updates

Pass the error through the node stream better.
add test for browsers.

Author: seebees

modules/decrypt-browser/test/decrypt.test.ts

@@ -32,4 +32,15 @@ describe('decrypt', () => {
     expect(messageHeader.encryptionContext).to.deep.equal(fixtures.encryptionContext())
     expect(test).to.deep.equal(fixtures.plaintext())
   })
+
+  it('Precondition: The sequence number is required to monotonically increase, starting from 1.', async () => {
+    return decrypt(
+      fixtures.decryptKeyring(),
+      fixtures.frameSequenceOutOfOrder()
+    ).then(() => {
+      throw new Error('should not succeed')
+    }, err => {
+      expect(err).to.be.instanceOf(Error)
+    })
+  })
 })

modules/decrypt-browser/test/fixtures.ts

@@ -43,13 +43,14 @@ export function frameSequenceOutOfOrder () {
    * The data key is all zeros.
    * The frames have been reordered in order to test decryption failure.
    */
-  return [
+  return new Uint8Array([
     1, 128, 0, 20, 111, 198, 208, 129, 64, 41, 115, 91, 247, 27, 148, 148, 102, 70, 149, 210, 0, 0, 0, 1, 0, 1, 107, 0, 1, 107, 0, 3, 0, 0, 0, 2, 0, 0, 0, 0, 12, 0, 0, 0, 1, // header
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 85, 20, 93, 96, 34, 206, 116, 216, 115, 183, 217, 192, 84, 155, 15, // header auth
     0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71, 217, 75, 144, 128, 252, 7, 157, 174, 2, 89, 248, 206, 24, 122, 69, 226, 95, // f
     0, 0, 0, 48, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 62, 114, 251, 4, 157, 182, 94, 8, 230, 234, 185, 222, 120, 209, 235, 186, 207, 112, // d
     0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 42, 44, 171, 202, 172, 191, 0, 232, 145, 31, 77, 90, 8, 233, 45, 106, 60, 176, // s
-    0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 16, 248, 112, 28, 63, 229, 61, 238, 146, 255, 228, 38, 170, 100, 42, 251, 21, 208] // a
+    0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 16, 248, 112, 28, 63, 229, 61, 238, 146, 255, 228, 38, 170, 100, 42, 251, 21, 208 // a
+  ])
 }
 
 class TestKeyring extends KeyringWebCrypto {

modules/decrypt-node/src/decrypt_stream.ts

@@ -25,7 +25,7 @@ import Duplexify from 'duplexify'
 import { Duplex } from 'stream' // eslint-disable-line no-unused-vars
 
 // @ts-ignore
-import { pipeline } from 'readable-stream'
+import { pipeline, PassThrough } from 'readable-stream'
 
 export interface DecryptStreamOptions {
   maxBodySize?: number
@@ -44,7 +44,13 @@ export function decryptStream (
   const verifyStream = new VerifyStream({ maxBodySize })
   const decipherStream = getDecipherStream()
 
-  pipeline(parseHeaderStream, verifyStream, decipherStream)
+  /* pipeline will _either_ stream.destroy or the callback.
+   * decipherStream uses destroy to dispose the material.
+   * So I tack a pass though stream onto the end.
+   */
+  pipeline(parseHeaderStream, verifyStream, decipherStream, new PassThrough(), (err: Error) => {
+    if (err) stream.emit('error', err)
+  })
 
   const stream = new Duplexify(parseHeaderStream, decipherStream)
 

modules/decrypt-node/src/parse_header_stream.ts

@@ -108,7 +108,17 @@ export class ParseHeaderStream extends PortableTransformWithType {
         // The header is parsed, pass control
         const readPos = rawHeader.byteLength + headerIv.byteLength + headerAuthTag.byteLength
         const tail = headerBuffer.slice(readPos)
-        this._transform = (chunk: any, _enc: string, cb: Function) => cb(null, chunk)
+        /* needs calls in downstream _transform streams will throw.
+         * But streams are async.
+         * So this error should be turned into an `.emit('error', ex)`.
+         */
+        this._transform = (chunk: any, _enc: string, cb: Function) => {
+          try {
+            cb(null, chunk)
+          } catch (ex) {
+            this.emit('error', ex)
+          }
+        }
         // flush the tail.  Stream control is now in the verify and decrypt streams
         return setImmediate(() => this._transform(tail, encoding, callback))
       })

modules/decrypt-node/test/decrypt.test.ts

@@ -69,10 +69,10 @@ describe('decrypt', () => {
   })
 
   it('Precondition: The sequence number is required to monotonically increase, starting from 1.', async () => {
-    expect(decrypt(
+    return expect(decrypt(
       fixtures.decryptKeyring(),
       fixtures.frameSequenceOutOfOrder(),
       { encoding: 'base64' }
-    )).to.rejectedWith(Error)
+    )).to.rejectedWith(Error, 'Encrypted body sequence out of order.')
   })
 })