Merge pull request #35 from VirgilSecurity/v3.2.3

v3.2.3

Author: Alexey Smirnov

package.json

@@ -1,6 +1,6 @@
 {
   "name": "virgil-crypto",
-  "version": "3.2.2",
+  "version": "3.2.3",
   "main": "dist/virgil-crypto.cjs.js",
   "browser": {
     "./dist/virgil-crypto.cjs.js": "./dist/virgil-crypto.browser.cjs.js",

src/VirgilCrypto.ts

@@ -7,7 +7,7 @@ import { VirgilPublicKey } from './VirgilPublicKey';
 import { VirgilPrivateKey } from './VirgilPrivateKey';
 import { getPrivateKeyBytes } from './privateKeyUtils';
 import { validatePrivateKey, validatePublicKey, validatePublicKeysArray } from './validators';
-import { VirgilStreamCipher } from './streams/VirgilStreamCipher';
+import { VirgilStreamCipher, VirgilStreamCipherOptions } from './streams/VirgilStreamCipher';
 import { VirgilStreamDecipher } from './streams/VirgilStreamDecipher';
 import { VirgilStreamSigner } from './streams/VirgilStreamSigner';
 import { VirgilStreamVerifier } from './streams/VirgilStreamVerifier';
@@ -477,11 +477,12 @@ export class VirgilCrypto {
 	/**
 	 * Creates an instance of {@link VirgilStreamCipher} to be used
 	 * to encrypt data in chunks using the given `publicKey`.
-	 * @param {VirgilPublicKey|VirgilPublicKey[]} publicKey - A signle
+	 * @param {VirgilPublicKey|VirgilPublicKey[]} publicKey - A single
 	 * public key or an array of public keys to encrypt the data with.
+	 * @param {Data} [signature] - Optionally add a signature of plain data to the encrypted stream.
 	 */
-	createStreamCipher (publicKey: VirgilPublicKey|VirgilPublicKey[]) {
-		return new VirgilStreamCipher(publicKey);
+	createStreamCipher (publicKey: VirgilPublicKey|VirgilPublicKey[], options?: VirgilStreamCipherOptions) {
+		return new VirgilStreamCipher(publicKey, options);
 	}
 
 	/**
@@ -504,7 +505,7 @@ export class VirgilCrypto {
 
 	/**
 	 * Creates an instance of {@link VirgilStreamVerifier} to be used
-	 * to verify the `signature` for the data in comming in chunks.
+	 * to verify the `signature` for the data in coming in chunks.
 	 *
 	 * @param {Data} signature - The signature to be verified.
 	 * @param {StringEncoding} encoding - If `signature` is a string,

src/common/IVirgilCryptoWrapper.ts

@@ -323,6 +323,7 @@ export interface IDeletable {
  * `VirgilByteArray` to\from `Buffer`s.
  */
 export interface WrappedVirgilCipherBase extends IDeletable {
+	customParams(): any;
 	addKeyRecipientSafe(recipientId: Buffer, publicKey: Buffer): void;
 	addPasswordRecipientSafe(password: Buffer): void;
 }

src/streams/VirgilStreamCipher.ts

@@ -2,12 +2,29 @@ import { VirgilPublicKey } from '../VirgilPublicKey';
 import { toArray } from '../utils/toArray';
 import { validatePublicKeysArray } from '../validators';
 import { VirgilStreamCipherBase } from './VirgilStreamCipherBase';
+import { Data } from './../interfaces';
+import { DATA_SIGNATURE_KEY } from '../common/constants';
+import { anyToBuffer, StringEncoding } from '../utils/anyToBuffer';
+
+/**
+ * `VirgilStreamCipher` constructor `options` parameter.
+ */
+export interface VirgilStreamCipherOptions {
+	/**
+	 *  Optionally add a signature of plain data to the encrypted stream.
+	 */
+	signature?: Data;
+	/**
+	 * If `signature` is a string,
+	 * specifies its encoding, otherwise is ignored. Default is 'base64'.
+	 */
+	encoding?: StringEncoding;
+}
 
 /**
  * Class responsible for encryption of streams of data.
  */
 export class VirgilStreamCipher extends VirgilStreamCipherBase {
-
 	/**
 	 * Initializes a new instance of `VirgilStreamCipher`.
 	 * `VirgilStreamCipher` objects are not meant to be created with the `new`
@@ -19,16 +36,27 @@ export class VirgilStreamCipher extends VirgilStreamCipherBase {
 	 * @param {VirgilPublicKey|VirgilPublicKey[]} publicKeys - A single
 	 * {@link VirgilPublicKey} or an array of {@link VirgilPublicKey}'s to
 	 * to encrypt the data with.
+	 * @param {VirgilStreamCipherOptions} [options] - `VirgilStreamCipherOptions` object.
 	 */
-	constructor (publicKeys: VirgilPublicKey|VirgilPublicKey[]) {
+	constructor(
+		publicKeys: VirgilPublicKey | VirgilPublicKey[],
+		options?: VirgilStreamCipherOptions
+	) {
 		const publicKeyArr = toArray(publicKeys);
 		validatePublicKeysArray(publicKeyArr);
 
 		super();
 
