Lint, errcheck, vet, deadcode on ProtonMail-provided code.

Halfway through

Halfway through

Finished first pass

Solving tests.

Relaxing a bit on useless comments, but frowning.

Fix comment

Linted openpgp/packet, at least some of it

Reverting ID -> Id

Reverting Fingerprint -> FingerPrint

Solving tests

Relaxing on some useless comment and reverting Fingerprint -> FingerPrint

Missing parenthesis

Corrected exported object comments globally

argon2/argon2.go

@@ -43,7 +43,7 @@ import (
 	"golang.org/x/crypto/blake2b"
 )
 
-// The Argon2 version implemented by this package.
+// Version represents the Argon2 version implemented by this package.
 const Version = 0x13
 
 const (

bcrypt/bcrypt.go

@@ -24,23 +24,21 @@ const (
 	DefaultCost int = 10 // the cost that will actually be set if a cost below MinCost is passed into GenerateFromPassword
 )
 
-// The error returned from CompareHashAndPassword when a password and hash do
-// not match.
+// ErrMismatchedHashAndPassword is returned from CompareHashAndPassword when a password and hash do not match.
 var ErrMismatchedHashAndPassword = errors.New("crypto/bcrypt: hashedPassword is not the hash of the given password")
 
-// The error returned from CompareHashAndPassword when a hash is too short to
-// be a bcrypt hash.
+// ErrHashTooShort is returned from CompareHashAndPassword when a hash is too short to be a bcrypt hash.
 var ErrHashTooShort = errors.New("crypto/bcrypt: hashedSecret too short to be a bcrypted password")
 
-// The error returned from CompareHashAndPassword when a hash was created with
-// a bcrypt algorithm newer than this implementation.
+// HashVersionTooNewError is returned from CompareHashAndPassword when a hash was created with // a bcrypt algorithm
+// newer than this implementation.
 type HashVersionTooNewError byte
 
 func (hv HashVersionTooNewError) Error() string {
 	return fmt.Sprintf("crypto/bcrypt: bcrypt algorithm version '%c' requested is newer than current version '%c'", byte(hv), majorVersion)
 }
 
-// The error returned from CompareHashAndPassword when a hash starts with something other than '$'
+// InvalidHashPrefixError is returned from CompareHashAndPassword when a hash starts with something other than '$'
 type InvalidHashPrefixError byte
 
 func (ih InvalidHashPrefixError) Error() string {

bitcurves/bitcurve.go

@@ -33,6 +33,7 @@ type BitCurve struct {
 	BitSize int      // the size of the underlying field
 }
 
+// Params returns an elliptic.CurveParams with the given BitCurve parameters.
 func (BitCurve *BitCurve) Params() (cp *elliptic.CurveParams) {
 	cp = new (elliptic.CurveParams)
 	cp.Name = BitCurve.Name
@@ -44,7 +45,7 @@ func (BitCurve *BitCurve) Params() (cp *elliptic.CurveParams) {
 	return cp
 }
 
-// IsOnBitCurve returns true if the given (x,y) lies on the BitCurve.
+// IsOnCurve returns true if the given (x,y) lies on the BitCurve.
 func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool {
 	// y² = x³ + b
 	y2 := new(big.Int).Mul(y, y)//y²
@@ -185,8 +186,8 @@ func (BitCurve *BitCurve) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int,
 	return x3, y3, z3
 }
 
-//TODO: double check if it is okay
 // ScalarMult returns k*(Bx,By) where k is a number in big-endian form.
+//TODO: double check if it is okay
 func (BitCurve *BitCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
 	// We have a slight problem in that the identity of the group (the
 	// point at infinity) cannot be represented in (x, y) form on a finite
@@ -233,9 +234,9 @@ func (BitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
 
 var mask = []byte{0xff, 0x1, 0x3, 0x7, 0xf, 0x1f, 0x3f, 0x7f}
 
-//TODO: double check if it is okay
 // GenerateKey returns a public/private key pair. The private key is generated
 // using the given reader, which must return random data.
+//TODO: double check if it is okay
 func (BitCurve *BitCurve) GenerateKey(rand io.Reader) (priv []byte, x, y *big.Int, err error) {
 	byteLen := (BitCurve.BitSize + 7) >> 3
 	priv = make([]byte, byteLen)
@@ -372,4 +373,4 @@ func S224() *BitCurve {
 func S256() *BitCurve {
 	initonce.Do(initAll)
 	return secp256k1
-}
+}

blake2b/blake2b.go

@@ -23,13 +23,13 @@ import (
 )
 
 const (
-	// The blocksize of BLAKE2b in bytes.
+	// BlockSize of BLAKE2b in bytes.
 	BlockSize = 128
-	// The hash size of BLAKE2b-512 in bytes.
+	// Size is the hash size of BLAKE2b-512 in bytes.
 	Size = 64
-	// The hash size of BLAKE2b-384 in bytes.
+	// Size384 is the hash size of BLAKE2b-384 in bytes.
 	Size384 = 48
-	// The hash size of BLAKE2b-256 in bytes.
+	// Size256 is the hash size of BLAKE2b-256 in bytes.
 	Size256 = 32
 )
 

blake2s/blake2s.go

@@ -23,13 +23,13 @@ import (
 )
 
 const (
-	// The blocksize of BLAKE2s in bytes.
+	// BlockSize is the blocksize of BLAKE2s in bytes.
 	BlockSize = 64
 
-	// The hash size of BLAKE2s-256 in bytes.
+	// Size is the hash size of BLAKE2s-256 in bytes.
 	Size = 32
 
-	// The hash size of BLAKE2s-128 in bytes.
+	// Size128 is the hash size of BLAKE2s-128 in bytes.
 	Size128 = 16
 )
 

blowfish/cipher.go

@@ -18,7 +18,7 @@ package blowfish // import "golang.org/x/crypto/blowfish"
 
 import "strconv"
 
-// The Blowfish block size in bytes.
+// BlockSize is the Blowfish block size in bytes.
 const BlockSize = 8
 
 // A Cipher is an instance of Blowfish encryption using a particular key.

bn256/bn256.go

@@ -162,7 +162,7 @@ type G2 struct {
 	p *twistPoint
 }
 
-// RandomG1 returns x and g₂ˣ where x is a random, non-zero number read from r.
+// RandomG2 returns x and g₂ˣ where x is a random, non-zero number read from r.
 func RandomG2(r io.Reader) (*big.Int, *G2, error) {
 	var k *big.Int
 	var err error

brainpool/brainpool.go

@@ -131,4 +131,4 @@ func P512t1() elliptic.Curve {
 func P512r1() elliptic.Curve {
 	once.Do(initAll)
 	return p512r1
-}
+}

brainpool/rcurve.go

@@ -80,4 +80,4 @@ func (curve *rcurve) ScalarMult(x1, y1 *big.Int, scalar []byte) (x, y *big.Int)
 
 func (curve *rcurve) ScalarBaseMult(scalar []byte) (x, y *big.Int) {
 	return curve.fromTwisted(curve.twisted.ScalarBaseMult(scalar))
-}
+}

cryptobyte/asn1.go

@@ -487,7 +487,7 @@ func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
 	return true
 }
 
-// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances. It is
+// ReadASN1BitStringAsBytes decodes an ASN.1 BIT STRING into out and advances. It is
 // an error if the BIT STRING is not a whole number of bytes. It reports
 // whether the read was successful.
 func (s *String) ReadASN1BitStringAsBytes(out *[]byte) bool {

internal/chacha20/chacha_generic.go

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package ChaCha20 implements the core ChaCha20 function as specified
+// Package chacha20 implements the core ChaCha20 function as specified
 // in https://tools.ietf.org/html/rfc7539#section-2.3.
 package chacha20
 

internal/randutil/randutil.go

@@ -33,6 +33,9 @@ func MaybeReadByte(r io.Reader) {
 		return
 	case <-closedChan:
 		var buf [1]byte
-		r.Read(buf[:])
+		_, err := r.Read(buf[:])
+		if err != nil {
+			panic(err)
+		}
 	}
 }

md4/md4.go

@@ -18,10 +18,10 @@ func init() {
 	crypto.RegisterHash(crypto.MD4, New)
 }
 
-// The size of an MD4 checksum in bytes.
+// Size of an MD4 checksum in bytes.
 const Size = 16
 
-// The blocksize of MD4 in bytes.
+// BlockSize of MD4 in bytes.
 const BlockSize = 64
 
 const (

openpgp/canonical_text.go

@@ -20,26 +20,44 @@ type canonicalTextHash struct {
 	s int
 }
 
+// Auxiliary struct to optimize error checking (from
+// https://blog.golang.org/errors-are-values)
+type errWriter struct {
+	w   io.Writer
+	err error
+}
+
+func (ew *errWriter) write(buf []byte) {
+	if ew.err != nil {
+		return
+	}
+	_, ew.err = ew.w.Write(buf)
+}
+
 var newline = []byte{'\r', '\n'}
 
 func writeCanonical(cw io.Writer, buf []byte, s *int) (int, error) {
 	start := 0
+	ew := &errWriter{w: cw}
 	for i, c := range buf {
 		switch *s {
 		case 0:
 			if c == '\r' {
 				*s = 1
 			} else if c == '\n' {
-				cw.Write(buf[start:i])
-				cw.Write(newline)
+				ew.write(buf[start:i])
+				ew.write(newline)
 				start = i + 1
 			}
 		case 1:
 			*s = 0
 		}
 	}
 
-	cw.Write(buf[start:])
+	ew.write(buf[start:])
+	if ew.err != nil {
+		return 0, ew.err
+	}
 	return len(buf), nil
 }
 

openpgp/clearsign/clearsign.go

@@ -214,15 +214,30 @@ type dashEscaper struct {
 	config      *packet.Config
 }
 
+// Auxiliary struct to optimize error checking (from
+// https://blog.golang.org/errors-are-values)
+type errWriter struct {
+	w   io.Writer
+	err error
+}
+
+func (ew *errWriter) write(buf []byte) {
+	if ew.err != nil {
+		return
+	}
+	_, ew.err = ew.w.Write(buf)
+}
+
 func (d *dashEscaper) Write(data []byte) (n int, err error) {
+	ew := &errWriter{w: d.toHash}
 	for _, b := range data {
 		d.byteBuf[0] = b
 
 		if d.atBeginningOfLine {
 			// The final CRLF isn't included in the hash so we have to wait
 			// until this point (the start of the next line) before writing it.
 			if !d.isFirstLine {
-				d.toHash.Write(crlf)
+				ew.write(crlf)
 			}
 			d.isFirstLine = false
 		}
@@ -243,12 +258,12 @@ func (d *dashEscaper) Write(data []byte) (n int, err error) {
 				if _, err = d.buffered.Write(dashEscape); err != nil {
 					return
 				}
-				d.toHash.Write(d.byteBuf)
+				ew.write(d.byteBuf)
 				d.atBeginningOfLine = false
 			} else if b == '\n' {
 				// Nothing to do because we delay writing CRLF to the hash.
 			} else {
-				d.toHash.Write(d.byteBuf)
+				ew.write(d.byteBuf)
 				d.atBeginningOfLine = false
 			}
 			if err = d.buffered.WriteByte(b); err != nil {
@@ -269,13 +284,13 @@ func (d *dashEscaper) Write(data []byte) (n int, err error) {
 				// Any buffered whitespace wasn't at the end of the line so
 				// we need to write it out.
 				if len(d.whitespace) > 0 {
-					d.toHash.Write(d.whitespace)
+					ew.write(d.whitespace)
 					if _, err = d.buffered.Write(d.whitespace); err != nil {
 						return
 					}
 					d.whitespace = d.whitespace[:0]
 				}
-				d.toHash.Write(d.byteBuf)
+				ew.write(d.byteBuf)
 				if err = d.buffered.WriteByte(b); err != nil {
 					return
 				}
@@ -284,6 +299,9 @@ func (d *dashEscaper) Write(data []byte) (n int, err error) {
 	}
 
 	n = len(data)
+	if err == nil {
+		err = ew.err
+	}
 	return
 }
 

openpgp/ecdh/ecdh.go

@@ -18,23 +18,27 @@ import (
 	"golang.org/x/crypto/openpgp/internal/ecc"
 )
 
+// KDF is the Key Derivation Function as Specified in RFC 6637, section 7.
 type KDF struct {
 	Hash   algorithm.Hash
 	Cipher algorithm.Cipher
 }
 
+// PublicKey represents an ECDH public key.
 type PublicKey struct {
 	ecc.CurveType
 	elliptic.Curve
 	X, Y *big.Int
 	KDF
 }
 
+// PrivateKey represents an ECDH private key.
 type PrivateKey struct {
-	PublicKey
 	D []byte
+	PublicKey
 }
 
+// GenerateKey returns a PrivateKey object and an eventual error.
 func GenerateKey(c elliptic.Curve, kdf KDF, rand io.Reader) (priv *PrivateKey, err error) {
 	priv = new(PrivateKey)
 	priv.PublicKey.Curve = c
@@ -43,6 +47,10 @@ func GenerateKey(c elliptic.Curve, kdf KDF, rand io.Reader) (priv *PrivateKey, e
 	return
 }
 
+// Encrypt encrypts the given message to the given key. It first generates the
+// shared secret from the given random reader, and proceeds to encrypt. It
+// returns the generated key pair in compressed form, the ciphertext, and an
+// eventual error.
 func Encrypt(random io.Reader, pub *PublicKey, msg, curveOID, fingerprint []byte) (vsG, c []byte, err error) {
 	if len(msg) > 40 {
 		return nil, nil, errors.New("ecdh: message too long")
@@ -86,6 +94,8 @@ func Encrypt(random io.Reader, pub *PublicKey, msg, curveOID, fingerprint []byte
 
 }
 
+// Decrypt decrypts the given message with the given private key. It returns a
+// plaintext and an eventual error.
 func Decrypt(priv *PrivateKey, vsG, m, curveOID, fingerprint []byte) (msg []byte, err error) {
 	if priv.PublicKey.CurveType == ecc.Curve25519 {
 		return X25519Decrypt(priv, vsG, m, curveOID, fingerprint)