tests: add armor tests

internal/testkit/testkit.go

@@ -63,6 +63,7 @@ type TestFile struct {
 	comment     string
 	identities  []string
 	passphrases []string
+	armor       bool
 }
 
 func NewTestFile() *TestFile {
@@ -87,7 +88,7 @@ func (f *TestFile) TextLine(s string) {
 
 func (f *TestFile) UnreadLine() string {
 	buf := bytes.TrimSuffix(f.Buf.Bytes(), []byte("\n"))
-	idx := bytes.LastIndex(buf[:len(buf)-1], []byte("\n")) + 1
+	idx := bytes.LastIndex(buf, []byte("\n")) + 1
 	f.Buf.Reset()
 	f.Buf.Write(buf[:idx])
 	return string(buf[idx:])
@@ -122,6 +123,16 @@ func (f *TestFile) Body(body []byte) {
 	}
 }
 
+func (f *TestFile) Base64Padding() {
+	line := f.UnreadLine()
+	paddingLen := 4 - len(line)%4
+	if paddingLen == 4 {
+		paddingLen = 0
+	}
+	padding := strings.Repeat("=", paddingLen)
+	f.TextLine(line + padding)
+}
+
 func (f *TestFile) AEADBody(key, body []byte) {
 	aead, _ := chacha20poly1305.New(key)
 	f.Body(aead.Seal(nil, make([]byte, chacha20poly1305.NonceSize), body, nil))
@@ -231,6 +242,11 @@ func (f *TestFile) ExpectHeaderFailure() {
 	f.expect = "header failure"
 }
 
+func (f *TestFile) ExpectArmorFailure() {
+	f.armor = true
+	f.expect = "armor failure"
+}
+
 func (f *TestFile) ExpectPayloadFailure() {
 	f.expect = "payload failure"
 	f.payload.Reset()
@@ -255,6 +271,22 @@ func (f *TestFile) Comment(c string) {
 	f.comment = c
 }
 
+func (f *TestFile) BeginArmor(t string) {
+	f.armor = true
+	f.TextLine("-----BEGIN " + t + "-----")
+}
+
+func (f *TestFile) EndArmor(t string) {
+	f.armor = true
+	f.TextLine("-----END " + t + "-----")
+}
+
+func (f *TestFile) Bytes() []byte {
+	out := make([]byte, f.Buf.Len())
+	copy(out, f.Buf.Bytes())
+	return out
+}
+
 func (f *TestFile) Generate() {
 	fmt.Printf("expect: %s\n", f.expect)
 	if f.expect == "success" || f.expect == "payload failure" {
@@ -267,6 +299,9 @@ func (f *TestFile) Generate() {
 	for _, p := range f.passphrases {
 		fmt.Printf("passphrase: %s\n", p)
 	}
+	if f.armor {
+		fmt.Printf("armored: yes\n")
+	}
 	if f.comment != "" {
 		fmt.Printf("comment: %s\n", f.comment)
 	}

testdata/testkit/armor

@@ -0,0 +1,13 @@
+expect: success
+payload: 013f54400c82da08037759ada907a8b864e97de81c088a182062c4b5622fd2ab
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_crlf

@@ -0,0 +1,14 @@
+expect: success
+payload: 013f54400c82da08037759ada907a8b864e97de81c088a182062c4b5622fd2ab
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+comment: CRLF is allowed as a end of line for armored files
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_empty_line_begin

@@ -0,0 +1,13 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_empty_line_end

@@ -0,0 +1,13 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_eol_between_padding

@@ -0,0 +1,13 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW2ewwwqo
+mNlxYv6gMOKyDNzgiw=
+=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_full_last_line

@@ -0,0 +1,13 @@
+expect: success
+payload: 724a112a2cac139a4fca3ea0f799f2e5ccd1d0db46af654dee40567bff16ee33
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW3bj4iHS
+YS3WWUtZB5wJqKgEe8kpsp0iOnD2CNG4DVKBC0Z7SAcCFb8xdwV9CRavSEE7OU1c
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_garbage_leading

@@ -0,0 +1,13 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+garbage
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_garbage_trailing

@@ -0,0 +1,13 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----
+garbage

testdata/testkit/armor_header_crlf

@@ -0,0 +1,13 @@
+expect: header failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1EGTZVFFV20835NWYV6270LXYVK2VKNX2MMDKWYKLMGR48UAWX40Q2P2LM0
+armored: yes
+comment: lines in the header end with CRLF instead of LF
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxDQotPiBYMjU1MTkgVEVpRjB5cHFyK2JwdmNx
+WE55Q1ZKcEw3T3V3UGRWd1BMN0tRRWJGRE9DYw0KaGphYkdYd1NMUTljM1M2THcy
+aStTMlR1MmZpd1FISHNsYkJONkI0MUZMRQ0KLS0tIDJLSUdiN3llMzJNV3RVdUVW
+V2tPM01QNnFDREx6T3ZUOXdGMDZsZWxCU0kNCu7PYsfOkbQzJ05o1PL5E0y3TFv+
+976qUsjwvA6ZLB6DMftm
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_headers

