Add community and governance content

Signed-off-by: Steve Lasker <[email protected]> markdown format Signed-off-by: Steve Lasker <[email protected]> PR Feedback Signed-off-by: Steve Lasker <[email protected]> Remove zombied code of conduct Signed-off-by: Steve Lasker <[email protected]> PR Feedback Signed-off-by: Steve Lasker <[email protected]> Merge conflicts Signed-off-by: Steve Lasker <[email protected]> Update references to v1.0.0 (veraison#129) Signed-off-by: Lachlan Evenson <[email protected]> Update Code of Conduct (veraison#128) Signed-off-by: Lachlan Evenson <[email protected]> Correct return error code when key cannot be decoded (veraison#130)
SteveLasker · Feb 15, 2023 · 4aafbee · 4aafbee
1 parent 4dbb9a7
commit 4aafbee
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 29 deletions.
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
diff --git a/README.md b/README.md
@@ -8,12 +8,31 @@ A golang library for the [COSE specification][cose-spec]
 
 ## Project Status
 
-**Current Release**: [go-cose rc 1][release-rc-1] 
+**Current Release**: [go-cose v1.0.0][current-release]
 
 The project was *initially* forked from the  upstream [mozilla-services/go-cose][mozilla-go-cose] project, however the Veraison and Mozilla maintainers have agreed to retire the mozilla-services/go-cose project and focus on [veraison/go-cose][veraison-go-cose] as the active project.
 
 We thank the [Mozilla maintainers and contributors][mozilla-contributors] for their great work that formed the base of the [veraison/go-cose][veraison-go-cose] project.
 
+## Community
+
+The [veraison/go-cose](https://github.com/veraison/go-cose) project is an open source community effort.
+
+You can reach the go-cose community via::
+
+- [Mailing List]([email protected])
+- Bi-weekly meetings: 08:00-09:00 Pacific
+  - [Zoom meeting link](https://us02web.zoom.us/j/81054434992?pwd=YjNBU21seU5VcGdtVXY3VHVjS251Zz09)
+  - [Calendar ics link](https://zoom.us/meeting/tZUtcu2srT8jE9YFubXn-lC9upuwUiiev52G/ics)
+- [Meeting Notes](https://veraison.zulipchat.com/#narrow/stream/317999-go-cose-meetings)
+- [Meeting Recordings](https://www.youtube.com/@go-cose-community3000)
+
+Participation in the go-cose community is governed by the Veraison [CODE_OF_CONDUCT.md](https://github.com/veraison/.github/blob/main/CODE_OF_CONDUCT.md) and [GOVERNANCE.md](https://github.com/veraison/community/blob/main/GOVERNANCE.md)
+
+## Code of Conduct
+
+This project has adopted the [Contributor Covenant Code of Conduct](https://github.com/veraison/.github/blob/main/CODE_OF_CONDUCT.md).
+
 ## Installation
 
 go-cose is compatible with modern Go releases in module mode, with Go installed:
@@ -188,4 +207,4 @@ go test -fuzz=FuzzSign1
 [mozilla-contributors]: https://github.com/mozilla-services/go-cose/graphs/contributors
 [mozilla-go-cose]:      http://github.com/mozilla-services/go-cose
 [veraison-go-cose]:     https://github.com/veraison/go-cose
-[release-rc-1]:      https://github.com/veraison/go-cose/releases/tag/v1.0.0-rc.1
+[current-release]:      https://github.com/veraison/go-cose/releases/tag/v1.0.0
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,11 +4,11 @@ This document provides the details on the veraison/go-cose security policy and d
 
 ## Supported Versions
 
-[go-cose][go-cose] is currently is in active development, moving to a [1.0.0 release][v1.0.0-milestone]. The latest pre-release will be supported until 1.0.0 is released. As 1.0.0 is released, pre-release references will need to be redirected to 1.0.0.
+The current stable release of [go-cose][go-cose] is [v1.0.0][v1.0.0-release]. Please upgrade to [v1.0.0][v1.0.0-release] if you are using a pre-release version.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| [v1.0.0-rc1][v1.0.0-rc1-release]  | Yes |
+| [v1.0.0][v1.0.0-release]  | Yes |
 
 ## Report A Vulnerability
 
@@ -23,7 +23,7 @@ To make a report please email the private security list at <a href="mailto:go-co
 [TO:]:     [email protected]
 [SUBJECT]: go-cose Security Notification
 [BODY]:
-Release: v1.0.0-rc.1
+Release: v1.0.0
 
 Summary:
 A quick summary of the issue
@@ -85,6 +85,5 @@ Disclosures will be published on the same day as a release fixing the vulnerabil
 
 [go-cose]:                https://github.com/veraison/go-cose
 [security-advisories]:    https://github.com/veraison/go-cose/security/advisories
-[v1.0.0-rc1-release]:  https://github.com/veraison/go-cose/releases/tag/v1.0.0-rc.1
-[v1.0.0-milestone]:       https://github.com/veraison/go-cose/milestone/2
-[go-cose-maintainers]:    https://github.com/veraison/community/blob/main/OWNERS
+[v1.0.0-release]:  https://github.com/veraison/go-cose/releases/tag/v1.0.0
+[go-cose-maintainers]:    https://github.com/veraison/community/blob/main/OWNERS
diff --git a/errors.go b/errors.go
@@ -13,4 +13,5 @@ var (
 	ErrNoSignatures          = errors.New("no signatures attached")
 	ErrUnavailableHashFunc   = errors.New("hash function is not available")
 	ErrVerification          = errors.New("verification error")
+	ErrInvalidPubKey         = errors.New("invalid public key")
 )
diff --git a/signer.go b/signer.go
@@ -41,7 +41,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
 	case AlgorithmPS256, AlgorithmPS384, AlgorithmPS512:
 		vk, ok := key.Public().(*rsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		// RFC 8230 6.1 requires RSA keys having a minimum size of 2048 bits.
 		// Reference: https://www.rfc-editor.org/rfc/rfc8230.html#section-6.1
@@ -55,7 +55,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
 	case AlgorithmES256, AlgorithmES384, AlgorithmES512:
 		vk, ok := key.Public().(*ecdsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		if sk, ok := key.(*ecdsa.PrivateKey); ok {
 			return &ecdsaKeySigner{
@@ -70,7 +70,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
 		}, nil
 	case AlgorithmEd25519:
 		if _, ok := key.Public().(ed25519.PublicKey); !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		return &ed25519Signer{
 			key: key,

diff --git a/verifier.go b/verifier.go
@@ -30,7 +30,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 	case AlgorithmPS256, AlgorithmPS384, AlgorithmPS512:
 		vk, ok := key.(*rsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		// RFC 8230 6.1 requires RSA keys having a minimun size of 2048 bits.
 		// Reference: https://www.rfc-editor.org/rfc/rfc8230.html#section-6.1
@@ -44,7 +44,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 	case AlgorithmES256, AlgorithmES384, AlgorithmES512:
 		vk, ok := key.(*ecdsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		return &ecdsaVerifier{
 			alg: alg,
@@ -53,7 +53,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 	case AlgorithmEd25519:
 		vk, ok := key.(ed25519.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		return &ed25519Verifier{
 			key: vk,