From d51e9e56df56e36c0c487991a383b09155bb07ad Mon Sep 17 00:00:00 2001 From: bytemare <3641580+bytemare@users.noreply.github.com> Date: Mon, 28 Mar 2022 03:29:59 +0200 Subject: [PATCH 1/2] apply some linting, but don't use it in CI Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com> --- .github/.golangci.yml | 9 ++++++--- .github/workflows/ci.yml | 12 ++++++------ group/curve25519/hashtofield.go | 9 +++------ group/doc.go | 3 ++- group/edwards25519/element.go | 3 ++- group/edwards25519/scalar.go | 3 ++- group/groups.go | 9 ++++----- group/hash2curve/doc.go | 3 ++- group/hash2curve/expander_test.go | 15 ++++++++++++--- group/hash2curve/i2osp_test.go | 7 ++++++- group/hash2curve/xof.go | 1 + group/other/curves.go | 12 ++++++++---- group/ristretto/hash_test.go | 18 +++++++++++++++--- group/ristretto/ristretto.go | 2 +- group/ristretto/ristretto_test.go | 6 +++++- hash/fixed.go | 3 ++- internal/test.go | 3 +++ signature/signature.go | 6 ++++-- 18 files changed, 84 insertions(+), 40 deletions(-) diff --git a/.github/.golangci.yml b/.github/.golangci.yml index 6da6bc8..d1d6ae7 100644 --- a/.github/.golangci.yml +++ b/.github/.golangci.yml @@ -12,7 +12,7 @@ linters: - dogsled - dupl - durationcheck - - errcheck + #- errcheck - errname - errorlint - exportloopref @@ -53,12 +53,12 @@ linters: - paralleltest - prealloc - predeclared - - revive + #- revive - rowserrcheck - sqlclosecheck - staticcheck - structcheck - - stylecheck + #- stylecheck #- tagliatelle - tenv - testpackage @@ -182,6 +182,9 @@ issues: exclude: - "should have a package comment, unless it's in another file for this package" + path: + - internal + #exclude-rules: # # Exclude some linters from running on tests files. # - path: _test\.go diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e289b7..db7f52d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,12 +26,12 @@ jobs: go-version: ${{ matrix.GOVER }} # Linting - - name: Linting - uses: golangci/golangci-lint-action@5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018 # pin@v2 - with: - version: latest - args: --config=./.github/.golangci.yml ./... - only-new-issues: true + #- name: Linting + # uses: golangci/golangci-lint-action@5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018 # pin@v2 + # with: + # version: latest + # args: --config=./.github/.golangci.yml ./... + # only-new-issues: true test: name: Test diff --git a/group/curve25519/hashtofield.go b/group/curve25519/hashtofield.go index 018f05d..cc9cedb 100644 --- a/group/curve25519/hashtofield.go +++ b/group/curve25519/hashtofield.go @@ -24,14 +24,11 @@ const ( p25519 = "57896044618658097711785492504343953926634992332820282019728792003956564819949" // p252 represents curve25519's subgroup (prime) order - // = 2^252 + 27742317777372353535851937790883648493. - p252 = "7237005577332262213973186563042994240857116359379907606001950938285454250989" + // = 2^252 + 27742317777372353535851937790883648493 + // p252 = "7237005577332262213973186563042994240857116359379907606001950938285454250989". ) -var ( - prime, _ = new(big.Int).SetString(p25519, 10) - order, _ = new(big.Int).SetString(p252, 10) -) +var prime, _ = new(big.Int).SetString(p25519, 10) // order, _ = new(big.Int).SetString(p252, 10). // HashToField25519XMD hashes the input and dst to the field and returns a uniformly distributed byte array, that can // be used as a scalar. diff --git a/group/doc.go b/group/doc.go index c1c22e6..d80665f 100644 --- a/group/doc.go +++ b/group/doc.go @@ -8,5 +8,6 @@ // Package group exposes a prime-order elliptic curve groups with additional hash-to-curve operations. // -// It implements the latest hash-to-curve specification to date (https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11). +// It implements the latest hash-to-curve specification to date +// (https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/). package group diff --git a/group/edwards25519/element.go b/group/edwards25519/element.go index a947094..a36bf12 100644 --- a/group/edwards25519/element.go +++ b/group/edwards25519/element.go @@ -17,7 +17,8 @@ import ( "github.com/bytemare/crypto/group/internal" ) -// Element represents an Edwards25519 point. It wraps an Edwards25519 implementation to leverage its optimized operations. +// Element represents an Edwards25519 point. +// It wraps an Edwards25519 implementation to leverage its optimized operations. type Element struct { element *edwards25519.Point } diff --git a/group/edwards25519/scalar.go b/group/edwards25519/scalar.go index 5888f9e..0eb7245 100644 --- a/group/edwards25519/scalar.go +++ b/group/edwards25519/scalar.go @@ -22,7 +22,8 @@ const ( var scZero *Scalar -// Scalar represents an Edwards25519 scalar. It wraps an Edwards25519 implementation to leverage its optimized operations. +// Scalar represents an Edwards25519 scalar. +// It wraps an Edwards25519 implementation to leverage its optimized operations. type Scalar struct { scalar *edwards25519.Scalar } diff --git a/group/groups.go b/group/groups.go index 485cd27..b9ae695 100644 --- a/group/groups.go +++ b/group/groups.go @@ -55,8 +55,6 @@ const ( // Secp256k1Sha256 identifies a group over Secp256k1 with SHA2-512 hash-to-group hashing. Secp256k1Sha256 - - maxID ) const dstfmt = "%s-V%s-CS%s-%s" @@ -81,10 +79,11 @@ func (i Group) get() *params { return p } -// MakeDST builds a domain separation tag in the form of -V-CS-, or returns an error. -func (i Group) MakeDST(app, version string) ([]byte, error) { +// MakeDST builds a domain separation tag in the form of -V-CS-, +// and returns no error. +func (i Group) MakeDST(app, version string) []byte { p := i.get() - return []byte(fmt.Sprintf(dstfmt, app, version, p.id, p.h2cID)), nil + return []byte(fmt.Sprintf(dstfmt, app, version, p.id, p.h2cID)) } // String returns the hash-to-curve string identifier of the ciphersuite. diff --git a/group/hash2curve/doc.go b/group/hash2curve/doc.go index 617844c..08068c0 100644 --- a/group/hash2curve/doc.go +++ b/group/hash2curve/doc.go @@ -9,5 +9,6 @@ // Package hash2curve provides hash-to-curve compatible hashing over arbitrary input. // // Currently, it is specifically suited for hashing to Ristretto255, Curve25519, and Edwards25519. -// It implements the latest hash-to-curve specification to date (https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11). +// It implements the latest hash-to-curve specification to date +// (https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/). package hash2curve diff --git a/group/hash2curve/expander_test.go b/group/hash2curve/expander_test.go index 4232bcc..2030056 100644 --- a/group/hash2curve/expander_test.go +++ b/group/hash2curve/expander_test.go @@ -44,8 +44,10 @@ func TestExpander_ZeroDST(t *testing.T) { func TestExpander_LongDST(t *testing.T) { msg := []byte("test") - longDST := []byte("a255_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") + longDST := []byte( + "a255_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + ) length := 32 xmd1 := crypto.SHA256 @@ -228,7 +230,14 @@ func (s *set) run(t *testing.T) { } if !bytes.Equal(v.uniformBytes, x) { - t.Fatalf("%d : invalid hash (length %d vs %d). expected %q, got %q", i, len(x), v.lenInBytes, v.uniformBytes, x) + t.Fatalf( + "%d : invalid hash (length %d vs %d). expected %q, got %q", + i, + len(x), + v.lenInBytes, + v.uniformBytes, + x, + ) } }) } diff --git a/group/hash2curve/i2osp_test.go b/group/hash2curve/i2osp_test.go index 076a3dd..18f31ac 100644 --- a/group/hash2curve/i2osp_test.go +++ b/group/hash2curve/i2osp_test.go @@ -48,7 +48,12 @@ func TestI2OSP(t *testing.T) { r := i2osp(v.value, v.size) if !bytes.Equal(r, v.encoded) { - t.Fatalf("invalid encoding for %d. Expected '%s', got '%v'", i, hex.EncodeToString(v.encoded), hex.EncodeToString(r)) + t.Fatalf( + "invalid encoding for %d. Expected '%s', got '%v'", + i, + hex.EncodeToString(v.encoded), + hex.EncodeToString(r), + ) } }) } diff --git a/group/hash2curve/xof.go b/group/hash2curve/xof.go index 9b3da61..73eee28 100644 --- a/group/hash2curve/xof.go +++ b/group/hash2curve/xof.go @@ -38,6 +38,7 @@ func vetXofDST(x hash.Extendable, dst []byte) []byte { } k := x.SecurityLevel() + size := int(math.Ceil(float64(2*k) / float64(8))) if size > math.MaxUint8 { panic(errXOFHighOutput) diff --git a/group/other/curves.go b/group/other/curves.go index 4e05bc7..a5efccb 100644 --- a/group/other/curves.go +++ b/group/other/curves.go @@ -89,19 +89,23 @@ var curves = map[H2C.SuiteID]*params{ H2C.P521_XMDSHA512_SSWU_RO_: { C.P521, nil, - "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", - "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d" + + "3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273" + + "e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", }, H2C.Curve448_XMDSHA512_ELL2_RO_: { C.Curve448, solveCurve448, "0x5", - "0x7D235D1295F5B1F66C98AB6E58326FCECBAE5D34F55545D060F75DC28DF3F6EDB8027E2346430D211312C4B150677AF76FD7223D457B5B1A", + "0x7D235D1295F5B1F66C98AB6E58326FCECBAE5D34F55545D060F75DC" + + "28DF3F6EDB8027E2346430D211312C4B150677AF76FD7223D457B5B1A", }, H2C.Edwards448_XMDSHA512_ELL2_RO_: { C.Edwards448, solveEd448, - "0x297ea0ea2692ff1b4faff46098453a6a26adf733245f065c3c59d0709cecfa96147eaaf3932d94c63d96c170033f4ba0c7f0de840aed939f", + "0x297ea0ea2692ff1b4faff46098453a6a26adf733245f065c3c59d07" + + "09cecfa96147eaaf3932d94c63d96c170033f4ba0c7f0de840aed939f", "0x13", }, H2C.Secp256k1_XMDSHA256_SSWU_RO_: { diff --git a/group/ristretto/hash_test.go b/group/ristretto/hash_test.go index 83acb9c..a986d48 100644 --- a/group/ristretto/hash_test.go +++ b/group/ristretto/hash_test.go @@ -50,8 +50,16 @@ func (h *h2gTest) decode() (*h2gTestBytes, error) { } var h2gTests = []h2gTest{ - {x: "68656c6c6f", dst: "564f50524630362d48617368546f47726f75702d000001", p: "723c88cc59988d39889aa607b6696d423e7718a36d4825e0f940b3c3a534396a"}, - {x: "776f726c64", dst: "564f50524630362d48617368546f47726f75702d000001", p: "a47c0a13c42a26ab06e60d2e251ba591334a289f4fdfe3b17ed3321a9527f44c"}, + { + x: "68656c6c6f", + dst: "564f50524630362d48617368546f47726f75702d000001", + p: "723c88cc59988d39889aa607b6696d423e7718a36d4825e0f940b3c3a534396a", + }, + { + x: "776f726c64", + dst: "564f50524630362d48617368546f47726f75702d000001", + p: "a47c0a13c42a26ab06e60d2e251ba591334a289f4fdfe3b17ed3321a9527f44c", + }, } func TestRistretto_HashToGroup(t *testing.T) { @@ -65,7 +73,11 @@ func TestRistretto_HashToGroup(t *testing.T) { e := Group{}.HashToGroup(v.x, v.dst) if !bytes.Equal(e.Bytes(), v.p) { - t.Fatalf("Mappings do not match.\n\tExpected: %v\n\tActual: %v\n", hex.EncodeToString(v.p), hex.EncodeToString(e.Bytes())) + t.Fatalf( + "Mappings do not match.\n\tExpected: %v\n\tActual: %v\n", + hex.EncodeToString(v.p), + hex.EncodeToString(e.Bytes()), + ) } }) } diff --git a/group/ristretto/ristretto.go b/group/ristretto/ristretto.go index a22f0eb..0c4f9a6 100644 --- a/group/ristretto/ristretto.go +++ b/group/ristretto/ristretto.go @@ -6,7 +6,7 @@ // LICENSE file in the root directory of this source tree or at // https://spdx.org/licenses/MIT.html -// Package ristretto wraps "github.com/gtank/ristretto255" and exposes a simple prime-order group API with hash-to-curve. +// Package ristretto wraps github.com/gtank/ristretto255 and exposes a simple prime-order group API with hash-to-curve. package ristretto import ( diff --git a/group/ristretto/ristretto_test.go b/group/ristretto/ristretto_test.go index d5e7c9b..a633e33 100644 --- a/group/ristretto/ristretto_test.go +++ b/group/ristretto/ristretto_test.go @@ -142,7 +142,11 @@ func TestScalar(t *testing.T) { } if len(s.Bytes()) != canonicalEncodingLength { - t.Fatalf("invalid random scalar length. Expected %d, got %d", canonicalEncodingLength, len(s.Bytes())) + t.Fatalf( + "invalid random scalar length. Expected %d, got %d", + canonicalEncodingLength, + len(s.Bytes()), + ) } cpy, _ := Group{}.NewScalar().Decode(s.Bytes()) diff --git a/hash/fixed.go b/hash/fixed.go index 4b104da..c11c504 100644 --- a/hash/fixed.go +++ b/hash/fixed.go @@ -69,7 +69,8 @@ type fixedParams struct { var registeredHashing map[Hashing]*fixedParams -// FromCrypto returns a Hashing identifier given a hash function defined in the built-in crypto, if it has been registered. +// FromCrypto returns a Hashing identifier given a hash function defined in the built-in crypto, +// if it has been registered. func FromCrypto(h crypto.Hash) Hashing { i := Hashing(h) if i.Available() { diff --git a/internal/test.go b/internal/test.go index 821c800..08af191 100644 --- a/internal/test.go +++ b/internal/test.go @@ -6,6 +6,7 @@ // LICENSE file in the root directory of this source tree or at // https://spdx.org/licenses/MIT.html +// Package internal exposes some common internal functions. package internal import ( @@ -38,6 +39,8 @@ func hasPanic(f func()) (has bool, err error) { return has, err } +// ExpectPanic executes the function f with the expectation to recover from a panic. If no panic occurred or if the +// panic message is not the one expected, ExpectPanic returns (false, error). func ExpectPanic(expectedError error, f func()) (bool, error) { hasPanic, err := hasPanic(f) diff --git a/signature/signature.go b/signature/signature.go index b954326..b3ccbe6 100644 --- a/signature/signature.go +++ b/signature/signature.go @@ -6,7 +6,8 @@ // LICENSE file in the root directory of this source tree or at // https://spdx.org/licenses/MIT.html -// Package signature provides additional abstraction and modularity to digital signature schemes of built-in implementations +// Package signature provides additional abstraction and modularity to digital signature schemes +// of built-in implementations. package signature import ( @@ -56,7 +57,8 @@ type Signature interface { // SignatureLength returns the byte size of a signature. SignatureLength() uint - // SignMessage uses the internal private key to sign the message. The message argument doesn't need to be hashed beforehand. + // SignMessage uses the internal private key to sign the message. + // The message argument doesn't need to be hashed beforehand. SignMessage(message ...[]byte) []byte // Sign implements the Signer.Sign() function. From 5cd97b37e425ef87b14649c46ea65f391bdb39c0 Mon Sep 17 00:00:00 2001 From: bytemare <3641580+bytemare@users.noreply.github.com> Date: Mon, 28 Mar 2022 03:35:07 +0200 Subject: [PATCH 2/2] keep maxID for tests Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com> --- group/groups.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group/groups.go b/group/groups.go index b9ae695..8aa93bf 100644 --- a/group/groups.go +++ b/group/groups.go @@ -55,6 +55,8 @@ const ( // Secp256k1Sha256 identifies a group over Secp256k1 with SHA2-512 hash-to-group hashing. Secp256k1Sha256 + + maxID ) const dstfmt = "%s-V%s-CS%s-%s"