@@ -0,0 +1,15 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+Headers: are
+Not: allowed
+
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_invalid_character_header

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdl*WVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_invalid_character_payload

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+*PC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_long_line

@@ -0,0 +1,8 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FYTnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lWK0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkzZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpSyPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_lowercase

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN age ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END age ENCRYPTED FILE-----

testdata/testkit/armor_no_end_line

@@ -0,0 +1,11 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=

testdata/testkit/armor_no_eol

@@ -0,0 +1,14 @@
+expect: success
+payload: 013f54400c82da08037759ada907a8b864e97de81c088a182062c4b5622fd2ab
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+comment: there is no end of line at the end of the file
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_no_match

@@ -0,0 +1,12 @@
+expect: no match
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-143WN7DCXU4G8R5AXQSSYD9AEPYDNT3HXSLWSPK36CDU6E8M59SSSAGZ3KG
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhanRxQXZERWtWTnIyQjd6
+VU90cTJtQVFYRFNCbE5yVkF1TS9kS2I1c1Q0CkhVS3R6MFIyajVCbDJFUjdIaEFa
+clVSaWtDRnBpSWpOYTBLakhjamJBR1UKLS0tIHJycFRsdktFS3JLM0VxaG9PUEpl
+UDFLRThPMWQyYXJyUmV6Nzdtd2VrUmMK3d9y0G+8q1ffPQ0xJJatIYzX/W+AeLv4
+gS3YeUcVXre9Xog=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_no_padding

@@ -0,0 +1,13 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+comment: missing base64 padding
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_not_canonical

@@ -0,0 +1,13 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+comment: base64 is not canonical
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Z=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_pgp_checksum

@@ -0,0 +1,14 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+=J2ub
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_short_line

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRp
+b24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FYTnlDVkpwTDdPdXdQ
+ZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lWK0h1MHIrRThSNzdE
+ZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkzZjFzcUhqbHUvejFM
+Q1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpSyPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_whitespace_begin

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+----- BEGIN AGE ENCRYPTED FILE -----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_whitespace_end

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+----- END AGE ENCRYPTED FILE -----

testdata/testkit/armor_whitespace_eol

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS 
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_whitespace_last_line

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y= 
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_whitespace_line_start

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----

testdata/testkit/armor_whitespace_outside

@@ -0,0 +1,18 @@
+expect: success
+payload: 013f54400c82da08037759ada907a8b864e97de81c088a182062c4b5622fd2ab
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+comment: whitespace is allowed before and after armored files
+
+
+
   	
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED FILE-----
+
+
   	

testdata/testkit/armor_wrong_type

@@ -0,0 +1,12 @@
+expect: armor failure
+file key: 59454c4c4f57205355424d4152494e45
+identity: AGE-SECRET-KEY-1XMWWC06LY3EE5RYTXM9MFLAZ2U56JJJ36S0MYPDRWSVLUL66MV4QX3S7F6
+armored: yes
+
+-----BEGIN AGE ENCRYPTED MESSAGE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURWlGMHlwcXIrYnB2Y3FY
+TnlDVkpwTDdPdXdQZFZ3UEw3S1FFYkZET0NjCkVtRUNBRWNLTituL1ZzOVNiV2lW
+K0h1MHIrRThSNzdEZFdZeWQ4M253N1UKLS0tIFZuKzU0anFpaVVDRStXWmNFVlkz
+ZjFzcUhqbHUvejFMQ1EvVDdYbTdxSTAK7s9ix86RtDMnTmjU8vkTTLdMW/73vqpS
+yPC8DpksHoMx+2Y=
+-----END AGE ENCRYPTED MESSAGE-----

testkit_test.go

@@ -11,6 +11,7 @@ import (
 	"bytes"
 	"crypto/sha256"
 	"encoding/hex"
+	"errors"
 	"flag"
 	"io"
 	"log"
@@ -21,6 +22,7 @@ import (
 	"testing"
 
 	"filippo.io/age"
+	"filippo.io/age/armor"
 )
 
 //go:generate go test -generate -run ^$
@@ -81,6 +83,7 @@ func testVector(t *testing.T, test []byte) {
 		expect      string
 		payloadHash *[32]byte
 		identities  []age.Identity
+		armored     bool
 	)
 
 	for {
@@ -99,6 +102,7 @@ func testVector(t *testing.T, test []byte) {
 			case "success":
 			case "HMAC failure":
 			case "header failure":
+			case "armor failure":
 			case "payload failure":
 			case "no match":
 			default:
@@ -123,6 +127,8 @@ func testVector(t *testing.T, test []byte) {
 				t.Fatal(err)
 			}
 			identities = append(identities, i)
+		case "armored":
+			armored = true
 		case "file key":
 			// Ignored.
 		case "comment":
@@ -132,13 +138,23 @@ func testVector(t *testing.T, test []byte) {
 		}
 	}
 
