Second linter pass

square · May 29, 2019 · fd01c01 · fd01c01
1 parent 7c504fa
commit fd01c01
Show file tree

Hide file tree

Showing 11 changed files with 150 additions and 66 deletions.
diff --git a/asymmetric_test.go b/asymmetric_test.go
@@ -165,18 +165,21 @@ func TestInvalidECDecrypt(t *testing.T) {
 
 	// Missing epk header
 	headers := rawHeader{}
-	headers.set(headerAlgorithm, ECDH_ES)
 
-	_, err := dec.decryptKey(headers, nil, generator)
-	if err == nil {
+	if err := headers.set(headerAlgorithm, ECDH_ES); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := dec.decryptKey(headers, nil, generator); err == nil {
 		t.Error("ec decrypter accepted object with missing epk header")
 	}
 
 	// Invalid epk header
-	headers.set(headerEPK, &JSONWebKey{})
+	if err := headers.set(headerEPK, &JSONWebKey{}); err == nil {
+		t.Fatal("epk header should be invalid")
+	}
 
-	_, err = dec.decryptKey(headers, nil, generator)
-	if err == nil {
+	if _, err := dec.decryptKey(headers, nil, generator); err == nil {
 		t.Error("ec decrypter accepted object with invalid epk header")
 	}
 }
@@ -353,7 +356,7 @@ func TestInvalidEllipticCurve(t *testing.T) {
 	}
 }
 
-func estInvalidECPublicKey(t *testing.T) {
+func TestInvalidECPublicKey(t *testing.T) {
 	// Invalid key
 	invalid := &ecdsa.PrivateKey{
 		PublicKey: ecdsa.PublicKey{
@@ -365,17 +368,20 @@ func estInvalidECPublicKey(t *testing.T) {
 	}
 
 	headers := rawHeader{}
-	headers.set(headerAlgorithm, ECDH_ES)
-	headers.set(headerEPK, &JSONWebKey{
-		Key: &invalid.PublicKey,
-	})
+
+	if err := headers.set(headerAlgorithm, ECDH_ES); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := headers.set(headerEPK, &JSONWebKey{Key: &invalid.PublicKey}); err != nil {
+		t.Fatal(err)
+	}
 
 	dec := ecDecrypterSigner{
 		privateKey: ecTestKey256,
 	}
 
-	_, err := dec.decryptKey(headers, nil, randomKeyGenerator{size: 16})
-	if err == nil {
+	if _, err := dec.decryptKey(headers, nil, randomKeyGenerator{size: 16}); err == nil {
 		t.Fatal("decrypter accepted JWS with invalid ECDH public key")
 	}
 }

diff --git a/cipher/cbc_hmac_test.go b/cipher/cbc_hmac_test.go
@@ -271,12 +271,17 @@ func TestTruncatedCiphertext(t *testing.T) {
 	nonce := make([]byte, 16)
 	data := make([]byte, 32)
 
-	io.ReadFull(rand.Reader, key)
-	io.ReadFull(rand.Reader, nonce)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		t.Fatal(err)
+	}
 
 	aead, err := NewCBCHMAC(key, aes.NewCipher)
 	if err != nil {
-		panic(err)
+		t.Fatal(err)
 	}
 
 	ctx := aead.(*cbcAEAD)
@@ -301,8 +306,13 @@ func TestInvalidPaddingOpen(t *testing.T) {
 	plaintext := padBuffer(make([]byte, 28), aes.BlockSize)
 	plaintext[len(plaintext)-1] = 0xFF
 
-	io.ReadFull(rand.Reader, key)
-	io.ReadFull(rand.Reader, nonce)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		t.Fatal(err)
+	}
 
 	block, _ := aes.NewCipher(key)
 	cbc := cipher.NewCBCEncrypter(block, nonce)
@@ -369,14 +379,19 @@ func benchEncryptCBCHMAC(b *testing.B, keySize, chunkSize int) {
 	key := make([]byte, keySize*2)
 	nonce := make([]byte, 16)
 
