From 8a02f4801fc98033aed809f6fb47f63be101d11b Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Tue, 12 Jul 2022 19:20:34 +0200
Subject: [PATCH] cmd/age: improve terminal-related testscripts

---
 cmd/age/age_test.go                 |  1 +
 cmd/age/testdata/ed25519.txt        |  7 +++++--
 cmd/age/testdata/encrypted_keys.txt | 20 ++++++++++++++++++--
 cmd/age/testdata/pkcs8.txt          |  3 ++-
 cmd/age/testdata/rsa.txt            |  6 ++++--
 cmd/age/testdata/scrypt.txt         | 19 ++++++++++++++++++-
 cmd/age/testdata/terminal.txt       | 21 +++++++++++++++++----
 cmd/age/testdata/x25519.txt         |  6 ++++--
 cmd/age/wordlist.go                 |  5 +++++
 go.mod                              |  2 +-
 go.sum                              |  4 ++--
 11 files changed, 77 insertions(+), 17 deletions(-)

diff --git a/cmd/age/age_test.go b/cmd/age/age_test.go
index f1fcebe..7dfd5fe 100644
--- a/cmd/age/age_test.go
+++ b/cmd/age/age_test.go
@@ -24,6 +24,7 @@ func TestMain(m *testing.M) {
 			testOnlyConfigureScryptIdentity = func(r *age.ScryptRecipient) {
 				r.SetWorkFactor(10)
 			}
+			testOnlyFixedRandomWord = "four"
 			main()
 			return 0
 		},
diff --git a/cmd/age/testdata/ed25519.txt b/cmd/age/testdata/ed25519.txt
index e874e2b..8a919c3 100644
--- a/cmd/age/testdata/ed25519.txt
+++ b/cmd/age/testdata/ed25519.txt
@@ -1,17 +1,20 @@
 # encrypt and decrypt a file with -R
 age -R key.pem.pub -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with -i
 age -e -i key.pem -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with the wrong key
 age -R otherkey.pem.pub -o test.age input
 ! age -d -i key.pem test.age
 stderr 'no identity matched any of the recipients'
+! stdout .
 
 -- input --
 test
diff --git a/cmd/age/testdata/encrypted_keys.txt b/cmd/age/testdata/encrypted_keys.txt
index 2b57b4e..01a700e 100644
--- a/cmd/age/testdata/encrypted_keys.txt
+++ b/cmd/age/testdata/encrypted_keys.txt
@@ -1,3 +1,5 @@
+# TODO: age-encrypted private keys, multiple identities, -i ordering, -e -i
+
 [windows] skip # no pty support
 
 # use an encrypted OpenSSH private key without .pub file
@@ -5,7 +7,14 @@ age -R key_ed25519.pub -o ed25519.age input
 rm key_ed25519.pub
 pty terminal
 age -d -i key_ed25519 ed25519.age
-stdout test
+cmp stdout input
+! stderr .
+
+# -e -i with an encrypted OpenSSH private key
+age -e -i key_ed25519 -o ed25519.age input
+pty terminal
+age -d -i key_ed25519 ed25519.age
+cmp stdout input
 
 # a file encrypted to the wrong key does not ask for the password
 age -R key_ed25519_other.pub -o ed25519_other.age input
@@ -16,11 +25,18 @@ stderr 'no identity matched any of the recipients'
 age -R key_rsa_legacy.pub -o rsa_legacy.age input
 pty terminal
 age -d -i key_rsa_legacy rsa_legacy.age
-stdout test
+cmp stdout input
+! stderr .
 age -R key_rsa_other.pub -o rsa_other.age input
 ! age -d -i key_rsa_legacy rsa_other.age
 stderr 'no identity matched any of the recipients'
 
+# -e -i with an encrypted legacy PEM private key
+age -e -i key_rsa_legacy -o rsa_legacy.age input
+pty terminal
+age -d -i key_rsa_legacy rsa_legacy.age
+cmp stdout input
+
 # legacy PEM private key without a .pub file causes an error
 rm key_rsa_legacy.pub
 ! age -d -i key_rsa_legacy rsa_legacy.age
diff --git a/cmd/age/testdata/pkcs8.txt b/cmd/age/testdata/pkcs8.txt
index 5ade753..f589439 100644
--- a/cmd/age/testdata/pkcs8.txt
+++ b/cmd/age/testdata/pkcs8.txt
@@ -2,7 +2,8 @@
 # encrypt and decrypt a file with an Ed25519 key encoded with PKCS#8
 age -e -i key.pem -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 -- input --
 test
diff --git a/cmd/age/testdata/rsa.txt b/cmd/age/testdata/rsa.txt
index c9ac561..e6f7888 100644
--- a/cmd/age/testdata/rsa.txt
+++ b/cmd/age/testdata/rsa.txt
@@ -1,12 +1,14 @@
 # encrypt and decrypt a file with -R
 age -R key.pem.pub -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with -i
 age -e -i key.pem -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with the wrong key
 age -R otherkey.pem.pub -o test.age input
diff --git a/cmd/age/testdata/scrypt.txt b/cmd/age/testdata/scrypt.txt
index cd5f56d..987cfbb 100644
--- a/cmd/age/testdata/scrypt.txt
+++ b/cmd/age/testdata/scrypt.txt
@@ -1,22 +1,35 @@
 [windows] skip # no pty support
 
 # encrypt with a provided passphrase
+stdin input
 pty terminal
 age -p -o test.age
+ptyout 'Enter passphrase'
 ! stderr .
 ! stdout .
 
 # decrypt with a provided passphrase
 pty terminal
 age -d test.age
+ptyout 'Enter passphrase'
 ! stderr .
-! stdout .
+cmp stdout input
 
 # decrypt with the wrong passphrase
 pty wrong
 ! age -d test.age
 stderr 'incorrect passphrase'
 
+# encrypt with a generated passphrase
+stdin input
+pty empty
+age -p -o test.age
+! stderr .
+! stdout .
+pty autogenerated
+age -d test.age
+cmp stdout input
+
 # fail when -i is present
 pty terminal
 ! age -d -i key.txt test.age
@@ -40,3 +53,7 @@ test
 # created: 2021-02-02T13:09:43+01:00
 # public key: age1xmwwc06ly3ee5rytxm9mflaz2u56jjj36s0mypdrwsvlul66mv4q47ryef
 AGE-SECRET-KEY-1EGTZVFFV20835NWYV6270LXYVK2VKNX2MMDKWYKLMGR48UAWX40Q2P2LM0
+-- autogenerated --
+four-four-four-four-four-four-four-four-four-four
+-- empty --
+
diff --git a/cmd/age/testdata/terminal.txt b/cmd/age/testdata/terminal.txt
index 47f8256..1914984 100644
--- a/cmd/age/testdata/terminal.txt
+++ b/cmd/age/testdata/terminal.txt
@@ -12,18 +12,31 @@ ptyout 'autogenerated passphrase'
 ! stderr .
 
 # with no controlling terminal, stdin terminal is used
-# TODO: enable once https://golang.org/issue/53601 is fixed
-# and Noctty is added to testscript.
+## TODO: enable once https://golang.org/issue/53601 is fixed
+## and Noctty is added to testscript.
+# noctty
 # pty -stdin terminal
 # age -p -o test.age input
 # ! stderr .
 
 # no terminal causes an error
-# TODO: enable once https://golang.org/issue/53601 is fixed
-# and Noctty is added to testscript.
+## TODO: enable once https://golang.org/issue/53601 is fixed
+## and Noctty is added to testscript.
+# noctty
 # ! age -p -o test.age input
 # stderr 'standard input is not a terminal'
 
+# prompt for password before plaintext if stdin is the terminal
+exec cat terminal input # concatenated password + input
+pty -stdin stdout
+age -p -a -o test.age
+ptyout 'Enter passphrase'
+! stderr .
+# check the file was encrypted correctly
+pty terminal
+age -d test.age
+cmp stdout input
+
 -- input --
 test
 -- terminal --
diff --git a/cmd/age/testdata/x25519.txt b/cmd/age/testdata/x25519.txt
index e1bf8e9..0142216 100644
--- a/cmd/age/testdata/x25519.txt
+++ b/cmd/age/testdata/x25519.txt
@@ -1,12 +1,14 @@
 # encrypt and decrypt a file with -r
 age -r age1xmwwc06ly3ee5rytxm9mflaz2u56jjj36s0mypdrwsvlul66mv4q47ryef -o test.age input
 age -d -i key.txt test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with -i
 age -e -i key.txt -o test.age input
 age -d -i key.txt test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with the wrong key
 age -r age12phkzssndd5axajas2h74vtge62c86xjhd6u9anyanqhzvdg6sps0xthgl -o test.age input
diff --git a/cmd/age/wordlist.go b/cmd/age/wordlist.go
index ccff11a..004038c 100644
--- a/cmd/age/wordlist.go
+++ b/cmd/age/wordlist.go
@@ -10,7 +10,12 @@ import (
 	"strings"
 )
 
+var testOnlyFixedRandomWord string
+
 func randomWord() string {
+	if testOnlyFixedRandomWord != "" {
+		return testOnlyFixedRandomWord
+	}
 	buf := make([]byte, 2)
 	if _, err := rand.Read(buf); err != nil {
 		panic(err)
diff --git a/go.mod b/go.mod
index e3498e8..81c8975 100644
--- a/go.mod
+++ b/go.mod
@@ -16,4 +16,4 @@ require (
 	github.com/rogpeppe/go-internal v1.8.1
 )
 
-replace github.com/rogpeppe/go-internal => github.com/FiloSottile/go-internal v1.8.2-0.20220703103932-d3b1faae2802
+replace github.com/rogpeppe/go-internal => github.com/FiloSottile/go-internal v1.8.2-0.20220712170627-21d77b294581
diff --git a/go.sum b/go.sum
index 2b26ecc..26a5e5a 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,7 @@
 filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU=
 filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
-github.com/FiloSottile/go-internal v1.8.2-0.20220703103932-d3b1faae2802 h1:nbboufyYTmxa9hcjNjUkBoKS6xBXXF0umj85jGKRiV0=
-github.com/FiloSottile/go-internal v1.8.2-0.20220703103932-d3b1faae2802/go.mod h1:dNbK7mWDMlmf5ttOAJJg+a4CyamnqDRrw+Uja1sBETc=
+github.com/FiloSottile/go-internal v1.8.2-0.20220712170627-21d77b294581 h1:L4v4ojdBajPuAUjuv4WmkXI2oOkvXr4cXJM7O8tMs3k=
+github.com/FiloSottile/go-internal v1.8.2-0.20220712170627-21d77b294581/go.mod h1:dNbK7mWDMlmf5ttOAJJg+a4CyamnqDRrw+Uja1sBETc=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=