-		for (const { identifier, key} of publicKeyArr) {
+		for (const { identifier, key } of publicKeyArr) {
 			this.seqCipher.addKeyRecipientSafe(identifier, key);
 		}
+
+		if (options && options.signature) {
+			const signatureKey = Buffer.from(DATA_SIGNATURE_KEY);
+			const customParams = this.seqCipher.customParams();
+			const encoding = options.encoding ? options.encoding : 'base64'
+			customParams.setDataSafe(signatureKey, anyToBuffer(options.signature, encoding));
+		}
 	}
 
 	/**

src/streams/VirgilStreamCipherBase.ts

@@ -13,7 +13,7 @@ export class VirgilStreamCipherBase {
 	/**
 	 * Indicates whether the `final` method has been called.
 	 */
-	private isFinished: boolean = false;
+	isFinished: boolean = false;
 
 	/**
 	 * Indicates whether the `dispose` method has been called.
@@ -51,14 +51,22 @@ export class VirgilStreamCipherBase {
 	 * or decrypt data, attempts to call any method including `final` will
 	 * result in an error being thrown.
 	 * This method also automatically calls `dispose`.
+	 * @param {boolean} dispose - Optional. Indicating whether to automatically
+	 * free the memory occupied by internal {@link seqSigner} object in the
+	 * browser.
+	 * Default is `true`. `false` is used to perform operations in inherited classes.
+	 * If you pass `false` as an argument you should call `dispose` method manually.
+	 *
+	 * In node.js this argument is ignored because the memory will be freed by the
+	 * garbage collector.
 	 */
-	final () {
+	final (dispose: boolean = true) {
 		this.ensureLegalState();
 		try {
 			return this.seqCipher.finishSafe();
 		} finally {
 			this.isFinished = true;
-			this.dispose();
+			if (dispose) this.dispose();
 		}
 	}
 

src/streams/VirgilStreamDecipher.ts

@@ -2,6 +2,8 @@ import { validatePrivateKey } from '../validators';
 import { VirgilPrivateKey } from '../VirgilPrivateKey';
 import { getPrivateKeyBytes } from '../privateKeyUtils';
 import { VirgilStreamCipherBase } from './VirgilStreamCipherBase';
+import { DATA_SIGNATURE_KEY } from '../common/constants';
+import { StringEncoding } from '../utils/anyToBuffer';
 
 /**
  * Class responsible for decryption of streams of data.
@@ -32,4 +34,21 @@ export class VirgilStreamDecipher extends VirgilStreamCipherBase {
 			Buffer.alloc(0)
 		);
 	}
+
+	/**
+	 * Get signature from content_info if it was added on encryption phase.
+	 */
+	getSignature(): Buffer | null {
+		if (!this.isFinished) {
+			throw new Error('Illegal state. Cannot get signature before the `final` method has been called.');
+		}
+		const customParams = this.seqCipher.customParams();
+		let signature: Buffer;
+		try {
+			signature = customParams.getDataSafe(Buffer.from(DATA_SIGNATURE_KEY));
+		} catch (err) {
+			return null;
+		}
+		return signature;
+	}
 }

src/streams/VirgilStreamVerifier.ts

@@ -18,7 +18,7 @@ export class VirgilStreamVerifier extends VirgilStreamSignerBase {
 	 *
 	 * @param {Data} signature = The signature to be verified.
 	 * @param {StringEncoding} [encoding] - If `signature` is a string,
-	 * specifies its encoding, otherwise is ignored. Default is 'utf8'.
+	 * specifies its encoding, otherwise is ignored. Default is 'base64'.
 	 */
 	constructor(signature: Data, encoding: StringEncoding = 'base64') {
 		const signatureBuf = anyToBuffer(signature, encoding, 'signature');

src/tests/streams/VirgilStreamCipher.test.ts

@@ -53,6 +53,7 @@ describe ('VirgilStreamCipher', () => {
 			}, 'Illegal state');
 		});
 
