Before
filippo.io/age/armor coverage: 72.3% of statements in filippo.io/age/...
filippo.io/age/internal/format coverage: 86.8% of statements in filippo.io/age/...
filippo.io/age/internal/stream coverage: 83.9% of statements in filippo.io/age/...
After
filippo.io/age/armor coverage: 88.0% of statements in filippo.io/age/...
filippo.io/age/internal/format coverage: 87.6% of statements in filippo.io/age/...
filippo.io/age/internal/stream coverage: 86.0% of statements in filippo.io/age/...
Simplifies importing test data from CCTV without needing to invoke
"go mod download" from TestVectors. Makes life easier for package
builders with no networking, like Nixpkgs.
If the implementation re-encodes the header before checking the HMAC,
that would mask malleability issues: the HMAC check would fail because
the tests HMAC'd the original header, but an attacker could also produce
the right HMAC. Instead of duplicating every parsing tests (with the
original and re-encoded HMAC), we make the test framework distinguish
HMAC errors, which ensures bad encodings are recognized as such and not
bypassable HMAC errors.
