age: reject leading zeroes and sign in scrypt work factor

tests/scrypt_bad_tag.go

@@ -0,0 +1,27 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import (
+	"encoding/base64"
+
+	"filippo.io/age/internal/testkit"
+)
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, _ := base64.RawStdEncoding.DecodeString(f.UnreadLine())
+	body[len(body)-1] ^= 0xff
+	f.TextLine(base64.RawStdEncoding.EncodeToString(body))
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectNoMatch()
+	f.Comment("the ChaCha20Poly1305 authentication tag on the body of the scrypt stanza is wrong")
+	f.Generate()
+}

tests/scrypt_extra_argument.go

@@ -0,0 +1,23 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadLine()
+	f.TextLine(args + " 10")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Comment("the base64 encoding of the share is not canonical")
+	f.Generate()
+}

tests/scrypt_not_canonical_body.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body := f.UnreadLine()
+	f.TextLine(testkit.NotCanonicalBase64(body))
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Comment("the base64 encoding of the share is not canonical")
+	f.Generate()
+}

tests/scrypt_not_canonical_salt.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], testkit.NotCanonicalBase64(args[1]), args[2])
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_salt_long.go

@@ -0,0 +1,20 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.ScryptRecordPassphrase("password")
+	f.ScryptNoRecordPassphraseWithSalt("password", 10, f.Rand(20))
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_salt_missing.go

@@ -0,0 +1,23 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.ScryptRecordPassphrase("password")
+	f.ScryptNoRecordPassphraseWithSalt("password", 10, nil)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[2])
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_salt_short.go

@@ -0,0 +1,20 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.ScryptRecordPassphrase("password")
+	f.ScryptNoRecordPassphraseWithSalt("password", 10, f.Rand(12))
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_uppercase.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine("Scrypt", args[1], args[2])
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectNoMatch()
+	f.Generate()
+}

tests/scrypt_work_factor_hex.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], "0xa")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_work_factor_leading_garbage.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], "aaaa10")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_work_factor_leading_plus.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], "+10")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_work_factor_leading_zero_decimal.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], "010")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_work_factor_leading_zero_octal.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], "012")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_work_factor_missing.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 18) // cmd/age default
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1])
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_work_factor_negative.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], "-10")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_work_factor_overflow.go

@@ -0,0 +1,27 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import (
+	"math"
+	"strconv"
+
+	"filippo.io/age/internal/testkit"
+)
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], strconv.FormatUint(math.MaxInt64+1+10, 10))
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_work_factor_trailing_garbage.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], "aaaa10")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/scrypt_work_factor_wrong.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 18) // cmd/go default
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], "10")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectNoMatch()
+	f.Generate()
+}

tests/scrypt_work_factor_zero.go

@@ -0,0 +1,22 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.Scrypt("password", 10)
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine(args[0], args[1], "0")
+	f.TextLine(body)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Generate()
+}

tests/x25519_lowercase.go

@@ -6,18 +6,14 @@
 
 package main
 
-import (
-	"strings"
-
-	"filippo.io/age/internal/testkit"
-)
+import "filippo.io/age/internal/testkit"
 
 func main() {
 	f := testkit.NewTestFile()
 	f.VersionLine("v1")
 	f.X25519(testkit.TestX25519Recipient)
-	body, args := f.UnreadLine(), f.UnreadLine()
-	f.TextLine(strings.Replace(args, "X25519", "x25519", -1))
+	body, args := f.UnreadLine(), f.UnreadArgsLine()
+	f.ArgsLine("x25519", args[1])
 	f.TextLine(body)
 	f.HMAC()
 	f.Payload("age")

tests/x25519_not_canonical_body.go

@@ -12,8 +12,7 @@ func main() {
 	f := testkit.NewTestFile()
 	f.VersionLine("v1")
 	f.X25519(testkit.TestX25519Recipient)
-	body, args := f.UnreadLine(), f.UnreadLine()
-	f.TextLine(args)
+	body := f.UnreadLine()
 	f.TextLine(testkit.NotCanonicalBase64(body))
 	f.HMAC()
 	f.Payload("age")