Upgrade linters

babyjub/babyjub.go

@@ -59,7 +59,8 @@ type PointProjective struct {
 
 // NewPointProjective creates a new Point in projective coordinates.
 func NewPointProjective() *PointProjective {
-	return &PointProjective{X: ff.NewElement().SetZero(), Y: ff.NewElement().SetOne(), Z: ff.NewElement().SetOne()}
+	return &PointProjective{X: ff.NewElement().SetZero(),
+		Y: ff.NewElement().SetOne(), Z: ff.NewElement().SetOne()}
 }
 
 // Affine returns the Point from the projective representation
@@ -84,19 +85,21 @@ func (p *PointProjective) Affine() *Point {
 	}
 }
 
-// Add computes the addition of two points in projective coordinates representation
-func (res *PointProjective) Add(p *PointProjective, q *PointProjective) *PointProjective {
-	// add-2008-bbjlp https://hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#doubling-dbl-2008-bbjlp
-	a := ff.NewElement().Mul(p.Z, q.Z)
+// Add computes the addition of two points in projective coordinates
+// representation
+func (p *PointProjective) Add(q *PointProjective, o *PointProjective) *PointProjective {
+	// add-2008-bbjlp
+	// https://hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#doubling-dbl-2008-bbjlp
+	a := ff.NewElement().Mul(q.Z, o.Z)
 	b := ff.NewElement().Square(a)
-	c := ff.NewElement().Mul(p.X, q.X)
-	d := ff.NewElement().Mul(p.Y, q.Y)
+	c := ff.NewElement().Mul(q.X, o.X)
+	d := ff.NewElement().Mul(q.Y, o.Y)
 	e := ff.NewElement().Mul(Dff, c)
 	e.MulAssign(d)
 	f := ff.NewElement().Sub(b, e)
 	g := ff.NewElement().Add(b, e)
-	x1y1 := ff.NewElement().Add(p.X, p.Y)
-	x2y2 := ff.NewElement().Add(q.X, q.Y)
+	x1y1 := ff.NewElement().Add(q.X, q.Y)
+	x2y2 := ff.NewElement().Add(o.X, o.Y)
 	x3 := ff.NewElement().Mul(x1y1, x2y2)
 	x3.SubAssign(c)
 	x3.SubAssign(d)
@@ -108,10 +111,10 @@ func (res *PointProjective) Add(p *PointProjective, q *PointProjective) *PointPr
 	y3.MulAssign(g)
 	z3 := ff.NewElement().Mul(f, g)
 
-	res.X = x3
-	res.Y = y3
-	res.Z = z3
-	return res
+	p.X = x3
+	p.Y = y3
+	p.Z = z3
+	return p
 }
 
 // Point represents a point of the babyjub curve.
@@ -141,15 +144,15 @@ func (p *Point) Projective() *PointProjective {
 	}
 }
 
-// Mul multiplies the Point p by the scalar s and stores the result in res,
+// Mul multiplies the Point q by the scalar s and stores the result in p,
 // which is also returned.
-func (res *Point) Mul(s *big.Int, p *Point) *Point {
+func (p *Point) Mul(s *big.Int, q *Point) *Point {
 	resProj := &PointProjective{
 		X: ff.NewElement().SetZero(),
 		Y: ff.NewElement().SetOne(),
 		Z: ff.NewElement().SetOne(),
 	}
-	exp := p.Projective()
+	exp := q.Projective()
 
 	for i := 0; i < s.BitLen(); i++ {
 		if s.Bit(i) == 1 {
@@ -157,8 +160,8 @@ func (res *Point) Mul(s *big.Int, p *Point) *Point {
 		}
 		exp = exp.Add(exp, exp)
 	}
-	res = resProj.Affine()
-	return res
+	p = resProj.Affine()
+	return p
 }
 
 // InCurve returns true when the Point p is in the babyjub curve.
@@ -200,10 +203,11 @@ func PointCoordSign(c *big.Int) bool {
 	return c.Cmp(new(big.Int).Rsh(constants.Q, 1)) == 1
 }
 
