remove option from client and more tests

Author: josecorella

modules/decrypt-node/src/decrypt_client.ts

@@ -31,7 +31,6 @@ export function buildDecrypt(
   const {
     commitmentPolicy = CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT,
     maxEncryptedDataKeys = false,
-    utf8Sorting = false,
   } = typeof options === 'string' ? { commitmentPolicy: options } : options
 
   /* Precondition: node buildDecrypt needs a valid commitmentPolicy. */
@@ -45,7 +44,6 @@ export function buildDecrypt(
   const clientOptions: ClientOptions = {
     commitmentPolicy,
     maxEncryptedDataKeys,
-    utf8Sorting,
   }
   return {
     decryptUnsignedMessageStream: _decryptStream.bind(

modules/decrypt-node/test/decrypt.test.ts

@@ -214,6 +214,53 @@ describe('decrypt', () => {
       })
     ).to.rejectedWith(Error, 'maxEncryptedDataKeys exceeded.')
   })
+
+  it('will fail to decrypt ciphertext with high utf8 codepoints and no utf8 sorting on keyring', async () => {
+    const { decrypt } = buildDecrypt({
+      commitmentPolicy: CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT,
+      maxEncryptedDataKeys: 3,
+      utf8Sorting: false,
+    })
+    const hkeyring = fixtures.hKeyring(false)
+    const ciphertext = fixtures.hierarchyMessageWithHighUtf8CodePoints()
+
+    await expect(
+      decrypt(hkeyring, ciphertext, {
+        encoding: 'base64',
+      })
+    ).to.rejectedWith(Error, 'Unsupported state or unable to authenticate data')
+  })
+
+  it('will decrypt ciphertext with high utf8 codepoints with a keyring configured to do utf8 sorting', async () => {
+    const { decrypt } = buildDecrypt({
+      commitmentPolicy: CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT,
+      maxEncryptedDataKeys: 3,
+      utf8Sorting: false,
+    })
+    const hkeyring = fixtures.hKeyring(true)
+    const ciphertext = fixtures.hierarchyMessageWithHighUtf8CodePoints()
+    const { plaintext } = await decrypt(hkeyring, ciphertext, {
+      encoding: 'base64',
+    })
+    expect(plaintext).to.deep.equal(Buffer.from('Hello World'))
+  })
+
+  it('will decrypt ciphertext with high utf8 codepoints with a multikeyring with both utf8 and no utf8 sorting', async () => {
+    const { decrypt } = buildDecrypt({
+      commitmentPolicy: CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT,
+      maxEncryptedDataKeys: 3,
+      utf8Sorting: false,
+    })
+    const hkeyringUtf8 = fixtures.hKeyring(true)
+    const hkeyringNoUtf8 = fixtures.hKeyring(false)
+    const multikeyring = fixtures.multiKeyring(hkeyringUtf8, hkeyringNoUtf8)
+
+    const ciphertext = fixtures.hierarchyMessageWithHighUtf8CodePoints()
+    const { plaintext } = await decrypt(multikeyring, ciphertext, {
+      encoding: 'base64',
+    })
+    expect(plaintext).to.deep.equal(Buffer.from('Hello World'))
+  })
 })
 
