From 4f9029793eab5bdeceabc30d2d3c23899ef18e7a Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sun, 11 Feb 2024 22:31:23 +0300 Subject: [PATCH 1/8] tz: don't copy d in Sum() It makes no sense, checkSum() doesn't modify state in any way. Signed-off-by: Roman Khimov --- tz/digest.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tz/digest.go b/tz/digest.go index 256f093..5d7066a 100644 --- a/tz/digest.go +++ b/tz/digest.go @@ -38,9 +38,7 @@ func Sum(data []byte) [Size]byte { // Sum implements hash.Hash. func (d *digest) Sum(in []byte) []byte { - // Make a copy of d so that caller can keep writing and summing. - d0 := *d - h := d0.checkSum() + h := d.checkSum() return append(in, h[:]...) } From f241d048bc971decc239fe1d954b355e69853103 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sun, 11 Feb 2024 22:37:27 +0300 Subject: [PATCH 2/8] tz: keep the original error in Validate() Signed-off-by: Roman Khimov --- tz/hash.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tz/hash.go b/tz/hash.go index 471de67..93ac3b6 100644 --- a/tz/hash.go +++ b/tz/hash.go @@ -6,6 +6,7 @@ package tz import ( "errors" + "fmt" ) // Concat performs combining of hashes based on homomorphic property. @@ -40,7 +41,7 @@ func Validate(h []byte, hs [][]byte) (bool, error) { b, err = Concat(hs) if err != nil { - return false, errors.New("cant concatenate hashes") + return false, fmt.Errorf("can't concatenate hashes: %w", err) } copy(got[:], b) From dc9eac71d1993397bc5e88ab39fb849b7d1c8fb6 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sun, 11 Feb 2024 22:43:34 +0300 Subject: [PATCH 3/8] tz: improve Validate() * don't allocate useless buffers * compare using constant-time function Signed-off-by: Roman Khimov --- tz/hash.go | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/tz/hash.go b/tz/hash.go index 93ac3b6..db775ee 100644 --- a/tz/hash.go +++ b/tz/hash.go @@ -5,6 +5,7 @@ package tz import ( + "crypto/subtle" "errors" "fmt" ) @@ -26,9 +27,8 @@ func Concat(hs [][]byte) ([]byte, error) { // Validate checks if hashes in hs combined are equal to h. func Validate(h []byte, hs [][]byte) (bool, error) { var ( - b []byte - got, expected [Size]byte - err error + b []byte + err error ) if len(h) != Size { @@ -37,16 +37,12 @@ func Validate(h []byte, hs [][]byte) (bool, error) { return false, errors.New("empty slice") } - copy(expected[:], h) - b, err = Concat(hs) if err != nil { return false, fmt.Errorf("can't concatenate hashes: %w", err) } - copy(got[:], b) - - return expected == got, nil + return subtle.ConstantTimeCompare(h, b) == 1, nil } // SubtractR returns hash a, such that Concat(a, b) == c From 1d45c7f74b5be7f56136fb50a844723e4ff1a82b Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sun, 11 Feb 2024 22:45:59 +0300 Subject: [PATCH 4/8] go.mod: update Go, fix #45 I've honestly tried reusing AppendUint64() in Sum(), but it only leads to additional allocations, so not worth the trouble. Other than that, not a lot to improve here. Signed-off-by: Roman Khimov --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6742382..166ac71 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/nspcc-dev/tzhash -go 1.19 +go 1.20 require ( github.com/stretchr/testify v1.8.4 From f6caaa79d3538899713fa57bc475b0ddb60a05f4 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sun, 11 Feb 2024 22:50:33 +0300 Subject: [PATCH 5/8] go.mod: update golang.org/x/sys dependency Signed-off-by: Roman Khimov --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 166ac71..fdfdeee 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/stretchr/testify v1.8.4 - golang.org/x/sys v0.12.0 + golang.org/x/sys v0.17.0 ) require ( diff --git a/go.sum b/go.sum index c4b12fe..d9ed0cb 100644 --- a/go.sum +++ b/go.sum @@ -4,8 +4,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= From a139f6ad3739b85eb89c0291a65f4c379e33c345 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sun, 11 Feb 2024 22:52:38 +0300 Subject: [PATCH 6/8] workflows: use Go 1.20+ Signed-off-by: Roman Khimov --- .github/workflows/run_tests.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 8e935ed..7a51dfa 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -33,7 +33,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: '1.21' + go-version: '1.22' cache: true - name: Update Go modules @@ -55,14 +55,14 @@ jobs: strategy: matrix: os: [ ubuntu-20.04, windows-2022 ] - go_versions: [ '1.19', '1.20', '1.21' ] + go_versions: [ '1.20', '1.21', '1.22' ] exclude: - - os: windows-2022 - go_versions: '1.19' - os: windows-2022 go_versions: '1.20' - - os: ubuntu-20.04 + - os: windows-2022 go_versions: '1.21' + - os: ubuntu-20.04 + go_versions: '1.22' fail-fast: false steps: - uses: actions/checkout@v3 From f82be93eaed778a41773dcceae81d4a225c89d51 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sun, 11 Feb 2024 22:55:40 +0300 Subject: [PATCH 7/8] tz: suppress linter errors Tests are perfectly fine with this kind of random data. Signed-off-by: Roman Khimov --- tz/hash_test.go | 2 +- tz/sl2_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tz/hash_test.go b/tz/hash_test.go index 7e5c609..f3e189e 100644 --- a/tz/hash_test.go +++ b/tz/hash_test.go @@ -145,7 +145,7 @@ func TestHomomorphism(t *testing.T) { ) b = make([]byte, 64) - n, err = rand.Read(b) + n, err = rand.Read(b) //nolint:staticcheck // SA1019: rand.Read has been deprecated since Go 1.20 because it shouldn't be used require.Equal(t, 64, n) require.NoError(t, err) diff --git a/tz/sl2_test.go b/tz/sl2_test.go index 1cebafc..514b716 100644 --- a/tz/sl2_test.go +++ b/tz/sl2_test.go @@ -10,7 +10,7 @@ import ( ) func init() { - rand.Seed(time.Now().UnixNano()) + rand.Seed(time.Now().UnixNano()) //nolint:staticcheck // SA1019: rand.Seed has been deprecated since Go 1.20 and an alternative has been available since Go 1.0 } func random() (a *sl2) { From 9716b39af0bd0b3f8024a24775637642fccea287 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Mon, 12 Feb 2024 13:23:49 +0300 Subject: [PATCH 8/8] workflows: drop coverage package filter Packages specified don't exist here (copy/paste problem), we can count all of things in this repo.. Signed-off-by: Roman Khimov --- .github/workflows/run_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 7a51dfa..606a81e 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -40,7 +40,7 @@ jobs: run: go mod download -json - name: Write coverage profile - run: go test -v ./... -coverprofile=./coverage.txt -covermode=atomic -coverpkg=./pkg...,./cli/... + run: go test -v ./... -coverprofile=./coverage.txt -covermode=atomic - name: Upload coverage results to Codecov uses: codecov/codecov-action@v2