Rename config.unsafe_stream to allow_unauthenticated_stream
This commit is contained in:
Daniel Huigens
parent
2b30ab9c8f
commit
e66d44e42d
|
|
@ -93,6 +93,11 @@ export default {
|
||||||
* @property {Boolean} ignore_mdc_error Fail on decrypt if message is not integrity protected
|
* @property {Boolean} ignore_mdc_error Fail on decrypt if message is not integrity protected
|
||||||
*/
|
*/
|
||||||
ignore_mdc_error: false,
|
ignore_mdc_error: false,
|
||||||
|
/**
|
||||||
|
* @memberof module:config
|
||||||
|
* @property {Boolean} allow_unauthenticated_stream Stream unauthenticated data before integrity has been checked
|
||||||
|
*/
|
||||||
|
allow_unauthenticated_stream: false,
|
||||||
/**
|
/**
|
||||||
* @memberof module:config
|
* @memberof module:config
|
||||||
* @property {Boolean} checksum_required Do not throw error when armor is missing a checksum
|
* @property {Boolean} checksum_required Do not throw error when armor is missing a checksum
|
||||||
|
|
|
||||||
|
|
@ -148,7 +148,7 @@ SymEncryptedIntegrityProtected.prototype.decrypt = async function (sessionKeyAlg
|
||||||
});
|
});
|
||||||
let packetbytes = stream.slice(bytes, 0, -2);
|
let packetbytes = stream.slice(bytes, 0, -2);
|
||||||
packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);
|
packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);
|
||||||
if (!util.isStream(encrypted) || !config.unsafe_stream) {
|
if (!util.isStream(encrypted) || !config.allow_unauthenticated_stream) {
|
||||||
packetbytes = await stream.readToEnd(packetbytes);
|
packetbytes = await stream.readToEnd(packetbytes);
|
||||||
}
|
}
|
||||||
await this.packets.read(packetbytes);
|
await this.packets.read(packetbytes);
|
||||||
|
|
|
||||||
|
|
@ -226,9 +226,9 @@ describe('Streaming', function() {
|
||||||
expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
|
expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Encrypt and decrypt larger message roundtrip (unsafe_stream=true)', async function() {
|
it('Encrypt and decrypt larger message roundtrip (allow_unauthenticated_stream=true)', async function() {
|
||||||
let unsafe_streamValue = openpgp.config.unsafe_stream;
|
let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
|
||||||
openpgp.config.unsafe_stream = true;
|
openpgp.config.allow_unauthenticated_stream = true;
|
||||||
try {
|
try {
|
||||||
let plaintext = [];
|
let plaintext = [];
|
||||||
let i = 0;
|
let i = 0;
|
||||||
|
|
@ -263,13 +263,13 @@ describe('Streaming', function() {
|
||||||
expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
|
expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
|
||||||
expect(decrypted.signatures).to.exist.and.have.length(0);
|
expect(decrypted.signatures).to.exist.and.have.length(0);
|
||||||
} finally {
|
} finally {
|
||||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Encrypt and decrypt larger message roundtrip using public keys (unsafe_stream=true)', async function() {
|
it('Encrypt and decrypt larger message roundtrip using public keys (allow_unauthenticated_stream=true)', async function() {
|
||||||
let unsafe_streamValue = openpgp.config.unsafe_stream;
|
let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
|
||||||
openpgp.config.unsafe_stream = true;
|
openpgp.config.allow_unauthenticated_stream = true;
|
||||||
try {
|
try {
|
||||||
const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
|
const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
|
||||||
const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
|
const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
|
||||||
|
|
@ -308,13 +308,13 @@ describe('Streaming', function() {
|
||||||
if (i > 10) throw new Error('Data did not arrive early.');
|
if (i > 10) throw new Error('Data did not arrive early.');
|
||||||
expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
|
expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
|
||||||
} finally {
|
} finally {
|
||||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Detect MDC modifications (unsafe_stream=true)', async function() {
|
it('Detect MDC modifications (allow_unauthenticated_stream=true)', async function() {
|
||||||
let unsafe_streamValue = openpgp.config.unsafe_stream;
|
let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
|
||||||
openpgp.config.unsafe_stream = true;
|
openpgp.config.allow_unauthenticated_stream = true;
|
||||||
try {
|
try {
|
||||||
let plaintext = [];
|
let plaintext = [];
|
||||||
let i = 0;
|
let i = 0;
|
||||||
|
|
@ -352,13 +352,13 @@ describe('Streaming', function() {
|
||||||
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Modification detected.');
|
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Modification detected.');
|
||||||
expect(decrypted.signatures).to.exist.and.have.length(0);
|
expect(decrypted.signatures).to.exist.and.have.length(0);
|
||||||
} finally {
|
} finally {
|
||||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Detect armor checksum error (unsafe_stream=true)', async function() {
|
it('Detect armor checksum error (allow_unauthenticated_stream=true)', async function() {
|
||||||
let unsafe_streamValue = openpgp.config.unsafe_stream;
|
let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
|
||||||
openpgp.config.unsafe_stream = true;
|
openpgp.config.allow_unauthenticated_stream = true;
|
||||||
try {
|
try {
|
||||||
const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
|
const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
|
||||||
const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
|
const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
|
||||||
|
|
@ -401,13 +401,13 @@ describe('Streaming', function() {
|
||||||
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Ascii armor integrity check on message failed');
|
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Ascii armor integrity check on message failed');
|
||||||
expect(decrypted.signatures).to.exist.and.have.length(1);
|
expect(decrypted.signatures).to.exist.and.have.length(1);
|
||||||
} finally {
|
} finally {
|
||||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Detect armor checksum error when not passing public keys (unsafe_stream=true)', async function() {
|
it('Detect armor checksum error when not passing public keys (allow_unauthenticated_stream=true)', async function() {
|
||||||
let unsafe_streamValue = openpgp.config.unsafe_stream;
|
let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
|
||||||
openpgp.config.unsafe_stream = true;
|
openpgp.config.allow_unauthenticated_stream = true;
|
||||||
try {
|
try {
|
||||||
const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
|
const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
|
||||||
const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
|
const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
|
||||||
|
|
@ -450,13 +450,13 @@ describe('Streaming', function() {
|
||||||
expect(decrypted.signatures).to.exist.and.have.length(1);
|
expect(decrypted.signatures).to.exist.and.have.length(1);
|
||||||
expect(await decrypted.signatures[0].verified).to.be.null;
|
expect(await decrypted.signatures[0].verified).to.be.null;
|
||||||
} finally {
|
} finally {
|
||||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Sign/verify: Detect armor checksum error (unsafe_stream=true)', async function() {
|
it('Sign/verify: Detect armor checksum error (allow_unauthenticated_stream=true)', async function() {
|
||||||
let unsafe_streamValue = openpgp.config.unsafe_stream;
|
let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
|
||||||
openpgp.config.unsafe_stream = true;
|
openpgp.config.allow_unauthenticated_stream = true;
|
||||||
try {
|
try {
|
||||||
const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
|
const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
|
||||||
const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
|
const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
|
||||||
|
|
@ -496,7 +496,7 @@ describe('Streaming', function() {
|
||||||
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Ascii armor integrity check on message failed');
|
await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Ascii armor integrity check on message failed');
|
||||||
expect(decrypted.signatures).to.exist.and.have.length(1);
|
expect(decrypted.signatures).to.exist.and.have.length(1);
|
||||||
} finally {
|
} finally {
|
||||||
openpgp.config.unsafe_stream = unsafe_streamValue;
|
openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user