 function chunkCipherTextStream(ciphertext: Buffer, { size }: { size: number }) {

modules/decrypt-node/test/fixtures.ts

@@ -8,8 +8,10 @@ import {
   NodeEncryptionMaterial,
   KeyringNode,
   KeyringTraceFlag,
+  MultiKeyringNode,
 } from '@aws-crypto/material-management-node'
-
+import { KmsHierarchicalKeyRingNode } from '@aws-crypto/kms-keyring-node'
+import { BranchKeyStoreNode } from '@aws-crypto/branch-keystore-node'
 export function base64CiphertextAlgAes256GcmIv12Tag16HkdfSha384EcdsaP384() {
   return 'AYADeJgnuW8vpQmi5QoqHIZWhjkAcAACABVhd3MtY3J5cHRvLXB1YmxpYy1rZXkAREFuWXRGRWV3Wm0rMjhLaElHcHg4UmhrYVVhTGNjSnB5ZjFud0lWUUZHbXlwZ3poSDJYZFNJQko0c0tpU0gzY2t6dz09AAZzaW1wbGUAB2NvbnRleHQAAQABawABawADAAAAAgAAAAAMAAAABQAAAAAAAAAAAAAAABqRZqpijpYGNM6P1L/78AUAAAABAAAAAAAAAAAAAAABIg1k1IeKV+CPUVBnpUkgyVUUZl7wAAAAAgAAAAAAAAAAAAAAAjl6P288VtjjKYeZA7mSeeJgjIUHbAAAAAMAAAAAAAAAAAAAAAO7OY+25yJkVcFvMMXn7VztyOhuIQoAAAAEAAAAAAAAAAAAAAAEG6jOHAz3NwyxgUjm5XFNMBx+2CCvAAAABQAAAAAAAAAAAAAABYRtGxVPUKbha73ay/kYrpl8Drik2gAAAAYAAAAAAAAAAAAAAAbosyHzP31p9EdOf3+dSa5gGfRW9e0AAAAHAAAAAAAAAAAAAAAHsulmBR4FQMbTk+00j5Fa/jD73/UJAAAACAAAAAAAAAAAAAAACMKgPZWTdDKzdPhXQDenInSRW/eOLgAAAAkAAAAAAAAAAAAAAAkdfSyNpBYk9XbFhf6DUnr2acw5lC4AAAAKAAAAAAAAAAAAAAAKnJpofr1UwwPy/+aqviMTrHXgOhM8AAAACwAAAAAAAAAAAAAAC9lvtW1lzA9RGUjnIGadlEhLxRC/FAAAAAwAAAAAAAAAAAAAAAyqJBaQEdmkOUX7uCki3Gh17YlQU3MAAAANAAAAAAAAAAAAAAANEK36ZE9VLiIj2X50N73UHEUtm0BbAAAADgAAAAAAAAAAAAAADkkr1fxL3qLbbC7OSDHqDnrBonOwxQAAAA8AAAAAAAAAAAAAAA8qcNFG+ofU3sOEZd8OXB/rkz0vDa8AAAAQAAAAAAAAAAAAAAAQ3KdsWJ/P8hF8aOhQdQP3v1KBDpB5AAAAEQAAAAAAAAAAAAAAEWyQGXefoGv9ZDfXUi93q+wUQGPzVwAAABIAAAAAAAAAAAAAABIDL/v5IY/z+s28FWzVo46vKNjOEeoAAAATAAAAAAAAAAAAAAATy1uc+McQfMJD8GrAJUaKlyTbXgFgAAAAFAAAAAAAAAAAAAAAFB6Sh2Po4oetBUwm1ABP9F9e1T70GAAAABUAAAAAAAAAAAAAABWm2oOg6agE6jzm3iDZ1brMSTHCOG8AAAAWAAAAAAAAAAAAAAAWsdIbfir5Dame3Uxkri54N2P7rqn6AAAAFwAAAAAAAAAAAAAAF6iPI1YW4fZzyL/355ZHBOLG3VPf1AAAABgAAAAAAAAAAAAAABj5Kjd5Twiu6bpb4o+jas0LRRJFH64AAAAZAAAAAAAAAAAAAAAZTf4xiUOtHeZmi+80M3Oay452R/rJAAAAGgAAAAAAAAAAAAAAGp+ET0LYxOX4JEL8gJudVVPW6qIv3AAAABsAAAAAAAAAAAAAABuTreBPGwJ2bftxQ6Kjwekfth4vWtsAAAAcAAAAAAAAAAAAAAAcdLoFVjR+yx4NVo1BSxv8Llya90EFAAAAHQAAAAAAAAAAAAAAHcFqEIL2wsYK36KQHyJqvJTiF/6nlQAAAB4AAAAAAAAAAAAAAB57QTT/UVRxBucxfhQRYeEU0mUeFxcAAAAfAAAAAAAAAAAAAAAfJyKwIcAURvMfN/Gd5MchygA20EYHAAAAIAAAAAAAAAAAAAAAILXRfQjIux8TeED/TdHHdLuaUEWWZgAAACEAAAAAAAAAAAAAACEi1SsfUozCXF0mCT/tHN8zVvSyWF4AAAAiAAAAAAAAAAAAAAAiFPt44yxRbwruA1F5YkYNokeDLmdiAAAAIwAAAAAAAAAAAAAAIwqdX86PI6IZgTs2SMHo4tLExClkIgAAACQAAAAAAAAAAAAAACQJGEuD6oBPBXU8iupaaNJFzEH/zKcAAAAlAAAAAAAAAAAAAAAlyQiA+1xRREA/qe5Djux6WaPEyUzhAAAAJgAAAAAAAAAAAAAAJqsZT21o1ikdiLkExG949WuTdw1mQQAAACcAAAAAAAAAAAAAACekCgcIX2x9/3zx982dDXfKUQSqARQAAAAoAAAAAAAAAAAAAAAocSNt9kEXLUF0Mydaj4MiBo1WrmGGAAAAKQAAAAAAAAAAAAAAKRHbcJJmpG367RxDInqlcBefk34RbgAAACoAAAAAAAAAAAAAACqmDdWYD/QVD9isxpCTm4KE+j6HKdMAAAArAAAAAAAAAAAAAAAreua98WTPIWH6dSAdzfYWPM9q9hoGAAAALAAAAAAAAAAAAAAALA+DQHkvoxKqVP3dmTQoM17QR4hz1gAAAC0AAAAAAAAAAAAAAC3TCjJBU0hDgBiC/bAHZe5T9CoMfTQAAAAuAAAAAAAAAAAAAAAujkLmjR2G1at5H5QHzKg/B2zNIH+mAAAALwAAAAAAAAAAAAAAL6+0F5aK0j3xqvgrsjmkzt7rZYUQQAAAADAAAAAAAAAAAAAAADDZMoeMElExOKgTTa0/gKqBPiRAqF4AAAAxAAAAAAAAAAAAAAAxbk1Qj+CqjC+gruT6bljBsQD5YTBVAAAAMgAAAAAAAAAAAAAAMhjQQjFR5A9Kn5ot/h4nqKrDTZJsNgAAADMAAAAAAAAAAAAAADO2SB3R/RrukhQx7/jxmjWiLknnnj0AAAA0AAAAAAAAAAAAAAA0wXykERn6CEIMhDCuLhUBmVn6fCu7AAAANQAAAAAAAAAAAAAANf7M3//4JJPLi+mmkKec2QrmuprdigAAADYAAAAAAAAAAAAAADadAVLY8PSrHytIi05tgse0HdyYVikAAAA3AAAAAAAAAAAAAAA3dj606o4y/YZw7gGHrD6JrGWQULV2AAAAOAAAAAAAAAAAAAAAOPgZF/TYVQogBfVMR6P4q5YWnSozUwAAADkAAAAAAAAAAAAAADl41/2WlW/Aq+EVJSHVH8eolMg7stIAAAA6AAAAAAAAAAAAAAA6IdfaZedkARnjm0CYxQhB28ljrigJAAAAOwAAAAAAAAAAAAAAO5PRn7sBV99dQJosnpj8Dy61bUW//QAAADwAAAAAAAAAAAAAADwkmUiXJJBJ4KvATXEeY1b2cOVPDOr/////AAAAPQAAAAAAAAAAAAAAPQAAAABAZDjPrFjtf/NJrKKMK2W9AGgwZgIxAN4h4KUn2VHZhxd/PQlZSmawzL1txgo79vsZjVhV15xqyMZLLcpNuNmK3hNHA83v+AIxAP0Sga/B1gZuyGmQK2cSnDdRIL6bmAzzeTiMcjRoJ6KrYRbLwg8mzmdQLgdvSoPtFg=='
 }
@@ -74,6 +76,10 @@ export function fourEdksMessage() {
   return 'AYAAFO/VP38MeBJoKQshvIaF8TgAAAAEAAR0ZW1wABhrZXkzAAAAgAAAAAzIotUMc7SaFTbzk0EAIKgxmVzmYedtQj5od6KglliFAx7G3OBYHMgyvbGQVJSyAAR0ZW1wABhrZXkwAAAAgAAAAAwBe+86+eb8+uYOeoIAIFmT8yZvThnsJigzsRen9OJc0kuGE+rJyalk+yF5VdNBAAR0ZW1wABhrZXkyAAAAgAAAAAy939QOrzUF3XKc0m8AICSGMg1tdgULYD15Jr7RWkFgqCXjtwyUK86xqrU+OzV9AAR0ZW1wABhrZXkxAAAAgAAAAAxE6lJVWjxWLtvnkBYAIJUl4vhbLEjNS/3g3of4T/QvAR7TGPJZgv7cLqOP0T7uAgAAAAAMAAAQAAAAAAAAAAAAAAAAAOMcqPpQVjBzbYAHIPjMM1T/////AAAAAQAAAAAAAAAAAAAAAQAAAAQPcr1WkUGY1IDMmCgdibk0zwg4Yg=='
 }
 
