Make signature.verified a Promise instead of result.signatures
Also, fix verifying detached signatures
This commit is contained in:
Daniel Huigens
parent
0db32bea39
commit
9f0f00e087
|
|
@ -542,23 +542,36 @@ Message.prototype.verify = async function(keys, date=new Date(), asStream) {
|
|||
if (literalDataList.length !== 1) {
|
||||
throw new Error('Can only verify message with one literal data packet.');
|
||||
}
|
||||
if (msg.packets.stream) {
|
||||
const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);
|
||||
const onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature);
|
||||
const signatureList = msg.packets.filterByTag(enums.packet.signature);
|
||||
if (onePassSigList.length && !signatureList.length && msg.packets.stream) {
|
||||
onePassSigList.forEach(onePassSig => {
|
||||
onePassSig.signatureData = stream.fromAsync(() => new Promise(resolve => {
|
||||
onePassSig.signatureDataResolve = resolve;
|
||||
}));
|
||||
onePassSig.correspondingSig = new Promise(resolve => {
|
||||
onePassSig.correspondingSigResolve = resolve;
|
||||
});
|
||||
onePassSig.signatureData = stream.fromAsync(async () => (await onePassSig.correspondingSig).signatureData);
|
||||
onePassSig.hashed = onePassSig.hash(literalDataList[0], undefined, asStream);
|
||||
});
|
||||
return stream.transform(msg.packets.stream, signature => {
|
||||
const onePassSig = onePassSigList.pop();
|
||||
onePassSig.signatureDataResolve(signature.signatureData);
|
||||
signature.hashed = onePassSig.hashed;
|
||||
signature.hashedData = onePassSig.hashedData;
|
||||
return createVerificationObject(signature, literalDataList, keys, date);
|
||||
const verificationObjects = await createVerificationObjects(onePassSigList, literalDataList, keys, date);
|
||||
msg.packets.stream = stream.transformPair(msg.packets.stream, async (readable, writable) => {
|
||||
const writer = stream.getWriter(writable);
|
||||
try {
|
||||
await stream.readToEnd(stream.transform(readable, signature => {
|
||||
onePassSigList.pop().correspondingSigResolve(signature);
|
||||
}));
|
||||
await writer.ready;
|
||||
await writer.close();
|
||||
} catch(e) {
|
||||
onePassSigList.forEach(onePassSig => {
|
||||
onePassSig.correspondingSigResolve({
|
||||
verify: () => undefined
|
||||
});
|
||||
});
|
||||
await writer.abort(e);
|
||||
}
|
||||
});
|
||||
return verificationObjects.reverse();
|
||||
}
|
||||
const signatureList = msg.packets.filterByTag(enums.packet.signature);
|
||||
return createVerificationObjects(signatureList, literalDataList, keys, date);
|
||||
};
|
||||
|
||||
|
|
@ -603,12 +616,14 @@ async function createVerificationObject(signature, literalDataList, keys, date=n
|
|||
|
||||
const verifiedSig = {
|
||||
keyid: signature.issuerKeyId,
|
||||
valid: keyPacket ? await signature.verify(keyPacket, literalDataList[0]) : null
|
||||
verified: keyPacket ? signature.verify(keyPacket, literalDataList[0]) : Promise.resolve(null)
|
||||
};
|
||||
|
||||
const packetlist = new packet.List();
|
||||
packetlist.push(signature);
|
||||
verifiedSig.signature = new Signature(packetlist);
|
||||
verifiedSig.signature = Promise.resolve(signature.correspondingSig || signature).then(signature => {
|
||||
const packetlist = new packet.List();
|
||||
packetlist.push(signature);
|
||||
return new Signature(packetlist);
|
||||
});
|
||||
|
||||
return verifiedSig;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -364,26 +364,27 @@ export function decrypt({ message, privateKeys, passwords, sessionKeys, publicKe
