak/); const { data: data3, signatures: signatures3 } = await openpgp.decrypt({ message: await openpgp.readMessage({ armoredMessage }), @@ -268,8 +267,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.rsaEncryptSign]) } }); expect(data3).to.equal(plaintext); - expect(signatures3[0].valid).to.be.false; - expect(signatures3[0].error).to.match(/rsaEncryptSign keys are considered too weak/); + await expect(signatures3[0].verified).to.be.rejectedWith(/rsaEncryptSign keys are considered too weak/); }); it('openpgp.sign', async function() { @@ -313,7 +311,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z config }; const { signatures: [sig] } = await openpgp.verify(opt); - await expect(sig.error).to.match(/Insecure message hash algorithm/); + await expect(sig.verified).to.be.rejectedWith(/Insecure message hash algorithm/); const armoredSignature = await openpgp.sign({ message, signingKeys: key, detached: true }); const opt2 = { message, @@ -322,7 +320,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z config }; const { signatures: [sig2] } = await openpgp.verify(opt2); - await expect(sig2.error).to.match(/Insecure message hash algorithm/); + await expect(sig2.verified).to.be.rejectedWith(/Insecure message hash algorithm/); const cleartext = await openpgp.createCleartextMessage({ text: 'test' }); const signedCleartext = await openpgp.sign({ message: cleartext, signingKeys: key }); @@ -332,7 +330,7 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z config }; const { signatures: [sig3] } = await openpgp.verify(opt3); - await expect(sig3.error).to.match(/Insecure message hash algorithm/); + await expect(sig3.verified).to.be.rejectedWith(/Insecure message hash algorithm/); const opt4 = { message: await openpgp.readMessage({ armoredMessage: signed }), @@ -340,7 +338,6 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.eddsa]) } }; const { signatures: [sig4] } = await openpgp.verify(opt4); - await expect(sig4.valid).to.be.false; - await expect(sig4.error).to.match(/eddsa keys are considered too weak/); + await expect(sig4.verified).to.be.rejectedWith(/eddsa keys are considered too weak/); }); }); diff --git a/test/general/ecc_nist.js b/test/general/ecc_nist.js index 0090e9f2..e2e790f3 100644 --- a/test/general/ecc_nist.js +++ b/test/general/ecc_nist.js @@ -20,13 +20,13 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38 await openpgp.verify({ message: await openpgp.readCleartextMessage({ cleartextMessage }), verificationKeys: pubHi - }).then(output => expect(output.signatures[0].valid).to.be.true); + }).then(output => expect(output.signatures[0].verified).to.eventually.be.true); // Verifying detached signature await openpgp.verify({ message: await openpgp.createMessage({ text: util.removeTrailingSpaces(testData) }), verificationKeys: pubHi, signature: (await openpgp.readCleartextMessage({ cleartextMessage })).signature - }).then(output => expect(output.signatures[0].valid).to.be.true); + }).then(output => expect(output.signatures[0].verified).to.eventually.be.true); // Encrypting and signing const encrypted = await openpgp.encrypt({ @@ -39,9 +39,9 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38 message: await openpgp.readMessage({ armoredMessage: encrypted }), decryptionKeys: bye, verificationKeys: [pubHi] - }).then(output => { + }).then(async output => { expect(output.data).to.equal(testData2); - expect(output.signatures[0].valid).to.be.true; + await expect(output.signatures[0].verified).to.eventually.be.true; }); }); } @@ -55,7 +55,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38 const signature = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), signingKeys: privateKey }); const msg = await openpgp.readCleartextMessage({ cleartextMessage: signature }); const result = await openpgp.verify({ message: msg, verificationKeys: publicKey }); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Encrypt and sign message', async function () { @@ -71,7 +71,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38 }); const message = await openpgp.readMessage({ armoredMessage: encrypted }); const result = await openpgp.decrypt({ message, decryptionKeys: secondKey.privateKey, verificationKeys: firstKey.publicKey }); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); // TODO find test vectors diff --git a/test/general/ecc_secp256k1.js b/test/general/ecc_secp256k1.js index db585d1e..893d98c7 100644 --- a/test/general/ecc_secp256k1.js +++ b/test/general/ecc_secp256k1.js @@ -177,11 +177,11 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve it('Verify clear signed message', async function () { const pub = await load_pub_key('juliet'); const msg = await openpgp.readCleartextMessage({ cleartextMessage: data.juliet.message_signed }); - return openpgp.verify({ verificationKeys: [pub], message: msg }).then(function(result) { + return openpgp.verify({ verificationKeys: [pub], message: msg }).then(async