diff --git a/.etc/golangci.yml b/.etc/golangci.yml index 9f5ebcb2e..4bccc3496 100644 --- a/.etc/golangci.yml +++ b/.etc/golangci.yml @@ -39,13 +39,28 @@ linters: - whitespace linters-settings: + depguard: + rules: + main: + files: + - $all + allow: + - $gostd + - github.com/bwesterb/go-ristretto + - github.com/cloudflare/circl funlen: lines: 120 statements: 80 nestif: min-complexity: 6 + goconst: + ignore-tests: true govet: check-shadowing: true + staticcheck: + # TODO: replace deprecated elliptic.Marshal, elliptic.GenerateKey, + # elliptic.Unmarshal, params.ScalarBaseMult before re-enabling SA1019. + checks: ["*", "-SA1019"] issues: max-issues-per-linter: 0 diff --git a/.github/workflows/ci-actions.yml b/.github/workflows/ci-actions.yml index 9ea681219..85ba8fe6a 100644 --- a/.github/workflows/ci-actions.yml +++ b/.github/workflows/ci-actions.yml @@ -13,18 +13,18 @@ jobs: runs-on: ubuntu-22.04 strategy: matrix: - GOVER: ['1.21.1', '1.20.8'] + GOVER: ['1.22', '1.21'] steps: - name: Setup Go-${{ matrix.GOVER }} - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: go-version: ${{ matrix.GOVER }} - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Linting uses: golangci/golangci-lint-action@v3 with: - version: v1.51.2 + version: v1.56.1 args: --config=./.etc/golangci.yml ./... - name: Check shadowing run: | @@ -47,9 +47,9 @@ jobs: runs-on: ubuntu-22.04 strategy: matrix: - CFG: [[arm64, arm64v8, '1.21.1']] + CFG: [[arm64, arm64v8, '1.22']] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Enabling Docker Experimental run: | echo $'{\n "experimental": true\n}' | sudo tee /etc/docker/daemon.json @@ -68,11 +68,11 @@ jobs: name: Testing Build Modes steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: - go-version: '1.21.1' + go-version: '1.22' - name: Build as Static run: make circl_static - name: Build as Plugin @@ -84,15 +84,15 @@ jobs: name: amd64/coverage steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: - go-version: '1.21.1' + go-version: '1.22' - name: Produce Coverage run: go test -coverprofile=./coverage.txt ./... - name: Upload Codecov - uses: codecov/codecov-action@v2 + uses: codecov/codecov-action@v4 with: file: ./coverage.txt osCompat: @@ -101,14 +101,14 @@ jobs: name: Running on ${{ matrix.os }} strategy: matrix: - os: [macos-11, windows-2019] + os: [macos-latest, windows-latest] steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: - go-version: '1.21.1' + go-version: '1.22' - name: Building run: go build -v ./... - name: Testing @@ -123,12 +123,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 with: category: "/language:go" diff --git a/blindsign/blindrsa/brsa_test.go b/blindsign/blindrsa/brsa_test.go index ae4dba183..6b7d1a4f2 100644 --- a/blindsign/blindrsa/brsa_test.go +++ b/blindsign/blindrsa/brsa_test.go @@ -20,8 +20,8 @@ import ( ) // 2048-bit RSA private key -const testPrivateKey = ` ------BEGIN RSA PRIVATE KEY----- +var testPrivateKey = testingKey(` +-----BEGIN RSA TESTING KEY----- MIIEowIBAAKCAQEAyxrta2qV9bHOATpM/KsluUsuZKIwNOQlCn6rQ8DfOowSmTrx KxEZCNS0cb7DHUtsmtnN2pBhKi7pA1I+beWiJNawLwnlw3TQz+Adj1KcUAp4ovZ5 CPpoK1orQwyB6vGvcte155T8mKMTknaHl1fORTtSbvm/bOuZl5uEI7kPRGGiKvN6 @@ -47,7 +47,9 @@ IVEW06GXuhv46p0wt3zXx1dcbWX6LdJaDB4MHqevkiDAqHntmXLbmVd9pXCGn/a2 xznO3QKBgHkPJPEiCzRugzgN9UxOT5tNQCSGMOwJUd7qP0TWgvsWHT1N07JLgC8c Yg0f1rCxEAQo5BVppiQFp0FA7W52DUnMEfBtiehZ6xArW7crO91gFRqKBWZ3Jjyz /JcS8m5UgQxC8mmb/2wLD5TDvWw+XCfjUgWmvqIi5dcJgmuTAn5X ------END RSA PRIVATE KEY-----` +-----END RSA TESTING KEY-----`) + +func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") } func loadPrivateKey() (*rsa.PrivateKey, error) { block, _ := pem.Decode([]byte(testPrivateKey)) diff --git a/blindsign/blindrsa/internal/common/rsa.go b/blindsign/blindrsa/internal/common/rsa.go index d39b4a276..931fe3635 100644 --- a/blindsign/blindrsa/internal/common/rsa.go +++ b/blindsign/blindrsa/internal/common/rsa.go @@ -88,8 +88,7 @@ func encrypt(c *big.Int, N *big.Int, e *big.Int, m *big.Int) *big.Int { func decrypt(random io.Reader, priv *keys.BigPrivateKey, c *big.Int) (m *big.Int, err error) { // TODO(agl): can we get away with reusing blinds? if c.Cmp(priv.Pk.N) > 0 { - err = rsa.ErrDecryption - return + return nil, rsa.ErrDecryption } if priv.Pk.N.Sign() == 0 { return nil, rsa.ErrDecryption @@ -107,7 +106,7 @@ func decrypt(random io.Reader, priv *keys.BigPrivateKey, c *big.Int) (m *big.Int for { r, err = rand.Int(random, priv.Pk.N) if err != nil { - return + return nil, err } if r.Cmp(bigZero) == 0 { r = bigOne diff --git a/go.mod b/go.mod index 84646127f..c58932dce 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/cloudflare/circl -go 1.19 +go 1.21 require ( github.com/bwesterb/go-ristretto v1.2.3 diff --git a/pke/kyber/internal/common/asm/go.mod b/pke/kyber/internal/common/asm/go.mod index f9d224ac2..ed620578f 100644 --- a/pke/kyber/internal/common/asm/go.mod +++ b/pke/kyber/internal/common/asm/go.mod @@ -1,6 +1,6 @@ module github.com/cloudflare/circl/pke/kyber/internal/common/asm -go 1.19 +go 1.21 require ( github.com/cloudflare/circl v1.3.7 diff --git a/sign/dilithium/internal/common/asm/go.mod b/sign/dilithium/internal/common/asm/go.mod index 709c8d6c5..5638957e6 100644 --- a/sign/dilithium/internal/common/asm/go.mod +++ b/sign/dilithium/internal/common/asm/go.mod @@ -1,6 +1,6 @@ module github.com/cloudflare/circl/sign/dilithium/internal/common/asm -go 1.19 +go 1.21 require ( github.com/cloudflare/circl v1.3.7