From 8122ff218b0e6430dfcd245565f2d1b4bc2eaaa9 Mon Sep 17 00:00:00 2001 From: Andy Zhao Date: Thu, 21 Sep 2023 13:56:54 -0700 Subject: [PATCH] fix: Fix go lint violations (#98) --- darwin/client_test.go | 8 ++++---- internal/signer/darwin/keychain/keychain.go | 20 ++++++++----------- .../signer/darwin/keychain/keychain_test.go | 10 +++++----- internal/signer/linux/pkcs11/pkcs11.go | 5 ----- internal/signer/linux/signer.go | 1 - internal/signer/test/signer.go | 16 +++++---------- 6 files changed, 22 insertions(+), 38 deletions(-) diff --git a/darwin/client_test.go b/darwin/client_test.go index 1246170..6273a6a 100644 --- a/darwin/client_test.go +++ b/darwin/client_test.go @@ -20,10 +20,10 @@ import ( "testing" ) -const TEST_CREDENTIALS = "TestIssuer" +const testIssuer = "TestIssuer" func TestClientEncrypt(t *testing.T) { - secureKey, err := NewSecureKey(TEST_CREDENTIALS) + secureKey, err := NewSecureKey(testIssuer) if err != nil { t.Errorf("Cred: got %v, want nil err", err) return @@ -37,14 +37,14 @@ func TestClientEncrypt(t *testing.T) { } func TestClientDecrypt(t *testing.T) { - secureKey, err := NewSecureKey(TEST_CREDENTIALS) + secureKey, err := NewSecureKey(testIssuer) if err != nil { t.Errorf("Cred: got %v, want nil err", err) return } byteSlice := []byte("Plain text to encrypt") ciphertext, _ := secureKey.Encrypt(nil, byteSlice, crypto.SHA256) - plaintext, err := secureKey.Decrypt(nil, ciphertext, &rsa.OAEPOptions{Hash:crypto.SHA256}) + plaintext, err := secureKey.Decrypt(nil, ciphertext, &rsa.OAEPOptions{Hash: crypto.SHA256}) if err != nil { t.Errorf("Client API decryption: got %v, want nil err", err) return diff --git a/internal/signer/darwin/keychain/keychain.go b/internal/signer/darwin/keychain/keychain.go index 1cf9016..616d241 100644 --- a/internal/signer/darwin/keychain/keychain.go +++ b/internal/signer/darwin/keychain/keychain.go @@ -69,8 +69,8 @@ var ( } ) -const UNKNOWN_SECKEY_ALGORITHM = C.CFStringRef(0) -const INVALID_KEY = C.SecKeyRef(0) +const unknownSecKeyAlgorithm = C.CFStringRef(0) +const invalidKey = C.SecKeyRef(0) // cfStringToString returns a Go string given a CFString. func cfStringToString(cfStr C.CFStringRef) string { @@ -420,7 +420,7 @@ func identityToPublicSecKeyRef(ident C.SecIdentityRef) (C.SecKeyRef, error) { key = C.SecCertificateCopyKey(certRef) - if key == INVALID_KEY { + if key == invalidKey { return 0, fmt.Errorf("public key was NULL. Key might have an encoding issue or use an unsupported algorithm") } return key, nil @@ -443,10 +443,6 @@ func certIn(xc *x509.Certificate, xcs []*x509.Certificate) bool { } return false } -func (k *Key) WithHash(hash crypto.Hash) *Key { - k.hash = hash - return k -} func (k *Key) getPaddingSize() int { algorithms, algoErr := k.getEncryptAlgorithm() @@ -471,7 +467,7 @@ func (k *Key) getPaddingSize() int { C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512: return pkcsPaddingBytes default: - return int(UNKNOWN_SECKEY_ALGORITHM) + return int(unknownSecKeyAlgorithm) } } @@ -495,10 +491,10 @@ func (k *Key) getRSAEncryptAlgorithm() (C.SecKeyAlgorithm, error) { } else if C.SecKeyIsAlgorithmSupported(k.publicKeyRef, C.kSecKeyOperationTypeEncrypt, C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256) == 1 { algorithms = rsaPKCS1v15Algorithms } else { - return UNKNOWN_SECKEY_ALGORITHM, fmt.Errorf("unknown RSA argument. Only supports PSS, OAEP, and PKCS1v1.5 %T", pub) + return unknownSecKeyAlgorithm, fmt.Errorf("unknown RSA argument. Only supports PSS, OAEP, and PKCS1v1.5 %T", pub) } default: - return UNKNOWN_SECKEY_ALGORITHM, fmt.Errorf("algorithm is unsupported. only RSA algorithms are supported. %T", pub) + return unknownSecKeyAlgorithm, fmt.Errorf("algorithm is unsupported. only RSA algorithms are supported. %T", pub) } return algorithms[k.hash], nil } @@ -521,10 +517,10 @@ func (k *Key) getRSADecryptAlgorithm() (C.SecKeyAlgorithm, error) { } else if C.SecKeyIsAlgorithmSupported(k.publicKeyRef, C.kSecKeyOperationTypeDecrypt, C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256) == 1 { algorithms = rsaPKCS1v15Algorithms } else { - return UNKNOWN_SECKEY_ALGORITHM, fmt.Errorf("unknown RSA argument. Only supports PSS, OAEP, and PKCS1v1.5 %T", pub) + return unknownSecKeyAlgorithm, fmt.Errorf("unknown RSA argument. Only supports PSS, OAEP, and PKCS1v1.5 %T", pub) } default: - return UNKNOWN_SECKEY_ALGORITHM, fmt.Errorf("algorithm is unsupported. only RSA algorithms are supported. %T", pub) + return unknownSecKeyAlgorithm, fmt.Errorf("algorithm is unsupported. only RSA algorithms are supported. %T", pub) } return algorithms[k.hash], nil } diff --git a/internal/signer/darwin/keychain/keychain_test.go b/internal/signer/darwin/keychain/keychain_test.go index a0f32f4..e885a2d 100644 --- a/internal/signer/darwin/keychain/keychain_test.go +++ b/internal/signer/darwin/keychain/keychain_test.go @@ -24,7 +24,7 @@ import ( "unsafe" ) -const TEST_CREDENTIALS = "TestIssuer" +const testIssuer = "TestIssuer" func TestKeychainError(t *testing.T) { tests := []struct { @@ -52,7 +52,7 @@ func TestBytesToCFDataRoundTrip(t *testing.T) { } func TestEncrypt(t *testing.T) { - key, err := Cred(TEST_CREDENTIALS) + key, err := Cred(testIssuer) if err != nil { t.Errorf("Cred: got %v, want nil err", err) return @@ -66,7 +66,7 @@ func TestEncrypt(t *testing.T) { } func BenchmarkEncrypt(b *testing.B) { - key, err := Cred(TEST_CREDENTIALS) + key, err := Cred(testIssuer) if err != nil { b.Errorf("Cred: got %v, want nil err", err) return @@ -81,7 +81,7 @@ func BenchmarkEncrypt(b *testing.B) { } func TestDecrypt(t *testing.T) { - key, err := Cred(TEST_CREDENTIALS) + key, err := Cred(testIssuer) if err != nil { t.Errorf("Cred: got %v, want nil err", err) return @@ -99,7 +99,7 @@ func TestDecrypt(t *testing.T) { } func BenchmarkDecrypt(b *testing.B) { - key, err := Cred(TEST_CREDENTIALS) + key, err := Cred(testIssuer) if err != nil { b.Errorf("Cred: got %v, want nil err", err) return diff --git a/internal/signer/linux/pkcs11/pkcs11.go b/internal/signer/linux/pkcs11/pkcs11.go index 4afa875..3ff2fea 100644 --- a/internal/signer/linux/pkcs11/pkcs11.go +++ b/internal/signer/linux/pkcs11/pkcs11.go @@ -216,11 +216,6 @@ func (k *Key) decryptRSAWithPKCS11(encryptedData []byte) ([]byte, error) { return k.decrypter.Decrypt(nil, encryptedData, opts) } -func (k *Key) WithHash(hash crypto.Hash) *Key { - k.hash = hash - return k -} - func cryptoHashToHash(hash crypto.Hash) (hash.Hash, error) { switch hash { case crypto.SHA256: diff --git a/internal/signer/linux/signer.go b/internal/signer/linux/signer.go index d234182..7eaa07a 100644 --- a/internal/signer/linux/signer.go +++ b/internal/signer/linux/signer.go @@ -138,7 +138,6 @@ func main() { if err != nil { log.Fatalf("Failed to initialize enterprise cert signer using pkcs11: %v", err) } - enterpriseCertSigner.key = enterpriseCertSigner.key.WithHash(crypto.SHA1) if err := rpc.Register(enterpriseCertSigner); err != nil { log.Fatalf("Failed to register enterprise cert signer with net/rpc: %v", err) diff --git a/internal/signer/test/signer.go b/internal/signer/test/signer.go index 4d2f77d..1911534 100644 --- a/internal/signer/test/signer.go +++ b/internal/signer/test/signer.go @@ -17,10 +17,8 @@ package main import ( "crypto" - "crypto/rsa" "crypto/tls" "crypto/x509" - "encoding/gob" "io" "log" "net/rpc" @@ -28,24 +26,18 @@ import ( "time" ) -func init() { - gob.Register(crypto.SHA256) - gob.Register(crypto.SHA384) - gob.Register(crypto.SHA512) - gob.Register(&rsa.PSSOptions{}) - gob.Register(&rsa.OAEPOptions{}) -} - // SignArgs encapsulate the parameters for the Sign method. type SignArgs struct { Digest []byte Opts crypto.SignerOpts } +// EncryptArgs encapsulate the parameters for the Encrypt method. type EncryptArgs struct { Plaintext []byte } +// DecryptArgs encapsulate the parameters for the Decrypt method. type DecryptArgs struct { Ciphertext []byte } @@ -91,17 +83,19 @@ func (k *EnterpriseCertSigner) Public(ignored struct{}, publicKey *[]byte) (err return err } -// Sign signs a message digest. +// Sign signs a message digest. For testing, we return the input as-is. func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) { *resp = args.Digest return nil } +// Encrypt encrypts a plaintext msg. For testing, we return the input as-is. func (k *EnterpriseCertSigner) Encrypt(args EncryptArgs, plaintext *[]byte) (err error) { *plaintext = args.Plaintext return nil } +// Decrypt decrypts a ciphertext msg. For testing, we return the input as-is. func (k *EnterpriseCertSigner) Decrypt(args DecryptArgs, ciphertext *[]byte) (err error) { *ciphertext = args.Ciphertext return nil