Fix golangci-lint findings

2024-12-18 20:47:57 +00:00 · 2022-11-01 12:57:06 -07:00 · 2022-11-01 12:57:06 -07:00 · 0dc056af7d
commit 0dc056af7d
parent 19d3c4de97
15 changed files with 40 additions and 56 deletions
--- a/README.md
+++ b/README.md
@ -81,7 +81,7 @@ if err != nil {
    // handle error
 }

-if err := ioutil.WriteFile("encrypted_aik.json", akBytes, 0600); err != nil {
+if err := os.WriteFile("encrypted_aik.json", akBytes, 0600); err != nil {
    // handle error
 }

@ -115,7 +115,7 @@ returning the same secret to the server.
 ```go
 // Client decrypts the credential

-akBytes, err := ioutil.ReadFile("encrypted_aik.json")
+akBytes, err := os.ReadFile("encrypted_aik.json")
 if err != nil {
    // handle error
 }
--- a/attest/application_key_test.go
+++ b/attest/application_key_test.go
@ -496,8 +496,7 @@ func testKeyOpts(t *testing.T, tpm *TPM) {
 				expected = defaultConfig
 			}

-			pub := sk.Public()
-			switch pub.(type) {
+			switch pub := sk.Public().(type) {
 			case *ecdsa.PublicKey:
 				if expected.Algorithm != ECDSA {
 					t.Errorf("incorrect key type generated, expected %q, got EC", expected.Algorithm)
@ -511,16 +510,15 @@ func testKeyOpts(t *testing.T, tpm *TPM) {
 				if !ok {
 					t.Fatalf("cannot match curve to key size %d", expected.Size)
 				}
-				curve := pub.(*ecdsa.PublicKey).Curve
-				if expectedCurve != curve {
-					t.Errorf("incorrect curve, expected %v, got %v", expectedCurve, curve)
+				if expectedCurve != pub.Curve {
+					t.Errorf("incorrect curve, expected %v, got %v", expectedCurve, pub.Curve)
 				}
 			case *rsa.PublicKey:
 				if expected.Algorithm != RSA {
 					t.Errorf("incorrect key type, expected %q, got RSA", expected.Algorithm)
 				}
-				if pub.(*rsa.PublicKey).Size()*8 != expected.Size {
-					t.Errorf("incorrect key size, expected %d, got %d", expected.Size, pub.(*rsa.PublicKey).Size()*8)
+				if pub.Size()*8 != expected.Size {
+					t.Errorf("incorrect key size, expected %d, got %d", expected.Size, pub.Size()*8)
 				}
 			default:
 				t.Errorf("unsupported key type: %T", pub)
--- a/attest/attest-tool/attest-tool.go
+++ b/attest/attest-tool/attest-tool.go
@ -13,7 +13,6 @@ import (
 	"errors"
 	"flag"
 	"fmt"
-	"io/ioutil"
 	"os"

 	"github.com/google/go-attestation/attest"
@ -153,10 +152,10 @@ func runCommand(tpm *attest.TPM) error {
 		if err != nil {
 			return err
 		}
-		return ioutil.WriteFile(*keyPath, b, 0644)
+		return os.WriteFile(*keyPath, b, 0644)

 	case "quote":
-		b, err := ioutil.ReadFile(*keyPath)
+		b, err := os.ReadFile(*keyPath)
 		if err != nil {
 			return err
 		}
--- a/attest/attest-tool/internal/eventlog/secureboot_test.go
+++ b/attest/attest-tool/internal/eventlog/secureboot_test.go
@ -16,7 +16,7 @@ package eventlog

 import (
 	"encoding/json"
-	"io/ioutil"
+	"os"
 	"testing"

 	"github.com/google/go-attestation/attest"
@ -24,7 +24,7 @@ import (
 )

 func parseEvents(t *testing.T, testdata string) []attest.Event {
-	data, err := ioutil.ReadFile(testdata)
+	data, err := os.ReadFile(testdata)
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
--- a/attest/eventlog.go
+++ b/attest/eventlog.go
@ -56,14 +56,6 @@ func (e ReplayError) Error() string {
 	return fmt.Sprintf("event log failed to verify: the following registers failed to replay: %v", e.InvalidPCRs)
 }

-// TPM algorithms. See the TPM 2.0 specification section 6.3.
