diff options
author | Harsh Shandilya <me@msfjarvis.dev> | 2023-06-19 21:50:38 +0530 |
---|---|---|
committer | Harsh Shandilya <me@msfjarvis.dev> | 2023-06-19 21:50:38 +0530 |
commit | e0a0ca9be04592a1d738bb946844e67b7e14e2ac (patch) | |
tree | 3d50ed430f44c360134adaf9a1889228c07fbe0e /crypto-pgpainless/src | |
parent | e8a9944522e6948662075f3818fba64f0f635ecf (diff) |
fix(pgpainless): add metadata test to decryption step
Diffstat (limited to 'crypto-pgpainless/src')
-rw-r--r-- | crypto-pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/crypto-pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt b/crypto-pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt index cf29931b..a7087acf 100644 --- a/crypto-pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt +++ b/crypto-pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt @@ -19,6 +19,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing import org.bouncycastle.openpgp.PGPPublicKeyRingCollection import org.bouncycastle.openpgp.PGPSecretKeyRing import org.bouncycastle.openpgp.PGPSecretKeyRingCollection +import org.bouncycastle.util.io.Streams import org.pgpainless.PGPainless import org.pgpainless.decryption_verification.ConsumerOptions import org.pgpainless.encryption_signing.EncryptionOptions @@ -53,14 +54,21 @@ public class PGPainlessCryptoHandler @Inject constructor() : .map { key -> PGPainless.readKeyRing().secretKeyRing(key.contents) } .run(::PGPSecretKeyRingCollection) val protector = SecretKeyRingProtector.unlockAnyKeyWith(Passphrase.fromPassword(passphrase)) - PGPainless.decryptAndOrVerify() - .onInputStream(ciphertextStream) - .withOptions( - ConsumerOptions() - .addDecryptionKeys(keyringCollection, protector) - .addDecryptionPassphrase(Passphrase.fromPassword(passphrase)) - ) - .use { decryptionStream -> decryptionStream.copyTo(outputStream) } + val decryptionStream = + PGPainless.decryptAndOrVerify() + .onInputStream(ciphertextStream) + .withOptions( + ConsumerOptions() + .addDecryptionKeys(keyringCollection, protector) + .addDecryptionPassphrase(Passphrase.fromPassword(passphrase)) + ) + Streams.pipeAll(decryptionStream, outputStream) + decryptionStream.close() + keyringCollection.forEach { keyRing -> + check(decryptionStream.metadata.isEncryptedFor(keyRing)) { + "Stream should be encrypted for ${keyRing.secretKey.keyID} but wasn't" + } + } return@runCatching } .mapError { error -> @@ -106,12 +114,12 @@ public class PGPainlessCryptoHandler @Inject constructor() : val producerOptions = ProducerOptions.encrypt(encryptionOptions) .setAsciiArmor(options.isOptionEnabled(PGPEncryptOptions.ASCII_ARMOR)) - val encryptor = + val encryptionStream = PGPainless.encryptAndOrSign().onOutputStream(outputStream).withOptions(producerOptions) - plaintextStream.copyTo(encryptor) - encryptor.close() - val result = encryptor.result - publicKeyRingCollection.keyRings.forEach { keyRing -> + Streams.pipeAll(plaintextStream, encryptionStream) + encryptionStream.close() + val result = encryptionStream.result + publicKeyRingCollection.forEach { keyRing -> require(result.isEncryptedFor(keyRing)) { "Stream should be encrypted for ${keyRing.publicKey.keyID} but wasn't" } |