+// PackPoint packs a point into a 32 byte array
 func PackPoint(ay *big.Int, sign bool) [32]byte {
 	leBuf := utils.BigIntLEBytes(ay)
 	if sign {
-		leBuf[31] = leBuf[31] | 0x80
+		leBuf[31] = leBuf[31] | 0x80 //nolint:gomnd
 	}
 	return leBuf
 }
@@ -219,9 +223,9 @@ func (p *Point) Compress() [32]byte {
 // Point.  Returns error if the compressed Point is invalid.
 func (p *Point) Decompress(leBuf [32]byte) (*Point, error) {
 	sign := false
-	if (leBuf[31] & 0x80) != 0x00 {
+	if (leBuf[31] & 0x80) != 0x00 { //nolint:gomnd
 		sign = true
-		leBuf[31] = leBuf[31] & 0x7F
+		leBuf[31] = leBuf[31] & 0x7F //nolint:gomnd
 	}
 	utils.SetBigIntFromLEBytes(p.Y, leBuf[:])
 	return PointFromSignAndY(sign, p.Y)

babyjub/babyjub_test.go

@@ -44,7 +44,9 @@ func TestAdd2(t *testing.T) {
 		c.Y.String())
 
 	d := NewPointProjective().Add(c.Projective(), c.Projective()).Affine()
-	assert.Equal(t, "2f6458832049e917c95867185a96621336df33e13c98e81d1ef4928cdbb77772", hex.EncodeToString(d.X.Bytes()))
+	assert.Equal(t,
+		"2f6458832049e917c95867185a96621336df33e13c98e81d1ef4928cdbb77772",
+		hex.EncodeToString(d.X.Bytes()))
 
 	// Projective
 	aP := a.Projective()
@@ -52,7 +54,6 @@ func TestAdd2(t *testing.T) {
 	cP := NewPointProjective().Add(aP, bP)
 	c2 := cP.Affine()
 	assert.Equal(t, c, c2)
-
 }
 
 func TestAdd3(t *testing.T) {
@@ -225,7 +226,9 @@ func TestCompressDecompress1(t *testing.T) {
 	p := &Point{X: x, Y: y}
 
 	buf := p.Compress()
-	assert.Equal(t, "53b81ed5bffe9545b54016234682e7b2f699bd42a5e9eae27ff4051bc698ce85", hex.EncodeToString(buf[:]))
+	assert.Equal(t,
+		"53b81ed5bffe9545b54016234682e7b2f699bd42a5e9eae27ff4051bc698ce85",
+		hex.EncodeToString(buf[:]))
 
 	p2, err := NewPoint().Decompress(buf)
 	assert.Equal(t, nil, err)
@@ -241,7 +244,9 @@ func TestCompressDecompress2(t *testing.T) {
 	p := &Point{X: x, Y: y}
 
 	buf := p.Compress()
-	assert.Equal(t, "e114eb17eddf794f063a68fecac515e3620e131976108555735c8b0773929709", hex.EncodeToString(buf[:]))
+	assert.Equal(t,
+		"e114eb17eddf794f063a68fecac515e3620e131976108555735c8b0773929709",
+		hex.EncodeToString(buf[:]))
 
 	p2, err := NewPoint().Decompress(buf)
 	assert.Equal(t, nil, err)
@@ -263,7 +268,7 @@ func TestCompressDecompressRnd(t *testing.T) {
 func BenchmarkBabyjub(b *testing.B) {
 	const n = 256
 
-	rnd := rand.New(rand.NewSource(42))
+	rnd := rand.New(rand.NewSource(42)) //nolint:gosec
 
 	var badpoints [n]*Point
 	for i := 0; i < n; i++ {

babyjub/eddsa.go

@@ -1,15 +1,16 @@
+// Package babyjub eddsa implements the EdDSA over the BabyJubJub curve
+//nolint:gomnd
 package babyjub
 
 import (
 	"crypto/rand"
 	"database/sql/driver"
 	"fmt"
+	"math/big"
 
 	"github.com/iden3/go-iden3-crypto/mimc7"
 	"github.com/iden3/go-iden3-crypto/poseidon"
 	"github.com/iden3/go-iden3-crypto/utils"
-
-	"math/big"
 )
 
 // pruneBuffer prunes the buffer during key generation according to RFC 8032.
@@ -55,7 +56,7 @@ func SkToBigInt(k *PrivateKey) *big.Int {
 	return s
 }
 
-// Pub returns the public key corresponding to a private key.
+// Public returns the public key corresponding to a private key.
 func (k *PrivateKey) Public() *PublicKey {
 	return k.Scalar().Public()
 }
@@ -69,8 +70,8 @@ func NewPrivKeyScalar(s *big.Int) *PrivKeyScalar {
 	return &sk
 }
 