function(result) { expect(result).to.exist; expect(result.data).to.equal(data.juliet.message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); }); it('Sign message', async function () { @@ -194,7 +194,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve expect(result).to.exist; expect(result.data).to.equal(data.romeo.message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Decrypt and verify message', async function () { const juliet = await load_pub_key('juliet'); @@ -205,7 +205,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve expect(result).to.exist; expect(result.data).to.equal(data.juliet.message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Encrypt and sign message', async function () { const romeoPrivate = await load_priv_key('romeo'); @@ -220,7 +220,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve expect(result).to.exist; expect(result.data).to.equal(data.romeo.message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Generate key', function () { const options = { diff --git a/test/general/key.js b/test/general/key.js index 4126148d..b4cd1c07 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -2595,10 +2595,10 @@ function versionSpecificTests() { return openpgp.verify( { message: await openpgp.readCleartextMessage({ cleartextMessage: signed }), verificationKeys: newKeyPublic } ).then(async function(verified) { - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; const newSigningKey = await newKey.getSigningKey(); expect(verified.signatures[0].keyID.toHex()).to.equal(newSigningKey.getKeyID().toHex()); - expect(verified.signatures[0].signature.packets.length).to.equal(1); + expect((await verified.signatures[0].signature).packets.length).to.equal(1); }); }); }); @@ -2635,7 +2635,7 @@ function versionSpecificTests() { message: await openpgp.readMessage({ armoredMessage: encrypted }), decryptionKeys: newKey, verificationKeys: newKeyPublic, config: { minRSABits: 1024 } }); expect(decrypted.data).to.equal('hello'); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; }); }); @@ -3484,7 +3484,7 @@ VYGdb3eNlV8CfoEC message: await openpgp.createMessage({ text: 'hello' }), passwords: 'test', signingKeys: privateKey, signingUserIDs: { name: 'Test McTestington', email: 'test@example.com' }, armor: false, config }); const { signatures } = await openpgp.decrypt({ message: await openpgp.readMessage({ binaryMessage: encrypted }), passwords: 'test' }); - expect(signatures[0].signature.packets[0].hashAlgorithm).to.equal(openpgp.enums.hash.sha512); + expect((await signatures[0].signature).packets[0].hashAlgorithm).to.equal(openpgp.enums.hash.sha512); await expect(openpgp.encrypt({ message: await openpgp.createMessage({ text: 'hello' }), encryptionKeys: publicKey, signingKeys: privateKey, signingUserIDs: { name: 'Not Test McTestington', email: 'test@example.com' }, armor: false, config })).to.be.rejectedWith('Could not find user that matches that user ID'); diff --git a/test/general/openpgp.js b/test/general/openpgp.js index 8203c0fe..23f708c9 100644 --- a/test/general/openpgp.js +++ b/test/general/openpgp.js @@ -1261,7 +1261,7 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { expectSigned: true }); expect(data).to.equal(plaintext); - expect(signatures[0].valid).to.be.true; + expect(await signatures[0].verified).to.be.true; }); it('decrypt/verify should throw on missing public keys (expectSigned=true)', async function () { @@ -1443,8 +1443,8 @@ aOU= }); expect(msg.signatures).to.exist; expect(msg.signatures).to.have.length(1); - expect(msg.signatures[0].valid).to.be.true; - expect(msg.signatures[0].signature.packets.length).to.equal(1); + expect(await msg.signatures[0].verified).to.be.true; + expect((await msg.signatures[0].signature).packets.length).to.equal(1); // secret key operations involving the primary key should fail await expect(openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), signingKeys: decryptedDummyKey, config: { rejectPublicKeyAlgorithms: new Set() } @@ -1589,7 +1589,7 @@ aOU= expectSigned: true }); expect(data).to.equal(text); - expect(signatures[0].valid).to.be.true; + expect(await signatures[0].verified).to.be.true; }); it('verify should throw on missing signature (expectSigned=true)', async function () { @@ -2105,10 +2105,10 @@ aOU= return openpgp.decrypt(decOpt); }).then(async function (decrypted) { expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; const signingKey = await privateKey.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2129,10 +2129,10 @@ aOU= return openpgp.decrypt(decOpt); }).then(async function (decrypted) { expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; const signingKey = await privateKey.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2152,10 +2152,10 @@ aOU= return openpgp.decrypt(decOpt); }).then(async function (decrypted) { expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; const signingKey = await privateKey.