+export function hierarchyMessageWithHighUtf8CodePoints() {
+  return 'AgV4PI3AdgfggyWInxz6XkfmQMbOd7/RgCN9HTTg7KeiczgAaQACABVhd3MtY3J5cHRvLXB1YmxpYy1rZXkAREE2MTQvUGlNNTkyNkZwN3NWeUltVjhNZVZ4eEJNeFRpajI5Y3ozeFVZaFIwT29wbHJjT0sxNWFrR25BcENiOGkxZz09AALCtgAE8JOJqQABABFhd3Mta21zLWhpZXJhcmNoeQAkNmUxZjVlZGMtOWE3MC00YThlLWFkZmItMzdhZWVmZGVhOWU2AFx9XILjG4l3+qJ1BzpOHfZ5mf0eHmX4r3+q16U1LRGGFoVxS2mPKAqwWMUSwe2tNCe3G6kANAmRi4pyD2FK0VpuHx5FbpNgP3BR+U3cHYXiSg1vMMYEMl3usnss1QIAABAA1/mKQ+4BMR0aajtum3RQQxKfvFpi5DeCTVt0V8x7ibGHP7FCZzQWujM7M/rcfkeo/////wAAAAEAAAAAAAAAAAAAAAEAAAALxddd43JEIrllMceZonlyQGtPTX1zTsf+vwChAGcwZQIxALKuLqVHZNuvXhyjjRzs8ysgtJqvcVgvIgX1ExBKHueZLP7XsZOSUG/4SqxMFXGzuQIwOf1zLim/I65beZF1p1az1gyD+UzpWIa/vg9y0wjsYPDUEb9sUyUVU3etQ+y0LwI2'
+}
+
 export function decryptKeyring(): KeyringNode {
   class TestKeyring extends KeyringNode {
     async _onEncrypt(): Promise<NodeEncryptionMaterial> {
@@ -95,6 +101,35 @@ export function decryptKeyring(): KeyringNode {
   return new TestKeyring()
 }
 
+export function hKeyring(utf8Sorting: boolean): KeyringNode {
+  const keyStoreTableName = 'KeyStoreDdbTable'
+  const logicalKeyStoreName = keyStoreTableName
+  const kmsKeyId =
+    'arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126'
+  const keyStore = new BranchKeyStoreNode({
+    storage: { ddbTableName: keyStoreTableName },
+    logicalKeyStoreName: logicalKeyStoreName,
+    kmsConfiguration: { identifier: kmsKeyId },
+  })
+  const branchKeyId = '6e1f5edc-9a70-4a8e-adfb-37aeefdea9e6'
+  return new KmsHierarchicalKeyRingNode({
+    branchKeyId,
+    keyStore,
+    cacheLimitTtl: 600, // 10 min
+    utf8Sorting,
+  })
+}
+
+export function multiKeyring(
+  keyring1: KeyringNode,
+  keyring2: KeyringNode
+): KeyringNode {
+  return new MultiKeyringNode({
+    generator: keyring1,
+    children: [keyring2],
+  })
+}
+
 export interface VectorTest {
   ciphertext: string
   commitment: string

modules/encrypt-browser/src/encrypt.ts

@@ -31,6 +31,7 @@ import {
 import { fromUtf8 } from '@aws-sdk/util-utf8-browser'
 import { getWebCryptoBackend } from '@aws-crypto/web-crypto-backend'
 
+const serialize = serializeFactory(fromUtf8, { utf8Sorting: true })
 const { messageAADContentString, messageAAD } = aadFactory(fromUtf8)
 
 export interface EncryptInput {
@@ -46,7 +47,7 @@ export interface EncryptResult {
 }
 
 export async function _encrypt(
-  { commitmentPolicy, maxEncryptedDataKeys, utf8Sorting }: ClientOptions,
+  { commitmentPolicy, maxEncryptedDataKeys }: ClientOptions,
   cmm: KeyringWebCrypto | WebCryptoMaterialsManager,
   plaintext: Uint8Array,
   {
@@ -121,12 +122,6 @@ export async function _encrypt(
 
   const { getSubtleEncrypt, keyCommitment } = await getEncryptInfo(messageId)
 
-  const maybeUtf8Sorting = utf8Sorting ?? false
-
-  const serialize = serializeFactory(fromUtf8, {
-    utf8Sorting: maybeUtf8Sorting,
-  })
-
   const messageHeader = serialize.buildMessageHeader({
     suite: material.suite,
     encryptedDataKeys: material.encryptedDataKeys,

modules/encrypt-browser/src/encrypt_client.ts

@@ -23,7 +23,6 @@ export function buildEncrypt(
   const {
     commitmentPolicy = CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT,
     maxEncryptedDataKeys = false,
-    utf8Sorting = false,
   } = typeof options === 'string' ? { commitmentPolicy: options } : options
 
   /* Precondition: browser buildEncrypt needs a valid commitmentPolicy. */
@@ -37,7 +36,6 @@ export function buildEncrypt(
   const clientOptions: ClientOptions = {
     commitmentPolicy,
     maxEncryptedDataKeys,
-    utf8Sorting,
   }
   return {
     encrypt: _encrypt.bind({}, clientOptions),

modules/encrypt-node/src/encrypt_client.ts

@@ -27,7 +27,6 @@ export function buildEncrypt(
   const {
     commitmentPolicy = CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT,
     maxEncryptedDataKeys = false,
-    utf8Sorting = false,
   } = typeof options === 'string' ? { commitmentPolicy: options } : options
 
   /* Precondition: node buildEncrypt needs a valid commitmentPolicy. */
@@ -41,7 +40,6 @@ export function buildEncrypt(
   const clientOptions: ClientOptions = {
     commitmentPolicy,
     maxEncryptedDataKeys,
-    utf8Sorting,
   }
   return {
     encryptStream: _encryptStream.bind({}, clientOptions),

modules/encrypt-node/src/encrypt_stream.ts

@@ -33,6 +33,8 @@ import { pipeline } from 'readable-stream'
 import { Duplex } from 'stream'
 
 const fromUtf8 = (input: string) => Buffer.from(input, 'utf8')
+const { serializeMessageHeader, headerAuthIv, buildMessageHeader } =
+  serializeFactory(fromUtf8, { utf8Sorting: true })
 
