build: update Go to v1.24.4 and update build tools

.gitignore

@@ -1,19 +1,37 @@
-# Refer to golangci-lint's example config file for more options and information:
+# Created by https://www.toptal.com/developers/gitignore/api/go,direnv,dotenv
-# https://github.com/golangci/golangci-lint/blob/master/.golangci.reference.yml
+# Edit at https://www.toptal.com/developers/gitignore?templates=go,direnv,dotenv
 
-run:
+### direnv ###
-  timeout: 5m
+.direnv
-  modules-download-mode: readonly
+.envrc
 
-linters:
+### dotenv ###
-  enable:
+.env
-    - errcheck
-    - goimports
-    - golint
-    - govet
-    - staticcheck
 
-issues:
+### Go ###
-  exclude-use-default: false
+# If you prefer the allow list template instead of the deny list, see community template:
-  max-issues-per-linter: 0
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
-  max-same-issues: 0
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+
+# End of https://www.toptal.com/developers/gitignore/api/go,direnv,dotenv
+
+# Go workspace file packages
+go.work.sum

.golangci.yaml

@@ -0,0 +1,40 @@
+version: "2"
+run:
+  go: "1.24"
+  modules-download-mode: readonly
+linters:
+  enable:
+    - errname
+    - errorlint
+    - gocyclo
+    - misspell
+    - staticcheck
+    - gosec
+  settings:
+    misspell:
+      locale: US
+    gosec:
+      severity: low
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0
+  fix: true
+formatters:
+  enable:
+    - goimports
+  settings:
+    goimports:
+      local-prefixes:
+        - github.com/selesy/go-varsig
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

.pre-commit-config.yaml

@@ -0,0 +1,46 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v5.0.0
+  hooks:
+    - id: trailing-whitespace
+    - id: end-of-file-fixer
+    - id: mixed-line-ending
+    - id: check-json
+      # exclude: internal/agi/testdata/errors_on_unmarshal_with_invalid_json/.config.json
+    - id: check-yaml
+    - id: check-added-large-files
+    # - id: detect-aws-credentials
+    - id: detect-private-key
+    - id: mixed-line-ending
+- repo: https://github.com/codespell-project/codespell
+  rev: v2.4.1
+  hooks:
+    - id: codespell
+- repo: https://github.com/TekWizely/pre-commit-golang
+  rev: v1.0.0-rc.1
+  hooks:
+    - id: go-mod-tidy
+    - id: my-cmd-repo
+      alias: go-generate
+      name: go-generate
+      args: ["go", "generate", "./..."]
+    - id: go-test-mod
+    - id: golangci-lint-mod
+    - id: my-cmd-repo
+      alias: govulncheck
+      name: govulncheck
+      args: ["bash", "-c", "go tool golang.org/x/vuln/cmd/govulncheck ./..."]
+- repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
+  rev: v9.22.0
+  hooks:
+    - id: commitlint
+      stages: [commit-msg]
+      additional_dependencies: ['@commitlint/config-conventional']
+- repo: https://github.com/trufflesecurity/trufflehog
+  rev: v3.88.21
+  hooks:
+    - id: trufflehog
+      alias: trufflehog
+      name: trufflehog

.tool-versions

@@ -1,3 +1,3 @@
-golang 1.23.3
+golang 1.24.4
-golangci-lint 1.62.2
+golangci-lint 2.2.1
 pre-commit 4.0.1

go.mod

@@ -1,13 +1,22 @@
 module github.com/selesy/go-varsig
 
-go 1.23.3
+go 1.24.4
-
-require golang.org/x/vuln v1.1.3
 
 require (
-	golang.org/x/mod v0.19.0 // indirect
+	github.com/multiformats/go-multicodec v0.9.2
-	golang.org/x/sync v0.7.0 // indirect
+	github.com/stretchr/testify v1.10.0
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect
-	golang.org/x/tools v0.23.0 // indirect
 )
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	golang.org/x/mod v0.22.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect
+	golang.org/x/tools v0.29.0 // indirect
+	golang.org/x/vuln v1.1.4 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
+
+tool golang.org/x/vuln/cmd/govulncheck

go.sum

@@ -1,12 +1,30 @@
-golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786 h1:rcv+Ippz6RAtvaGgKxc+8FQIpxHgsF+HBzPyYL2cyVU=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786/go.mod h1:apVn/GCasLZUVpAJ6oWAuyP7Ne7CEsQbTnc0plM3m+o=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/multiformats/go-multicodec v0.9.2 h1:YrlXCuqxjqm3bXl+vBq5LKz5pz4mvAsugdqy78k0pXQ=
+github.com/multiformats/go-multicodec v0.9.2/go.mod h1:LLWNMtyV5ithSBUo3vFIMaeDy+h3EbkMTek1m+Fybbo=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0=
 golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
-golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
+golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=
-golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588=
-golang.org/x/vuln v1.1.3 h1:NPGnvPOTgnjBc9HTaUx+nj+EaUYxl5SJOWqaDYGaFYw=
+golang.org/x/vuln v1.1.4 h1:Ju8QsuyhX3Hk8ma3CesTbO8vfJD9EvUBgHvkxHBzj0I=
-golang.org/x/vuln v1.1.3/go.mod h1:7Le6Fadm5FOqE9C926BCD0g12NWyhg7cxV4BwcPFuNY=
+golang.org/x/vuln v1.1.4/go.mod h1:F+45wmU18ym/ca5PLTPLsSzr2KppzswxPP603ldA67s=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

tools/tools.go

@@ -1,7 +0,0 @@
-//go:build tools
-
-package tools
-
-import (
-	_ "golang.org/x/vuln/cmd/govulncheck"
-)

varsig.go

@@ -3,7 +3,7 @@
 // # Algorithm naming
 //
 // While there is no strict need for compatibility with JWA/JWT/JWE/JWS,
-// all attempts are made to keep the algorithm names here consisten with
+// all attempts are made to keep the algorithm names here consistent with
 // the table provided in [section 3.1] of RFC7518 titled "JSON Web Algorithms.
 // In cases where there is no equivalent name for an algorithm, a best-
 // effort attempt at creating a name in the spirit of that specification is
@@ -18,3 +18,106 @@
 //
 // [Varsig Specification]: https://github.com/ChainAgnostic/varsig
 package varsig
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io"
+
+	"github.com/multiformats/go-multicodec"
+)
+
+// Prefix is the multicodec.Code for the varsig's varuint prefix byte.
+const Prefix = uint64(multicodec.Varsig)
+
+// Varsig represents types that describe how a signature was generated
+// and thus how to interpret the signature and verify the signed data.
+type Varsig interface {
+	// accessors for fields that are common to all varsig
+	Version() Version
+	SignatureAlgorithm() SignAlgorithm
+	PayloadEncoding() PayloadEncoding
+	Signature() []byte
+
+	// Operations that are common to all varsig
+	Encode() []byte
+}
+
+// Decode converts the provided data into one of the registered Varsig
+// types.
+func Decode(data []byte) (Varsig, error) {
+	return DefaultSignAlgorithmRegistry().Decode(bytes.NewReader(data))
+}
+
+type varsig struct {
+	vers    Version
+	signAlg SignAlgorithm
+	payEnc  PayloadEncoding
+	sig     []byte
+}
+
+// Version returns the varsig's version field.
+func (v *varsig) Version() Version {
+	return v.vers
+}
+
+// SignatureAlgorithm returns the algorithm used to produce corresponding
+// signature.
+func (v *varsig) SignatureAlgorithm() SignAlgorithm {
+	return v.signAlg
+}
+
+// PayloadEncoding returns the codec that was used to encode the signed
+// data.
+func (v *varsig) PayloadEncoding() PayloadEncoding {
+	return v.payEnc
+}
+
+// Signature returns the cryptographic signature of the signed data. This
+// value is never present in a varsig >= v1 and must either be a valid
+// signature with the correct length or empty in varsig < v1.
+func (v *varsig) Signature() []byte {
+	return v.sig
+}
+
+func (v *varsig) encode() []byte {
+	var buf []byte
+
+	buf = binary.AppendUvarint(buf, Prefix)
+
+	if v.Version() == Version1 {
+		buf = binary.AppendUvarint(buf, uint64(Version1))
+	}
+
+	buf = binary.AppendUvarint(buf, uint64(v.signAlg))
+
+	return buf
+}
+
+func (v *varsig) decodeSignature(r *bytes.Reader, varsig Varsig, expectedLength uint64) (Varsig, error) {
+	signature, err := io.ReadAll(r)
+	if err != nil {
+		return nil, err
+	}
+
+	v.sig = signature
+
+	return v.validateSignature(varsig, expectedLength)
+}
+
+func (v *varsig) validateSignature(varsig Varsig, expectedLength uint64) (Varsig, error) {
+	if v.Version() == Version0 && len(v.sig) == 0 {
+		return varsig, ErrMissingSignature
+	}
+
+	if v.Version() == Version0 && uint64(len(v.sig)) != expectedLength {
+		return nil, ErrUnexpectedSignatureSize
+	}
+
+	if v.Version() == Version1 && len(v.sig) != 0 {
+		return nil, ErrUnexpectedSignaturePresent
+	}
+
+	return varsig, nil
+
+}