|
|||
}
|
||||
|
||||
const result = {};
|
||||
let signatures = signature ? decrypted.verifyDetached(signature, publicKeys, date) : decrypted.verify(publicKeys, date, asStream);
|
||||
result.signatures = signature ? await decrypted.verifyDetached(signature, publicKeys, date) : await decrypted.verify(publicKeys, date, asStream);
|
||||
result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();
|
||||
result.data = await convertStream(result.data, asStream);
|
||||
signatures = signatures.then(signatures => stream.readToEnd(signatures, arr => arr));
|
||||
if (asStream) {
|
||||
result.signatures = signatures.catch(() => []);
|
||||
result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {
|
||||
await stream.pipe(result.data, writable, {
|
||||
preventClose: true
|
||||
});
|
||||
const writer = stream.getWriter(writable);
|
||||
try {
|
||||
await signatures;
|
||||
await stream.readToEnd(decrypted.packets.stream, arr => arr);
|
||||
await writer.close();
|
||||
} catch(e) {
|
||||
await writer.abort(e);
|
||||
}
|
||||
});
|
||||
} else {
|
||||
result.signatures = await signatures;
|
||||
await Promise.all(result.signatures.map(async signature => {
|
||||
signature.signature = await signature.signature;
|
||||
signature.valid = await signature.verified;
|
||||
}));
|
||||
}
|
||||
result.filename = decrypted.getFilename();
|
||||
return result;
|
||||
|
|
@ -466,26 +467,27 @@ export function verify({ message, publicKeys, asStream=message.fromStream, signa
|
|||
|
||||
return Promise.resolve().then(async function() {
|
||||
const result = {};
|
||||
const signatures = signature ? await message.verifyDetached(signature, publicKeys, date) : await message.verify(publicKeys, date, asStream);
|
||||
result.signatures = signature ? await message.verifyDetached(signature, publicKeys, date) : await message.verify(publicKeys, date, asStream);
|
||||
result.data = message instanceof CleartextMessage ? message.getText() : message.getLiteralData();
|
||||
result.data = await convertStream(result.data, asStream);
|
||||
if (asStream) {
|
||||
result.data = stream.transformPair(signatures, async (readable, writable) => {
|
||||
const signatures = stream.readToEnd(readable, arr => arr);
|
||||
result.signatures = signatures.catch(() => []);
|
||||
result.data = stream.transformPair(message.packets.stream, async (readable, writable) => {
|
||||
await stream.pipe(result.data, writable, {
|
||||
preventClose: true
|
||||
});
|
||||
const writer = stream.getWriter(writable);
|
||||
try {
|
||||
await signatures;
|
||||
await stream.readToEnd(readable, arr => arr);
|
||||
await writer.close();
|
||||
} catch(e) {
|
||||
await writer.abort(e);
|
||||
}
|
||||
});
|
||||
} else {
|
||||
result.signatures = await stream.readToEnd(signatures, arr => arr);
|
||||
await Promise.all(result.signatures.map(async signature => {
|
||||
signature.signature = await signature.signature;
|
||||
signature.valid = await signature.verified;
|
||||
}));
|
||||
}
|
||||
return result;
|
||||
}).catch(onError.bind(null, 'Error verifying cleartext signed message'));
|
||||
|
|
|
|||
|
|
@ -69,18 +69,20 @@ export function clonePackets(options) {
|
|||
options.signature = options.signature.packets;
|
||||
}
|
||||
if (options.signatures) {
|
||||
if (options.signatures instanceof Promise) {
|
||||
const signatures = options.signatures;
|
||||