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2183,10 +2183,10 @@ aOU= return openpgp.decrypt(decOpt); }).then(async function (decrypted) { expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; const signingKey = await newPrivateKey.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); }); }); }); @@ -2216,10 +2216,10 @@ aOU= verificationKeys: newPublicKey }); expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; const signingKey = await newPrivateKey.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); }); it('should encrypt/sign and decrypt/verify with null string input', async function () { @@ -2237,10 +2237,10 @@ aOU= return openpgp.decrypt(decOpt); }).then(async function (decrypted) { expect(decrypted.data).to.equal(''); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; const signingKey = await privateKey.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2261,10 +2261,10 @@ aOU= verificationKeys: publicKey }); expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; const signingKey = await privateKey.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); }); it('should encrypt and decrypt/verify with detached signature as input for encryption', async function () { @@ -2307,14 +2307,14 @@ aOU= }).then(async function (decrypted) { let signingKey; expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; signingKey = await privateKey.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); - expect(decrypted.signatures[1].valid).to.be.true; + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); + expect(await decrypted.signatures[1].verified).to.be.true; signingKey = await privKeyDE.getSigningKey(); expect(decrypted.signatures[1].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[1].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[1].signature).packets.length).to.equal(1); }); } finally { openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms; @@ -2346,11 +2346,10 @@ aOU= return openpgp.decrypt(decOpt); }).then(async function ({ signatures, data }) { expect(data).to.equal(plaintext); - expect(signatures[0].valid).to.be.false; - expect(signatures[0].error).to.match(/Could not find signing key/); + await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/); const signingKey = await privateKey.getSigningKey(); expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(signatures[0].signature.packets.length).to.equal(1); + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2369,11 +2368,10 @@ aOU= return openpgp.decrypt(decOpt); }).then(async function ({ signatures, data }) { expect(data).to.equal(plaintext); - expect(signatures[0].valid).to.be.false; - expect(signatures[0].error).to.match(/Could not find signing key/); + await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/); const signingKey = await privateKey.getSigningKey(); expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(signatures[0].signature.packets.length).to.equal(1); + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2392,11 +2390,10 @@ aOU= return openpgp.decrypt(decOpt); }).then(async function ({ signatures, data }) { expect(data).to.equal(''); - expect(signatures[0].valid).to.be.false; - expect(signatures[0].error).to.match(/Could not find signing key/); + await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/); const signingKey = await privateKey.getSigningKey(); expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(signatures[0].signature.packets.length).to.equal(1); + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2414,11 +2411,10 @@ aOU= return openpgp.decrypt(decOpt); }).then(async function ({ signatures, data }) { expect(data).to.equal(plaintext); - expect(signatures[0].valid).to.be.false; - expect(signatures[0].error).to.match(/Could not find signing key/); + await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/); const signingKey = await privateKey.getSigningKey(); expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(signatures[0].signature.packets.length).to.equal(1); + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2439,11 +2435,10 @@ aOU= verificationKeys: await openpgp.readKey({ armoredKey: wrong_pubkey }) }); expect(data).to.equal(plaintext); - expect(signatures[0].valid).to.be.false; - expect(signatures[0].error).to.match(/Could not find signing key/); + await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/); const signingKey = await privateKey.getSigningKey(); expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(signatures[0].signature.packets.length).to.equal(1); + expect((await signatures[0].signature).packets.length).to.equal(1); }); it('should encrypt and decrypt/verify both signatures when signed with two private keys', async function () { @@ -2475,14 +2470,14 @@ aOU= }).then(async function (decrypted) { let signingKey; expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; signingKey = await privateKey.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); - expect(decrypted.signatures[1].valid).to.be.true; + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); + expect(await decrypted.signatures[1].verified).to.be.true; signingKey = await privKeyDE.getSigningKey(); expect(decrypted.signatures[1].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[1].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[1].signature).packets.length).to.equal(1); }); } finally { openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms; @@ -2591,10 +2586,10 @@ aOU= }).then(async function (decrypted) { expect(decrypted.data).to.exist; expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; const signingKey = await privKeyDE.getSigningKey(); expect(decrypted.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + expect((await decrypted.signatures[0].signature).packets.length).to.equal(1); }); } finally { openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms; @@ -2837,10 +2832,10 @@ aOU= return openpgp.verify(verifyOpt); }).then(async function (verified) { expect(verified.data).to.equal(plaintext.replace(/[ \t]+$/mg, '')); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; const signingKey = await privateKey.getSigningKey(); expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(verified.signatures[0].signature.packets.length).to.equal(1); + expect((await verified.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2869,14 +2864,14 @@ aOU= }).then(async function (verified) { let signingKey; expect(verified.data).to.equal(plaintext.replace(/[ \t]+$/mg, '')); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; signingKey = await privateKey.getSigningKey(); expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(verified.signatures[0].signature.packets.length).to.equal(1); - expect(verified.signatures[1].valid).to.be.true; + expect((await verified.signatures[0].signature).packets.length).to.equal(1); + expect(await verified.signatures[1].verified).to.be.true; signingKey = await privKeyDE.getSigningKey(); expect(verified.signatures[1].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(verified.signatures[1].signature.packets.length).to.equal(1); + expect((await verified.signatures[1].signature).packets.length).to.equal(1); }); } finally { openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms; @@ -2899,10 +2894,10 @@ aOU= return openpgp.verify(verifyOpt); }).then(async function (verified) { expect(verified.data).to.equal(plaintext); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; const signingKey = await privateKey.getSigningKey(); expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(verified.signatures[0].signature.packets.length).to.equal(1); + expect((await verified.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2920,11 +2915,10 @@ aOU= return openpgp.verify(verifyOpt); }).then(async function ({ data, signatures }) { expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, '')); - expect(signatures[0].valid).to.be.false; - expect(signatures[0].error).to.match(/Could not find signing key/); + await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/); const signingKey = await privateKey.getSigningKey(); expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(signatures[0].signature.packets.length).to.equal(1); + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2944,11 +2938,10 @@ aOU= return openpgp.verify(verifyOpt); }).then(async function ({ data, signatures }) { expect(data).to.equal(plaintext); - expect(signatures[0].valid).to.be.false; - expect(signatures[0].error).to.match(/Could not find signing key/); + await expect(signatures[0].verified).to.be.rejectedWith(/Could not find signing key/); const signingKey = await privateKey.getSigningKey(); expect(signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(signatures[0].signature.packets.length).to.equal(1); + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2967,10 +2960,10 @@ aOU= return openpgp.verify(verifyOpt); }).then(async function (verified) { expect(verified.data).to.equal(plaintext); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; const signingKey = await privateKey.getSigningKey(); expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(verified.signatures[0].signature.packets.length).to.equal(1); + expect((await verified.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -2992,12 +2985,12 @@ aOU= return openpgp.verify(verifyOpt); }).then(async function (verified) { expect(verified.data).to.equal(plaintext); - expect(+verified.signatures[0].signature.packets[0].created).to.be.lte(+util.normalizeDate()); - expect(+verified.signatures[0].signature.packets[0].created).to.be.gte(+start); - expect(verified.signatures[0].valid).to.be.true; + expect(+(await verified.signatures[0].signature).packets[0].created).to.be.lte(+util.normalizeDate()); + expect(+(await verified.signatures[0].signature).packets[0].created).to.be.gte(+start); + expect(await verified.signatures[0].verified).to.be.true; const signingKey = await privateKey.getSigningKey(); expect(verified.signatures[0].keyID.toHex()).to.equal(signingKey.getKeyID().toHex()); - expect(verified.signatures[0].signature.packets.length).to.equal(1); + expect((await verified.