-//
-// https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf#page=42
-const (
-	algSHA1   uint16 = 0x0004
-	algSHA256 uint16 = 0x000B
-)
-
 // EventType indicates what kind of data an event is reporting.
 //
 // https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf#page=103
--- a/attest/eventlog_test.go
+++ b/attest/eventlog_test.go
@ -18,7 +18,7 @@ import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
-	"io/ioutil"
+	"os"
 	"testing"

 	"github.com/google/go-tpm/tpm2"
@ -56,7 +56,7 @@ func TestParseEventLogLinux(t *testing.T) {
 }

 func testParseEventLog(t *testing.T, testdata string) {
-	data, err := ioutil.ReadFile(testdata)
+	data, err := os.ReadFile(testdata)
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
@ -70,7 +70,7 @@ func testParseEventLog(t *testing.T, testdata string) {
 }

 func TestParseCryptoAgileEventLog(t *testing.T) {
-	data, err := ioutil.ReadFile("testdata/crypto_agile_eventlog")
+	data, err := os.ReadFile("testdata/crypto_agile_eventlog")
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
@ -88,7 +88,7 @@ func TestEventLog(t *testing.T) {
 }

 func testEventLog(t *testing.T, testdata string) {
-	data, err := ioutil.ReadFile(testdata)
+	data, err := os.ReadFile(testdata)
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
@ -183,7 +183,7 @@ func TestParseShortNoAction(t *testing.T) {
 	// Currently we just assume that such events will have Data shorter than
 	// "EFI Specification ID" field.

-	data, err := ioutil.ReadFile("testdata/short_no_action_eventlog")
+	data, err := os.ReadFile("testdata/short_no_action_eventlog")
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
@ -326,7 +326,7 @@ func TestEBSVerifyWorkaround(t *testing.T) {
 		},
 	}

-	elr, err := ioutil.ReadFile("testdata/ebs_event_missing_eventlog")
+	elr, err := os.ReadFile("testdata/ebs_event_missing_eventlog")
 	if err != nil {
 		t.Fatal(err)
 	}
@ -340,7 +340,7 @@ func TestEBSVerifyWorkaround(t *testing.T) {
 }

 func TestAppendEvents(t *testing.T) {
-	base, err := ioutil.ReadFile("testdata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog")
+	base, err := os.ReadFile("testdata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog")
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
--- a/attest/internal/events.go
+++ b/attest/internal/events.go
@ -188,7 +188,7 @@ func (e EventType) String() string {
 func UntrustedParseEventType(et uint32) (EventType, error) {
 	// "The value associated with a UEFI specific platform event type MUST be in
 	// the range between 0x80000000 and 0x800000FF, inclusive."
-	if (et < 0x80000000 && et > 0x800000FF) || (et < 0x0 && et > 0x12) {
+	if (et < 0x80000000 && et > 0x800000FF) || (et <= 0x0 && et > 0x12) {
 		return EventType(0), fmt.Errorf("event type not between [0x0, 0x12] or [0x80000000, 0x800000FF]: got %#x", et)
 	}
 	if _, ok := eventTypeNames[EventType(et)]; !ok {
--- a/attest/secureboot_test.go
+++ b/attest/secureboot_test.go
@ -17,12 +17,12 @@ package attest
 import (
 	"encoding/base64"
 	"encoding/json"
-	"io/ioutil"
+	"os"
 	"testing"
 )

 func TestSecureBoot(t *testing.T) {
-	data, err := ioutil.ReadFile("testdata/windows_gcp_shielded_vm.json")
+	data, err := os.ReadFile("testdata/windows_gcp_shielded_vm.json")
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
@ -52,7 +52,7 @@ func TestSecureBoot(t *testing.T) {

 // See: https://github.com/google/go-attestation/issues/157
 func TestSecureBootBug157(t *testing.T) {
-	raw, err := ioutil.ReadFile("testdata/sb_cert_eventlog")
+	raw, err := os.ReadFile("testdata/sb_cert_eventlog")
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
@ -135,7 +135,7 @@ func b64MustDecode(input string) []byte {
 }

 func TestSecureBootOptionRom(t *testing.T) {
-	raw, err := ioutil.ReadFile("testdata/option_rom_eventlog")
+	raw, err := os.ReadFile("testdata/option_rom_eventlog")
