Upgrade to go 1.23

.github/workflows/ci.yml

@@ -10,7 +10,7 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: [1.19.x, 1.20.x, 1.21.x]
+        go-version: [1.21.x, 1.22.x, 1.23.x]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
@@ -21,7 +21,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.55
+          version: v1.63
       - run: go vet ./...
       - run: go test ./...
       - run: env GOARCH=386 go test ./...

.golangci.yml

@@ -0,0 +1,13 @@
+linters-settings:
+  gocritic:
+    disabled-checks:
+      - ifElseChain
+      - elseif
+
+linters:
+  enable:
+    - gofmt
+    - gocritic
+    - unconvert
+    - revive
+    - govet

armor.go

@@ -73,7 +73,7 @@ func (s *armorEncoderStream) Close() (err error) {
 		return err
 	}
 	lst := s.buf.Bytes()
-	if _, err := s.encoded.Write([]byte(lst)); err != nil {
+	if _, err := s.encoded.Write(lst); err != nil {
 		return err
 	}
 	s.nWords++

armor62_encrypt_test.go

@@ -56,7 +56,7 @@ func testDearmor62DecryptSlowReader(t *testing.T, version Version) {
 func testNewlineInFrame(t *testing.T, version Version) {
 	plaintext, ciphertext := encryptArmor62RandomData(t, version, 1024)
 
-	//newline space space tab space
+	// newline space space tab space
 	ss := []string{"\n\n>   ", ciphertext[0:10], "\n  	 ", ciphertext[11:]}
 	ciphertext = strings.Join(ss, "")
 

basic/key_test.go

@@ -25,15 +25,15 @@ func runTestOverVersions(t *testing.T, f func(t *testing.T, version saltpack.Ver
 // test function names, and the names of the subtest will be taken to
 // be the strings after that prefix. Example use:
 //
-// func TestFoo(t *testing.T) {
-//      tests := []func(*testing.T, Version){
-//              testFooBar1,
-//              testFooBar2,
-//              testFooBar3,
-//              ...
-//      }
-//      runTestsOverVersions(t, "testFoo", tests)
-// }
+//	func TestFoo(t *testing.T) {
+//	     tests := []func(*testing.T, Version){
+//	             testFooBar1,
+//	             testFooBar2,
+//	             testFooBar3,
+//	             ...
+//	     }
+//	     runTestsOverVersions(t, "testFoo", tests)
+//	}
 //
 // This is copied from ../common_test.go.
 func runTestsOverVersions(t *testing.T, prefix string, fs []func(t *testing.T, ver saltpack.Version)) {

classify_and_decrypt.go

@@ -5,9 +5,9 @@ package saltpack
 
 import (
 	"bufio"
+	"fmt"
 	"io"
 	"regexp"
-	"sort"
 	"strings"
 
 	"github.com/keybase/saltpack/encoding/basex"
@@ -116,17 +116,7 @@ func IsSaltpackBinarySlice(b []byte) (msgType MessageType, version Version, err
 // saltpack message. If err is nil, then the brand, version and expected type of the message will be returned, but this does *NOT* guarantee that the
 // rest of the message is well formed.
 func IsSaltpackArmored(stream *bufio.Reader) (brand string, msgType MessageType, ver Version, err error) {
-
-	// temporary hack to compute stream.Size(), which is only available from go 1.10
-	// TODO remove after we can drop support for go 1.9 or older.
-	// If the buffer is larger then 8192, we use the first 8192 bytes (which should be
-	// enough to decode one block in the vast majority of cases)
-	sizePlusOne := sort.Search(8192, func(i int) bool {
-		_, peekErr := stream.Peek(i)
-		return peekErr == bufio.ErrBufferFull
-	})
-
-	buf, err := stream.Peek(sizePlusOne - 1)
+	buf, err := stream.Peek(stream.Size())
 	if (err != nil && err != io.EOF) || len(buf) == 0 {
 		return "", MessageTypeUnknown, ver, err
 	}
@@ -158,7 +148,7 @@ func IsSaltpackArmoredPrefix(pref string) (brand string, messageType MessageType
 
 		switch len(strs) {
 		case 1:
-			if strings.HasPrefix(string(headerMarker), strs[0]) {
+			if strings.HasPrefix(string(headerMarker), strs[0]) { // nolint
 				return "", MessageTypeUnknown, Version{}, ErrShortSliceOrBuffer
 			}
 			return "", MessageTypeUnknown, Version{}, ErrNotASaltpackMessage
@@ -174,13 +164,17 @@ func IsSaltpackArmoredPrefix(pref string) (brand string, messageType MessageType
 		}
 
 		headerWithoutBrand := strings.Join(append([]string{strs[0]}, strs[2:]...), " ")
-
-		if strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+EncryptionArmorString, headerWithoutBrand) ||
-			strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+SignedArmorString, headerWithoutBrand) ||
-			strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+DetachedSignatureArmorString, headerWithoutBrand) ||
-			strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+EncryptionArmorString, s) ||
-			strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+SignedArmorString, s) ||
-			strings.HasPrefix(string(headerMarker)+" "+strings.ToUpper(FormatName)+" "+DetachedSignatureArmorString, s) {
+		headerPrefix := fmt.Sprintf("%s %s", headerMarker, strings.ToUpper(FormatName))
+		encryptionPrefix := fmt.Sprintf("%s %s", headerPrefix, EncryptionArmorString)
+		signedPrefix := fmt.Sprintf("%s %s", headerPrefix, SignedArmorString)
+		detachedSigPrefix := fmt.Sprintf("%s %s", headerPrefix, DetachedSignatureArmorString)
+
+		if strings.HasPrefix(encryptionPrefix, headerWithoutBrand) ||
+			strings.HasPrefix(signedPrefix, headerWithoutBrand) ||
+			strings.HasPrefix(detachedSigPrefix, headerWithoutBrand) ||
+			strings.HasPrefix(encryptionPrefix, s) ||
+			strings.HasPrefix(signedPrefix, s) ||
+			strings.HasPrefix(detachedSigPrefix, s) {
 			return "", MessageTypeUnknown, Version{}, ErrShortSliceOrBuffer
 		}
 		return "", MessageTypeUnknown, Version{}, ErrNotASaltpackMessage

common_test.go

@@ -48,15 +48,15 @@ func runTestOverVersions(t *testing.T, f func(t *testing.T, version Version)) {
 // test function names, and the names of the subtest will be taken to
 // be the strings after that prefix. Example use:
 //
-// func TestFoo(t *testing.T) {
-//      tests := []func(*testing.T, Version){
-//              testFooBar1,
-//              testFooBar2,
-//              testFooBar3,
-//              ...
-//      }
-//      runTestsOverVersions(t, "testFoo", tests)
-// }
+//	func TestFoo(t *testing.T) {
+//	     tests := []func(*testing.T, Version){
+//	             testFooBar1,
+//	             testFooBar2,
+//	             testFooBar3,
+//	             ...
+//	     }
+//	     runTestsOverVersions(t, "testFoo", tests)
+//	}
 func runTestsOverVersions(t *testing.T, prefix string, fs []func(t *testing.T, ver Version)) {
 	for _, f := range fs {
 		f := f // capture range variable.

decrypt.go

@@ -65,7 +65,7 @@ func (ds *decryptStream) getNextChunk() ([]byte, error) {
 	return chunk, nil
 }
 
-func (ds *decryptStream) readHeader(rawReader io.Reader) error {
+func (ds *decryptStream) readHeader(_ io.Reader) error {
 	// Read the header bytes.
 	headerBytes := []byte{}
 	_, err := ds.mps.Read(&headerBytes)

doc.go

@@ -1,5 +1,4 @@
 /*
-
 Package saltpack is an implementation of the saltpack message format. Saltpack
 is a light wrapper around Dan Berstein's famous NaCl library. It adds support
 for longer messages, streaming input and output of data, multiple recipients
@@ -11,12 +10,12 @@ easier to implement; (3) judicious (perhaps judgmental) in its crypto usage;
 prone; (7) generally unwilling to output unauthenticated data; and (8) easier
 to compose with other software in any manner of languages or platforms.
 
-Key Management
+# Key Management
 
 Saltpack makes no attempt to manage keys. We assume the wrapping application
 has a story for key management.
 
-Modes of Operation
+# Modes of Operation
 
 Saltpack supports three modes of operation: encrypted messages, attached
 signatures, and detached signatures. Encrypted messages use NaCl's
@@ -26,21 +25,20 @@ detached signature contains just the signature, and assumes an independent
 delievery mechanism for the file (this might come up when distributing an ISO
 and separate signature of the file).
 
-Encoding
+# Encoding
 
 Saltpack has two encoding modes: binary and armored. In armored mode, saltpack
 outputs in Base62-encoding, suitable for publication into any manner of Web
 settings without fear of markup-caused mangling.
 
-API
+# API
 
 This saltpack library implementation supports two API patterns: streaming and
 all-at-once. The former is useful for large files that can't fit into memory;
 the latter is more convenient. Both produce the same output.
 