-	r, err := age.Decrypt(bytes.NewReader(test), identities...)
+	var in io.Reader = bytes.NewReader(test)
+	if armored {
+		in = armor.NewReader(in)
+	}
+	r, err := age.Decrypt(in, identities...)
 	if err != nil && strings.HasSuffix(err.Error(), "bad header MAC") {
 		if expect == "HMAC failure" {
 			t.Log(err)
 			return
 		}
 		t.Fatalf("expected %s, got HMAC error", expect)
+	} else if e := new(armor.Error); errors.As(err, &e) {
+		if expect == "armor failure" {
+			t.Log(err)
+			return
+		}
+		t.Fatalf("expected %s, got: %v", expect, err)
 	} else if _, ok := err.(*age.NoIdentityMatchError); ok {
 		if expect == "no match" {
 			t.Log(err)
@@ -151,19 +167,24 @@ func testVector(t *testing.T, test []byte) {
 			return
 		}
 		t.Fatalf("expected %s, got: %v", expect, err)
-	} else if expect != "success" && expect != "payload failure" {
+	} else if expect != "success" && expect != "payload failure" &&
+		expect != "armor failure" {
 		t.Fatalf("expected %s, got success", expect)
 	}
 	out, err := io.ReadAll(r)
-	if err != nil {
-		if expect == "payload failure" {
-			t.Log(err)
-			if payloadHash != nil && sha256.Sum256(out) != *payloadHash {
-				t.Error("partial payload hash mismatch")
-			}
-			return
-		}
+	if err != nil && expect == "success" {
 		t.Fatalf("expected %s, got: %v", expect, err)
+	} else if err != nil {
+		t.Log(err)
+		if expect == "armor failure" {
+			if e := new(armor.Error); !errors.As(err, &e) {
+				t.Errorf("expected armor.Error, got %T", err)
+			}
+		}
+		if payloadHash != nil && sha256.Sum256(out) != *payloadHash {
+			t.Error("partial payload hash mismatch")
+		}
+		return
 	} else if expect != "success" {
 		t.Fatalf("expected %s, got success", expect)
 	}

tests/armor.go

@@ -0,0 +1,25 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.Generate()
+}

tests/armor_crlf.go

@@ -0,0 +1,33 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import (
+	"bytes"
+
+	"filippo.io/age/internal/testkit"
+)
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	armored := f.Bytes()
+	f.Buf.Reset()
+	f.Buf.Write(bytes.Replace(armored, []byte("\n"), []byte("\r\n"), -1))
+	f.Comment("CRLF is allowed as a end of line for armored files")
+	f.Generate()
+}

tests/armor_empty_line_begin.go

@@ -0,0 +1,27 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.TextLine("")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_empty_line_end.go

@@ -0,0 +1,27 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.TextLine("")
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_eol_between_padding.go

@@ -0,0 +1,39 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import (
+	"strings"
+
+	"filippo.io/age/internal/testkit"
+)
+
+// See base64finl in RFC 7468.
+//   ; ...AB= <EOL> = <EOL> is not good, but is valid
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age12")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	line := f.UnreadLine()
+	if !strings.Contains(line, "==") {
+		panic("need two padding characters")
+	}
+	line = strings.Replace(line, "==", "=\n=", 1)
+	f.TextLine(line)
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_full_last_line.go

@@ -0,0 +1,29 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age age age age age age age age age age ")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	if len(file)%48 != 0 {
+		println(len(file) % 48)
+		panic("last line is not full")
+	}
+	f.Body(file)
+	f.UnreadLine() // Body leaves an empty line, PEM doesn't.
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.Generate()
+}

tests/armor_garbage_encoded.go

@@ -0,0 +1,30 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.FileKey(testkit.LargeTestFileKey)
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Identity)
+	f.HMAC()
+	f.Nonce(testkit.LargeTestNonce)
+	f.PayloadChunkFinal(testkit.LargeTestFirstChunk)
+	f.Buf.Write(f.Rand(20))
+	f.ExpectPartialPayload(64 * 1024)
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.Comment("there is trailing garbage encoded after the final chunk")
+	f.Generate()
+}

tests/armor_garbage_leading.go

@@ -0,0 +1,27 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.TextLine("garbage")
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_garbage_trailing.go

@@ -0,0 +1,27 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.TextLine("garbage")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_header_crlf.go

