diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e11e6178..44c33ce5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: test: strategy: matrix: - go-version: [1.19.x, 1.20.x, 1.21.x] + go-version: [1.21.x, 1.22.x, 1.23.x] os: [ubuntu-latest] runs-on: ${{ matrix.os }} steps: @@ -21,7 +21,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v3 with: - version: v1.55 + version: v1.63 - run: go vet ./... - run: go test ./... - run: env GOARCH=386 go test ./... diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..4eb78cae --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,13 @@ +linters-settings: + gocritic: + disabled-checks: + - ifElseChain + - elseif + +linters: + enable: + - gofmt + - gocritic + - unconvert + - revive + - govet diff --git a/armor.go b/armor.go index bb48698b..f980141b 100644 --- a/armor.go +++ b/armor.go @@ -73,7 +73,7 @@ func (s *armorEncoderStream) Close() (err error) { return err } lst := s.buf.Bytes() - if _, err := s.encoded.Write([]byte(lst)); err != nil { + if _, err := s.encoded.Write(lst); err != nil { return err } s.nWords++ diff --git a/armor62_encrypt_test.go b/armor62_encrypt_test.go index c5763dc6..1fd93bb8 100644 --- a/armor62_encrypt_test.go +++ b/armor62_encrypt_test.go @@ -56,7 +56,7 @@ func testDearmor62DecryptSlowReader(t *testing.T, version Version) { func testNewlineInFrame(t *testing.T, version Version) { plaintext, ciphertext := encryptArmor62RandomData(t, version, 1024) - //newline space space tab space + // newline space space tab space ss := []string{"\n\n> ", ciphertext[0:10], "\n ", ciphertext[11:]} ciphertext = strings.Join(ss, "") diff --git a/basic/key_test.go b/basic/key_test.go index 74165785..34e734e0 100644 --- a/basic/key_test.go +++ b/basic/key_test.go @@ -25,15 +25,15 @@ func runTestOverVersions(t *testing.T, f func(t *testing.T, version saltpack.Ver // test function names, and the names of the subtest will be taken to // be the strings after that prefix. Example use: // -// func TestFoo(t *testing.T) { -// tests := []func(*testing.T, Version){ -// testFooBar1, -// testFooBar2, -// testFooBar3, -// ... -// } -// runTestsOverVersions(t, "testFoo", tests) -// } +// func TestFoo(t *testing.T) { +// tests := []func(*testing.T, Version){ +// testFooBar1, +// testFooBar2, +// testFooBar3, +// ... +// } +// runTestsOverVersions(t, "testFoo", tests) +// } // // This is copied from ../common_test.go. func runTestsOverVersions(t *testing.T, prefix string, fs []func(t *testing.T, ver saltpack.Version)) { diff --git a/classify_and_decrypt.go b/classify_and_decrypt.go index 11c31612..bb4e964a 100644 --- a/classify_and_decrypt.go +++ b/classify_and_decrypt.go @@ -5,9 +5,9 @@ package saltpack import ( "bufio" + "fmt" "io" "regexp" - "sort" "strings" "github.com/keybase/saltpack/encoding/basex" @@ -116,17 +116,7 @@ func IsSaltpackBinarySlice(b []byte) (msgType MessageType, version Version, err // saltpack message. If err is nil, then the brand, version and expected type of the message will be returned, but this does *NOT* guarantee that the // rest of the message is well formed. func IsSaltpackArmored(stream *bufio.Reader) (brand string, msgType MessageType, ver Version, err error) { - - // temporary hack to compute stream.Size(), which is only available from go 1.10 - // TODO remove after we can drop support for go 1.9 or older. - // If the buffer is larger then 8192, we use the first 8192 bytes (which should be - // enough to decode one block in the vast majority of cases) - sizePlusOne := sort.Search(8192, func(i int) bool { - _, peekErr := stream.Peek(i) - return peekErr == bufio.ErrBufferFull - }) - - buf, err := stream.Peek(sizePlusOne - 1) + buf, err := stream.Peek(stream.Size()) if (err != nil && err != io.EOF) || len(buf) == 0 { return "", MessageTypeUnknown, ver, err } @@ -158,7 +148,7 @@ func IsSaltpackArmoredPrefix(pref string) (brand string, messageType MessageType switch len(strs) { case 1: - if strings.HasPrefix(string(headerMarker), strs[0]) { + if strings.HasPrefix(string(headerMarker), strs[0]) { // nolint return "", MessageTypeUnknown, Version{}, ErrShortSliceOrBuffer } return "", MessageTypeUnknown, Version{}, ErrNotASaltpackMessage @@ -174,13 +164,17 @@ func IsSaltpackArmoredPrefix(pref string) (brand string, messageType MessageType } headerWithoutBrand := strings.Join(append([]string{strs[0]}, strs[2:]...), " ") - - if strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+EncryptionArmorString, headerWithoutBrand) || - strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+SignedArmorString, headerWithoutBrand) || - strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+DetachedSignatureArmorString, headerWithoutBrand) || - strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+EncryptionArmorString, s) || - strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+SignedArmorString, s) || - strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+DetachedSignatureArmorString, s) { + headerPrefix := fmt.Sprintf("%s %s", headerMarker, strings.ToUpper(FormatName)) + encryptionPrefix := fmt.Sprintf("%s %s", headerPrefix, EncryptionArmorString) + signedPrefix := fmt.Sprintf("%s %s", headerPrefix, SignedArmorString) + detachedSigPrefix := fmt.Sprintf("%s %s", headerPrefix, DetachedSignatureArmorString) + + if strings.HasPrefix(encryptionPrefix, headerWithoutBrand) || + strings.HasPrefix(signedPrefix, headerWithoutBrand) || + strings.HasPrefix(detachedSigPrefix, headerWithoutBrand) || + strings.HasPrefix(encryptionPrefix, s) || + strings.HasPrefix(signedPrefix, s) || + strings.HasPrefix(detachedSigPrefix, s) { return "", MessageTypeUnknown, Version{}, ErrShortSliceOrBuffer } return "", MessageTypeUnknown, Version{}, ErrNotASaltpackMessage diff --git a/common_test.go b/common_test.go index 20fdc575..39f65fdc 100644 --- a/common_test.go +++ b/common_test.go @@ -48,15 +48,15 @@ func runTestOverVersions(t *testing.T, f func(t *testing.T, version Version)) { // test function names, and the names of the subtest will be taken to // be the strings after that prefix. Example use: // -// func TestFoo(t *testing.T) { -// tests := []func(*testing.T, Version){ -// testFooBar1, -// testFooBar2, -// testFooBar3, -// ... -// } -// runTestsOverVersions(t, "testFoo", tests) -// } +// func TestFoo(t *testing.T) { +// tests := []func(*testing.T, Version){ +// testFooBar1, +// testFooBar2, +// testFooBar3, +// ... +// } +// runTestsOverVersions(t, "testFoo", tests) +// } func runTestsOverVersions(t *testing.T, prefix string, fs []func(t *testing.T, ver Version)) { for _, f := range fs { f := f // capture range variable. diff --git a/decrypt.go b/decrypt.go index 772307cd..22caa3b2 100644 --- a/decrypt.go +++ b/decrypt.go @@ -65,7 +65,7 @@ func (ds *decryptStream) getNextChunk() ([]byte, error) { return chunk, nil } -func (ds *decryptStream) readHeader(rawReader io.Reader) error { +func (ds *decryptStream) readHeader(_ io.Reader) error { // Read the header bytes. headerBytes := []byte{} _, err := ds.mps.Read(&headerBytes) diff --git a/doc.go b/doc.go index e1cc0cc5..431a278f 100644 --- a/doc.go +++ b/doc.go @@ -1,5 +1,4 @@ /* - Package saltpack is an implementation of the saltpack message format. Saltpack is a light wrapper around Dan Berstein's famous NaCl library. It adds support for longer messages, streaming input and output of data, multiple recipients @@ -11,12 +10,12 @@ easier to implement; (3) judicious (perhaps judgmental) in its crypto usage; prone; (7) generally unwilling to output unauthenticated data; and (8) easier to compose with other software in any manner of languages or platforms. -Key Management +# Key Management Saltpack makes no attempt to manage keys. We assume the wrapping application has a story for key management. -Modes of Operation +# Modes of Operation Saltpack supports three modes of operation: encrypted messages, attached signatures, and detached signatures. Encrypted messages use NaCl's @@ -26,21 +25,20 @@ detached signature contains just the signature, and assumes an independent delievery mechanism for the file (this might come up when distributing an ISO and separate signature of the file). -Encoding +# Encoding Saltpack has two encoding modes: binary and armored. In armored mode, saltpack outputs in Base62-encoding, suitable for publication into any manner of Web settings without fear of markup-caused mangling. -API +# API This saltpack library implementation supports two API patterns: streaming and all-at-once. The former is useful for large files that can't fit into memory; the latter is more convenient. Both produce the same output. -More Info +# More Info See https://saltpack.org - */ package saltpack diff --git a/encoding/basex/encoding.go b/encoding/basex/encoding.go index 1e5fcd2c..96f132ba 100644 --- a/encoding/basex/encoding.go +++ b/encoding/basex/encoding.go @@ -54,7 +54,7 @@ func NewEncoding(encoder string, base256BlockLen int, skipBytes string) *Encodin baseBig: big.NewInt(int64(base)), skipBytes: skipBytes, } - copy(e.encode[:], encoder) + copy(e.encode, encoder) for _, c := range skipBytes { e.skipMap[c] = true diff --git a/encoding/basex/go_base64_test.go b/encoding/basex/go_base64_test.go index 8f54d866..89d7abc9 100644 --- a/encoding/basex/go_base64_test.go +++ b/encoding/basex/go_base64_test.go @@ -293,7 +293,7 @@ AxA1fEUSk9Rq7izcR2mS8fKZHQP2jk55hHkrY9QMGyYFnQhDJq2LhAiJDfzu XcAFA8jRXbNy8Ja6VVrzxttgesfK16STCZBYzT7SYVA1LhfmbX5SZ84JgqdE QMbQoToAuRpfmWvM4FH ` - encodedShort := strings.Replace(encoded, "\n", "", -1) + encodedShort := strings.ReplaceAll(encoded, "\n", "") dec := NewDecoder(Base58StdEncoding, strings.NewReader(encoded)) res1, err := io.ReadAll(dec) diff --git a/encoding/basex/stream.go b/encoding/basex/stream.go index 0155f212..4f74ac2f 100644 --- a/encoding/basex/stream.go +++ b/encoding/basex/stream.go @@ -43,7 +43,7 @@ func (e *encoder) Write(p []byte) (n int, err error) { if e.nbuf < ibl { return } - e.enc.Encode(e.out[:], e.buf[:]) + e.enc.Encode(e.out, e.buf) if _, e.err = e.w.Write(e.out[:obl]); e.err != nil { return n, e.err } @@ -57,7 +57,7 @@ func (e *encoder) Write(p []byte) (n int, err error) { nn = len(p) nn -= nn % ibl } - e.enc.Encode(e.out[:], p[:nn]) + e.enc.Encode(e.out, p[:nn]) if _, e.err = e.w.Write(e.out[0 : nn/ibl*obl]); e.err != nil { return n, e.err } @@ -77,7 +77,7 @@ func (e *encoder) Write(p []byte) (n int, err error) { func (e *encoder) Close() error { // If there's anything left in the buffer, flush it out if e.err == nil && e.nbuf > 0 { - e.enc.Encode(e.out[:], e.buf[:e.nbuf]) + e.enc.Encode(e.out, e.buf[:e.nbuf]) _, e.err = e.w.Write(e.out[:e.enc.EncodedLen(e.nbuf)]) e.nbuf = 0 } @@ -173,7 +173,7 @@ func (d *decoder) Read(p []byte) (int, error) { // the rest internally if numBytesToOutput > len(p) { var n int - n, d.err = d.enc.Decode(d.scratchbuf[:], d.buf[:numBytesToDecode]) + n, d.err = d.enc.Decode(d.scratchbuf, d.buf[:numBytesToDecode]) d.out = d.scratchbuf[:n] ret = copy(p, d.out) d.out = d.out[ret:] diff --git a/encrypt_test.go b/encrypt_test.go index 7b2bf1d9..61188619 100644 --- a/encrypt_test.go +++ b/encrypt_test.go @@ -573,7 +573,7 @@ func testEmptyReceivers(t *testing.T, version Version) { func testCorruptHeaderNonce(t *testing.T, version Version) { msg := randomMsg(t, 129) teo := testEncryptionOptions{ - corruptKeysNonce: func(n Nonce, rid int) Nonce { + corruptKeysNonce: func(n Nonce, _ int) Nonce { ret := n ret[4] ^= 1 return ret @@ -703,7 +703,7 @@ func testCorruptPayloadKeyPlaintext(t *testing.T, version Version) { // Also try truncating the payload key. This should fail with a different // error. teo = testEncryptionOptions{ - corruptPayloadKey: func(pk *[]byte, rid int) { + corruptPayloadKey: func(pk *[]byte, _ int) { var shortKey [31]byte *pk = shortKey[:] }, @@ -1063,7 +1063,7 @@ func testEmptyReceiverKID(t *testing.T, version Version) { } plaintext := randomMsg(t, 1024*3) teo := testEncryptionOptions{ - corruptReceiverKeys: func(keys *receiverKeys, rid int) { + corruptReceiverKeys: func(keys *receiverKeys, _ int) { keys.ReceiverKID = []byte{} }, } @@ -1581,7 +1581,7 @@ func testEncryptArmor62SealResultSeal(t *testing.T, result encryptArmor62SealRes } func TestRandomEncryptArmor62Seal(t *testing.T) { - runTestOverVersions(t, func(t *testing.T, version Version) { + runTestOverVersions(t, func(t *testing.T, _ Version) { result, err := newRandomEncryptArmor62SealResult(Version1(), "some plaintext") require.NoError(t, err) testEncryptArmor62SealResultSeal(t, result) diff --git a/go.mod b/go.mod index fdc02100..8ca29196 100644 --- a/go.mod +++ b/go.mod @@ -1,17 +1,17 @@ module github.com/keybase/saltpack -go 1.17 +go 1.21 require ( github.com/keybase/go-codec v0.0.0-20180928230036-164397562123 - github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.16.0 - golang.org/x/sync v0.5.0 + github.com/stretchr/testify v1.10.0 + golang.org/x/crypto v0.32.0 + golang.org/x/sync v0.10.0 ) require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/sys v0.15.0 // indirect + golang.org/x/sys v0.29.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 84e920a1..d2e499a3 100644 --- a/go.sum +++ b/go.sum @@ -1,61 +1,18 @@ -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/keybase/go-codec v0.0.0-20180928230036-164397562123 h1:yg56lYPqh9suJepqxOMd/liFgU/x+maRPiB30JNYykM= github.com/keybase/go-codec v0.0.0-20180928230036-164397562123/go.mod h1:r/eVVWCngg6TsFV/3HuS9sWhDkAzGG8mXhiuYA+Z/20= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/nonce.go b/nonce.go index c3969133..085ebf03 100644 --- a/nonce.go +++ b/nonce.go @@ -18,7 +18,7 @@ func nonceForPayloadKeyBoxV2(recip uint64) Nonce { var n Nonce off := len(n) - 8 copyEqualSizeStr(n[:off], "saltpack_recipsb") - binary.BigEndian.PutUint64(n[off:], uint64(recip)) + binary.BigEndian.PutUint64(n[off:], recip) return n } @@ -55,7 +55,7 @@ func nonceForMACKeyBoxV2(headerHash headerHash, ephemeral bool, recip uint64) No if ephemeral { n[off-1] |= 1 } - binary.BigEndian.PutUint64(n[off:], uint64(recip)) + binary.BigEndian.PutUint64(n[off:], recip) return n } diff --git a/rand_test.go b/rand_test.go index b6df877a..73d48620 100644 --- a/rand_test.go +++ b/rand_test.go @@ -1,6 +1,7 @@ // Copyright 2018 Keybase, Inc. All rights reserved. Use of // this source code is governed by the included BSD license. +//go:build go1.10 // +build go1.10 package saltpack @@ -101,7 +102,7 @@ func testCSPRNGUint32nUniform(t *testing.T, n uint32) { if end > (1 << 32) { end = 1 << 32 } - go func(workerNum int, start, end uint64, bucket *[]uint64) { + go func(start, end uint64, bucket *[]uint64) { defer w.Done() var buf [4]byte @@ -124,7 +125,7 @@ func testCSPRNGUint32nUniform(t *testing.T, n uint32) { (*bucket)[m]++ } } - }(i, start, end, &workerBuckets[i]) + }(start, end, &workerBuckets[i]) } w.Wait() @@ -140,7 +141,7 @@ func testCSPRNGUint32nUniform(t *testing.T, n uint32) { } for i := uint32(0); i < n; i++ { - assert.Equal(t, uint64((1<<32)/uint64(n)), buckets[i], "i=%d", i) + assert.Equal(t, (1<<32)/uint64(n), buckets[i], "i=%d", i) } } @@ -168,23 +169,23 @@ type testReaderSource struct { var _ mathrand.Source = (*testReaderSource)(nil) func (s *testReaderSource) Int63() int64 { - uint32, err := csprngUint32(s.r) + randN, err := csprngUint32(s.r) require.NoError(s.t, err) // math/rand.Shuffle calls r.Uint32(), which returns // uint32(r.src.Int63() >> 31), so we only need to fill in the // top 32 bits after the sign bit. - n := int64(uint32) << 31 + n := int64(randN) << 31 // Assumes that cryptorandUint32 uses big endian. var buf [4]byte - binary.BigEndian.PutUint32(buf[:], uint32) + binary.BigEndian.PutUint32(buf[:], randN) s.read = append(s.read, buf[:]...) return n } -func (s testReaderSource) Seed(seed int64) { +func (s testReaderSource) Seed(_ int64) { s.t.Fatal("testReaderSource.Seed() called unexpectedly") } diff --git a/sign_test.go b/sign_test.go index bf49eaae..b5add92e 100644 --- a/sign_test.go +++ b/sign_test.go @@ -59,7 +59,7 @@ func newSigPrivKey(t *testing.T) *sigPrivKey { func (s *sigPrivKey) Sign(message []byte) ([]byte, error) { sig := ed25519.Sign(s.private, message) - return sig[:], nil + return sig, nil } func (s *sigPrivKey) GetPublicKey() SigningPublicKey { @@ -68,13 +68,13 @@ func (s *sigPrivKey) GetPublicKey() SigningPublicKey { type sigErrKey struct{} -func (s *sigErrKey) Sign(message []byte) ([]byte, error) { return nil, errors.New("sign error") } -func (s *sigErrKey) GetPublicKey() SigningPublicKey { return &sigPubKey{} } +func (s *sigErrKey) Sign(_ []byte) ([]byte, error) { return nil, errors.New("sign error") } +func (s *sigErrKey) GetPublicKey() SigningPublicKey { return &sigPubKey{} } type sigNilPubKey struct{} -func (s *sigNilPubKey) Sign(message []byte) ([]byte, error) { return nil, errors.New("sign error") } -func (s *sigNilPubKey) GetPublicKey() SigningPublicKey { return nil } +func (s *sigNilPubKey) Sign(_ []byte) ([]byte, error) { return nil, errors.New("sign error") } +func (s *sigNilPubKey) GetPublicKey() SigningPublicKey { return nil } func testSign(t *testing.T, version Version) { msg := randomMsg(t, 128) @@ -323,7 +323,7 @@ func testSignAttachedVerifyDetached(t *testing.T, version Version) { func testSignBadKey(t *testing.T, version Version) { key := newSigPrivKey(t) - err := csprngRead(key.private[:]) + err := csprngRead(key.private) require.NoError(t, err) msg := randomMsg(t, 128) smsg, err := Sign(version, msg, key) @@ -366,7 +366,7 @@ func testSignNilKey(t *testing.T, version Version) { type errReader struct{} -func (e errReader) Read(p []byte) (int, error) { return 0, errors.New("read error") } +func (e errReader) Read(_ []byte) (int, error) { return 0, errors.New("read error") } func testSignBadRandReader(t *testing.T, version Version) { key := newSigPrivKey(t) diff --git a/signcrypt_open_test.go b/signcrypt_open_test.go index 38e18799..33bc862d 100644 --- a/signcrypt_open_test.go +++ b/signcrypt_open_test.go @@ -44,7 +44,7 @@ func TestDecryptNoKey(t *testing.T) { require.NoError(t, err) // Open with empty keyring - emptyKeyring := makeEmptyKeyring(t) + emptyKeyring := makeEmptyKeyring() sender, msg, openErr := SigncryptOpen(sealed, emptyKeyring, nil) require.Equal(t, openErr, ErrNoDecryptionKey) require.Nil(t, sender) @@ -56,7 +56,7 @@ func TestDecryptNoSender(t *testing.T) { aliceSigningPrivKey := makeSigningSecretKey(t) - bobKeyring := makeEmptyKeyring(t) + bobKeyring := makeEmptyKeyring() bobBoxKey, createErr := createEphemeralKey(false) require.NoError(t, createErr) bobKeyring.insert(bobBoxKey) diff --git a/signcrypt_seal.go b/signcrypt_seal.go index e70572b8..09188859 100644 --- a/signcrypt_seal.go +++ b/signcrypt_seal.go @@ -77,7 +77,8 @@ func (sss *signcryptSealStream) signcryptBlock(isFinal bool) error { } } - attachedSig := append(detachedSig, plaintext...) + attachedSig := detachedSig + attachedSig = append(attachedSig, plaintext...) ciphertext := secretbox.Seal([]byte{}, attachedSig, (*[24]byte)(&nonce), (*[32]byte)(&sss.encryptionKey)) @@ -365,7 +366,7 @@ func newSigncryptSealStream(ciphertext io.Writer, sender SigningSecretKey, recei encoder: newEncoder(ciphertext), signingKey: sender, } - err := sss.init(receiverBoxKeys, receiverSymmetricKeys, ephemeralKeyCreator, defaultSigncryptRNG{}) + err := sss.init(receiverBoxKeys, receiverSymmetricKeys, ephemeralKeyCreator, rng) if err != nil { return nil, err } diff --git a/signcrypt_seal_amd64_test.go b/signcrypt_seal_amd64_test.go index 75b9b4ff..6032345c 100644 --- a/signcrypt_seal_amd64_test.go +++ b/signcrypt_seal_amd64_test.go @@ -1,6 +1,7 @@ // Copyright 2018 Keybase, Inc. All rights reserved. Use of // this source code is governed by the included BSD license. +//go:build amd64 // +build amd64 package saltpack diff --git a/signcrypt_test.go b/signcrypt_test.go index 3889e27f..ab38cb5c 100644 --- a/signcrypt_test.go +++ b/signcrypt_test.go @@ -36,14 +36,14 @@ func (r *testConstResolver) ResolveKeys(identifiers [][]byte) ([]*SymmetricKey, return ret, nil } -func makeEmptyKeyring(t *testing.T) *keyring { +func makeEmptyKeyring() *keyring { keyring := newKeyring() keyring.iterable = true return