-// Pub returns the public key corresponding to the scalar value s of a private
-// key.
+// Public returns the public key corresponding to the scalar value s of a
+// private key.
 func (s *PrivKeyScalar) Public() *PublicKey {
 	p := NewPoint().Mul((*big.Int)(s), B8)
 	pk := PublicKey(*p)
@@ -85,16 +86,19 @@ func (s *PrivKeyScalar) BigInt() *big.Int {
 // PublicKey represents an EdDSA public key, which is a curve point.
 type PublicKey Point
 
+// MarshalText implements the marshaler for PublicKey
 func (pk PublicKey) MarshalText() ([]byte, error) {
 	pkc := pk.Compress()
 	return utils.Hex(pkc[:]).MarshalText()
 }
 
+// String returns the string representation of the PublicKey
 func (pk PublicKey) String() string {
 	pkc := pk.Compress()
 	return utils.Hex(pkc[:]).String()
 }
 
+// UnmarshalText implements the unmarshaler for the PublicKey
 func (pk *PublicKey) UnmarshalText(h []byte) error {
 	var pkc PublicKeyComp
 	if err := utils.HexDecodeInto(pkc[:], h); err != nil {
@@ -109,24 +113,35 @@ func (pk *PublicKey) UnmarshalText(h []byte) error {
 }
 
 // Point returns the Point corresponding to a PublicKey.
-func (p *PublicKey) Point() *Point {
-	return (*Point)(p)
+func (pk *PublicKey) Point() *Point {
+	return (*Point)(pk)
 }
 
 // PublicKeyComp represents a compressed EdDSA Public key; it's a compressed curve
 // point.
 type PublicKeyComp [32]byte
 
-func (buf PublicKeyComp) MarshalText() ([]byte, error)  { return utils.Hex(buf[:]).MarshalText() }
-func (buf PublicKeyComp) String() string                { return utils.Hex(buf[:]).String() }
-func (buf *PublicKeyComp) UnmarshalText(h []byte) error { return utils.HexDecodeInto(buf[:], h) }
-
-func (p *PublicKey) Compress() PublicKeyComp {
-	return PublicKeyComp((*Point)(p).Compress())
+// MarshalText implements the marshaler for the PublicKeyComp
+func (pkComp PublicKeyComp) MarshalText() ([]byte, error) {
+	return utils.Hex(pkComp[:]).MarshalText()
 }
 
-func (p *PublicKeyComp) Decompress() (*PublicKey, error) {
-	point, err := NewPoint().Decompress(*p)
+// String returns the string representation of the PublicKeyComp
+func (pkComp PublicKeyComp) String() string { return utils.Hex(pkComp[:]).String() }
+
+// UnmarshalText implements the unmarshaler for the PublicKeyComp
+func (pkComp *PublicKeyComp) UnmarshalText(h []byte) error {
+	return utils.HexDecodeInto(pkComp[:], h)
+}
+
+// Compress returns the PublicKeyCompr for the given PublicKey
+func (pk *PublicKey) Compress() PublicKeyComp {
+	return PublicKeyComp((*Point)(pk).Compress())
+}
+
+// Decompress returns the PublicKey for the given PublicKeyComp
+func (pkComp *PublicKeyComp) Decompress() (*PublicKey, error) {
+	point, err := NewPoint().Decompress(*pkComp)
 	if err != nil {
 		return nil, err
 	}
@@ -143,9 +158,18 @@ type Signature struct {
 // SignatureComp represents a compressed EdDSA signature.
 type SignatureComp [64]byte
 
-func (buf SignatureComp) MarshalText() ([]byte, error)  { return utils.Hex(buf[:]).MarshalText() }
-func (buf SignatureComp) String() string                { return utils.Hex(buf[:]).String() }
-func (buf *SignatureComp) UnmarshalText(h []byte) error { return utils.HexDecodeInto(buf[:], h) }
+// MarshalText implements the marshaler for the SignatureComp
+func (sComp SignatureComp) MarshalText() ([]byte, error) {
+	return utils.Hex(sComp[:]).MarshalText()
+}
+
+// String returns the string representation of the SignatureComp
+func (sComp SignatureComp) String() string { return utils.Hex(sComp[:]).String() }
+
+// UnmarshalText implements the unmarshaler for the SignatureComp
+func (sComp *SignatureComp) UnmarshalText(h []byte) error {
+	return utils.HexDecodeInto(sComp[:], h)
+}
 
 // Compress an EdDSA signature by concatenating the compression of
 // the point R8 and the Little-Endian encoding of S.
@@ -173,12 +197,12 @@ func (s *Signature) Decompress(buf [64]byte) (*Signature, error) {
 
 // Decompress a compressed signature.  Returns error if the Point decompression
 // fails.
-func (s *SignatureComp) Decompress() (*Signature, error) {
-	return new(Signature).Decompress(*s)
+func (sComp *SignatureComp) Decompress() (*Signature, error) {
+	return new(Signature).Decompress(*sComp)
 }
 
 // Scan implements Scanner for database/sql.
-func (s *SignatureComp) Scan(src interface{}) error {
+func (sComp *SignatureComp) Scan(src interface{}) error {
 	srcB, ok := src.([]byte)
 	if !ok {
 		return fmt.Errorf("can't scan %T into Signature", src)
@@ -186,13 +210,13 @@ func (s *SignatureComp) Scan(src interface{}) error {
 	if len(srcB) != 64 {
 		return fmt.Errorf("can't scan []byte of len %d into Signature, want %d", len(srcB), 64)
 	}
-	copy(s[:], srcB[:])
+	copy(sComp[:], srcB[:])
 	return nil
 }
 
 // Value implements valuer for database/sql.
-func (s SignatureComp) Value() (driver.Value, error) {
-	return s[:], nil
+func (sComp SignatureComp) Value() (driver.Value, error) {
+	return sComp[:], nil
 }
 
 // Scan implements Scanner for database/sql.
@@ -243,8 +267,8 @@ func (k *PrivateKey) SignMimc7(msg *big.Int) *Signature {
 
 // VerifyMimc7 verifies the signature of a message encoded as a big.Int in Zq
 // using blake-512 hash for buffer hashing and mimc7 for big.Int hashing.
-func (p *PublicKey) VerifyMimc7(msg *big.Int, sig *Signature) bool {
-	hmInput := []*big.Int{sig.R8.X, sig.R8.Y, p.X, p.Y, msg}
+func (pk *PublicKey) VerifyMimc7(msg *big.Int, sig *Signature) bool {
+	hmInput := []*big.Int{sig.R8.X, sig.R8.Y, pk.X, pk.Y, msg}
 	hm, err := mimc7.Hash(hmInput, nil) // hm = H1(8*R.x, 8*R.y, A.x, A.y, msg)
 	if err != nil {
 		return false
@@ -253,7 +277,7 @@ func (p *PublicKey) VerifyMimc7(msg *big.Int, sig *Signature) bool {
 	left := NewPoint().Mul(sig.S, B8) // left = s * 8 * B
 	r1 := big.NewInt(8)
 	r1.Mul(r1, hm)
-	right := NewPoint().Mul(r1, p.Point())
+	right := NewPoint().Mul(r1, pk.Point())
 	rightProj := right.Projective()
 	rightProj.Add(sig.R8.Projective(), rightProj) // right = 8 * R + 8 * hm * A
 	right = rightProj.Affine()
@@ -289,8 +313,8 @@ func (k *PrivateKey) SignPoseidon(msg *big.Int) *Signature {
 
 // VerifyPoseidon verifies the signature of a message encoded as a big.Int in Zq
 // using blake-512 hash for buffer hashing and Poseidon for big.Int hashing.
-func (p *PublicKey) VerifyPoseidon(msg *big.Int, sig *Signature) bool {
-	hmInput := []*big.Int{sig.R8.X, sig.R8.Y, p.X, p.Y, msg}
+func (pk *PublicKey) VerifyPoseidon(msg *big.Int, sig *Signature) bool {
+	hmInput := []*big.Int{sig.R8.X, sig.R8.Y, pk.X, pk.Y, msg}
 	hm, err := poseidon.Hash(hmInput) // hm = H1(8*R.x, 8*R.y, A.x, A.y, msg)
 	if err != nil {
 		return false
@@ -299,7 +323,7 @@ func (p *PublicKey) VerifyPoseidon(msg *big.Int, sig *Signature) bool {
 	left := NewPoint().Mul(sig.S, B8) // left = s * 8 * B
 	r1 := big.NewInt(8)
 	r1.Mul(r1, hm)
-	right := NewPoint().Mul(r1, p.Point())
+	right := NewPoint().Mul(r1, pk.Point())
 	rightProj := right.Projective()
 	rightProj.Add(sig.R8.Projective(), rightProj) // right = 8 * R + 8 * hm * A
 	right = rightProj.Affine()
@@ -307,7 +331,7 @@ func (p *PublicKey) VerifyPoseidon(msg *big.Int, sig *Signature) bool {
 }
 
 // Scan implements Scanner for database/sql.
-func (p *PublicKey) Scan(src interface{}) error {
+func (pk *PublicKey) Scan(src interface{}) error {
 	srcB, ok := src.([]byte)
 	if !ok {
 		return fmt.Errorf("can't scan %T into PublicKey", src)
@@ -321,12 +345,12 @@ func (p *PublicKey) Scan(src interface{}) error {
 	if err != nil {
 		return err
 	}
-	*p = *decomp
+	*pk = *decomp
 	return nil
 }
 
 // Value implements valuer for database/sql.
-func (p PublicKey) Value() (driver.Value, error) {
-	comp := p.Compress()
+func (pk PublicKey) Value() (driver.Value, error) {
+	comp := pk.Compress()
 	return comp[:], nil
 }

babyjub/eddsa_test.go

@@ -1,14 +1,13 @@
 package babyjub
 
 import (
+	"database/sql"
+	"database/sql/driver"
 	"encoding/hex"
 	"fmt"
 	"math/big"
 	"testing"
 
-	"database/sql"
-	"database/sql/driver"
-
 	"github.com/iden3/go-iden3-crypto/constants"
 	"github.com/iden3/go-iden3-crypto/utils"
 	"github.com/stretchr/testify/assert"
@@ -27,7 +26,8 @@ func TestPublicKey(t *testing.T) {
 
 func TestSignVerifyMimc7(t *testing.T) {
 	var k PrivateKey
-	_, err := hex.Decode(k[:], []byte("0001020304050607080900010203040506070809000102030405060708090001"))
+	_, err := hex.Decode(k[:],
+		[]byte("0001020304050607080900010203040506070809000102030405060708090001"))
 	require.Nil(t, err)
 	msgBuf, err := hex.DecodeString("00010203040506070809")
 	if err != nil {
@@ -72,7 +72,8 @@ func TestSignVerifyMimc7(t *testing.T) {
 
 func TestSignVerifyPoseidon(t *testing.T) {
 	var k PrivateKey
-	_, err := hex.Decode(k[:], []byte("0001020304050607080900010203040506070809000102030405060708090001"))
+	_, err := hex.Decode(k[:],
+		[]byte("0001020304050607080900010203040506070809000102030405060708090001"))
 	require.Nil(t, err)
 	msgBuf, err := hex.DecodeString("00010203040506070809")
 	if err != nil {
@@ -117,7 +118,8 @@ func TestSignVerifyPoseidon(t *testing.T) {
 
 func TestCompressDecompress(t *testing.T) {
 	var k PrivateKey
-	_, err := hex.Decode(k[:], []byte("0001020304050607080900010203040506070809000102030405060708090001"))
+	_, err := hex.Decode(k[:],
+		[]byte("0001020304050607080900010203040506070809000102030405060708090001"))
 	require.Nil(t, err)
 	pk := k.Public()
 	for i := 0; i < 64; i++ {
@@ -175,7 +177,8 @@ func TestPubKeyScannerValuer(t *testing.T) {
 
 func BenchmarkBabyjubEddsa(b *testing.B) {
 	var k PrivateKey
-	_, err := hex.Decode(k[:], []byte("0001020304050607080900010203040506070809000102030405060708090001"))
+	_, err := hex.Decode(k[:],
+		[]byte("0001020304050607080900010203040506070809000102030405060708090001"))
 	require.Nil(b, err)
 	pk := k.Public()
 

babyjub/helpers.go

@@ -1,9 +1,13 @@
 package babyjub
 
 import (
-	"github.com/dchest/blake512" // I have personally reviewed that this module doesn't do anything suspicious
+	"github.com/dchest/blake512"
 )
 
+// Note on dchest/blake512: This specific blake512 module is compatible with
+// the version of Blake512 used at circomlib, and this module has been reviewed
+// to don't be doing do anything suspicious.
+
 // Blake512 performs the blake-512 hash over the buffer m.  Note that this is
 // the original blake from the SHA3 competition and not the new blake2 version.
 func Blake512(m []byte) []byte {