From 2088adf268e988965d27f68575c7193384c67706 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Sun, 19 Jun 2022 00:11:23 +0200
Subject: [PATCH] tests: add expected no match and minor additions

---
 internal/testkit/testkit.go            |   4 ++++
 testdata/testkit/scrypt_and_x25519     |  13 +++++++------
 testdata/testkit/scrypt_double         |  13 +++++++++++++
 testdata/testkit/scrypt_no_match       | Bin 270 -> 264 bytes
 testdata/testkit/scrypt_work_factor_23 |   1 +
 testdata/testkit/x25519_bad_tag        |   2 +-
 testdata/testkit/x25519_lowercase      |   2 +-
 testdata/testkit/x25519_no_match       |   2 +-
 testkit_test.go                        |   7 +++++++
 tests/header_crlf.go                   |   3 +--
 tests/scrypt_and_x25519.go             |   1 +
 tests/scrypt_double.go                 |  21 +++++++++++++++++++++
 tests/scrypt_no_match.go               |   2 +-
 tests/scrypt_work_factor_23.go         |   1 +
 tests/x25519_bad_tag.go                |   2 +-
 tests/x25519_lowercase.go              |   2 +-
 tests/x25519_no_match.go               |   2 +-
 17 files changed, 63 insertions(+), 15 deletions(-)
 create mode 100644 testdata/testkit/scrypt_double
 create mode 100644 tests/scrypt_double.go

diff --git a/internal/testkit/testkit.go b/internal/testkit/testkit.go
index 60e0823..603fd15 100644
--- a/internal/testkit/testkit.go
+++ b/internal/testkit/testkit.go
@@ -219,6 +219,10 @@ func (f *TestFile) ExpectHMACFailure() {
 	f.expect = "HMAC failure"
 }
 
+func (f *TestFile) ExpectNoMatch() {
+	f.expect = "no match"
+}
+
 func (f *TestFile) Comment(c string) {
 	f.comment = c
 }
diff --git a/testdata/testkit/scrypt_and_x25519 b/testdata/testkit/scrypt_and_x25519
index c479d3b..90a61fd 100644
--- a/testdata/testkit/scrypt_and_x25519
+++ b/testdata/testkit/scrypt_and_x25519
@@ -1,12 +1,13 @@
 expect: header failure
 file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-143WN7DCXU4G8R5AXQSSYD9AEPYDNT3HXSLWSPK36CDU6E8M59SSSAGZ3KG
 passphrase: password
 comment: scrypt stanzas must be alone in the header
 
 age-encryption.org/v1
--> X25519 TEiF0ypqr+bpvcqXNyCVJpL7OuwPdVwPL7KQEbFDOCc
-hjabGXwSLQ9c3S6Lw2i+S2Tu2fiwQHHslbBN6B41FLE
--> scrypt 7s9ix86RtDMnTmjU8vkTTA 10
-0U4Pbxsl9pr9g4nHjPgkvtYkNrGiYJ43x1vbM5X5mhg
---- f2AoyFXU2R5Cn7s38vH1pFkuKqzPh3ibwwHc/7y6RRU
-[æè.½Ó#ÈwÏ…=a×Yök×z©66Ú¦âRùÛL
\ No newline at end of file
+-> X25519 ajtqAvDEkVNr2B7zUOtq2mAQXDSBlNrVAuM/dKb5sT4
+U+hKlJ4isweJ9PKG7pgscmG3cPASLgTw7SOBpbZ8x2U
+-> scrypt 3d9y0G+8q1ffPQ0xJJatIQ 10
+foZolxuhRSL7IG7oaR+456IzkHtvue7j4mUjh3DB6EI
+--- yp4Z0lV1LEdkm1+uDCuPUV+9hIXbPKrBXKQ/f5Y03As
+T^kôÆ‰>)ìÍ,r±ÌFlž'cÏô’‚ž›¸Vµ
\ No newline at end of file
diff --git a/testdata/testkit/scrypt_double b/testdata/testkit/scrypt_double
new file mode 100644
index 0000000..da069ed
--- /dev/null
+++ b/testdata/testkit/scrypt_double
@@ -0,0 +1,13 @@
+expect: header failure
+file key: 59454c4c4f57205355424d4152494e45
+passphrase: password
+passphrase: hunter2
+comment: scrypt stanzas must be alone in the header
+
+age-encryption.org/v1
+-> scrypt rF0/NwblUHHTpgQgRpe5CQ 10
+gUjEymFKMVXQEKdMMHL24oYexjE3TIC0O0zGSqJ2aUY
+-> scrypt GzXG5ofdANo6w3msn3QsIQ 10
+OveITuwxakv7k2oLnioNYF4Bhgz9KZ36pb098wDoAv8
+--- a5d+4Ay1evJhoDskIzuTZV9bBgKk4573VZNfuoWJDPE
+îÏbÇÎ‘´3'NhÔòùL·L[þ÷¾ªRÈð¼™,ƒ1ûf
\ No newline at end of file
diff --git a/testdata/testkit/scrypt_no_match b/testdata/testkit/scrypt_no_match
index 994d64767b0a673eb3ac81207f9e6814598ee6de..3d090e184d3eb69325430b9eebd2a5cc51ab1bd9 100644
GIT binary patch
delta 24
fcmeBU>R=K`ttd!MF0oR`%U8%vEJ@CoDE0#YVp9mW

delta 30
lcmeBR>SGd1ttd!MF0oR`NKH&hEmBBJ%*-h*N}VY10|1>03myOf

diff --git a/testdata/testkit/scrypt_work_factor_23 b/testdata/testkit/scrypt_work_factor_23
index c37ca07..4d286be 100644
--- a/testdata/testkit/scrypt_work_factor_23
+++ b/testdata/testkit/scrypt_work_factor_23
@@ -1,5 +1,6 @@
 expect: header failure
 file key: 59454c4c4f57205355424d4152494e45
+passphrase: password
 comment: work factor is very high, would take a long time to compute
 
 age-encryption.org/v1
diff --git a/testdata/testkit/x25519_bad_tag b/testdata/testkit/x25519_bad_tag
index 9a08745..13c7c70 100644
--- a/testdata/testkit/x25519_bad_tag
+++ b/testdata/testkit/x25519_bad_tag
@@ -1,4 +1,4 @@
-expect: header failure
+expect: no match
 file key: 59454c4c4f57205355424d4152494e45
 identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
 comment: the ChaCha20Poly1305 authentication tag on the body of the X25519 stanza is wrong
diff --git a/testdata/testkit/x25519_lowercase b/testdata/testkit/x25519_lowercase
index 853d408..3eeb8bc 100644
--- a/testdata/testkit/x25519_lowercase
+++ b/testdata/testkit/x25519_lowercase
@@ -1,4 +1,4 @@
-expect: header failure
+expect: no match
 file key: 59454c4c4f57205355424d4152494e45
 identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
 comment: the first argument in the X25519 stanza is lowercase
diff --git a/testdata/testkit/x25519_no_match b/testdata/testkit/x25519_no_match
index c146be3..1bf961f 100644
--- a/testdata/testkit/x25519_no_match
+++ b/testdata/testkit/x25519_no_match
@@ -1,4 +1,4 @@
-expect: header failure
+expect: no match
 file key: 59454c4c4f57205355424d4152494e45
 identity: AGE-SECRET-KEY-143WN7DCXU4G8R5AXQSSYD9AEPYDNT3HXSLWSPK36CDU6E8M59SSSAGZ3KG
 
diff --git a/testkit_test.go b/testkit_test.go
index 3a44b48..5a2ea61 100644
--- a/testkit_test.go
+++ b/testkit_test.go
@@ -97,6 +97,7 @@ func testVector(t *testing.T, test []byte) {
 			case "HMAC failure":
 			case "header failure":
 			case "payload failure":
+			case "no match":
 			default:
 				t.Fatal("invalid test file: unknown expect value:", value)
 			}
@@ -135,6 +136,12 @@ func testVector(t *testing.T, test []byte) {
 			return
 		}
 		t.Fatalf("expected %s, got HMAC error", expect)
+	} else if _, ok := err.(*age.NoIdentityMatchError); ok {
+		if expect == "no match" {
+			t.Log(err)
+			return
+		}
+		t.Fatalf("expected %s, got: %v", expect, err)
 	} else if err != nil {
 		if expect == "header failure" {
 			t.Log(err)
diff --git a/tests/header_crlf.go b/tests/header_crlf.go
index 721626b..c28c0f0 100644
--- a/tests/header_crlf.go
+++ b/tests/header_crlf.go
@@ -20,8 +20,7 @@ func main() {
 	f.Buf.Reset()
 	f.Buf.Write(bytes.Replace(hdr, []byte("\n"), []byte("\r\n"), -1))
 	f.HMAC()
-	f.Buf.WriteString(f.UnreadLine())
-	f.Buf.WriteString("\r\n")
+	f.Buf.WriteString(f.UnreadLine() + "\r\n")
 	f.Payload("age")
 	f.ExpectHeaderFailure()
 	f.Comment("lines in the header end with CRLF instead of LF")
diff --git a/tests/scrypt_and_x25519.go b/tests/scrypt_and_x25519.go
index 03704d0..649c07b 100644
--- a/tests/scrypt_and_x25519.go
+++ b/tests/scrypt_and_x25519.go
@@ -11,6 +11,7 @@ import "filippo.io/age/internal/testkit"
 func main() {
 	f := testkit.NewTestFile()
 	f.VersionLine("v1")
+	f.X25519RecordIdentity(f.Rand(32))
 	f.X25519NoRecordIdentity(testkit.TestX25519Identity)
 	f.Scrypt("password", 10)
 	f.HMAC()
diff --git a/tests/scrypt_double.go b/tests/scrypt_double.go
new file mode 100644
index 0000000..2e947c3
--- /dev/null
+++ b/tests/scrypt_double.go
@@ -0,0 +1,21 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	f.Scrypt("hunter2", 10)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Comment("scrypt stanzas must be alone in the header")
+	f.Generate()
+}
diff --git a/tests/scrypt_no_match.go b/tests/scrypt_no_match.go
index a90f53f..ae4acae 100644
--- a/tests/scrypt_no_match.go
+++ b/tests/scrypt_no_match.go
@@ -15,6 +15,6 @@ func main() {
 	f.ScryptNoRecordPassphrase("password", 10)
 	f.HMAC()
 	f.Payload("age")
-	f.ExpectHeaderFailure()
+	f.ExpectNoMatch()
 	f.Generate()
 }
diff --git a/tests/scrypt_work_factor_23.go b/tests/scrypt_work_factor_23.go
index 7586195..5666f93 100644
--- a/tests/scrypt_work_factor_23.go
+++ b/tests/scrypt_work_factor_23.go
@@ -13,6 +13,7 @@ func main() {
 	f.VersionLine("v1")
 	// Hardcoded because it would be too slow to regenerate every time.
 	// f.Scrypt("password", 23)
+	f.ScryptRecordPassphrase("password")
 	f.ArgsLine("scrypt", "rF0/NwblUHHTpgQgRpe5CQ", "23")
 	f.TextLine("qW9eVsT0NVb/Vswtw8kPIxUnaYmm9Px1dYmq2+4+qZA")
 	f.HMAC()
diff --git a/tests/x25519_bad_tag.go b/tests/x25519_bad_tag.go
index e56cd7c..82f9758 100644
--- a/tests/x25519_bad_tag.go
+++ b/tests/x25519_bad_tag.go
@@ -21,7 +21,7 @@ func main() {
 	f.TextLine(base64.RawStdEncoding.EncodeToString(body))
 	f.HMAC()
 	f.Payload("age")
-	f.ExpectHeaderFailure()
+	f.ExpectNoMatch()
 	f.Comment("the ChaCha20Poly1305 authentication tag on the body of the X25519 stanza is wrong")
 	f.Generate()
 }
diff --git a/tests/x25519_lowercase.go b/tests/x25519_lowercase.go
index 838690c..7bdce73 100644
--- a/tests/x25519_lowercase.go
+++ b/tests/x25519_lowercase.go
@@ -21,7 +21,7 @@ func main() {
 	f.TextLine(body)
 	f.HMAC()
 	f.Payload("age")
-	f.ExpectHeaderFailure()
+	f.ExpectNoMatch()
 	f.Comment("the first argument in the X25519 stanza is lowercase")
 	f.Generate()
 }
diff --git a/tests/x25519_no_match.go b/tests/x25519_no_match.go
index af27c51..a1644ab 100644
--- a/tests/x25519_no_match.go
+++ b/tests/x25519_no_match.go
@@ -16,6 +16,6 @@ func main() {
 	f.X25519NoRecordIdentity(testkit.TestX25519Recipient)
 	f.HMAC()
 	f.Payload("age")
-	f.ExpectHeaderFailure()
+	f.ExpectNoMatch()
 	f.Generate()
 }