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -3019,22 +3012,22 @@ aOU= return openpgp.sign(signOpt).then(async function (signed) { verifyOpt.signature = await openpgp.readSignature({ binarySignature: signed }); return openpgp.verify(verifyOpt).then(async function (verified) { - expect(+verified.signatures[0].signature.packets[0].created).to.equal(+past); + expect(+(await verified.signatures[0].signature).packets[0].created).to.equal(+past); expect(verified.data).to.equal(plaintext); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; expect(await privateKey_1337.getSigningKey(verified.signatures[0].keyID, past)) .to.be.not.null; - expect(verified.signatures[0].signature.packets.length).to.equal(1); + expect((await verified.signatures[0].signature).packets.length).to.equal(1); // now check with expiration checking disabled verifyOpt.date = null; return openpgp.verify(verifyOpt); }).then(async function (verified) { - expect(+verified.signatures[0].signature.packets[0].created).to.equal(+past); + expect(+(await verified.signatures[0].signature).packets[0].created).to.equal(+past); expect(verified.data).to.equal(plaintext); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; expect(await privateKey_1337.getSigningKey(verified.signatures[0].keyID, null)) .to.be.not.null; - expect(verified.signatures[0].signature.packets.length).to.equal(1); + expect((await verified.signatures[0].signature).packets.length).to.equal(1); }); }); }); @@ -3059,12 +3052,12 @@ aOU= verifyOpt.signature = await openpgp.readSignature({ binarySignature: signed }); return openpgp.verify(verifyOpt); }).then(async function (verified) { - expect(+verified.signatures[0].signature.packets[0].created).to.equal(+future); + expect(+(await verified.signatures[0].signature).packets[0].created).to.equal(+future); expect([].slice.call(verified.data)).to.deep.equal([].slice.call(data)); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; expect(await privateKey_2038_2045.getSigningKey(verified.signatures[0].keyID, future)) .to.be.not.null; - expect(verified.signatures[0].signature.packets.length).to.equal(1); + expect((await verified.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -3089,10 +3082,10 @@ aOU= return openpgp.verify(verifyOpt); }).then(async function (verified) { expect([].slice.call(verified.data)).to.deep.equal([].slice.call(data)); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; expect(await privateKey.getSigningKey(verified.signatures[0].keyID)) .to.be.not.null; - expect(verified.signatures[0].signature.packets.length).to.equal(1); + expect((await verified.signatures[0].signature).packets.length).to.equal(1); }); }); @@ -3473,7 +3466,7 @@ amnR6g== const { privateKey: key } = await openpgp.generateKey({ curve, userIDs: { name: 'Alice', email: 'info@alice.com' }, format: 'object' }); const signed = await openpgp.sign({ signingKeys:[key], message: await openpgp.createCleartextMessage({ text: plaintext }) }); const verified = await openpgp.verify({ verificationKeys:[key], message: await openpgp.readCleartextMessage({ cleartextMessage: signed }) }); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; }); }); diff --git a/test/general/signature.js b/test/general/signature.js index 1c6cdfb3..d6f1d012 100644 --- a/test/general/signature.js +++ b/test/general/signature.js @@ -750,7 +750,7 @@ cJRRGJPL16wINuk= const message = await openpgp.createMessage({ text: 'Marker + Detached signature' }); const signature = await openpgp.readSignature({ armoredSignature: signatureWithMarkerPacket }); const { signatures: [sigInfo] } = await openpgp.verify({ message, signature, verificationKeys: key }); - expect(sigInfo.valid).to.be.true; + expect(await sigInfo.verified).to.be.true; }); @@ -765,10 +765,10 @@ cJRRGJPL16wINuk= rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]), rejectPublicKeyAlgorithms: new Set() }; - const decrypted = await openpgp.decrypt({ decryptionKeys: privateKey, verificationKeys: publicKey, message, config }); - expect(decrypted.data).to.exist; - expect(decrypted.signatures[0].valid).to.be.true; - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + const { data, signatures } = await openpgp.decrypt({ decryptionKeys: privateKey, verificationKeys: publicKey, message, config }); + expect(data).to.exist; + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); it('Consider signature expired at the expiration time', async function() { @@ -1033,12 +1033,12 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU= return openpgp.decrypt({ decryptionKeys: privKey, verificationKeys: pubKey , message, config: { minRSABits: 1024 } - }).then(decrypted => { - expect(decrypted.data).to.exist; - expect(decrypted.data).to.equal(plaintext); - expect(decrypted.signatures).to.have.length(1); - expect(decrypted.signatures[0].valid).to.be.true; - expect(decrypted.signatures[0].signature.packets.length).to.equal(1); + }).then(async ({ signatures, data }) => { + expect(data).to.exist; + expect(data).to.equal(plaintext); + expect(signatures).to.have.length(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1083,8 +1083,7 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU= const message = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation }); const key = await openpgp.readKey({ armoredKey: pub_key_arm2 }); const { signatures: [sig] } = await openpgp.verify({ message, verificationKeys: key, config: { minRSABits: 1024 } }); - expect(sig.valid).to.be.false; - expect(sig.error).to.match(/Unknown critical notation: test@example.com/); + await expect(sig.verified).to.be.rejectedWith(/Unknown critical notation: test@example.com/); }); it('Verify succeeds with known signed message with critical notations', async function() { @@ -1093,7 +1092,7 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU= const config = { knownNotations: ['test@example.com'], minRSABits: 1024 }; const { signatures: [sig] } = await openpgp.verify({ message, verificationKeys: key, config }); - expect(sig.valid).to.be.true; + expect(await sig.verified).to.be.true; }); it('Verify cleartext signed message with two signatures with openpgp.verify', async function() { @@ -1130,14 +1129,13 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU= expect(pubKey2.getKeys(keyIDs[0])).to.not.be.empty; expect(pubKey3.getKeys(keyIDs[1])).to.not.be.empty; - return openpgp.verify({ verificationKeys:[pubKey2, pubKey3], message, config: { minRSABits: 1024 } }).then(function(cleartextSig) { - expect(cleartextSig).to.exist; - expect(cleartextSig.data).to.equal(plaintext); - expect(cleartextSig.signatures).to.have.length(2); - expect(cleartextSig.signatures[0].valid).to.be.true; - expect(cleartextSig.signatures[1].valid).to.be.true; - expect(cleartextSig.signatures[0].signature.packets.length).to.equal(1); - expect(cleartextSig.signatures[1].signature.packets.length).to.equal(1); + return openpgp.verify({ verificationKeys:[pubKey2, pubKey3], message, config: { minRSABits: 1024 } }).then(async function({ signatures, data }) { + expect(data).to.equal(plaintext); + expect(signatures).to.have.length(2); + expect(await signatures[0].verified).to.be.true; + expect(await signatures[1].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); + expect((await signatures[1].signature).packets.length).to.equal(1); }); }); @@ -1203,16 +1201,15 @@ zmuVOdNuWQqxT9Sqa84= expect(pubKey.getKeys(keyIDs[0])).to.not.be.empty; - const cleartextSig = await openpgp.verify({ + const { signatures, data } = await openpgp.verify({ verificationKeys:[pubKey], message, config: { minRSABits: 1024, rejectMessageHashAlgorithms: new Set() } }); - expect(cleartextSig).to.exist; - expect(cleartextSig.data).to.equal(plaintext.replace(/[ \t]+$/mg, '')); - expect(cleartextSig.signatures).to.have.length(1); - expect(cleartextSig.signatures[0].valid).to.be.true; - expect(cleartextSig.signatures[0].signature.packets.length).to.equal(1); + expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, '')); + expect(signatures).to.have.length(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); function tests() { @@ -1237,11 +1234,15 @@ yYDnCgA= const keyIDs = message.getSigningKeyIDs(); expect(pubKey.getKeys(keyIDs[0])).to.not.be.empty; - return openpgp.verify({ verificationKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(({ data, signatures }) => { + return openpgp.verify({ verificationKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(async ({ data, signatures }) => { expect(data).to.equal(plaintext); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.equal(!openpgp.config.rejectMessageHashAlgorithms.has(openpgp.enums.hash.sha1)); - expect(signatures[0].signature.packets.length).to.equal(1); + if (openpgp.config.rejectMessageHashAlgorithms.has(openpgp.enums.hash.sha1)) { + await expect(signatures[0].verified).to.be.rejected; + } else { + expect(await signatures[0].verified).to.be.true; + } + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1378,11 +1379,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const message = await openpgp.readCleartextMessage({ cleartextMessage: signed }); return openpgp.verify({ verificationKeys:[pubKey], message, config }); - }).then(function({ data, signatures }) { + }).then(async function({ data, signatures }) { expect(data).to.equal(plaintext.replace(/[ \t\r]+$/mg, '')); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.be.true; - expect(signatures[0].signature.packets.length).to.equal(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1400,11 +1401,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const message = await openpgp.readCleartextMessage({ cleartextMessage: signed }); return openpgp.verify({ verificationKeys: pubKey, message, config }); - }).then(function({ data, signatures }) { + }).then(async function({ data, signatures }) { expect(data).to.equal(plaintext); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.be.true; - expect(signatures[0].signature.packets.length).to.equal(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1422,11 +1423,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const message = await openpgp.readCleartextMessage({ cleartextMessage: signed }); return openpgp.verify({ verificationKeys: pubKey, message, config }); - }).then(function({ data, signatures }) { + }).then(async function({ data, signatures }) { expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, '')); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.be.true; - expect(signatures[0].signature.packets.length).to.equal(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1444,11 +1445,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const message = await openpgp.readMessage({ armoredMessage: signed }); return openpgp.verify({ verificationKeys: pubKey, message, format: 'binary', config }); - }).then(function({ data, signatures }) { + }).then(async function({ data, signatures }) { expect(data).to.deep.equal(plaintext); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.be.true; - expect(signatures[0].signature.packets.length).to.equal(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1466,11 +1467,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const message = await openpgp.readMessage({ binaryMessage: signed }); return openpgp.verify({ verificationKeys: pubKey, message, format: 'binary', config }); - }).then(function({ data, signatures }) { + }).then(async function({ data, signatures }) { expect(data).to.deep.equal(plaintext); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.be.true; - expect(signatures[0].signature.packets.length).to.equal(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1486,11 +1487,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA return openpgp.sign({ signingKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => { const signature = await openpgp.readSignature({ armoredSignature }); return openpgp.verify({ verificationKeys: pubKey, message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config }); - }).then(function({ data, signatures }) { + }).then(async function({ data, signatures }) { expect(data).to.equal(plaintext); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.be.true; - expect(signatures[0].signature.packets.length).to.equal(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1508,11 +1509,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const signature = await openpgp.readSignature({ armoredSignature }); return openpgp.verify({ verificationKeys: pubKey, message: await openpgp.createMessage({ text: plaintext }), signature, config }); - }).then(function({ data, signatures }) { + }).then(async function({ data, signatures }) { expect(data).to.equal(plaintext); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.be.true; - expect(signatures[0].signature.packets.length).to.equal(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1533,11 +1534,11 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const message = await openpgp.readMessage({ armoredMessage }); return openpgp.decrypt({ message, decryptionKeys: [privKey], verificationKeys: [pubKey], config }); - }).then(function({ data, signatures }) { + }).then(async function({ data, signatures }) { expect(data).to.equal(plaintext); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.be.true; - expect(signatures[0].signature.packets.length).to.equal(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); }); }); @@ -1624,8 +1625,8 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const { data, signatures } = await openpgp.verify({ verificationKeys:[publicKey], message, config: { minRSABits: 1024 } }); expect(data).to.equal(content); expect(signatures).to.have.length(1); - expect(signatures[0].valid).to.be.true; - expect(signatures[0].signature.packets.length).to.equal(1); + expect(await signatures[0].verified).to.be.true; + expect((await signatures[0].signature).packets.length).to.equal(1); expect(await signatures[0].verified).to.be.true; }); @@ -1789,7 +1790,7 @@ oaBUyhCKt8tz6Q== decryptionKeys: key, config: { minRSABits: 1024 } }); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; }); it('should verify a shorter EdDSA signature', async function() { @@ -1822,7 +1823,7 @@ Ie6jnY0zP2ldtS4JmhKBa43qmOHCxHc= =7B58 -----END PGP MESSAGE-----`; const decrypted = await openpgp.decrypt({ message: await openpgp.readMessage({ armoredMessage: encrypted }), decryptionKeys: key, verificationKeys: key.toPublic() }); - expect(decrypted.signatures[0].valid).to.be.true; + expect(await decrypted.signatures[0].verified).to.be.true; }); it('should verify a shorter ECDSA signature', async function() { @@ -1858,6 +1859,6 @@ JImeZLY02MctIpGZULbqgcUGK0P/yqrPL8Pe4lQM -----END PGP SIGNATURE-----`; const message = await openpgp.readCleartextMessage({ cleartextMessage: signed }); const verified = await openpgp.verify({ verificationKeys: key, message }); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; }); }); diff --git a/test/general/streaming.js b/test/general/streaming.js index 4e853e02..91fdd37a 100644 --- a/test/general/streaming.js +++ b/test/general/streaming.js @@ -683,7 +683,7 @@ function tests() { }); expect(verified.data).to.equal('hello world'); expect(verified.signatures).to.exist.and.have.length(1); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; }); it('Detached sign small message using brainpool curve keys', async function() { @@ -722,7 +722,7 @@ function tests() { }); expect(verified.data).to.equal('hello world'); expect(verified.signatures).to.exist.and.have.length(1); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; }); it('Detached sign small message using x25519 curve keys', async function() { @@ -761,7 +761,7 @@ function tests() { }); expect(verified.data).to.equal('hello world'); expect(verified.signatures).to.exist.and.have.length(1); - expect(verified.signatures[0].valid).to.be.true; + expect(await verified.signatures[0].verified).to.be.true; }); it("Detached sign is expected to pull entire input stream when we're not pulling signed stream", async function() { diff --git a/test/general/x25519.js b/test/general/x25519.js index 0dd2c2de..87c8596f 100644 --- a/test/general/x25519.js +++ b/test/general/x25519.js @@ -164,11 +164,11 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr const name = 'light'; const pub = await load_pub_key(name); const msg = await openpgp.readCleartextMessage({ cleartextMessage: data[name].message_signed }); - return openpgp.verify({ verificationKeys: [pub], message: msg }).then(function(result) { + return openpgp.verify({ verificationKeys: [pub], message: msg }).then(async function(result) { expect(result).to.exist; expect(result.data).to.equal(data[name].message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); }); @@ -184,7 +184,7 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr expect(result).to.exist; expect(result.data).to.equal(randomData.replace(/[ \t]+$/mg, '')); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Decrypt and verify message', async function () { @@ -196,7 +196,7 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr expect(result).to.exist; expect(result.data).to.equal(data.night.message); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); it('Encrypt and sign message', async function () { @@ -213,7 +213,7 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr expect(result).to.exist; expect(result.data).to.equal(randomData); expect(result.signatures).to.have.length(1); - expect(result.signatures[0].valid).to.be.true; + expect(await result.signatures[0].verified).to.be.true; }); describe('Ed25519 Test Vectors from RFC8032', function () { @@ -445,13 +445,13 @@ function omnibus() { return Promise.all([ openpgp.verify( { message: msg, verificationKeys: hi.toPublic() } - ).then(output => expect(output.signatures[0].valid).to.be.true), + ).then(output => expect(output.signatures[0].verified).to.eventually.be.true), // Verifying detached signature openpgp.verify({ message: await openpgp.createMessage({ text: 'Hi, this is me, Hi!' }), verificationKeys: hi.toPublic(), signature: msg.signature - }).then(output => expect(output.signatures[0].valid).to.be.true) + }).then(output => expect(output.signatures[0].verified).to.eventually.be.true) ]); }), // Encrypting and signing @@ -466,9 +466,9 @@ function omnibus() { message: msg, decryptionKeys: bye, verificationKeys: [hi.toPublic()] - }).then(output => { + }).then(async output => { expect(output.data).to.equal('Hi, Hi wrote this but only Bye can read it!'); - expect(output.signatures[0].valid).to.be.true; + await expect(output.signatures[0].verified).to.eventually.be.true; }); }) ]); diff --git a/test/security/subkey_trust.js b/test/security/subkey_trust.js index d468c5b0..34c6335e 100644 --- a/test/security/subkey_trust.js +++ b/test/security/subkey_trust.js @@ -69,8 +69,7 @@ async function testSubkeyTrust() { verificationKeys: fakeKey }); expect(verifyAttackerIsBatman.signatures[0].keyID.equals(victimPubKey.subkeys[0].getKeyID())).to.be.true; - expect(verifyAttackerIsBatman.signatures[0].valid).to.be.false; - expect(verifyAttackerIsBatman.signatures[0].error).to.match(/Could not find valid signing key packet/); + await expect(verifyAttackerIsBatman.signatures[0].verified).to.be.rejectedWith(/Could not find valid signing key packet/); } module.exports = () => it('Does not trust subkeys without Primary Key Binding Signature', testSubkeyTrust); diff --git a/test/worker/worker_example.js b/test/worker/worker_example.js index 04f1026a..b5b76341 100644 --- a/test/worker/worker_example.js +++ b/test/worker/worker_example.js @@ -68,9 +68,7 @@ onmessage = async function({ data: { action, message }, ports: [port] }) { verificationKeys: publicKey, decryptionKeys: privateKey }); - if (!signatures[0].valid) { - throw new Error("Couldn't veriy signature"); - } + await signatures[0].verified; result = data; break; }