options.signatures = stream.fromAsync(async () => (await signatures).map(verificationObjectToClone));
|
||||
} else {
|
||||
options.signatures.forEach(verificationObjectToClone);
|
||||
}
|
||||
options.signatures.forEach(verificationObjectToClone);
|
||||
}
|
||||
return options;
|
||||
}
|
||||
|
||||
function verificationObjectToClone(verObject) {
|
||||
verObject.signature = verObject.signature.packets;
|
||||
if (verObject.signature instanceof Promise) {
|
||||
const signature = verObject.signature;
|
||||
verObject.signature = stream.fromAsync(async () => (await signature).packets);
|
||||
} else {
|
||||
verObject.signature = verObject.signature.packets;
|
||||
}
|
||||
const verified = verObject.verified;
|
||||
verObject.verified = stream.fromAsync(() => verified);
|
||||
return verObject;
|
||||
}
|
||||
|
||||
|
|
@ -116,11 +118,7 @@ export function parseClonedPackets(options) {
|
|||
options.message = packetlistCloneToMessage(options.message);
|
||||
}
|
||||
if (options.signatures) {
|
||||
if (util.isStream(options.signatures)) {
|
||||
options.signatures = stream.readToEnd(options.signatures, arr => arr).then(signatures => signatures.map(packetlistCloneToSignatures));
|
||||
} else {
|
||||
options.signatures = options.signatures.map(packetlistCloneToSignatures);
|
||||
}
|
||||
options.signatures = options.signatures.map(packetlistCloneToSignatures);
|
||||
}
|
||||
if (options.signature) {
|
||||
options.signature = packetlistCloneToSignature(options.signature);
|
||||
|
|
@ -146,8 +144,12 @@ function packetlistCloneToCleartextMessage(clone) {
|
|||
//verification objects
|
||||
function packetlistCloneToSignatures(clone) {
|
||||
clone.keyid = type_keyid.fromClone(clone.keyid);
|
||||
const packetlist = List.fromStructuredClone(clone.signature);
|
||||
clone.signature = new Signature(packetlist);
|
||||
if (util.isStream(clone.signature)) {
|
||||
clone.signature = stream.readToEnd(clone.signature, ([signature]) => new Signature(List.fromStructuredClone(signature)));
|
||||
} else {
|
||||
clone.signature = new Signature(List.fromStructuredClone(clone.signature));
|
||||
}
|
||||
clone.verified = stream.readToEnd(clone.verified, ([verified]) => verified);
|
||||
return clone;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -140,4 +140,10 @@ OnePassSignature.prototype.toHash = Signature.prototype.toHash;
|
|||
OnePassSignature.prototype.toSign = Signature.prototype.toSign;
|
||||
OnePassSignature.prototype.calculateTrailer = Signature.prototype.calculateTrailer;
|
||||
|
||||
OnePassSignature.prototype.verify = async function() {
|
||||
const correspondingSig = await this.correspondingSig;
|
||||
correspondingSig.hashed = this.hashed;
|
||||
return correspondingSig.verify.apply(correspondingSig, arguments);
|
||||
};
|
||||
|
||||
export default OnePassSignature;
|
||||
|
|
|
|||
|
|
@ -1827,14 +1827,13 @@ describe('OpenPGP.js public api tests', function() {
|
|||
const literals = packets.packets.filterByTag(openpgp.enums.packet.literal);
|
||||
expect(literals.length).to.equal(1);
|
||||
expect(+literals[0].date).to.equal(+past);
|
||||
let signatures = await packets.verify(encryptOpt.publicKeys, past);
|
||||
const signatures = await packets.verify(encryptOpt.publicKeys, past);
|
||||
expect(await openpgp.stream.readToEnd(packets.getText())).to.equal(plaintext);
|
||||
signatures = await openpgp.stream.readToEnd(signatures, arr => arr);
|
||||
expect(+signatures[0].signature.packets[0].created).to.equal(+past);
|
||||
expect(signatures[0].valid).to.be.true;
|
||||
expect(+(await signatures[0].signature).packets[0].created).to.equal(+past);
|
||||
expect(await signatures[0].verified).to.be.true;
|
||||
expect(encryptOpt.privateKeys[0].getSigningKey(signatures[0].keyid, past))
|
||||
.to.be.not.null;
|
||||
expect(signatures[0].signature.packets.length).to.equal(1);
|
||||
expect((await signatures[0].signature).packets.length).to.equal(1);
|
||||
});
|
||||
});
|
||||
|
||||
|
|
@ -1856,14 +1855,13 @@ describe('OpenPGP.js public api tests', function() {
|
|||
expect(literals.length).to.equal(1);
|
||||
expect(literals[0].format).to.equal('binary');
|
||||
expect(+literals[0].date).to.equal(+future);
|
||||
let signatures = await packets.verify(encryptOpt.publicKeys, future);
|
||||
const signatures = await packets.verify(encryptOpt.publicKeys, future);
|
||||
expect(await openpgp.stream.readToEnd(packets.getLiteralData())).to.deep.equal(data);
|
||||
signatures = await openpgp.stream.readToEnd(signatures, arr => arr);
|
||||
expect(+signatures[0].signature.packets[0].created).to.equal(+future);
|
||||
expect(signatures[0].valid).to.be.true;
|
||||
expect(+(await signatures[0].signature).packets[0].created).to.equal(+future);
|
||||
expect(await signatures[0].verified).to.be.true;
|
||||
expect(encryptOpt.privateKeys[0].getSigningKey(signatures[0].keyid, future))
|
||||
.to.be.not.null;
|
||||
expect(signatures[0].signature.packets.length).to.equal(1);
|
||||
expect((await signatures[0].signature).packets.length).to.equal(1);
|
||||
});
|
||||
});
|
||||
|
||||
|
|
@ -1886,14 +1884,13 @@ describe('OpenPGP.js public api tests', function() {
|
|||
expect(literals.length).to.equal(1);
|
||||
expect(literals[0].format).to.equal('mime');
|
||||
expect(+literals[0].date).to.equal(+future);
|
||||
let signatures = await packets.verify(encryptOpt.publicKeys, future);
|
||||
const signatures = await packets.verify(encryptOpt.publicKeys, future);
|
||||
expect(await openpgp.stream.readToEnd(packets.getLiteralData())).to.deep.equal(data);
|
||||
signatures = await openpgp.stream.readToEnd(signatures, arr => arr);
|
||||
expect(+signatures[0].signature.packets[0].created).to.equal(+future);
|
||||
expect(signatures[0].valid).to.be.true;
|
||||
expect(+(await signatures[0].signature).packets[0].created).to.equal(+future);
|
||||
expect(await signatures[0].verified).to.be.true;
|
||||
expect(encryptOpt.privateKeys[0].getSigningKey(signatures[0].keyid, future))
|
||||
.to.be.not.null;
|
||||
expect(signatures[0].signature.packets.length).to.equal(1);
|
||||
expect((await signatures[0].signature).packets.length).to.equal(1);
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -344,11 +344,10 @@ describe("Signature", function() {
|
|||
return msg.decrypt([priv_key_gnupg_ext]).then(function(msg) {
|
||||
return msg.verify([pub_key]).then(async verified => {
|
||||
openpgp.stream.pipe(msg.getLiteralData(), new WritableStream());
|
||||
verified = await openpgp.stream.readToEnd(verified, arr => arr);
|
||||
expect(verified).to.exist;
|
||||
expect(verified).to.have.length(1);
|
||||
expect(verified[0].valid).to.be.true;
|
||||
expect(verified[0].signature.packets.length).to.equal(1);
|
||||
expect(await verified[0].verified).to.be.true;
|
||||
expect((await verified[0].signature).packets.length).to.equal(1);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
@ -370,11 +369,10 @@ describe("Signature", function() {
|
|||
