cmd/age: improve terminal-related testscripts

cmd/age/age_test.go

@@ -24,6 +24,7 @@ func TestMain(m *testing.M) {
 			testOnlyConfigureScryptIdentity = func(r *age.ScryptRecipient) {
 				r.SetWorkFactor(10)
 			}
+			testOnlyFixedRandomWord = "four"
 			main()
 			return 0
 		},

cmd/age/testdata/ed25519.txt

@@ -1,17 +1,20 @@
 # encrypt and decrypt a file with -R
 age -R key.pem.pub -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with -i
 age -e -i key.pem -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with the wrong key
 age -R otherkey.pem.pub -o test.age input
 ! age -d -i key.pem test.age
 stderr 'no identity matched any of the recipients'
+! stdout .
 
 -- input --
 test

cmd/age/testdata/encrypted_keys.txt

@@ -1,3 +1,5 @@
+# TODO: age-encrypted private keys, multiple identities, -i ordering, -e -i
+
 [windows] skip # no pty support
 
 # use an encrypted OpenSSH private key without .pub file
@@ -5,7 +7,14 @@ age -R key_ed25519.pub -o ed25519.age input
 rm key_ed25519.pub
 pty terminal
 age -d -i key_ed25519 ed25519.age
-stdout test
+cmp stdout input
+! stderr .
+
+# -e -i with an encrypted OpenSSH private key
+age -e -i key_ed25519 -o ed25519.age input
+pty terminal
+age -d -i key_ed25519 ed25519.age
+cmp stdout input
 
 # a file encrypted to the wrong key does not ask for the password
 age -R key_ed25519_other.pub -o ed25519_other.age input
@@ -16,11 +25,18 @@ stderr 'no identity matched any of the recipients'
 age -R key_rsa_legacy.pub -o rsa_legacy.age input
 pty terminal
 age -d -i key_rsa_legacy rsa_legacy.age
-stdout test
+cmp stdout input
+! stderr .
 age -R key_rsa_other.pub -o rsa_other.age input
 ! age -d -i key_rsa_legacy rsa_other.age
 stderr 'no identity matched any of the recipients'
 
+# -e -i with an encrypted legacy PEM private key
+age -e -i key_rsa_legacy -o rsa_legacy.age input
+pty terminal
+age -d -i key_rsa_legacy rsa_legacy.age
+cmp stdout input
+
 # legacy PEM private key without a .pub file causes an error
 rm key_rsa_legacy.pub
 ! age -d -i key_rsa_legacy rsa_legacy.age

cmd/age/testdata/pkcs8.txt

@@ -2,7 +2,8 @@
 # encrypt and decrypt a file with an Ed25519 key encoded with PKCS#8
 age -e -i key.pem -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 -- input --
 test

cmd/age/testdata/rsa.txt

@@ -1,12 +1,14 @@
 # encrypt and decrypt a file with -R
 age -R key.pem.pub -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with -i
 age -e -i key.pem -o test.age input
 age -d -i key.pem test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with the wrong key
 age -R otherkey.pem.pub -o test.age input

cmd/age/testdata/scrypt.txt

@@ -1,22 +1,35 @@
 [windows] skip # no pty support
 
 # encrypt with a provided passphrase
+stdin input
 pty terminal
 age -p -o test.age
+ptyout 'Enter passphrase'
 ! stderr .
 ! stdout .
 
 # decrypt with a provided passphrase
 pty terminal
 age -d test.age
+ptyout 'Enter passphrase'
 ! stderr .
-! stdout .
+cmp stdout input
 
 # decrypt with the wrong passphrase
 pty wrong
 ! age -d test.age
 stderr 'incorrect passphrase'
 
+# encrypt with a generated passphrase
+stdin input
+pty empty
+age -p -o test.age
+! stderr .
+! stdout .
+pty autogenerated
+age -d test.age
+cmp stdout input
+
 # fail when -i is present
 pty terminal
 ! age -d -i key.txt test.age
@@ -40,3 +53,7 @@ test
 # created: 2021-02-02T13:09:43+01:00
 # public key: age1xmwwc06ly3ee5rytxm9mflaz2u56jjj36s0mypdrwsvlul66mv4q47ryef
 AGE-SECRET-KEY-1EGTZVFFV20835NWYV6270LXYVK2VKNX2MMDKWYKLMGR48UAWX40Q2P2LM0
+-- autogenerated --
+four-four-four-four-four-four-four-four-four-four
+-- empty --
+

cmd/age/testdata/terminal.txt

@@ -12,18 +12,31 @@ ptyout 'autogenerated passphrase'
 ! stderr .
 
 # with no controlling terminal, stdin terminal is used
-# TODO: enable once https://golang.org/issue/53601 is fixed
-# and Noctty is added to testscript.
+## TODO: enable once https://golang.org/issue/53601 is fixed
+## and Noctty is added to testscript.
+# noctty
 # pty -stdin terminal
 # age -p -o test.age input
 # ! stderr .
 
 # no terminal causes an error
-# TODO: enable once https://golang.org/issue/53601 is fixed
-# and Noctty is added to testscript.
+## TODO: enable once https://golang.org/issue/53601 is fixed
+## and Noctty is added to testscript.
+# noctty
 # ! age -p -o test.age input
 # stderr 'standard input is not a terminal'
 
+# prompt for password before plaintext if stdin is the terminal
+exec cat terminal input # concatenated password + input
+pty -stdin stdout
+age -p -a -o test.age
+ptyout 'Enter passphrase'
+! stderr .
+# check the file was encrypted correctly
+pty terminal
+age -d test.age
+cmp stdout input
+
 -- input --
 test
 -- terminal --

cmd/age/testdata/x25519.txt

@@ -1,12 +1,14 @@
 # encrypt and decrypt a file with -r
 age -r age1xmwwc06ly3ee5rytxm9mflaz2u56jjj36s0mypdrwsvlul66mv4q47ryef -o test.age input
 age -d -i key.txt test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with -i
 age -e -i key.txt -o test.age input
 age -d -i key.txt test.age
-stdout test
+cmp stdout input
+! stderr .
 
 # encrypt and decrypt a file with the wrong key
 age -r age12phkzssndd5axajas2h74vtge62c86xjhd6u9anyanqhzvdg6sps0xthgl -o test.age input

cmd/age/wordlist.go

@@ -10,7 +10,12 @@ import (
 	"strings"
 )
 
+var testOnlyFixedRandomWord string
+
 func randomWord() string {
+	if testOnlyFixedRandomWord != "" {
+		return testOnlyFixedRandomWord
+	}
 	buf := make([]byte, 2)
 	if _, err := rand.Read(buf); err != nil {
 		panic(err)