keyring } func makeKeyringWithOneKey(t *testing.T) (*keyring, []BoxPublicKey) { - keyring := makeEmptyKeyring(t) + keyring := makeEmptyKeyring() keyring.iterable = true receiverBoxSecretKey, err := createEphemeralKey(false) require.NoError(t, err) @@ -70,7 +70,7 @@ func makeSigningSecretKey(t *testing.T) SigningSecretKey { return k } -func makeResolverWithOneKey(t *testing.T) (SymmetricKeyResolver, []ReceiverSymmetricKey) { +func makeResolverWithOneKey() (SymmetricKeyResolver, []ReceiverSymmetricKey) { var sharedSymmetricKey SymmetricKey // zeros receiver := ReceiverSymmetricKey{ Key: sharedSymmetricKey, @@ -100,9 +100,9 @@ func TestSigncryptionBoxKeyHelloWorld(t *testing.T) { func TestSigncryptionResolvedKeyHelloWorld(t *testing.T) { msg := []byte("hello world") - keyring := makeEmptyKeyring(t) + keyring := makeEmptyKeyring() - resolver, receivers := makeResolverWithOneKey(t) + resolver, receivers := makeResolverWithOneKey() senderSigningPrivKey := makeSigningKey(t, keyring) @@ -421,8 +421,8 @@ func TestSigncryptionInvalidMessagepack(t *testing.T) { func TestSigncryptionBoxKeyHeaderDecryptionError(t *testing.T) { msg := []byte("hello world") - keyring := makeEmptyKeyring(t) - resolver, receivers := makeResolverWithOneKey(t) + keyring := makeEmptyKeyring() + resolver, receivers := makeResolverWithOneKey() senderSigningPrivKey := makeSigningKey(t, keyring) sealed, err := SigncryptSeal(msg, ephemeralKeyCreator{}, senderSigningPrivKey, nil, receivers) require.NoError(t, err) @@ -456,7 +456,7 @@ type BrokenResolver struct{} var _ SymmetricKeyResolver = (*BrokenResolver)(nil) -func (b *BrokenResolver) ResolveKeys(identifiers [][]byte) ([]*SymmetricKey, error) { +func (b *BrokenResolver) ResolveKeys(_ [][]byte) ([]*SymmetricKey, error) { return nil, fmt.Errorf("garbage error foo") } @@ -465,14 +465,14 @@ type EmptyResolver struct{} var _ SymmetricKeyResolver = (*EmptyResolver)(nil) -func (e *EmptyResolver) ResolveKeys(identifiers [][]byte) ([]*SymmetricKey, error) { +func (e *EmptyResolver) ResolveKeys(_ [][]byte) ([]*SymmetricKey, error) { return nil, nil } func TestSigncryptionBadResolvers(t *testing.T) { msg := []byte("hello world") - keyring := makeEmptyKeyring(t) - _, receivers := makeResolverWithOneKey(t) + keyring := makeEmptyKeyring() + _, receivers := makeResolverWithOneKey() senderSigningPrivKey := makeSigningKey(t, keyring) sealed, err := SigncryptSeal(msg, ephemeralKeyCreator{}, senderSigningPrivKey, nil, receivers) require.NoError(t, err) @@ -577,7 +577,7 @@ type RandomSigningKeysKeyring struct { var _ (Keyring) = (*RandomSigningKeysKeyring)(nil) -func (r *RandomSigningKeysKeyring) LookupSigningPublicKey(kid []byte) SigningPublicKey { +func (r *RandomSigningKeysKeyring) LookupSigningPublicKey(_ []byte) SigningPublicKey { pub, _, err := ed25519.GenerateKey(rand.Reader) if err != nil { panic(err) diff --git a/verify_test.go b/verify_test.go index 27159bcb..cf4a8fc6 100644 --- a/verify_test.go +++ b/verify_test.go @@ -82,7 +82,7 @@ func testVerifyConcurrent(t *testing.T, version Version) { type emptySigKeyring struct{} -func (k emptySigKeyring) LookupSigningPublicKey(kid []byte) SigningPublicKey { return nil } +func (k emptySigKeyring) LookupSigningPublicKey(_ []byte) SigningPublicKey { return nil } func testVerifyEmptyKeyring(t *testing.T, version Version) { in := randomMsg(t, 128)