const pub_key = (await openpgp.key.readArmored(pub_key_arm2)).keys[0];
|
||||
return sMsg.verify([pub_key]).then(async verified => {
|
||||
openpgp.stream.pipe(sMsg.getLiteralData(), new WritableStream());
|
||||
verified = await openpgp.stream.readToEnd(verified, arr => arr);
|
||||
expect(verified).to.exist;
|
||||
expect(verified).to.have.length(1);
|
||||
expect(verified[0].valid).to.be.true;
|
||||
expect(verified[0].signature.packets.length).to.equal(1);
|
||||
expect(await verified[0].verified).to.be.true;
|
||||
expect((await verified[0].signature).packets.length).to.equal(1);
|
||||
});
|
||||
});
|
||||
|
||||
|
|
@ -442,13 +440,12 @@ describe("Signature", function() {
|
|||
|
||||
return sMsg.verify([pubKey2, pubKey3]).then(async verifiedSig => {
|
||||
expect(await openpgp.stream.readToEnd(sMsg.getText())).to.equal(plaintext);
|
||||
verifiedSig = await openpgp.stream.readToEnd(verifiedSig, arr => arr);
|
||||
expect(verifiedSig).to.exist;
|
||||
expect(verifiedSig).to.have.length(2);
|
||||
expect(verifiedSig[0].valid).to.be.true;
|
||||
expect(verifiedSig[1].valid).to.be.true;
|
||||
expect(verifiedSig[0].signature.packets.length).to.equal(1);
|
||||
expect(verifiedSig[1].signature.packets.length).to.equal(1);
|
||||
expect(await verifiedSig[0].verified).to.be.true;
|
||||
expect(await verifiedSig[1].verified).to.be.true;
|
||||
expect((await verifiedSig[0].signature).packets.length).to.equal(1);
|
||||
expect((await verifiedSig[1].signature).packets.length).to.equal(1);
|
||||
});
|
||||
});
|
||||
|
||||
|
|
@ -597,10 +594,9 @@ yYDnCgA=
|
|||
return openpgp.verify({ publicKeys:[pubKey], message:sMsg }).then(async function(cleartextSig) {
|
||||
expect(cleartextSig).to.exist;
|
||||
expect(openpgp.util.nativeEOL(openpgp.util.Uint8Array_to_str(await openpgp.stream.readToEnd(cleartextSig.data)))).to.equal(plaintext);
|
||||
cleartextSig.signatures = await openpgp.stream.readToEnd(cleartextSig.signatures, arr => arr);
|
||||
expect(cleartextSig.signatures).to.have.length(1);
|
||||
expect(cleartextSig.signatures[0].valid).to.be.true;
|
||||
expect(cleartextSig.signatures[0].signature.packets.length).to.equal(1);
|
||||
expect(await cleartextSig.signatures[0].verified).to.be.true;
|
||||
expect((await cleartextSig.signatures[0].signature).packets.length).to.equal(1);
|
||||
});
|
||||
});
|
||||
|
||||
|
|
@ -886,8 +882,7 @@ yYDnCgA=
|
|||
await msg.appendSignature(detachedSig);
|
||||
return msg.verify(publicKeys).then(async result => {
|
||||
openpgp.stream.pipe(msg.getLiteralData(), new WritableStream());
|
||||
result = await openpgp.stream.readToEnd(result, arr => arr);
|
||||
expect(result[0].valid).to.be.true;
|
||||
expect(await result[0].verified).to.be.true;
|
||||
});
|
||||
});
|
||||
|
||||
|
|
@ -902,9 +897,9 @@ yYDnCgA=
|
|||
return openpgp.generateKey(opt).then(function(gen) {
|
||||
const generatedKey = gen.key;
|
||||
return msg.signDetached([generatedKey, privKey2]).then(detachedSig => {
|
||||
return msg.verifyDetached(detachedSig, [generatedKey.toPublic(), pubKey2]).then(result => {
|
||||
expect(result[0].valid).to.be.true;
|
||||
expect(result[1].valid).to.be.true;
|
||||
return msg.verifyDetached(detachedSig, [generatedKey.toPublic(), pubKey2]).then(async result => {
|
||||
expect(await result[0].verified).to.be.true;
|
||||
expect(await result[1].verified).to.be.true;
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -260,7 +260,7 @@ describe('Streaming', function() {
|
|||