-	io.ReadFull(rand.Reader, key)
-	io.ReadFull(rand.Reader, nonce)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		b.Fatal(err)
+	}
+
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		b.Fatal(err)
+	}
 
 	chunk := make([]byte, chunkSize)
 
 	aead, err := NewCBCHMAC(key, aes.NewCipher)
 	if err != nil {
-		panic(err)
+		b.Fatal(err)
 	}
 
 	b.SetBytes(int64(chunkSize))
@@ -390,22 +405,29 @@ func benchDecryptCBCHMAC(b *testing.B, keySize, chunkSize int) {
 	key := make([]byte, keySize*2)
 	nonce := make([]byte, 16)
 
-	io.ReadFull(rand.Reader, key)
-	io.ReadFull(rand.Reader, nonce)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		b.Fatal(err)
+	}
+
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		b.Fatal(err)
+	}
 
 	chunk := make([]byte, chunkSize)
 
 	aead, err := NewCBCHMAC(key, aes.NewCipher)
 	if err != nil {
-		panic(err)
+		b.Fatal(err)
 	}
 
 	out := aead.Seal(nil, nonce, chunk, nil)
 
 	b.SetBytes(int64(chunkSize))
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		aead.Open(nil, nonce, out, nil)
+		if _, err = aead.Open(nil, nonce, out, nil); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 

diff --git a/cipher/ecdh_es_test.go b/cipher/ecdh_es_test.go
@@ -68,7 +68,11 @@ func TestVectorECDHES(t *testing.T) {
 }
 
 func TestInvalidECPublicKey(t *testing.T) {
-	defer func() { recover() }()
+	defer func() {
+		if r := recover(); r == nil {
+			panic("panic expected")
+		}
+	}()
 
 	// Invalid key
 	invalid := &ecdsa.PrivateKey{

diff --git a/cipher/key_wrap_test.go b/cipher/key_wrap_test.go
@@ -116,7 +116,9 @@ func BenchmarkAesKeyWrap(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		KeyWrap(block, key)
+		if _, err := KeyWrap(block, key); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 
@@ -128,6 +130,8 @@ func BenchmarkAesKeyUnwrap(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		KeyUnwrap(block, input)
+		if _, err := KeyUnwrap(block, input); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
diff --git a/crypter_test.go b/crypter_test.go
@@ -176,7 +176,9 @@ func TestRoundtripsJWECorrupted(t *testing.T) {
 			if skip {
 				return true
 			}
-			obj.protected.set(headerTag, tag)
+			if err := obj.protected.set(headerTag, tag); err != nil {
+				t.Fatal(err)
+			}
 			return false
 		},
 	}
@@ -694,22 +696,6 @@ func generateTestKeys(keyAlg KeyAlgorithm, encAlg ContentEncryption) []testKey {
 	panic("Must update test case")
 }
 
-func RunRoundtripsJWE(b *testing.B, alg KeyAlgorithm, enc ContentEncryption, zip CompressionAlgorithm, priv, pub interface{}) {
-	serializer := func(obj *JSONWebEncryption) (string, error) {
-		return obj.CompactSerialize()
-	}
-
-	corrupter := func(obj *JSONWebEncryption) bool { return false }
-
-	b.ResetTimer()
-	for i := 0; i < b.N; i++ {
-		err := RoundtripJWE(alg, enc, zip, serializer, corrupter, nil, pub, priv)
-		if err != nil {
-			b.Error(err)
-		}
-	}
-}
-
 var (
 	chunks = map[string][]byte{
 		"1B":   make([]byte, 1),
@@ -881,7 +867,9 @@ func benchEncrypt(chunkKey, primKey string, b *testing.B) {
 
 	b.SetBytes(int64(len(data)))
 	for i := 0; i < b.N; i++ {
-		enc.Encrypt(data)
+		if _, err := enc.Encrypt(data); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 
@@ -1057,7 +1045,9 @@ func benchDecrypt(chunkKey, primKey string, b *testing.B) {
 	b.SetBytes(int64(len(chunk)))
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		data.Decrypt(dec)
+		if _, err := data.Decrypt(dec); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 

diff --git a/jwe_test.go b/jwe_test.go
@@ -123,7 +123,11 @@ func TestFullParseJWE(t *testing.T) {
 
 func TestMissingInvalidHeaders(t *testing.T) {
 	protected := &rawHeader{}
-	protected.set(headerEncryption, A128GCM)
+
+	err := protected.set(headerEncryption, A128GCM)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	obj := &JSONWebEncryption{
 		protected:   protected,
@@ -133,21 +137,32 @@ func TestMissingInvalidHeaders(t *testing.T) {
 		},
 	}
 
-	_, err := obj.Decrypt(nil)
+	_, err = obj.Decrypt(nil)
 	if err != ErrUnsupportedKeyType {
 		t.Error("should detect invalid key")
 	}
 
-	obj.unprotected.set(headerCritical, []string{"1", "2"})
+	err = obj.unprotected.set(headerCritical, []string{"1", "2"})
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	_, err = obj.Decrypt(nil)
 	if err == nil {
 		t.Error("should reject message with crit header")
 	}
 
-	obj.unprotected.set(headerCritical, nil)
+	err = obj.unprotected.set(headerCritical, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	obj.protected = &rawHeader{}
-	obj.protected.set(headerAlgorithm, RSA1_5)
+
+	err = obj.protected.set(headerAlgorithm, RSA1_5)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	_, err = obj.Decrypt(rsaTestKey)
 	if err == nil || err == ErrCryptoFailure {
@@ -220,9 +235,13 @@ func TestCompactSerialize(t *testing.T) {
 	obj := &JSONWebEncryption{
 		unprotected: &rawHeader{},
 	}
-	obj.unprotected.set(headerAlgorithm, "XYZ")
 
-	_, err := obj.CompactSerialize()
+	err := obj.unprotected.set(headerAlgorithm, "XYZ")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = obj.CompactSerialize()
 	if err == nil {
 		t.Error("Object with unprotected headers can't be compact serialized")
 	}
@@ -284,15 +303,18 @@ func TestVectorsJWE(t *testing.T) {
 	// Encrypt with a dummy key
 	encrypter, err := NewEncrypter(A256GCM, Recipient{Algorithm: RSA_OAEP, Key: publicKey}, nil)
 	if err != nil {
-		panic(err)
+		t.Fatal(err)
 	}
 
 	object, err := encrypter.Encrypt(plaintext)
 	if err != nil {
-		panic(err)
+		t.Fatal(err)
 	}
 
 	serialized, err := object.CompactSerialize()
+	if err != nil {
+		t.Fatal(err)
+	}
 	if serialized != expectedCompact {
 		t.Error("Compact serialization is not what we expected", serialized, expectedCompact)
 	}
@@ -307,7 +329,9 @@ func TestJWENilProtected(t *testing.T) {
 	key := []byte("1234567890123456")
 	serialized := `{"unprotected":{"alg":"dir","enc":"A128GCM"}}`
 	jwe, _ := ParseEncrypted(serialized)
-	jwe.Decrypt(key)
+	if _, err := jwe.Decrypt(key); err == nil {
+		t.Error(err)
+	}
 }
 
 func TestVectorsJWECorrupt(t *testing.T) {
@@ -615,5 +639,7 @@ func TestTamperedJWE(t *testing.T) {
 func TestJWEWithNullAlg(t *testing.T) {
 	// {"alg":null,"enc":"A128GCM"}
 	serialized := `{"protected":"eyJhbGciOm51bGwsImVuYyI6IkExMjhHQ00ifQ"}`
-	ParseEncrypted(serialized)
+	if _, err := ParseEncrypted(serialized); err == nil {
+		t.Error(err)
+	}
 }
diff --git a/jws_test.go b/jws_test.go
@@ -473,7 +473,9 @@ func TestNullHeaderValue(t *testing.T) {
 			t.Errorf("ParseSigned panic'd when parsing a message with a null protected header value")
 		}
 	}()
-	ParseSigned(msg)
+	if _, err := ParseSigned(msg); err != nil {
+		t.Fatal(err)
+	}
 }
 
 // Test for bug: