From e599cee6c8fe13662f9d088fe8f925a418a00506 Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Thu, 25 Mar 2021 21:28:39 +0100 Subject: [PATCH] Remove top-level streaming options Only return a stream if a stream was passed. --- openpgp.d.ts | 65 +++-------------------- package-lock.json | 6 +-- package.json | 3 +- src/message.js | 8 +-- src/openpgp.js | 56 +++++++------------ src/packet/compressed_data.js | 8 +-- test/general/openpgp.js | 28 +++++++--- test/general/streaming.js | 64 ++++------------------ test/security/message_signature_bypass.js | 3 +- test/security/subkey_trust.js | 4 +- 10 files changed, 68 insertions(+), 177 deletions(-) diff --git a/openpgp.d.ts b/openpgp.d.ts index b55ba682..e6098bd2 100644 --- a/openpgp.d.ts +++ b/openpgp.d.ts @@ -149,16 +149,6 @@ export function readMessage>(options: { binary export function createMessage>(options: { text: T, filename?: string, date?: Date, type?: DataPacketType }): Message; export function createMessage>(options: { bytes: T, filename?: string, date?: Date, type?: DataPacketType }): Message; -export function encrypt(options: EncryptOptions & { streaming: T, armor: false }): Promise< - T extends 'web' ? WebStream : - T extends 'node' ? NodeStream : - Uint8Array ->; -export function encrypt(options: EncryptOptions & { streaming: T }): Promise< - T extends 'web' ? WebStream : - T extends 'node' ? NodeStream : - string ->; export function encrypt>(options: EncryptOptions & { message: Message, armor: false }): Promise< T extends WebStream ? WebStream : T extends NodeStream ? NodeStream : @@ -170,16 +160,6 @@ export function encrypt>(options: EncryptOptions & { string >; -export function sign(options: SignOptions & { streaming: T, armor: false }): Promise< - T extends 'web' ? WebStream : - T extends 'node' ? NodeStream : - Uint8Array ->; -export function sign(options: SignOptions & { streaming: T }): Promise< - T extends 'web' ? WebStream : - T extends 'node' ? NodeStream : - string ->; export function sign>(options: SignOptions & { message: Message, armor: false }): Promise< T extends WebStream ? WebStream : T extends NodeStream ? NodeStream : @@ -192,18 +172,6 @@ export function sign>(options: SignOptions & { messa >; export function sign(options: SignOptions & { message: CleartextMessage }): Promise; -export function decrypt(options: DecryptOptions & { streaming: T, format: 'binary' }): Promise : - T extends 'node' ? NodeStream : - Uint8Array -}>; -export function decrypt(options: DecryptOptions & { streaming: T }): Promise : - T extends 'node' ? NodeStream : - string -}>; export function decrypt>(options: DecryptOptions & { message: Message, format: 'binary' }): Promise ? WebStream : @@ -217,18 +185,6 @@ export function decrypt>(options: DecryptOptions & { string }>; -export function verify(options: VerifyOptions & { streaming: T, format: 'binary' }): Promise : - T extends 'node' ? NodeStream : - Uint8Array -}>; -export function verify(options: VerifyOptions & { streaming: T }): Promise : - T extends 'node' ? NodeStream : - string -}>; export function verify>(options: VerifyOptions & { message: Message, format: 'binary' }): Promise ? WebStream : @@ -260,12 +216,12 @@ export class Message> { /** Decrypt the message @param privateKey private key with decrypted secret data */ - public decrypt(privateKeys?: Key[], passwords?: string[], sessionKeys?: SessionKey[], streaming?: boolean, config?: Config): Promise>>; + public decrypt(privateKeys?: Key[], passwords?: string[], sessionKeys?: SessionKey[], config?: Config): Promise>>; /** Encrypt the message @param keys array of keys, used to encrypt the message */ - public encrypt(keys?: Key[], passwords?: string[], sessionKeys?: SessionKey[], wildcard?: boolean, encryptionKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], streaming?: boolean, config?: Config): Promise>>; + public encrypt(keys?: Key[], passwords?: string[], sessionKeys?: SessionKey[], wildcard?: boolean, encryptionKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], config?: Config): Promise>>; /** Returns the key IDs of the keys to which the session key is encrypted */ @@ -288,7 +244,7 @@ export class Message> { /** Sign the message (the literal data packet of the message) @param privateKey private keys with decrypted secret key data for signing */ - public sign(privateKey: Key[], signature?: Signature, signingKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], streaming?: boolean, config?: Config): Promise>; + public sign(privateKey: Key[], signature?: Signature, signingKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], config?: Config): Promise>; /** Unwrap compressed message */ @@ -297,7 +253,7 @@ export class Message> { /** Verify message signatures @param keys array of keys to verify signatures */ - public verify(keys: Key[], date?: Date, streaming?: boolean, config?: Config): Promise; + public verify(keys: Key[], date?: Date, config?: Config): Promise; /** * Append signature to unencrypted message object @@ -482,8 +438,8 @@ export class SignaturePacket extends BasePacket { public preferredAEADAlgorithms: enums.aead[] | null; public verified: null | boolean; public revoked: null | boolean; - public sign(key: AnySecretKeyPacket, data: Uint8Array, detached?: boolean, streaming?: boolean): Promise; - public verify(key: AnyKeyPacket, signatureType: enums.signature, data: Uint8Array, detached?: boolean, streaming?: boolean, config?: Config): Promise; // throws on error + public sign(key: AnySecretKeyPacket, data: Uint8Array, detached?: boolean): Promise; + public verify(key: AnyKeyPacket, signatureType: enums.signature, data: Uint8Array, detached?: boolean, config?: Config): Promise; // throws on error public isExpired(date?: Date): boolean; public getExpirationTime(): Date | typeof Infinity; } @@ -502,7 +458,7 @@ type DataPacketType = 'utf8' | 'binary' | 'text' | 'mime'; export class PacketList extends Array { [index: number]: PACKET_TYPE; public length: number; - public read(bytes: Uint8Array, allowedPackets?: object, streaming?: boolean, config?: Config): void; + public read(bytes: Uint8Array, allowedPackets?: object, config?: Config): void; public write(): Uint8Array; public push(...packet: PACKET_TYPE[]): number; public pop(): PACKET_TYPE; @@ -563,8 +519,6 @@ interface EncryptOptions { sessionKey?: SessionKey; /** if the return values should be ascii armored or the message/signature objects */ armor?: boolean; - /** (optional) whether to return data as a stream. Defaults to the type of stream `message` was created from, if any. */ - streaming?: 'web' | 'node' | false; /** (optional) if the signature should be detached (if true, signature will be added to returned object) */ signature?: Signature; /** (optional) encrypt as of a certain date */ @@ -591,8 +545,6 @@ interface DecryptOptions { publicKeys?: Key | Key[]; /** (optional) whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. */ format?: 'utf8' | 'binary'; - /** (optional) whether to return data as a stream. Defaults to the type of stream `message` was created from, if any. */ - streaming?: 'web' | 'node' | false; /** (optional) detached signature for verification */ signature?: Signature; /** (optional) use the given date for verification instead of the current time */ @@ -604,7 +556,6 @@ interface SignOptions { message: CleartextMessage | Message>; privateKeys?: Key | Key[]; armor?: boolean; - streaming?: 'web' | 'node' | false; dataType?: DataPacketType; detached?: boolean; date?: Date; @@ -619,8 +570,6 @@ interface VerifyOptions { message: CleartextMessage | Message>; /** (optional) whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. */ format?: 'utf8' | 'binary'; - /** (optional) whether to return data as a stream. Defaults to the type of stream `message` was created from, if any. */ - streaming?: 'web' | 'node' | false; /** (optional) detached signature for verification */ signature?: Signature; /** (optional) use the given date for verification instead of the current time */ diff --git a/package-lock.json b/package-lock.json index 243a008b..5af0f77c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -261,9 +261,9 @@ "dev": true }, "@openpgp/web-stream-tools": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/@openpgp/web-stream-tools/-/web-stream-tools-0.0.3.tgz", - "integrity": "sha512-AEcTCwFZSl6LMpFdDbOX1fv+9GwHpkF3h3DZagdFLPNE2yqx6ol6Rb/OnuMiKnpoGm09smCmNb+gHpcqp3Oz0Q==", + "version": "0.0.4", + "resolved": "https://registry.npmjs.org/@openpgp/web-stream-tools/-/web-stream-tools-0.0.4.tgz", + "integrity": "sha512-u6KEn/J4A2ojBkQ0qc9Jgs4nNVK+u7snY3h/SlvwdE8+STh/R3vVXJgkIgsAmWfweE0Ng4TjakrNY9tBI31VJQ==", "dev": true, "requires": { "@mattiasbuelens/web-streams-adapter": "0.1.0-alpha.5", diff --git a/package.json b/package.json index ae80fe13..47181903 100644 --- a/package.json +++ b/package.json @@ -51,14 +51,13 @@ "postversion": "git push && git push --tags && npm publish" }, "devDependencies": { - "@mattiasbuelens/web-streams-adapter": "0.1.0-alpha.5", "@openpgp/asmcrypto.js": "^2.3.2", "@openpgp/elliptic": "^6.5.1", "@openpgp/jsdoc": "^3.6.4", "@openpgp/pako": "^1.0.11", "@openpgp/seek-bzip": "^1.0.5-git", "@openpgp/tweetnacl": "^1.0.3", - "@openpgp/web-stream-tools": "0.0.3", + "@openpgp/web-stream-tools": "0.0.4", "@rollup/plugin-commonjs": "^11.1.0", "@rollup/plugin-node-resolve": "^7.1.3", "@rollup/plugin-replace": "^2.3.2", diff --git a/src/message.js b/src/message.js index 19ee0824..e6d642e3 100644 --- a/src/message.js +++ b/src/message.js @@ -801,9 +801,7 @@ export async function readMessage({ armoredMessage, binaryMessage, config }) { const streamType = util.isStream(input); if (streamType) { await stream.loadStreamsPonyfill(); - } - if (streamType === 'node') { - input = stream.nodeToWeb(input); + input = stream.toStream(input); } if (armoredMessage) { const { type, data } = await unarmor(input, config); @@ -839,9 +837,7 @@ export async function createMessage({ text, binary, filename, date = new Date(), const streamType = util.isStream(input); if (streamType) { await stream.loadStreamsPonyfill(); - } - if (streamType === 'node') { - input = stream.nodeToWeb(input); + input = stream.toStream(input); } const literalDataPacket = new LiteralDataPacket(date); if (text !== undefined) { diff --git a/src/openpgp.js b/src/openpgp.js index 52816320..9815d7f7 100644 --- a/src/openpgp.js +++ b/src/openpgp.js @@ -16,19 +16,12 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA import * as stream from '@openpgp/web-stream-tools'; -import { createReadableStreamWrapper } from '@mattiasbuelens/web-streams-adapter'; import { Message } from './message'; import { CleartextMessage } from './cleartext'; import { generate, reformat, getPreferredAlgo } from './key'; import defaultConfig from './config'; import util from './util'; -let toNativeReadable; -if (globalThis.ReadableStream) { - try { - toNativeReadable = createReadableStreamWrapper(globalThis.ReadableStream); - } catch (e) {} -} ////////////////////// // // @@ -237,7 +230,6 @@ export async function encryptKey({ privateKey, passphrase, config }) { * @param {String|Array} [options.passwords] - Array of passwords or a single password to encrypt the message * @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }` * @param {Boolean} [options.armor=true] - Whether the return values should be ascii armored (true, the default) or binary (false) - * @param {'web'|'ponyfill'|'node'|false} [options.streaming=type of stream `message` was created from, if any] - Whether to return data as a stream * @param {Signature} [options.signature] - A detached signature to add to the encrypted message * @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs * @param {Array} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `privateKeys[i]` @@ -250,7 +242,7 @@ export async function encryptKey({ privateKey, passphrase, config }) { * @async * @static */ -export function encrypt({ message, publicKeys, privateKeys, passwords, sessionKey, armor = true, streaming = message && message.fromStream, detached = false, signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), fromUserIDs = [], toUserIDs = [], config }) { +export function encrypt({ message, publicKeys, privateKeys, passwords, sessionKey, armor = true, detached = false, signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), fromUserIDs = [], toUserIDs = [], config }) { config = { ...defaultConfig, ...config }; checkMessage(message); publicKeys = toArray(publicKeys); privateKeys = toArray(privateKeys); passwords = toArray(passwords); fromUserIDs = toArray(fromUserIDs); toUserIDs = toArray(toUserIDs); if (detached) { @@ -258,6 +250,7 @@ export function encrypt({ message, publicKeys, privateKeys, passwords, sessionKe } return Promise.resolve().then(async function() { + const streaming = message.fromStream; if (!privateKeys) { privateKeys = []; } @@ -284,7 +277,6 @@ export function encrypt({ message, publicKeys, privateKeys, passwords, sessionKe * @param {Object|Array} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String } * @param {Key|Array} [options.publicKeys] - Array of public keys or single key, to verify signatures * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {'web'|'ponyfill'|'node'|false} [options.streaming=type of stream `message` was created from, if any] - Whether to return data as a stream. Defaults to the type of stream `message` was created from, if any. * @param {Signature} [options.signature] - Detached signature for verification * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} @@ -298,14 +290,14 @@ export function encrypt({ message, publicKeys, privateKeys, passwords, sessionKe * { * keyID: module:type/keyid~KeyID, * verified: Promise, - * valid: Boolean (if streaming was false) + * valid: Boolean (if `message` was not created from a stream) * }, ... * ] * } * @async * @static */ -export function decrypt({ message, privateKeys, passwords, sessionKeys, publicKeys, format = 'utf8', streaming = message && message.fromStream, signature = null, date = new Date(), config }) { +export function decrypt({ message, privateKeys, passwords, sessionKeys, publicKeys, format = 'utf8', signature = null, date = new Date(), config }) { config = { ...defaultConfig, ...config }; checkMessage(message); publicKeys = toArray(publicKeys); privateKeys = toArray(privateKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys); @@ -319,8 +311,8 @@ export function decrypt({ message, privateKeys, passwords, sessionKeys, publicKe result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText(); result.filename = decrypted.getFilename(); linkStreams(result, message); - result.data = await convertStream(result.data, streaming, format); - if (!streaming) await prepareSignatures(result.signatures); + result.data = await convertStream(result.data, message.fromStream, format); + if (!message.fromStream) await prepareSignatures(result.signatures); return result; }).catch(onError.bind(null, 'Error decrypting message')); } @@ -339,7 +331,6 @@ export function decrypt({ message, privateKeys, passwords, sessionKeys, publicKe * @param {CleartextMessage|Message} options.message - (cleartext) message to be signed * @param {Key|Array} options.privateKeys - Array of keys or single key with decrypted secret key data to sign cleartext * @param {Boolean} [options.armor=true] - Whether the return values should be ascii armored (true, the default) or binary (false) - * @param {'web'|'ponyfill'|'node'|false} [options.streaming=type of stream `message` was created from, if any] - Whether to return data as a stream. Defaults to the type of stream `message` was created from, if any. * @param {Boolean} [options.detached=false] - If the return value should contain a detached signature * @param {Array} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i] * @param {Date} [options.date=current date] - Override the creation date of the signature @@ -349,7 +340,7 @@ export function decrypt({ message, privateKeys, passwords, sessionKeys, publicKe * @async * @static */ -export function sign({ message, privateKeys, armor = true, streaming = message && message.fromStream, detached = false, signingKeyIDs = [], date = new Date(), fromUserIDs = [], config }) { +export function sign({ message, privateKeys, armor = true, detached = false, signingKeyIDs = [], date = new Date(), fromUserIDs = [], config }) { config = { ...defaultConfig, ...config }; checkCleartextOrMessage(message); if (message instanceof CleartextMessage && !armor) throw new Error("Can't sign non-armored cleartext message"); @@ -372,7 +363,7 @@ export function sign({ message, privateKeys, armor = true, streaming = message & ]); }); } - return convertStream(signature, streaming, armor ? 'utf8' : 'binary'); + return convertStream(signature, message.fromStream, armor ? 'utf8' : 'binary'); }).catch(onError.bind(null, 'Error signing message')); } @@ -382,7 +373,6 @@ export function sign({ message, privateKeys, armor = true, streaming = message & * @param {Key|Array} options.publicKeys - Array of publicKeys or single key, to verify signatures * @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures * @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. - * @param {'web'|'ponyfill'|'node'|false} [options.streaming=type of stream `message` was created from, if any] - Whether to return data as a stream. Defaults to the type of stream `message` was created from, if any. * @param {Signature} [options.signature] - Detached signature for verification * @param {Date} [options.date=current date] - Use the given date for verification instead of the current time * @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config} @@ -395,14 +385,14 @@ export function sign({ message, privateKeys, armor = true, streaming = message & * { * keyID: module:type/keyid~KeyID, * verified: Promise, - * valid: Boolean (if `streaming` was false) + * valid: Boolean (if `message` was not created from a stream) * }, ... * ] * } * @async * @static */ -export function verify({ message, publicKeys, format = 'utf8', streaming = message && message.fromStream, signature = null, date = new Date(), config }) { +export function verify({ message, publicKeys, format = 'utf8', signature = null, date = new Date(), config }) { config = { ...defaultConfig, ...config }; checkCleartextOrMessage(message); if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary"); @@ -417,9 +407,9 @@ export function verify({ message, publicKeys, format = 'utf8', streaming = messa result.signatures = await message.verify(publicKeys, date, config); } result.data = format === 'binary' ? message.getLiteralData() : message.getText(); - if (streaming) linkStreams(result, message); - result.data = await convertStream(result.data, streaming, format); - if (!streaming) await prepareSignatures(result.signatures); + if (message.fromStream) linkStreams(result, message); + result.data = await convertStream(result.data, message.fromStream, format); + if (!message.fromStream) await prepareSignatures(result.signatures); return result; }).catch(onError.bind(null, 'Error verifying signed message')); } @@ -558,31 +548,23 @@ function toArray(param) { /** * Convert data to or from Stream * @param {Object} data - the data to convert - * @param {'web'|'ponyfill'|'node'|false} [options.streaming] - Whether to return a ReadableStream, and of what type - * @param {'utf8'|'binary'} [options.encoding] - How to return data in Node Readable streams + * @param {'web'|'ponyfill'|'node'|false} streaming - Whether to return a ReadableStream, and of what type + * @param {'utf8'|'binary'} [encoding] - How to return data in Node Readable streams * @returns {Object} The data in the respective format. * @private */ async function convertStream(data, streaming, encoding = 'utf8') { - let streamType = util.isStream(data); - if (!streaming && streamType) { - return stream.readToEnd(data); - } + const streamType = util.isStream(data); if (streamType === 'array') { - data = await stream.readToEnd(data); - streamType = false; - } - if (streaming && !streamType) { - data = stream.toStream(data); - streamType = util.isStream(data); + return stream.readToEnd(data); } if (streaming === 'node') { data = stream.webToNode(data); if (encoding !== 'binary') data.setEncoding(encoding); return data; } - if (streaming === 'web' && streamType === 'ponyfill' && toNativeReadable) { - return toNativeReadable(data); + if (streaming === 'web' && streamType === 'ponyfill') { + return stream.toNativeReadable(data); } return data; } diff --git a/src/packet/compressed_data.js b/src/packet/compressed_data.js index 2ef36935..a3413a41 100644 --- a/src/packet/compressed_data.js +++ b/src/packet/compressed_data.js @@ -79,7 +79,7 @@ class CompressedDataPacket { * Parsing function for the packet. * @param {Uint8Array | ReadableStream} bytes - Payload of a tag 8 packet */ - async read(bytes, config, streaming) { + async read(bytes) { await stream.parse(bytes, async reader => { // One octet that gives the algorithm used to compress the packet. @@ -88,7 +88,7 @@ class CompressedDataPacket { // Compressed data, which makes up the remainder of the packet. this.compressed = reader.remainder(); - await this.decompress(streaming); + await this.decompress(); }); } @@ -110,13 +110,13 @@ class CompressedDataPacket { * Decompression method for decompressing the compressed data * read by read_packet */ - async decompress(streaming) { + async decompress() { if (!decompress_fns[this.algorithm]) { throw new Error(this.algorithm + ' decompression not supported'); } - await this.packets.read(decompress_fns[this.algorithm](this.compressed), allowedPackets, streaming); + await this.packets.read(decompress_fns[this.algorithm](this.compressed), allowedPackets); } /** diff --git a/test/general/openpgp.js b/test/general/openpgp.js index e42fe04e..4f6f59d7 100644 --- a/test/general/openpgp.js +++ b/test/general/openpgp.js @@ -2361,29 +2361,41 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('should streaming sign and verify binary data without one-pass signature', async function () { const data = new Uint8Array([3, 14, 15, 92, 65, 35, 59]); + const dataStream = global.ReadableStream ? new global.ReadableStream({ + start(controller) { + controller.enqueue(data); + controller.close(); + } + }) : new (require('stream').Readable)({ + read() { + this.push(data); + this.push(null); + } + }); const signOpt = { - message: await openpgp.createMessage({ binary: data }), + message: await openpgp.createMessage({ binary: dataStream }), privateKeys: privateKey, - armor: false, - streaming: 'web' + armor: false }; const verifyOpt = { publicKeys: publicKey, - streaming: 'web', format: 'binary' }; - const useNativeStream = (() => { try { new global.ReadableStream(); return true; } catch (e) { return false; } })(); // eslint-disable-line no-new return openpgp.sign(signOpt).then(async function (signed) { - expect(openpgp.stream.isStream(signed)).to.equal(useNativeStream ? 'web' : 'ponyfill'); + expect(openpgp.stream.isStream(signed)).to.equal(global.ReadableStream ? 'web' : 'node'); const message = await openpgp.readMessage({ binaryMessage: signed }); message.packets.concat(await openpgp.stream.readToEnd(message.packets.stream, _ => _)); const packets = new openpgp.PacketList(); packets.push(message.packets.findPacket(openpgp.enums.packet.signature)); packets.push(message.packets.findPacket(openpgp.enums.packet.literalData)); - verifyOpt.message = await openpgp.readMessage({ binaryMessage: packets.write() }); + verifyOpt.message = await openpgp.readMessage({ + binaryMessage: openpgp.stream[ + global.ReadableStream ? (global.ReadableStream === openpgp.stream.ReadableStream ? 'toStream' : 'toNativeReadable') : 'webToNode' + ](packets.write()) + }); return openpgp.verify(verifyOpt); }).then(async function (verified) { - expect(openpgp.stream.isStream(verified.data)).to.equal(useNativeStream ? 'web' : 'ponyfill'); + expect(openpgp.stream.isStream(verified.data)).to.equal(global.ReadableStream ? 'web' : 'node'); expect([].slice.call(await openpgp.stream.readToEnd(verified.data))).to.deep.equal([].slice.call(data)); expect(await verified.signatures[0].verified).to.be.true; expect(await privateKey.getSigningKey(verified.signatures[0].keyID)) diff --git a/test/general/streaming.js b/test/general/streaming.js index 8c096e46..2a8423d2 100644 --- a/test/general/streaming.js +++ b/test/general/streaming.js @@ -418,18 +418,17 @@ function tests() { expect(openpgp.stream.isStream(encrypted)).to.equal(expectedType); const message = await openpgp.readMessage({ - armoredMessage: openpgp.stream.transform(encrypted, value => { + armoredMessage: openpgp.stream[expectedType === 'node' ? 'webToNode' : global.ReadableStream === openpgp.stream.ReadableStream ? 'toStream' : 'toNativeReadable'](openpgp.stream.transform(encrypted, value => { value += ''; if (value === '=' || value.length === 5) return; // Remove checksum const newlineIndex = value.indexOf('\n', 500); if (value.length > 1000) return value.slice(0, newlineIndex - 1) + (value[newlineIndex - 1] === 'a' ? 'b' : 'a') + value.slice(newlineIndex); return value; - }) + }), { encoding: 'utf8' }) }); const decrypted = await openpgp.decrypt({ passwords: ['test'], message, - streaming: expectedType, format: 'binary' }); expect(openpgp.stream.isStream(decrypted.data)).to.equal(expectedType); @@ -457,18 +456,17 @@ function tests() { expect(openpgp.stream.isStream(encrypted)).to.equal(expectedType); const message = await openpgp.readMessage({ - armoredMessage: openpgp.stream.transform(encrypted, value => { + armoredMessage: openpgp.stream[expectedType === 'node' ? 'webToNode' : global.ReadableStream === openpgp.stream.ReadableStream ? 'toStream' : 'toNativeReadable'](openpgp.stream.transform(encrypted, value => { value += ''; const newlineIndex = value.indexOf('\n', 500); if (value.length > 1000) return value.slice(0, newlineIndex - 1) + (value[newlineIndex - 1] === 'a' ? 'b' : 'a') + value.slice(newlineIndex); return value; - }) + }), { encoding: 'utf8' }) }); const decrypted = await openpgp.decrypt({ publicKeys: pubKey, privateKeys: privKey, message, - streaming: expectedType, format: 'binary' }); expect(openpgp.stream.isStream(decrypted.data)).to.equal(expectedType); @@ -495,17 +493,16 @@ function tests() { expect(openpgp.stream.isStream(encrypted)).to.equal(expectedType); const message = await openpgp.readMessage({ - armoredMessage: openpgp.stream.transform(encrypted, value => { + armoredMessage: openpgp.stream[expectedType === 'node' ? 'webToNode' : global.ReadableStream === openpgp.stream.ReadableStream ? 'toStream' : 'toNativeReadable'](openpgp.stream.transform(encrypted, value => { value += ''; const newlineIndex = value.indexOf('\n', 500); if (value.length > 1000) return value.slice(0, newlineIndex - 1) + (value[newlineIndex - 1] === 'a' ? 'b' : 'a') + value.slice(newlineIndex); return value; - }) + }), { encoding: 'utf8' }) }); const decrypted = await openpgp.decrypt({ privateKeys: privKey, message, - streaming: expectedType, format: 'binary' }); expect(openpgp.stream.isStream(decrypted.data)).to.equal(expectedType); @@ -529,17 +526,16 @@ function tests() { expect(openpgp.stream.isStream(signed)).to.equal(expectedType); const message = await openpgp.readMessage({ - armoredMessage: openpgp.stream.transform(signed, value => { + armoredMessage: openpgp.stream[expectedType === 'node' ? 'webToNode' : global.ReadableStream === openpgp.stream.ReadableStream ? 'toStream' : 'toNativeReadable'](openpgp.stream.transform(signed, value => { value += ''; const newlineIndex = value.indexOf('\n', 500); if (value.length > 1000) return value.slice(0, newlineIndex - 1) + (value[newlineIndex - 1] === 'a' ? 'b' : 'a') + value.slice(newlineIndex); return value; - }) + }), { encoding: 'utf8' }) }); const verified = await openpgp.verify({ publicKeys: pubKey, message, - streaming: expectedType, format: 'binary', config: { minRSABits: 1024 } }); @@ -671,7 +667,6 @@ function tests() { message: await openpgp.createMessage({ binary: data }), privateKeys: privKey, detached: true, - streaming: expectedType, config: { minRSABits: 1024 } }); expect(openpgp.stream.isStream(signed)).to.equal(expectedType); @@ -688,42 +683,6 @@ function tests() { expect(verified.signatures[0].valid).to.be.true; }); - it('Detached sign small message (not streaming)', async function() { - dataArrived(); // Do not wait until data arrived. - const data = ReadableStream ? new ReadableStream({ - start(controller) { - controller.enqueue(util.stringToUint8Array('hello ')); - controller.enqueue(util.stringToUint8Array('world')); - controller.close(); - } - }) : new NodeReadableStream({ - read() { - this.push(util.stringToUint8Array('hello ')); - this.push(util.stringToUint8Array('world')); - this.push(null); - } - }); - const signed = await openpgp.sign({ - message: await openpgp.createMessage({ binary: data }), - privateKeys: privKey, - detached: true, - streaming: false, - armor: false, - config: { minRSABits: 1024 } - }); - expect(openpgp.stream.isStream(signed)).to.be.false; - const signature = await openpgp.readMessage({ binaryMessage: signed }); - const verified = await openpgp.verify({ - signature, - publicKeys: pubKey, - message: await openpgp.createMessage({ text: 'hello world' }), - config: { minRSABits: 1024 } - }); - expect(verified.data).to.equal('hello world'); - expect(verified.signatures).to.exist.and.have.length(1); - expect(verified.signatures[0].valid).to.be.true; - }); - it('Detached sign small message using brainpool curve keys', async function() { dataArrived(); // Do not wait until data arrived. const data = ReadableStream ? new ReadableStream({ @@ -745,8 +704,7 @@ function tests() { const signed = await openpgp.sign({ message: await openpgp.createMessage({ binary: data }), privateKeys: priv, - detached: true, - streaming: expectedType + detached: true }); expect(openpgp.stream.isStream(signed)).to.equal(expectedType); const armoredSignature = await openpgp.stream.readToEnd(signed); @@ -782,8 +740,7 @@ function tests() { const signed = await openpgp.sign({ message: await openpgp.createMessage({ binary: data }), privateKeys: priv, - detached: true, - streaming: expectedType + detached: true }); expect(openpgp.stream.isStream(signed)).to.equal(expectedType); const armoredSignature = await openpgp.stream.readToEnd(signed); @@ -898,7 +855,6 @@ function tests() { }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: data }), - streaming: expectedType, passwords: ['test'] }); expect(openpgp.stream.isStream(encrypted)).to.equal(expectedType); diff --git a/test/security/message_signature_bypass.js b/test/security/message_signature_bypass.js index 0fd31696..264aad6a 100644 --- a/test/security/message_signature_bypass.js +++ b/test/security/message_signature_bypass.js @@ -97,8 +97,7 @@ async function fakeSignature() { // faked message now verifies correctly const res = await openpgp.verify({ message: fake, - publicKeys: await getOtherPubKey(), - streaming: false + publicKeys: await getOtherPubKey() }); const { signatures } = res; expect(signatures).to.have.length(0); diff --git a/test/security/subkey_trust.js b/test/security/subkey_trust.js index 63468049..387a6cc9 100644 --- a/test/security/subkey_trust.js +++ b/test/security/subkey_trust.js @@ -29,7 +29,6 @@ async function generateTestData() { const signed = await openpgp.sign({ message: await createCleartextMessage({ text: 'I am batman' }), privateKeys: victimPrivKey, - streaming: false, armor: true }); return { @@ -68,8 +67,7 @@ async function testSubkeyTrust() { fakeKey = await readKey({ armoredKey: await fakeKey.toPublic().armor() }); const verifyAttackerIsBatman = await openpgp.verify({ message: await readCleartextMessage({ cleartextMessage: signed }), - publicKeys: fakeKey, - streaming: false + publicKeys: fakeKey }); expect(verifyAttackerIsBatman.signatures[0].keyID.equals(victimPubKey.subKeys[0].getKeyID())).to.be.true; expect(verifyAttackerIsBatman.signatures[0].valid).to.be.false;