Merge pull request #1893

2025-11-23 22:15:52 +00:00 · 2025-11-13 16:57:59 +01:00 · 2025-11-13 16:57:59 +01:00 · 7da8b81391
commit 7da8b81391
parent 9764b268b3 4aad1d1e34
6 changed files with 22 additions and 20 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -16,7 +16,7 @@
        "@openpgp/jsdoc": "^4.0.4",
        "@openpgp/seek-bzip": "^1.0.5-git",
        "@openpgp/tweetnacl": "^1.0.4-2",
-        "@openpgp/web-stream-tools": "~0.2.1",
+        "@openpgp/web-stream-tools": "~0.3.0",
        "@rollup/plugin-alias": "^5.1.1",
        "@rollup/plugin-commonjs": "^28.0.9",
        "@rollup/plugin-node-resolve": "^16.0.3",
@ -1429,11 +1429,10 @@
      "license": "Unlicense"
    },
    "node_modules/@openpgp/web-stream-tools": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/@openpgp/web-stream-tools/-/web-stream-tools-0.2.1.tgz",
-      "integrity": "sha512-gE6+8mVrpKOa9RurAP+TToUo/DCGLNfpnRiq/YuA5Dq/rUAVSeM6Ejrgl25qpRiOQb/qcGyM25m1l9eE4aPdfw==",
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/@openpgp/web-stream-tools/-/web-stream-tools-0.3.0.tgz",
+      "integrity": "sha512-WGCcIti5uAwySkdny5IJ975Vu6fS45LE9Ce3M7vylIWOZwzL4qFUFclskZ6JU7rQ1zgoze6CQ//QKFc/ML2uqw==",
      "dev": true,
-      "license": "MIT",
      "engines": {
        "node": ">= 18.0.0"
      },
--- a/package.json
+++ b/package.json
@ -70,7 +70,7 @@
    "@openpgp/jsdoc": "^4.0.4",
    "@openpgp/seek-bzip": "^1.0.5-git",
    "@openpgp/tweetnacl": "^1.0.4-2",
-    "@openpgp/web-stream-tools": "~0.2.1",
+    "@openpgp/web-stream-tools": "~0.3.0",
    "@rollup/plugin-alias": "^5.1.1",
    "@rollup/plugin-commonjs": "^28.0.9",
    "@rollup/plugin-node-resolve": "^16.0.3",
--- a/src/crypto/cipherMode/cfb.js
+++ b/src/crypto/cipherMode/cfb.js
@ -24,7 +24,7 @@

 import { cfb as nobleAesCfb, unsafe as nobleAesHelpers } from '@noble/ciphers/aes';

-import { transform as streamTransform } from '@openpgp/web-stream-tools';
+import { transform as streamTransform, transformAsync as streamTransformAsync } from '@openpgp/web-stream-tools';
 import util from '../../util';
 import enums from '../../enums';
 import { getLegacyCipher, getCipherParams } from '../cipher';
@ -351,10 +351,10 @@ class NobleStreamProcessor {
 async function aesEncrypt(algo, key, pt, iv) {
  if (webCrypto && await WebCryptoEncryptor.isSupported(algo)) { // Chromium does not implement AES with 192-bit keys
    const cfb = new WebCryptoEncryptor(algo, key, iv);
-    return util.isStream(pt) ? streamTransform(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt);
+    return util.isStream(pt) ? streamTransformAsync(pt, value => cfb.encryptChunk(value), () => cfb.finish()) : cfb.encrypt(pt);
  } else if (util.isStream(pt)) { // async callbacks are not accepted by streamTransform unless the input is a stream
    const cfb = new NobleStreamProcessor(true, algo, key, iv);
-    return streamTransform(pt, value => cfb.processChunk(value), () => cfb.finish());
+    return streamTransformAsync(pt, value => cfb.processChunk(value), () => cfb.finish());
  }
  return nobleAesCfb(key, iv).encrypt(pt);
 }
@ -362,7 +362,7 @@ async function aesEncrypt(algo, key, pt, iv) {
 function aesDecrypt(algo, key, ct, iv) {
  if (util.isStream(ct)) {
    const cfb = new NobleStreamProcessor(false, algo, key, iv);
-    return streamTransform(ct, value => cfb.processChunk(value), () => cfb.finish());
+    return streamTransformAsync(ct, value => cfb.processChunk(value), () => cfb.finish());
  }
  return nobleAesCfb(key, iv).decrypt(ct);
 }
--- a/test/general/signature.js
+++ b/test/general/signature.js
@ -988,12 +988,12 @@ AkLaG/AkATpuH+DMkYDmKbDLGgD+N4yuxXBJmBfC2IBe4J1S2Gg=
      format: 'object'
    });
    await loadStreamsPolyfill();
-    const { signatures: [sigInfo] } = await openpgp.verify({
+    const { data, signatures: [sigInfo] } = await openpgp.verify({
      verificationKeys: expiredKey,
      message: await openpgp.readMessage({ armoredMessage: stream.toStream(armoredMessage) }),
      config: { minRSABits: 1024 }
-
    });
+    await stream.readToEnd(data);
    await expect(sigInfo.verified).to.be.rejectedWith(/Primary key is expired/);
  });