+
 		it ('final cannot be called after final', () => {
 			streamCipher.start();
 			streamCipher.update('test', 'utf8');

src/tests/streams/VirgilStreamDecipher.test.ts

@@ -41,6 +41,14 @@ describe ('VirgilStreamDecipher', () => {
 				streamDecipher.final();
 			}, 'Illegal state');
 		});
+
+		it ('should return null if not signed', () => {
+			streamDecipher.update(ciphertext);
+			streamDecipher.final(false);
+			const signature = streamDecipher.getSignature();
+			streamDecipher.dispose();
+			assert.isNull(signature)
+		});
 	});
 
 	if (process.browser) {

src/tests/streams/streamSigning.test.ts

@@ -4,15 +4,17 @@ import { VirgilStreamVerifier } from '../../streams/VirgilStreamVerifier';
 import { VirgilPrivateKey } from '../../VirgilPrivateKey';
 import { VirgilPublicKey } from '../../VirgilPublicKey';
 import { createAsyncIterable, splitIntoChunks, createVirgilKeyPair } from './utils';
+import { VirgilStreamCipher } from '../../streams/VirgilStreamCipher';
+import { VirgilStreamDecipher } from '../../streams/VirgilStreamDecipher';
+import { StringEncoding } from '../../utils/anyToBuffer';
 
 const CHUNK_SIZE = 65536;
 
-describe ('stream signing', function () {
+describe('stream signing', function() {
 	this.timeout(30 * 1000);
 
-	describe ('signature calculation', () => {
-
-		it ('calulates the signature', async () => {
+	describe('signature calculation', () => {
+		it('calculates the signature', async () => {
 			const { privateKey } = createVirgilKeyPair();
 			const streamSigner = new VirgilStreamSigner();
 			const input = Buffer.alloc(3 * 1000 * 1000).fill('foo');
@@ -27,8 +29,78 @@ describe ('stream signing', function () {
 		});
 	});
 
-	describe ('signature verification', () => {
+	describe('sign and encrypt, then decrypt and verify', () => {
+		let publicKey: VirgilPublicKey;
+		let privateKey: VirgilPrivateKey;
+		let signature: Buffer;
+		let inputChunks: Buffer[];
+
+		beforeEach(async () => {
+			({ privateKey, publicKey } = createVirgilKeyPair());
+			const streamSigner = new VirgilStreamSigner();
+			const input = Buffer.alloc(3 * 1000).fill('foo');
+			inputChunks = splitIntoChunks(input, CHUNK_SIZE);
+
+			for await (const chunk of createAsyncIterable(inputChunks)) {
+				streamSigner.update(chunk);
+			}
+
+			signature = streamSigner.sign(privateKey);
+		});
+
+		const transferSignature = async (encoding?: StringEncoding) => {
+			assert.isTrue(Buffer.isBuffer(signature));
+
+			const streamCipher = new VirgilStreamCipher(
+				publicKey,
+				{
+					encoding,
+					signature: encoding ? signature.toString(encoding) : signature,
+				}
+			);
+			const encryptedBuffer: Buffer[] = [];
+
+			encryptedBuffer.push(streamCipher.start());
+
+			for await (const chunk of createAsyncIterable(inputChunks)) {
+				encryptedBuffer.push(streamCipher.update(chunk));
+			}
+			encryptedBuffer.push(streamCipher.final());
+
+			const streamDecipher = new VirgilStreamDecipher(privateKey);
+			const decryptedBuffer: Buffer[] = [];
+
+			for await (const chunk of createAsyncIterable(encryptedBuffer)) {
+				decryptedBuffer.push(streamDecipher.update(chunk));
+			}
+
+			decryptedBuffer.push(streamDecipher.final(false));
+			let transferredSignature: Buffer | string = streamDecipher.getSignature()!;
+			assert.isNotEmpty(transferredSignature);
+			if (encoding) transferredSignature = transferredSignature.toString(encoding);
+			streamDecipher.dispose();
+			assert.exists(transferredSignature);
+			const streamVerifier = new VirgilStreamVerifier(transferredSignature!, encoding);
+
+			for await (const chunk of createAsyncIterable(inputChunks)) {
+				streamVerifier.update(chunk);
+			}
+
+			return streamVerifier.verify(publicKey);
+		};
+
+		it('transfer base64 signature', async () => {
+			const isVerified = await transferSignature('base64');
+			assert.isTrue(isVerified);
+		});
+
+		it('transfer buffer signature', async () => {
+			const isVerified = await transferSignature();
+			assert.isTrue(isVerified);
+		});
+	});
 
+	describe('signature verification', () => {
 		it ('verifies the signature', async () => {
 			const keyPair = createVirgilKeyPair();
 			const streamSigner = new VirgilStreamSigner();