 export interface EncryptStreamInput {
   suiteId?: AlgorithmSuiteIdentifier
@@ -51,7 +53,7 @@ export interface EncryptStreamInput {
  * @param op EncryptStreamInput
  */
 export function _encryptStream(
-  { commitmentPolicy, maxEncryptedDataKeys, utf8Sorting }: ClientOptions,
+  { commitmentPolicy, maxEncryptedDataKeys }: ClientOptions,
   cmm: KeyringNode | NodeMaterialsManager,
   op: EncryptStreamInput = {}
 ): Duplex {
@@ -109,17 +111,15 @@ export function _encryptStream(
         'maxEncryptedDataKeys exceeded.'
       )
 
-      const maybeUtf8Sorting = utf8Sorting ?? false
       const { getCipher, messageHeader, rawHeader, dispose, getSigner } =
-        getEncryptionInfo(material, frameLength, maybeUtf8Sorting)
+        getEncryptionInfo(material, frameLength)
 
       wrappingStream.emit('MessageHeader', messageHeader)
 
       const encryptStream = getFramedEncryptStream(
         getCipher,
         messageHeader,
         dispose,
-        maybeUtf8Sorting,
         { plaintextLength, suite: material.suite }
       )
       const signatureStream = new SignatureStream(getSigner)
@@ -140,12 +140,9 @@ export function _encryptStream(
 
 export function getEncryptionInfo(
   material: NodeEncryptionMaterial,
-  frameLength: number,
-  utf8Sorting: boolean
+  frameLength: number
 ) {
   const { getCipherInfo, dispose, getSigner } = getEncryptHelper(material)
-  const { serializeMessageHeader, headerAuthIv, buildMessageHeader } =
-    serializeFactory(fromUtf8, { utf8Sorting })
   const { suite, encryptionContext, encryptedDataKeys } = material
   const { ivLength, messageFormat } = material.suite
 

modules/encrypt-node/src/framed_encrypt_stream.ts

@@ -18,6 +18,8 @@ import {
 } from '@aws-crypto/material-management-node'
 
 const fromUtf8 = (input: string) => Buffer.from(input, 'utf8')
+const serialize = serializeFactory(fromUtf8, { utf8Sorting: true })
+const { finalFrameHeader, frameHeader } = serialize
 const aadUtility = aadFactory(fromUtf8)
 
 interface AccumulatingFrame {
@@ -45,7 +47,6 @@ export function getFramedEncryptStream(
   getCipher: GetCipher,
   messageHeader: MessageHeader,
   dispose: () => void,
-  utf8Sorting: boolean,
   {
     plaintextLength,
     suite,
@@ -106,7 +107,6 @@ export function getFramedEncryptStream(
         getCipher,
         isFinalFrame: false,
         suite,
-        utf8Sorting,
       })
 
       // Reset frame state for next frame
@@ -129,7 +129,6 @@ export function getFramedEncryptStream(
         getCipher,
         isFinalFrame: true,
         suite,
-        utf8Sorting,
       })
 
       this._flushEncryptFrame(encryptFrame)
@@ -206,18 +205,10 @@ type EncryptFrameInput = {
   getCipher: GetCipher
   isFinalFrame: boolean
   suite: NodeAlgorithmSuite
-  utf8Sorting: boolean
 }
 
 export function getEncryptFrame(input: EncryptFrameInput): EncryptFrame {
-  const {
-    pendingFrame,
-    messageHeader,
-    getCipher,
-    isFinalFrame,
-    suite,
-    utf8Sorting,
-  } = input
+  const { pendingFrame, messageHeader, getCipher, isFinalFrame, suite } = input
   const { sequenceNumber, contentLength, content } = pendingFrame
   const { frameLength, contentType, messageId } = messageHeader
   /* Precondition: The content length MUST correlate with the frameLength.
@@ -235,9 +226,6 @@ export function getEncryptFrame(input: EncryptFrameInput): EncryptFrame {
       isFinalFrame,
     })}`
   )
-  const serialize = serializeFactory(fromUtf8, { utf8Sorting })
-  const { finalFrameHeader, frameHeader } = serialize
-
   const frameIv = serialize.frameIv(suite.ivLength, sequenceNumber)
   const bodyHeader = Buffer.from(
     isFinalFrame

