From 6d514d0061256f11ae4decc4c8b00c7557d0fa2a Mon Sep 17 00:00:00 2001 From: Steve Moyer Date: Fri, 4 Jul 2025 09:40:18 -0400 Subject: [PATCH] build: update Go to v1.24.4 and update build tools --- .gitignore | 50 +++++++++++++------ .golangci.yaml | 40 +++++++++++++++ .pre-commit-config.yaml | 46 ++++++++++++++++++ .tool-versions | 4 +- go.mod | 25 +++++++--- go.sum | 38 +++++++++++---- tools/tools.go | 7 --- varsig.go | 105 +++++++++++++++++++++++++++++++++++++++- 8 files changed, 271 insertions(+), 44 deletions(-) create mode 100644 .golangci.yaml create mode 100644 .pre-commit-config.yaml delete mode 100644 tools/tools.go diff --git a/.gitignore b/.gitignore index 823ab97..b351848 100644 --- a/.gitignore +++ b/.gitignore @@ -1,19 +1,37 @@ -# Refer to golangci-lint's example config file for more options and information: -# https://github.com/golangci/golangci-lint/blob/master/.golangci.reference.yml +# Created by https://www.toptal.com/developers/gitignore/api/go,direnv,dotenv +# Edit at https://www.toptal.com/developers/gitignore?templates=go,direnv,dotenv -run: - timeout: 5m - modules-download-mode: readonly +### direnv ### +.direnv +.envrc -linters: - enable: - - errcheck - - goimports - - golint - - govet - - staticcheck +### dotenv ### +.env -issues: - exclude-use-default: false - max-issues-per-linter: 0 - max-same-issues: 0 +### Go ### +# If you prefer the allow list template instead of the deny list, see community template: +# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore +# +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Dependency directories (remove the comment below to include it) +# vendor/ + +# Go workspace file +go.work + +# End of https://www.toptal.com/developers/gitignore/api/go,direnv,dotenv + +# Go workspace file packages +go.work.sum diff --git a/.golangci.yaml b/.golangci.yaml new file mode 100644 index 0000000..1bde37d --- /dev/null +++ b/.golangci.yaml @@ -0,0 +1,40 @@ +version: "2" +run: + go: "1.24" + modules-download-mode: readonly +linters: + enable: + - errname + - errorlint + - gocyclo + - misspell + - staticcheck + - gosec + settings: + misspell: + locale: US + gosec: + severity: low + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ +issues: + max-issues-per-linter: 0 + max-same-issues: 0 + fix: true +formatters: + enable: + - goimports + settings: + goimports: + local-prefixes: + - github.com/selesy/go-varsig + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..faf91f8 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,46 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: mixed-line-ending + - id: check-json + # exclude: internal/agi/testdata/errors_on_unmarshal_with_invalid_json/.config.json + - id: check-yaml + - id: check-added-large-files + # - id: detect-aws-credentials + - id: detect-private-key + - id: mixed-line-ending +- repo: https://github.com/codespell-project/codespell + rev: v2.4.1 + hooks: + - id: codespell +- repo: https://github.com/TekWizely/pre-commit-golang + rev: v1.0.0-rc.1 + hooks: + - id: go-mod-tidy + - id: my-cmd-repo + alias: go-generate + name: go-generate + args: ["go", "generate", "./..."] + - id: go-test-mod + - id: golangci-lint-mod + - id: my-cmd-repo + alias: govulncheck + name: govulncheck + args: ["bash", "-c", "go tool golang.org/x/vuln/cmd/govulncheck ./..."] +- repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook + rev: v9.22.0 + hooks: + - id: commitlint + stages: [commit-msg] + additional_dependencies: ['@commitlint/config-conventional'] +- repo: https://github.com/trufflesecurity/trufflehog + rev: v3.88.21 + hooks: + - id: trufflehog + alias: trufflehog + name: trufflehog diff --git a/.tool-versions b/.tool-versions index 447a211..407f5db 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,3 +1,3 @@ -golang 1.23.3 -golangci-lint 1.62.2 +golang 1.24.4 +golangci-lint 2.2.1 pre-commit 4.0.1 diff --git a/go.mod b/go.mod index 24801cf..6987f11 100644 --- a/go.mod +++ b/go.mod @@ -1,13 +1,22 @@ module github.com/selesy/go-varsig -go 1.23.3 - -require golang.org/x/vuln v1.1.3 +go 1.24.4 require ( - golang.org/x/mod v0.19.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect - golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect - golang.org/x/tools v0.23.0 // indirect + github.com/multiformats/go-multicodec v0.9.2 + github.com/stretchr/testify v1.10.0 ) + +require ( + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.29.0 // indirect + golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect + golang.org/x/tools v0.29.0 // indirect + golang.org/x/vuln v1.1.4 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) + +tool golang.org/x/vuln/cmd/govulncheck diff --git a/go.sum b/go.sum index d5ca5fc..db62f16 100644 --- a/go.sum +++ b/go.sum @@ -1,12 +1,30 @@ -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786 h1:rcv+Ippz6RAtvaGgKxc+8FQIpxHgsF+HBzPyYL2cyVU= +github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786/go.mod h1:apVn/GCasLZUVpAJ6oWAuyP7Ne7CEsQbTnc0plM3m+o= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/multiformats/go-multicodec v0.9.2 h1:YrlXCuqxjqm3bXl+vBq5LKz5pz4mvAsugdqy78k0pXQ= +github.com/multiformats/go-multicodec v0.9.2/go.mod h1:LLWNMtyV5ithSBUo3vFIMaeDy+h3EbkMTek1m+Fybbo= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0= golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= -golang.org/x/vuln v1.1.3 h1:NPGnvPOTgnjBc9HTaUx+nj+EaUYxl5SJOWqaDYGaFYw= -golang.org/x/vuln v1.1.3/go.mod h1:7Le6Fadm5FOqE9C926BCD0g12NWyhg7cxV4BwcPFuNY= +golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= +golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= +golang.org/x/vuln v1.1.4 h1:Ju8QsuyhX3Hk8ma3CesTbO8vfJD9EvUBgHvkxHBzj0I= +golang.org/x/vuln v1.1.4/go.mod h1:F+45wmU18ym/ca5PLTPLsSzr2KppzswxPP603ldA67s= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/tools/tools.go b/tools/tools.go deleted file mode 100644 index 9d6d467..0000000 --- a/tools/tools.go +++ /dev/null @@ -1,7 +0,0 @@ -//go:build tools - -package tools - -import ( - _ "golang.org/x/vuln/cmd/govulncheck" -) diff --git a/varsig.go b/varsig.go index ffefc1a..466afe6 100644 --- a/varsig.go +++ b/varsig.go @@ -3,7 +3,7 @@ // # Algorithm naming // // While there is no strict need for compatibility with JWA/JWT/JWE/JWS, -// all attempts are made to keep the algorithm names here consisten with +// all attempts are made to keep the algorithm names here consistent with // the table provided in [section 3.1] of RFC7518 titled "JSON Web Algorithms. // In cases where there is no equivalent name for an algorithm, a best- // effort attempt at creating a name in the spirit of that specification is @@ -18,3 +18,106 @@ // // [Varsig Specification]: https://github.com/ChainAgnostic/varsig package varsig + +import ( + "bytes" + "encoding/binary" + "io" + + "github.com/multiformats/go-multicodec" +) + +// Prefix is the multicodec.Code for the varsig's varuint prefix byte. +const Prefix = uint64(multicodec.Varsig) + +// Varsig represents types that describe how a signature was generated +// and thus how to interpret the signature and verify the signed data. +type Varsig interface { + // accessors for fields that are common to all varsig + Version() Version + SignatureAlgorithm() SignAlgorithm + PayloadEncoding() PayloadEncoding + Signature() []byte + + // Operations that are common to all varsig + Encode() []byte +} + +// Decode converts the provided data into one of the registered Varsig +// types. +func Decode(data []byte) (Varsig, error) { + return DefaultSignAlgorithmRegistry().Decode(bytes.NewReader(data)) +} + +type varsig struct { + vers Version + signAlg SignAlgorithm + payEnc PayloadEncoding + sig []byte +} + +// Version returns the varsig's version field. +func (v *varsig) Version() Version { + return v.vers +} + +// SignatureAlgorithm returns the algorithm used to produce corresponding +// signature. +func (v *varsig) SignatureAlgorithm() SignAlgorithm { + return v.signAlg +} + +// PayloadEncoding returns the codec that was used to encode the signed +// data. +func (v *varsig) PayloadEncoding() PayloadEncoding { + return v.payEnc +} + +// Signature returns the cryptographic signature of the signed data. This +// value is never present in a varsig >= v1 and must either be a valid +// signature with the correct length or empty in varsig < v1. +func (v *varsig) Signature() []byte { + return v.sig +} + +func (v *varsig) encode() []byte { + var buf []byte + + buf = binary.AppendUvarint(buf, Prefix) + + if v.Version() == Version1 { + buf = binary.AppendUvarint(buf, uint64(Version1)) + } + + buf = binary.AppendUvarint(buf, uint64(v.signAlg)) + + return buf +} + +func (v *varsig) decodeSignature(r *bytes.Reader, varsig Varsig, expectedLength uint64) (Varsig, error) { + signature, err := io.ReadAll(r) + if err != nil { + return nil, err + } + + v.sig = signature + + return v.validateSignature(varsig, expectedLength) +} + +func (v *varsig) validateSignature(varsig Varsig, expectedLength uint64) (Varsig, error) { + if v.Version() == Version0 && len(v.sig) == 0 { + return varsig, ErrMissingSignature + } + + if v.Version() == Version0 && uint64(len(v.sig)) != expectedLength { + return nil, ErrUnexpectedSignatureSize + } + + if v.Version() == Version1 && len(v.sig) != 0 { + return nil, ErrUnexpectedSignaturePresent + } + + return varsig, nil + +}