chore: modernize Go toolchain, CI, and lint setup

.github/workflows/ci.yml

@@ -0,0 +1,63 @@
+name: CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        go-version: ['1.23.x', '1.24.x']
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set up Go
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+        with:
+          go-version: ${{ matrix.go-version }}
+          check-latest: true
+
+      - name: Verify dependencies
+        run: go mod verify
+
+      - name: Build
+        run: go build -race -v ./...
+
+      - name: Test
+        run: go test -race -coverprofile=coverage.out -covermode=atomic -v ./...
+
+      - name: Upload coverage
+        if: matrix.go-version == '1.24.x'
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: coverage
+          path: coverage.out
+          if-no-files-found: ignore
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set up Go
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+        with:
+          go-version: '1.24.x'
+          check-latest: true
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
+        with:
+          version: v2.5.0

.github/workflows/codeql-analysis.yml

@@ -1,67 +1,47 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
 name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [master]
   schedule:
     - cron: '16 20 * * 4'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
 
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+        language: ['go']
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+      - name: Set up Go
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+        with:
+          go-version: '1.24.x'
+          check-latest: true
 
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@458d36d7d4f47d0dd16ca424c1d3cda0060f1360 # v3.35.5
+        with:
+          languages: ${{ matrix.language }}
 
-    #- run: |
-    #   make bootstrap
-    #   make release
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@458d36d7d4f47d0dd16ca424c1d3cda0060f1360 # v3.35.5
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@458d36d7d4f47d0dd16ca424c1d3cda0060f1360 # v3.35.5

.gitignore

@@ -1 +1,6 @@
 .DS_Store
+
+# Test/build artifacts
+coverage.out
+*.test
+example/example

.golangci.yml

@@ -0,0 +1,54 @@
+version: "2"
+
+run:
+  timeout: 5m
+  tests: true
+
+linters:
+  default: none
+  enable:
+    - errcheck
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    - misspell
+    - revive
+    - gosec
+    - bodyclose
+    - unconvert
+    - unparam
+    - prealloc
+    - nakedret
+    - errorlint
+    - gocritic
+    - copyloopvar
+
+  settings:
+    govet:
+      enable-all: true
+    gosec:
+      excludes:
+        - G115
+    revive:
+      rules:
+        - name: exported
+          arguments:
+            - disableStutteringCheck
+
+  exclusions:
+    rules:
+      - path: _test\.go
+        linters:
+          - errcheck
+          - gosec
+          - unparam
+      - path: example/
+        linters:
+          - errcheck
+          - gosec
+
+formatters:
+  enable:
+    - gofmt
+    - goimports

README.md

@@ -1,7 +1,7 @@
 # goSecretBoxPassword
 
-[![Go Report Card](https://goreportcard.com/badge/github.com/dwin/goSecretBoxPassword)](https://goreportcard.com/report/github.com/dwin/goSecretBoxPassword) [![GoDoc](https://godoc.org/github.com/dwin/goSecretBoxPassword?status.svg)](https://godoc.org/github.com/dwin/goSecretBoxPassword)
-[![Build Status](https://travis-ci.org/dwin/goSecretBoxPassword.svg?branch=master)](https://travis-ci.org/dwin/goSecretBoxPassword)
+[![Go Report Card](https://goreportcard.com/badge/github.com/dwin/goSecretBoxPassword)](https://goreportcard.com/report/github.com/dwin/goSecretBoxPassword) [![GoDoc](https://pkg.go.dev/badge/github.com/dwin/goSecretBoxPassword.svg)](https://pkg.go.dev/github.com/dwin/goSecretBoxPassword)
+[![CI](https://github.com/dwin/goSecretBoxPassword/actions/workflows/ci.yml/badge.svg)](https://github.com/dwin/goSecretBoxPassword/actions/workflows/ci.yml)
 [![CodeQL](https://github.com/dwin/goSecretBoxPassword/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/dwin/goSecretBoxPassword/actions/workflows/codeql-analysis.yml)
 
 This is a Golang library for securing passwords it is based on the [Dropbox method for password storage](https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/). The both passphrases are first hashed with [Blake2b-512](https://godoc.org/golang.org/x/crypto/blake2b) then a random 64-bit salt is generated and a secure hash is generated using [Scrypt](https://godoc.org/golang.org/x/crypto/scrypt) with the user specified parameters. The salt is appended to resulting 56 byte hash for a total of 64 bytes. The masterpassphrase Scrypt output, which Dropbox describes as a global pepper, is then hashed with Blake2b-256 and is used as a key along with a 192-bit random nonce value for the user passphrase Scrypt output along with Scrypt salt to be encrypted using [NaCl Secretbox](https://godoc.org/golang.org/x/crypto/nacl/secretbox). NaCl Secretbox uses XSalsa20 and Poly1305 to encrypt and authenticate data.

error.go

@@ -4,21 +4,21 @@ import "errors"
 
 var (
 	// ErrCiphertextVer indicates version sub-string mismatch normally; ex. "secBoxv1"
-	ErrCiphertextVer = errors.New("Nonmatched ciphertext version")
+	ErrCiphertextVer = errors.New("nonmatched ciphertext version")
 	// ErrCiphertextFormat indicates input is not in expected format
-	ErrCiphertextFormat = errors.New("Ciphertext input format not as expected")
+	ErrCiphertextFormat = errors.New("ciphertext input format not as expected")
 	// ErrInvalidVersionUpdate indicates new version given not oldVersion + 1 or greater
-	ErrInvalidVersionUpdate = errors.New("Invalid new version int, new master passphrase version must be greater than previous")
+	ErrInvalidVersionUpdate = errors.New("invalid new version int, new master passphrase version must be greater than previous")
 	// ErrPassphraseHashMismatch indicates invalid passphrase for supplied ciphertext
-	ErrPassphraseHashMismatch = errors.New("Passphrase hash does not match supplied ciphertext")
+	ErrPassphraseHashMismatch = errors.New("passphrase hash does not match supplied ciphertext")
 	// ErrPassphraseLength indicates supplied passphrase is not at least MinLength
-	ErrPassphraseLength = errors.New("Passphrase must be at least MinLength")
+	ErrPassphraseLength = errors.New("passphrase must be at least MinLength")
 	// ErrSecretBoxDecryptFail indicates SecretBox decryption could not be completed
-	ErrSecretBoxDecryptFail = errors.New("SecretBox decryption failed")
+	ErrSecretBoxDecryptFail = errors.New("secretbox decryption failed")
 	// ErrScryptParamN indicates ScryptParams:N out of acceptable range
-	ErrScryptParamN = errors.New("Given Scrypt (N) cost factor out of acceptable range")
+	ErrScryptParamN = errors.New("given Scrypt (N) cost factor out of acceptable range")
 	// ErrScryptParamR indicates ScryptParams:r out of acceptable range
-	ErrScryptParamR = errors.New("Given Scrypt (r) cost factor out of acceptable range")
+	ErrScryptParamR = errors.New("given Scrypt (r) cost factor out of acceptable range")
 	// ErrScryptParamP indicates ScryptParams:p out of acceptable range
-	ErrScryptParamP = errors.New("Given Scrypt (p) cost factor out of acceptable range")
+	ErrScryptParamP = errors.New("given Scrypt (p) cost factor out of acceptable range")
 )

go.mod

@@ -1,9 +1,13 @@
 module github.com/dwin/goSecretBoxPassword
 
+go 1.23
+
+require (
+	github.com/icrowley/fake v0.0.0-20240710202011-f797eb4a99c0
+	golang.org/x/crypto v0.32.0
+)
+
 require (
-	github.com/corpix/uarand v0.0.0 // indirect
-	github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428
-	github.com/stretchr/testify v1.3.0 // indirect
-	golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
-	golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 // indirect
+	github.com/corpix/uarand v0.2.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
 )

go.sum

@@ -1,15 +1,16 @@
-github.com/corpix/uarand v0.0.0 h1:mNbzro1GwUcZ1hmO2rWXytkR3JBxNxxctzjyuhO+Aig=
-github.com/corpix/uarand v0.0.0/go.mod h1:JSm890tOkDN+M1jqN8pUGDKnzJrsVbJwSMHBY4zwz7M=
+github.com/corpix/uarand v0.2.0 h1:U98xXwud/AVuCpkpgfPF7J5TQgr7R5tqT8VZP5KWbzE=
+github.com/corpix/uarand v0.2.0/go.mod h1:/3Z1QIqWkDIhf6XWn/08/uMHoQ8JUoTIKc2iPchBOmM=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428 h1:Mo9W14pwbO9VfRe+ygqZ8dFbPpoIK1HFrG/zjTuQ+nc=
-github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo=
+github.com/icrowley/fake v0.0.0-20240710202011-f797eb4a99c0 h1:ufr2e4uIgz/Ft0RPudkFMyVrp77buvTFxqoDvwNGVSk=
+github.com/icrowley/fake v0.0.0-20240710202011-f797eb4a99c0/go.mod h1:dQ6TM/OGAe+cMws81eTe4Btv1dKxfPZ2CX+YaAFAPN4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 h1:0oC8rFnE+74kEmuHZ46F6KHsMr5Gx2gUQPuNz28iQZM=
-golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+github.com/stretchr/testify v1.7.5 h1:s5PTfem8p8EbKQOctVV53k6jCJt3UX4IEJzwh+C324Q=
+github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=