@@ -0,0 +1,35 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import (
+	"bytes"
+
+	"filippo.io/age/internal/testkit"
+)
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Identity)
+	hdr := f.Buf.Bytes()
+	f.Buf.Reset()
+	f.Buf.Write(bytes.Replace(hdr, []byte("\n"), []byte("\r\n"), -1))
+	f.HMAC()
+	f.Buf.WriteString(f.UnreadLine() + "\r\n")
+	f.Payload("age")
+	f.ExpectHeaderFailure()
+	f.Comment("lines in the header end with CRLF instead of LF")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.Generate()
+}

tests/armor_headers.go

@@ -0,0 +1,29 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.TextLine("Headers: are")
+	f.TextLine("Not: allowed")
+	f.TextLine("")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_invalid_character_header.go

@@ -0,0 +1,34 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import (
+	"strings"
+
+	"filippo.io/age/internal/testkit"
+)
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	begin, rest, _ := strings.Cut(string(f.Bytes()), "\n")
+	f.Buf.Reset()
+	f.TextLine(begin)
+	f.Buf.WriteString(rest[:4] + "*" + rest[5:])
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_invalid_character_payload.go

@@ -0,0 +1,28 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	line := f.UnreadLine()
+	f.TextLine("*" + line[1:])
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_long_line.go

@@ -0,0 +1,30 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import (
+	"encoding/base64"
+
+	"filippo.io/age/internal/testkit"
+)
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.TextLine(base64.StdEncoding.EncodeToString(file))
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_lowercase.go

@@ -0,0 +1,26 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("age ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("age ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_no_end_line.go

@@ -0,0 +1,25 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_no_eol.go

@@ -0,0 +1,26 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.Buf.WriteString("-----END AGE ENCRYPTED FILE-----")
+	f.Comment("there is no end of line at the end of the file")
+	f.Generate()
+}

tests/armor_no_match.go

@@ -0,0 +1,28 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	identity := f.Rand(32)
+	f.X25519RecordIdentity(identity)
+	f.X25519NoRecordIdentity(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	f.ExpectNoMatch()
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.Generate()
+}

tests/armor_no_padding.go

@@ -0,0 +1,29 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	if len(file)%3 == 0 {
+		panic("no need for padding")
+	}
+	f.Body(file)
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Comment("missing base64 padding")
+	f.Generate()
+}

tests/armor_not_canonical.go

@@ -0,0 +1,28 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.TextLine(testkit.NotCanonicalBase64(f.UnreadLine()))
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Comment("base64 is not canonical")
+	f.Generate()
+}

tests/armor_pgp_checksum.go

@@ -0,0 +1,29 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import (
+	"filippo.io/age/internal/testkit"
+	"golang.org/x/crypto/openpgp/armor"
+)
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	w, _ := armor.Encode(&f.Buf, "AGE ENCRYPTED FILE", nil)
+	w.Write(file)
+	w.Close()
+	f.Buf.WriteString("\n")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_short_line.go

@@ -0,0 +1,27 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file[:12])
+	f.Body(file[12:])
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_whitespace_begin.go

@@ -0,0 +1,26 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.TextLine("----- BEGIN AGE ENCRYPTED FILE -----")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_whitespace_end.go

@@ -0,0 +1,26 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.TextLine("----- END AGE ENCRYPTED FILE -----")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_whitespace_eol.go

@@ -0,0 +1,29 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	line2, line1 := f.UnreadLine(), f.UnreadLine()
+	f.TextLine(line1 + " ")
+	f.TextLine(line2)
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_whitespace_last_line.go

@@ -0,0 +1,27 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.TextLine(f.UnreadLine() + " ")
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_whitespace_line_start.go

@@ -0,0 +1,29 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	line2, line1 := f.UnreadLine(), f.UnreadLine()
+	f.TextLine(" " + line1)
+	f.TextLine(line2)
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}

tests/armor_whitespace_outside.go

@@ -0,0 +1,28 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.Buf.Write([]byte("\n\r   \t\n"))
+	f.BeginArmor("AGE ENCRYPTED FILE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED FILE")
+	f.Buf.Write([]byte("\n\r   \t\n"))
+	f.Comment("whitespace is allowed before and after armored files")
+	f.Generate()
+}

tests/armor_wrong_type.go

@@ -0,0 +1,26 @@
+// Copyright 2022 The age Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+// +build ignore
+
+package main
+
+import "filippo.io/age/internal/testkit"
+
+func main() {
+	f := testkit.NewTestFile()
+	f.VersionLine("v1")
+	f.X25519(testkit.TestX25519Recipient)
+	f.HMAC()
+	f.Payload("age")
+	file := f.Bytes()
+	f.Buf.Reset()
+	f.BeginArmor("AGE ENCRYPTED MESSAGE")
+	f.Body(file)
+	f.Base64Padding()
+	f.EndArmor("AGE ENCRYPTED MESSAGE")
+	f.ExpectArmorFailure()
+	f.Generate()
+}