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
@ -177,7 +177,7 @@ func TestSecureBootOptionRom(t *testing.T) {
 }

 func TestSecureBootEventLogUbuntu(t *testing.T) {
-	data, err := ioutil.ReadFile("testdata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog")
+	data, err := os.ReadFile("testdata/ubuntu_2104_shielded_vm_no_secure_boot_eventlog")
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
@ -196,7 +196,7 @@ func TestSecureBootEventLogUbuntu(t *testing.T) {
 }

 func TestSecureBootEventLogFedora36(t *testing.T) {
-	data, err := ioutil.ReadFile("testdata/coreos_36_shielded_vm_no_secure_boot_eventlog")
+	data, err := os.ReadFile("testdata/coreos_36_shielded_vm_no_secure_boot_eventlog")
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
--- a/attest/tpm12_linux.go
+++ b/attest/tpm12_linux.go
@ -22,7 +22,7 @@ import (
 	"crypto/x509"
 	"encoding/binary"
 	"fmt"
-	"io/ioutil"
+	"os"

 	"github.com/google/go-tspi/attestation"
 	"github.com/google/go-tspi/tspi"
@ -169,5 +169,5 @@ func (t *trousersTPM) pcrs(alg HashAlg) ([]PCR, error) {
 }

 func (t *trousersTPM) measurementLog() ([]byte, error) {
-	return ioutil.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements")
+	return os.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements")
 }
--- a/attest/tpm_linux.go
+++ b/attest/tpm_linux.go
@ -21,7 +21,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"strings"
@ -49,7 +48,7 @@ func InjectSimulatedTPMForTest(rwc io.ReadWriteCloser) *TPM {
 func probeSystemTPMs() ([]probedTPM, error) {
 	var tpms []probedTPM

-	tpmDevs, err := ioutil.ReadDir(tpmRoot)
+	tpmDevs, err := os.ReadDir(tpmRoot)
 	if err != nil && !os.IsNotExist(err) {
 		return nil, err
 	}
@ -82,7 +81,7 @@ type linuxCmdChannel struct {

 // MeasurementLog implements CommandChannelTPM20.
 func (cc *linuxCmdChannel) MeasurementLog() ([]byte, error) {
-	return ioutil.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements")
+	return os.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements")
 }

 func openTPM(tpm probedTPM) (*TPM, error) {
@ -98,7 +97,7 @@ func openTPM(tpm probedTPM) (*TPM, error) {
 		// If the TPM has a kernel-provided resource manager, we should
 		// use that instead of communicating directly.
 		devPath := path.Join("/dev", path.Base(tpm.Path))
-		f, err := ioutil.ReadDir(path.Join(tpm.Path, "device", "tpmrm"))
+		f, err := os.ReadDir(path.Join(tpm.Path, "device", "tpmrm"))
 		if err != nil {
 			if !os.IsNotExist(err) {
 				return nil, err
--- a/attest/win_events.go
+++ b/attest/win_events.go
@ -600,7 +600,7 @@ func (w *WinEvents) readLoadedModuleAggregation(rdr *bytes.Reader, header micros
 				return err
 			}
 		case imageValidated:
-			if imgValidated == true {
+			if imgValidated {
 				return errors.New("duplicate image validated field in LMA event")
 			}
 			if imgValidated, err = w.parseImageValidated(h, r); err != nil {
--- a/attest/win_events_test.go
+++ b/attest/win_events_test.go
@ -16,7 +16,7 @@ package attest

 import (
 	"encoding/json"
-	"io/ioutil"
+	"os"
 	"testing"

 	"github.com/google/go-cmp/cmp"
@ -91,7 +91,7 @@ func TestParseWinEvents(t *testing.T) {
 		},
 	}

-	data, err := ioutil.ReadFile("testdata/windows_gcp_shielded_vm.json")
+	data, err := os.ReadFile("testdata/windows_gcp_shielded_vm.json")
 	if err != nil {
 		t.Fatalf("reading test data: %v", err)
 	}
--- a/attest/wrapped_tpm20.go
+++ b/attest/wrapped_tpm20.go
@ -53,8 +53,6 @@ func (t *wrappedTPM20) ekTemplate() (tpm2.Public, error) {
 	return *t.tpmEkTemplate, nil
 }

-func (*wrappedTPM20) isTPMBase() {}
-
 func (t *wrappedTPM20) tpmVersion() TPMVersion {
 	return TPMVersion20
 }
@ -175,7 +173,7 @@ func (t *wrappedTPM20) newAK(opts *AKConfig) (*AK, error) {
 	}()

 	// We can only certify the creation immediately afterwards, so we cache the result.
-	attestation, sig, err := tpm2.CertifyCreation(t.rwc, "", keyHandle, keyHandle, nil, creationHash, tpm2.SigScheme{tpm2.AlgRSASSA, tpm2.AlgSHA256, 0}, tix)
+	attestation, sig, err := tpm2.CertifyCreation(t.rwc, "", keyHandle, keyHandle, nil, creationHash, tpm2.SigScheme{Alg: tpm2.AlgRSASSA, Hash: tpm2.AlgSHA256, Count: 0}, tix)
 	if err != nil {
 		return nil, fmt.Errorf("CertifyCreation failed: %v", err)
 	}
--- a/attributecert/attributecert_test.go
+++ b/attributecert/attributecert_test.go
@ -17,7 +17,7 @@ package attributecert
 import (
 	"crypto/x509"
 	"encoding/json"
-	"io/ioutil"
+	"os"
 	"reflect"
 	"strings"
 	"testing"
@ -29,7 +29,7 @@ func TestVerifyAttributeCert(t *testing.T) {
 		"testdata/Intel_pc2.cer",
 		"testdata/Intel_pc3.cer",
 	}
-	data, err := ioutil.ReadFile("testdata/IntelSigningKey_20April2017.cer")
+	data, err := os.ReadFile("testdata/IntelSigningKey_20April2017.cer")
 	if err != nil {
 		t.Fatalf("failed to read Intel intermediate certificate: %v", err)
 	}
@ -39,7 +39,7 @@ func TestVerifyAttributeCert(t *testing.T) {
 	}

 	for _, filename := range testfiles {
-		data, err = ioutil.ReadFile(filename)
+		data, err = os.ReadFile(filename)
 		if err != nil {
 			t.Fatalf("failed to read %s: %v", filename, err)
 		}
@ -57,7 +57,7 @@ func TestVerifyAttributeCert(t *testing.T) {
 }

 func TestParseAttributeCerts(t *testing.T) {
-	files, err := ioutil.ReadDir("testdata")
+	files, err := os.ReadDir("testdata")
 	if err != nil {
 		t.Fatalf("failed to read test dir: %v", err)
 	}
@ -70,7 +70,7 @@ func TestParseAttributeCerts(t *testing.T) {
 		}
 		filename := "testdata/" + file.Name()
 		jsonfile := filename + ".json"
-		data, err := ioutil.ReadFile(filename)
+		data, err := os.ReadFile(filename)
 		if err != nil {
 			t.Fatalf("failed to read test data %s: %v", filename, err)
 		}
@ -78,7 +78,7 @@ func TestParseAttributeCerts(t *testing.T) {
 		if err != nil {
 			t.Fatalf("failed to parse test data %s: %v", filename, err)
 		}
-		jsondata, err := ioutil.ReadFile(jsonfile)
+		jsondata, err := os.ReadFile(jsonfile)
 		if err != nil {
 			t.Fatalf("failed to read json test data %s: %v", jsonfile, err)
 		}
--- a/ci/gen_ekcert.go
+++ b/ci/gen_ekcert.go
@ -16,8 +16,6 @@ import (
 	"time"
 )

-var simulatorStatePath = flag.String("state_path", "/tmp/sim/NVRAM/00.permall", "Path to ibmswtpm state file")
-
 func ekPub() *rsa.PublicKey {
 	out, err := exec.Command("tpm_getpubek", "-z").Output()
 	if err != nil {