@ -1019,11 +1019,12 @@ aMsUdQBgnPAcSGVsbG8gV29ybGQgOik=
      format: 'object'
    });
    await loadStreamsPolyfill();
-    const { signatures: [sigInfo] } = await openpgp.verify({
+    const { data, signatures: [sigInfo] } = await openpgp.verify({
      verificationKeys: expiredKey,
      message: await openpgp.readMessage({ armoredMessage: stream.toStream(armoredMessage) }),
      config: { minRSABits: 1024 }
    });
+    await stream.readToEnd(data);
    await expect(sigInfo.verified).to.be.rejectedWith(/Primary key is expired/);
  });

@ -1049,11 +1050,12 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
      format: 'object'
    });
    await loadStreamsPolyfill();
-    const { signatures: [sigInfo] } = await openpgp.verify({
+    const { data, signatures: [sigInfo] } = await openpgp.verify({
      verificationKeys: expiredKey,
      message: await openpgp.readMessage({ armoredMessage: stream.toStream(armoredMessage) }),
      config: { minRSABits: 1024 }
    });
+    await stream.readToEnd(data);
    expect(await sigInfo.verified).to.be.true;
  });

@ -1078,11 +1080,12 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
      date: key.keyPacket.created,
      format: 'object'
    });
-    const { signatures: [sigInfo] } = await openpgp.verify({
+    const { data, signatures: [sigInfo] } = await openpgp.verify({
      verificationKeys: expiredKey,
      message: await openpgp.readMessage({ armoredMessage }),
      config: { minRSABits: 1024 }
    });
+    await stream.readToEnd(data);
    expect(await sigInfo.verified).to.be.true;
  });

--- a/test/typescript/definitions.ts
+++ b/test/typescript/definitions.ts
@ -223,10 +223,10 @@ import {
  } catch {}
  const webTextStream = new WebReadableStream<string>();
  const messageFromWebTextStream = await createMessage({ text: webTextStream });
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
-  (await encrypt({ message: messageFromWebTextStream, passwords: 'password', format: 'armored' })) as WebStream<string>;
  messageFromWebTextStream.getText() as WebStream<string>;
  messageFromWebTextStream.getLiteralData() as WebStream<Uint8Array>;
+  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
+  (await encrypt({ message: messageFromWebTextStream, passwords: 'password', format: 'armored' })) as WebStream<string>;

  // Streaming - encrypt binary message (binary output)
  try {
@ -237,10 +237,10 @@ import {
  } catch {}
  const webBinaryStream = new WebReadableStream<Uint8Array>();
  const messageFromWebBinaryStream = await createMessage({ binary: webBinaryStream });
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
-  (await encrypt({ message: messageFromWebBinaryStream, passwords: 'password', format: 'binary' })) as WebStream<Uint8Array>;
  messageFromWebBinaryStream.getText() as WebStream<string>;
  messageFromWebBinaryStream.getLiteralData() as WebStream<Uint8Array>;
+  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
+  (await encrypt({ message: messageFromWebBinaryStream, passwords: 'password', format: 'binary' })) as WebStream<Uint8Array>;

  console.log('TypeScript definitions are correct');
 })().catch(e => {
--- a/test/web-test-runner.browserstack.config.js
+++ b/test/web-test-runner.browserstack.config.js
@ -20,7 +20,7 @@ export default {
  testsStartTimeout: 25000,
  testsStartTimeoutMaxRetries: 3, // custom config from @openpgp/wtr-test-runner-core
  browserStartTimeout: 120000,
-  testsFinishTimeout: 450000,
+  testsFinishTimeout: 600000,
  concurrentBrowsers: 1,
  concurrency: 1, // see https://github.com/modernweb-dev/web/issues/2706
  coverage: false,