expect(await openpgp.stream.getReader(openpgp.stream.clone(decrypted.data)).readBytes(1024)).to.deep.equal(plaintext[0]);
|
||||
if (i > 10) throw new Error('Data did not arrive early.');
|
||||
expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
|
||||
expect(await decrypted.signatures).to.exist.and.have.length(0);
|
||||
expect(decrypted.signatures).to.exist.and.have.length(0);
|
||||
} finally {
|
||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
||||
}
|
||||
|
|
@ -349,7 +349,7 @@ describe('Streaming', function() {
|
|||
expect(await openpgp.stream.getReader(openpgp.stream.clone(decrypted.data)).readBytes(1024)).not.to.deep.equal(plaintext[0]);
|
||||
if (i > 10) throw new Error('Data did not arrive early.');
|
||||
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Modification detected.');
|
||||
await decrypted.signatures;
|
||||
expect(decrypted.signatures).to.exist.and.have.length(0);
|
||||
} finally {
|
||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
||||
}
|
||||
|
|
@ -398,7 +398,7 @@ describe('Streaming', function() {
|
|||
expect(await openpgp.stream.getReader(openpgp.stream.clone(decrypted.data)).readBytes(10)).not.to.deep.equal(plaintext[0]);
|
||||
if (i > 10) throw new Error('Data did not arrive early.');
|
||||
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Ascii armor integrity check on message failed');
|
||||
expect(await decrypted.signatures).to.exist.and.have.length(0);
|
||||
expect(decrypted.signatures).to.exist.and.have.length(1);
|
||||
} finally {
|
||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
||||
}
|
||||
|
|
@ -446,7 +446,8 @@ describe('Streaming', function() {
|
|||
expect(await openpgp.stream.getReader(openpgp.stream.clone(decrypted.data)).readBytes(10)).not.to.deep.equal(plaintext[0]);
|
||||
if (i > 10) throw new Error('Data did not arrive early.');
|
||||
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Ascii armor integrity check on message failed');
|
||||
expect(await decrypted.signatures).to.exist.and.have.length(0);
|
||||
expect(decrypted.signatures).to.exist.and.have.length(1);
|
||||
expect(await decrypted.signatures[0].verified).to.be.null;
|
||||
} finally {
|
||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
||||
}
|
||||
|
|
@ -492,7 +493,7 @@ describe('Streaming', function() {
|
|||
expect(await openpgp.stream.getReader(openpgp.stream.clone(decrypted.data)).readBytes(10)).not.to.deep.equal(plaintext[0]);
|
||||
if (i > 10) throw new Error('Data did not arrive early.');
|
||||
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Ascii armor integrity check on message failed');
|
||||
expect(await decrypted.signatures).to.exist.and.have.length(0);
|
||||
expect(decrypted.signatures).to.exist.and.have.length(1);
|
||||
} finally {
|
||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
||||
}
|
||||
|
|
@ -677,7 +678,8 @@ describe('Streaming', function() {
|
|||
reader.releaseLock();
|
||||
await openpgp.stream.cancel(decrypted.data, new Error('canceled by test'));
|
||||
expect(canceled).to.be.true;
|
||||
expect(await decrypted.signatures).to.exist.and.have.length(0);
|
||||
expect(decrypted.signatures).to.exist.and.have.length(1);
|
||||
expect(await decrypted.signatures[0].verified).to.be.undefined;
|
||||
} finally {
|
||||
openpgp.config.aead_protect = aead_protectValue;
|
||||
openpgp.config.aead_chunk_size_byte = aead_chunk_size_byteValue;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user