modules/encrypt-node/test/framed_encrypt_stream.test.ts

@@ -28,7 +28,6 @@ describe('getFramedEncryptStream', () => {
       getCipher,
       {} as any,
       () => {},
-      false,
       {} as any
     )
     expect(test._transform).is.a('function')
@@ -37,13 +36,13 @@ describe('getFramedEncryptStream', () => {
   it('Precondition: plaintextLength must be within bounds.', () => {
     const getCipher: any = () => {}
     expect(() =>
-      getFramedEncryptStream(getCipher, {} as any, () => {}, false, {
+      getFramedEncryptStream(getCipher, {} as any, () => {}, {
         plaintextLength: -1,
         suite,
       })
     ).to.throw(Error, 'plaintextLength out of bounds.')
     expect(() =>
-      getFramedEncryptStream(getCipher, {} as any, () => {}, false, {
+      getFramedEncryptStream(getCipher, {} as any, () => {}, {
         plaintextLength: Number.MAX_SAFE_INTEGER + 1,
         suite,
       })
@@ -53,7 +52,7 @@ describe('getFramedEncryptStream', () => {
      * I want to make sure that I don't have an errant off by 1 error.
      */
     expect(() =>
-      getFramedEncryptStream(getCipher, {} as any, () => {}, false, {
+      getFramedEncryptStream(getCipher, {} as any, () => {}, {
         plaintextLength: Number.MAX_SAFE_INTEGER,
         suite,
       })
@@ -62,7 +61,7 @@ describe('getFramedEncryptStream', () => {
 
   it('Precondition: Must not process more than plaintextLength.', () => {
     const getCipher: any = () => {}
-    const test = getFramedEncryptStream(getCipher, {} as any, () => {}, false, {
+    const test = getFramedEncryptStream(getCipher, {} as any, () => {}, {
       plaintextLength: 8,
       suite,
     })
@@ -79,7 +78,6 @@ describe('getFramedEncryptStream', () => {
       getCipher,
       { frameLength } as any,
       () => {},
-      false,
       {} as any
     )
 
@@ -114,7 +112,6 @@ describe('getEncryptFrame', () => {
         encryptedDataKeys: [],
       },
       suite,
-      utf8Sorting: false,
     }
     const test1 = getEncryptFrame(input)
     expect(test1.content).to.equal(input.pendingFrame.content)
@@ -149,7 +146,6 @@ describe('getEncryptFrame', () => {
         encryptedDataKeys: [],
       },
       suite,
-      utf8Sorting: false,
     }
 
     expect(() => getEncryptFrame(inputFinalFrameToLarge)).to.throw(
@@ -176,7 +172,6 @@ describe('getEncryptFrame', () => {
         encryptedDataKeys: [],
       },
       suite,
-      utf8Sorting: false,
     }
 
     // Make sure that it must be equal as long as we are here...

modules/integration-node/src/integration_tests.ts

@@ -27,9 +27,10 @@ import { version } from './version'
 import { URL } from 'url'
 import got from 'got'
 import streamToPromise from 'stream-to-promise'
-const { encrypt, decrypt, decryptUnsignedMessageStream } = buildClient(
-  CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT
-)
+const { encrypt, decrypt, decryptUnsignedMessageStream } = buildClient({
+  commitmentPolicy: CommitmentPolicy.REQUIRE_ENCRYPT_ALLOW_DECRYPT,
+  maxEncryptedDataKeys: false,
+})
 import { ZipFile } from 'yazl'
 import { createWriteStream } from 'fs'
 import { v4 } from 'uuid'