`decryptStream` might not validate mac

[FaFre]

I was writing some tests for my application and found an issue regarding mac validation of decryptStream when used together with stream operators like transform, pipe and not having an await for for the actual decryption stream will result in not validating mac's.

Given the following code:

await cipher.decryptStream(
    inputStream,
    secretKey: secretKey,
    nonce: nonce,
    mac: Mac([0]),
  ).pipe(file.openWrite())

Will result in a successful decryption of the stream. The code after await for (

cryptography/cryptography/lib/src/cryptography/cipher.dart

Line 245 in 87f42fa

final lastConvertedBytes = await state.convert(

) is never getting executed. I don't know the exact cause why, but it has something to do with the internal stream handling of the file writer, which is not obvious to the user.

I also manipulated the tests to use pipe instead of await for to have something reproducible, and you can see the tests start failing: d8934a3 and the error is getting swallowed, despite we are awaiting the stream to complete with drain which has the doc's:

Discards all data on this stream, but signals when it is done or an error occurred.

When subscribing using [drain], cancelOnError will be true. This means that the future will complete with the first error on this stream and then cancel the subscription.

If this stream emits an error, the returned future is completed with that error, and processing is stopped.

In case of a done event the future completes with the given [futureValue].

I am not sure if this is an issue related to the library's code, but rather an issue with general stream handling of dart.

I do not know what will be an appropriate fix for this, however this is a very dangerous pitfall.