-More Info
+# More Info
 
 See https://saltpack.org
-
 */
 package saltpack

encoding/basex/encoding.go

@@ -54,7 +54,7 @@ func NewEncoding(encoder string, base256BlockLen int, skipBytes string) *Encodin
 		baseBig:         big.NewInt(int64(base)),
 		skipBytes:       skipBytes,
 	}
-	copy(e.encode[:], encoder)
+	copy(e.encode, encoder)
 
 	for _, c := range skipBytes {
 		e.skipMap[c] = true

encoding/basex/go_base64_test.go

@@ -293,7 +293,7 @@ AxA1fEUSk9Rq7izcR2mS8fKZHQP2jk55hHkrY9QMGyYFnQhDJq2LhAiJDfzu
 XcAFA8jRXbNy8Ja6VVrzxttgesfK16STCZBYzT7SYVA1LhfmbX5SZ84JgqdE
 QMbQoToAuRpfmWvM4FH
 `
-	encodedShort := strings.Replace(encoded, "\n", "", -1)
+	encodedShort := strings.ReplaceAll(encoded, "\n", "")
 
 	dec := NewDecoder(Base58StdEncoding, strings.NewReader(encoded))
 	res1, err := io.ReadAll(dec)

encoding/basex/stream.go

@@ -43,7 +43,7 @@ func (e *encoder) Write(p []byte) (n int, err error) {
 		if e.nbuf < ibl {
 			return
 		}
-		e.enc.Encode(e.out[:], e.buf[:])
+		e.enc.Encode(e.out, e.buf)
 		if _, e.err = e.w.Write(e.out[:obl]); e.err != nil {
 			return n, e.err
 		}
@@ -57,7 +57,7 @@ func (e *encoder) Write(p []byte) (n int, err error) {
 			nn = len(p)
 			nn -= nn % ibl
 		}
-		e.enc.Encode(e.out[:], p[:nn])
+		e.enc.Encode(e.out, p[:nn])
 		if _, e.err = e.w.Write(e.out[0 : nn/ibl*obl]); e.err != nil {
 			return n, e.err
 		}
@@ -77,7 +77,7 @@ func (e *encoder) Write(p []byte) (n int, err error) {
 func (e *encoder) Close() error {
 	// If there's anything left in the buffer, flush it out
 	if e.err == nil && e.nbuf > 0 {
-		e.enc.Encode(e.out[:], e.buf[:e.nbuf])
+		e.enc.Encode(e.out, e.buf[:e.nbuf])
 		_, e.err = e.w.Write(e.out[:e.enc.EncodedLen(e.nbuf)])
 		e.nbuf = 0
 	}
@@ -173,7 +173,7 @@ func (d *decoder) Read(p []byte) (int, error) {
 	// the rest internally
 	if numBytesToOutput > len(p) {
 		var n int
-		n, d.err = d.enc.Decode(d.scratchbuf[:], d.buf[:numBytesToDecode])
+		n, d.err = d.enc.Decode(d.scratchbuf, d.buf[:numBytesToDecode])
 		d.out = d.scratchbuf[:n]
 		ret = copy(p, d.out)
 		d.out = d.out[ret:]

encrypt_test.go

@@ -573,7 +573,7 @@ func testEmptyReceivers(t *testing.T, version Version) {
 func testCorruptHeaderNonce(t *testing.T, version Version) {
 	msg := randomMsg(t, 129)
 	teo := testEncryptionOptions{
-		corruptKeysNonce: func(n Nonce, rid int) Nonce {
+		corruptKeysNonce: func(n Nonce, _ int) Nonce {
 			ret := n
 			ret[4] ^= 1
 			return ret
@@ -703,7 +703,7 @@ func testCorruptPayloadKeyPlaintext(t *testing.T, version Version) {
 	// Also try truncating the payload key. This should fail with a different
 	// error.
 	teo = testEncryptionOptions{
-		corruptPayloadKey: func(pk *[]byte, rid int) {
+		corruptPayloadKey: func(pk *[]byte, _ int) {
 			var shortKey [31]byte
 			*pk = shortKey[:]
 		},
@@ -1063,7 +1063,7 @@ func testEmptyReceiverKID(t *testing.T, version Version) {
 	}
 	plaintext := randomMsg(t, 1024*3)
 	teo := testEncryptionOptions{
-		corruptReceiverKeys: func(keys *receiverKeys, rid int) {
+		corruptReceiverKeys: func(keys *receiverKeys, _ int) {
 			keys.ReceiverKID = []byte{}
 		},
 	}
@@ -1581,7 +1581,7 @@ func testEncryptArmor62SealResultSeal(t *testing.T, result encryptArmor62SealRes
 }
 
 func TestRandomEncryptArmor62Seal(t *testing.T) {
-	runTestOverVersions(t, func(t *testing.T, version Version) {
+	runTestOverVersions(t, func(t *testing.T, _ Version) {
 		result, err := newRandomEncryptArmor62SealResult(Version1(), "some plaintext")
 		require.NoError(t, err)
 		testEncryptArmor62SealResultSeal(t, result)

go.mod

@@ -1,17 +1,17 @@
 module github.com/keybase/saltpack
 
-go 1.17
+go 1.21
 
 require (
 	github.com/keybase/go-codec v0.0.0-20180928230036-164397562123
-	github.com/stretchr/testify v1.8.4
-	golang.org/x/crypto v0.16.0
-	golang.org/x/sync v0.5.0
+	github.com/stretchr/testify v1.10.0
+	golang.org/x/crypto v0.32.0
+	golang.org/x/sync v0.10.0
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )