From 4aafbeec5fe738d66b0f7c20586ab2f9dccb9c38 Mon Sep 17 00:00:00 2001
From: Steve Lasker <stevenlasker@hotmail.com>
Date: Fri, 27 Jan 2023 11:35:51 -0800
Subject: [PATCH] Add community and governance content

Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>

markdown format

Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>

PR Feedback

Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>

Remove zombied code of conduct

Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>

PR Feedback

Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>

Merge conflicts

Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>

Update references to v1.0.0 (#129)

Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>

Update Code of Conduct (#128)

Signed-off-by: Lachlan Evenson <lachlan.evenson@microsoft.com>

Correct return error code when key cannot be decoded (#130)
---
 CODE_OF_CONDUCT.md | 15 ---------------
 README.md          | 23 +++++++++++++++++++++--
 SECURITY.md        | 11 +++++------
 errors.go          |  1 +
 signer.go          |  6 +++---
 verifier.go        |  6 +++---
 6 files changed, 33 insertions(+), 29 deletions(-)
 delete mode 100644 CODE_OF_CONDUCT.md

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
deleted file mode 100644
index 498baa3..0000000
--- a/CODE_OF_CONDUCT.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# Community Participation Guidelines
-
-This repository is governed by Mozilla's code of conduct and etiquette guidelines. 
-For more details, please read the
-[Mozilla Community Participation Guidelines](https://www.mozilla.org/about/governance/policies/participation/). 
-
-## How to Report
-For more information on how to report violations of the Community Participation Guidelines, please read our '[How to Report](https://www.mozilla.org/about/governance/policies/participation/reporting/)' page.
-
-<!--
-## Project Specific Etiquette
-
-In some cases, there will be additional project etiquette i.e.: (https://bugzilla.mozilla.org/page.cgi?id=etiquette.html).
-Please update for your project.
--->
diff --git a/README.md b/README.md
index d3de617..feaf8c4 100644
--- a/README.md
+++ b/README.md
@@ -8,12 +8,31 @@ A golang library for the [COSE specification][cose-spec]
 
 ## Project Status
 
-**Current Release**: [go-cose rc 1][release-rc-1] 
+**Current Release**: [go-cose v1.0.0][current-release]
 
 The project was *initially* forked from the  upstream [mozilla-services/go-cose][mozilla-go-cose] project, however the Veraison and Mozilla maintainers have agreed to retire the mozilla-services/go-cose project and focus on [veraison/go-cose][veraison-go-cose] as the active project.
 
 We thank the [Mozilla maintainers and contributors][mozilla-contributors] for their great work that formed the base of the [veraison/go-cose][veraison-go-cose] project.
 
+## Community
+
+The [veraison/go-cose](https://github.com/veraison/go-cose) project is an open source community effort.
+
+You can reach the go-cose community via::
+
+- [Mailing List](veraison-project@confidentialcomputing.io)
+- Bi-weekly meetings: 08:00-09:00 Pacific
+  - [Zoom meeting link](https://us02web.zoom.us/j/81054434992?pwd=YjNBU21seU5VcGdtVXY3VHVjS251Zz09)
+  - [Calendar ics link](https://zoom.us/meeting/tZUtcu2srT8jE9YFubXn-lC9upuwUiiev52G/ics)
+- [Meeting Notes](https://veraison.zulipchat.com/#narrow/stream/317999-go-cose-meetings)
+- [Meeting Recordings](https://www.youtube.com/@go-cose-community3000)
+
+Participation in the go-cose community is governed by the Veraison [CODE_OF_CONDUCT.md](https://github.com/veraison/.github/blob/main/CODE_OF_CONDUCT.md) and [GOVERNANCE.md](https://github.com/veraison/community/blob/main/GOVERNANCE.md)
+
+## Code of Conduct
+
+This project has adopted the [Contributor Covenant Code of Conduct](https://github.com/veraison/.github/blob/main/CODE_OF_CONDUCT.md).
+
 ## Installation
 
 go-cose is compatible with modern Go releases in module mode, with Go installed:
@@ -188,4 +207,4 @@ go test -fuzz=FuzzSign1
 [mozilla-contributors]: https://github.com/mozilla-services/go-cose/graphs/contributors
 [mozilla-go-cose]:      http://github.com/mozilla-services/go-cose
 [veraison-go-cose]:     https://github.com/veraison/go-cose
-[release-rc-1]:      https://github.com/veraison/go-cose/releases/tag/v1.0.0-rc.1
+[current-release]:      https://github.com/veraison/go-cose/releases/tag/v1.0.0
diff --git a/SECURITY.md b/SECURITY.md
index a11239e..d4ab969 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,11 +4,11 @@ This document provides the details on the veraison/go-cose security policy and d
 
 ## Supported Versions
 
-[go-cose][go-cose] is currently is in active development, moving to a [1.0.0 release][v1.0.0-milestone]. The latest pre-release will be supported until 1.0.0 is released. As 1.0.0 is released, pre-release references will need to be redirected to 1.0.0.
+The current stable release of [go-cose][go-cose] is [v1.0.0][v1.0.0-release]. Please upgrade to [v1.0.0][v1.0.0-release] if you are using a pre-release version.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| [v1.0.0-rc1][v1.0.0-rc1-release]  | Yes |
+| [v1.0.0][v1.0.0-release]  | Yes |
 
 ## Report A Vulnerability
 
@@ -23,7 +23,7 @@ To make a report please email the private security list at <a href="mailto:go-co
 [TO:]:     go-cose-security@googlegroups.com
 [SUBJECT]: go-cose Security Notification
 [BODY]:
-Release: v1.0.0-rc.1
+Release: v1.0.0
 
 Summary:
 A quick summary of the issue
@@ -85,6 +85,5 @@ Disclosures will be published on the same day as a release fixing the vulnerabil
 
 [go-cose]:                https://github.com/veraison/go-cose
 [security-advisories]:    https://github.com/veraison/go-cose/security/advisories
-[v1.0.0-rc1-release]:  https://github.com/veraison/go-cose/releases/tag/v1.0.0-rc.1
-[v1.0.0-milestone]:       https://github.com/veraison/go-cose/milestone/2
-[go-cose-maintainers]:    https://github.com/veraison/community/blob/main/OWNERS
\ No newline at end of file
+[v1.0.0-release]:  https://github.com/veraison/go-cose/releases/tag/v1.0.0
+[go-cose-maintainers]:    https://github.com/veraison/community/blob/main/OWNERS
diff --git a/errors.go b/errors.go
index e0ef4ef..8c240e2 100644
--- a/errors.go
+++ b/errors.go
@@ -13,4 +13,5 @@ var (
 	ErrNoSignatures          = errors.New("no signatures attached")
 	ErrUnavailableHashFunc   = errors.New("hash function is not available")
 	ErrVerification          = errors.New("verification error")
+	ErrInvalidPubKey         = errors.New("invalid public key")
 )
diff --git a/signer.go b/signer.go
index bac4224..6747546 100644
--- a/signer.go
+++ b/signer.go
@@ -41,7 +41,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
 	case AlgorithmPS256, AlgorithmPS384, AlgorithmPS512:
 		vk, ok := key.Public().(*rsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		// RFC 8230 6.1 requires RSA keys having a minimum size of 2048 bits.
 		// Reference: https://www.rfc-editor.org/rfc/rfc8230.html#section-6.1
@@ -55,7 +55,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
 	case AlgorithmES256, AlgorithmES384, AlgorithmES512:
 		vk, ok := key.Public().(*ecdsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		if sk, ok := key.(*ecdsa.PrivateKey); ok {
 			return &ecdsaKeySigner{
@@ -70,7 +70,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
 		}, nil
 	case AlgorithmEd25519:
 		if _, ok := key.Public().(ed25519.PublicKey); !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		return &ed25519Signer{
 			key: key,
diff --git a/verifier.go b/verifier.go
index f2a162d..152a14a 100644
--- a/verifier.go
+++ b/verifier.go
@@ -30,7 +30,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 	case AlgorithmPS256, AlgorithmPS384, AlgorithmPS512:
 		vk, ok := key.(*rsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		// RFC 8230 6.1 requires RSA keys having a minimun size of 2048 bits.
 		// Reference: https://www.rfc-editor.org/rfc/rfc8230.html#section-6.1
@@ -44,7 +44,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 	case AlgorithmES256, AlgorithmES384, AlgorithmES512:
 		vk, ok := key.(*ecdsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		return &ecdsaVerifier{
 			alg: alg,
@@ -53,7 +53,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 	case AlgorithmEd25519:
 		vk, ok := key.(ed25519.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		return &ed25519Verifier{
 			key: vk,