chore: upgrade golangci-lint

.golangci.yml

@@ -6,35 +6,33 @@
 
 run:
   concurrency: 4
-  deadline: 3m
+  timeout: 3m
   issues-exit-code: 1
   tests: true
   build-tags: [""]
-  skip-dirs:
-    - pkg/crypto/primitive/bbs12381g2pub/internal/kilic/bls12-381
 
 output:
-  format: colored-line-number
+  formats:
+    - format: colored-line-number
   print-issued-lines: true
   print-linter-name: true
 
 linters-settings:
   errcheck:
     check-type-assertions: true
     check-blank: true
-    ignore: fmt:.*,io/ioutil:^Read.*
+    exclude-functions:
+      - fmt:.*
+      - io/ioutil:^Read.*
   govet:
-    check-shadowing: true
-  golint:
-    min-confidence: 0.6
+    enable:
+      - shadow
+  revive:
+    confidence: 0.6
   gofmt:
     simplify: true
-  goimports:
-    local-prefixes: github.com/hyperledger/aries-framework-go
   gocyclo:
     min-complexity: 10
-  maligned:
-    suggest-new: true
   dupl:
     threshold: 500
   goconst:
@@ -48,7 +46,7 @@ linters-settings:
     line-length: 120
     tab-width: 1
   unused:
-    check-exported: false
+    exported-fields-are-used: false
   unparam:
     check-exported: false
   nakedret:
@@ -69,47 +67,42 @@ linters-settings:
     strict-append: true
     allow-assign-and-call: true
     allow-multiline-assign: true
-    allow-case-traling-whitespace: true
+    force-case-trailing-whitespace: 0
     allow-cuddle-declarations: false
   godot:
     check-all: false
-  gomoddirectives:
-    replace-local: true
+  predeclared:
+    ignore: "min,max,clear"
 
 linters:
   enable-all: true
   disable:
+    - gomoddirectives
     - nolintlint
     - varnamelen
     - tenv
     - tagliatelle
     - testpackage
-    - maligned
     - prealloc
     - exhaustive #TODO enable
     - goerr113 # TODO enable
     - nlreturn # TODO enable
     - noctx # TODO enable
-    - interfacer # deprecated by the author https://github.com/mvdan/interfacer#interfacer
-    - scopelint # deprecated by the author https://github.com/kyoh86/scopelint#obsoleted
-    - exhaustivestruct
     - paralleltest
     - tparallel
     - cyclop # TODO consider replacing gocyclo with cyclop
-    - ifshort # TODO enable
     - makezero # TODO enable
     - wrapcheck # TODO enable
     - thelper # TODO enable
     - usestdlibvars
     - testableexamples
     - stylecheck
-    - nosnakecase
     - gci
     - staticcheck
     - nonamedreturns
     - nilnil
     - ireturn
-    - gomnd
+    - mnd
     - gosimple
     - errchkjson
     - errname
@@ -120,7 +113,6 @@ linters:
     - contextcheck
     - containedctx
     - bodyclose
-    - revive
     - gosec
     - gofumpt
     - gofmt
@@ -136,34 +128,40 @@ linters:
     - mirror
     - errorlint
     - nakedret
-
+    - recvcheck
+    - testifylint
+    - protogetter
 issues:
   exclude-use-default: false
   exclude-rules:
     - path: _test\.go
       linters:
         - dupl
         - funlen
-        - gomnd
+        - mnd
         - maintidx
-        - gomnd
         - usestdlibvars
         - testableexamples
         - stylecheck
         - typecheck
         - maintidx
         - mirror
+        - lll
+        - goconst
+        - wsl
+        - errcheck
+        - perfsprint
+        - gochecknoglobals
     - path: example_[^\/]*_test\.go
       linters:
         - dupl
         - funlen
-        - gomnd
+        - mnd
         - goconst
         - lll
     - source: "swagger:route"
       linters:
         - lll
-
   exclude:
     # Allow package logger variables (for now)
     - logger is a global variable

crypto/tinkcrypto/crypto.go

@@ -146,7 +146,7 @@ func (t *Crypto) Decrypt(cipher, aad, nonce []byte, kh interface{}) ([]byte, err
 		}
 	}
 
-	return nil, fmt.Errorf("decrypt cipher: decryption failed")
+	return nil, errors.New("decrypt cipher: decryption failed")
 }
 
 // Sign will sign msg using the implementation's corresponding signing key referenced by kh of a private key.
@@ -298,7 +298,7 @@ func (t *Crypto) WrapKey(cek, apu, apv []byte, recPubKey *crypto.PublicKey,
 func (t *Crypto) UnwrapKey(recWK *crypto.RecipientWrappedKey, recipientKH interface{},
 	wrapKeyOpts ...crypto.WrapKeyOpts) ([]byte, error) {
 	if recWK == nil {
-		return nil, fmt.Errorf("unwrapKey: RecipientWrappedKey is empty")
+		return nil, errors.New("unwrapKey: RecipientWrappedKey is empty")
 	}
 
 	pOpts := crypto.NewOpt()

crypto/tinkcrypto/key_wrapper.go

@@ -580,7 +580,7 @@ func (t *Crypto) convertRecKeyAndGenOrGetEPKEC(recPubKey *cryptoapi.PublicKey,
 			return nil, nil, fmt.Errorf("convertRecKeyAndGenOrGetEPKEC: failed to generate EPK: %w", err)
 		}
 
-		return recECPubKey, ephemeralPrivKey.(*ecdsa.PrivateKey), nil
+		return recECPubKey, ephemeralPrivKey.(*ecdsa.PrivateKey), nil //nolint:errcheck
 	}
 
 	return recECPubKey, &ecdsa.PrivateKey{

crypto/tinkcrypto/primitive/aead/aes_cbc_hmac_aead_key_manager.go

@@ -40,8 +40,8 @@ const (
 
 // common errors.
 var (
-	errInvalidAESCBCHMACAEADKey       = fmt.Errorf("aes_cbc_hmac_aead_key_manager: invalid key")
-	errInvalidAESCBCHMACAEADKeyFormat = fmt.Errorf("aes_cbc_hmac_aead_key_manager: invalid key format")
+	errInvalidAESCBCHMACAEADKey       = errors.New("aes_cbc_hmac_aead_key_manager: invalid key")
+	errInvalidAESCBCHMACAEADKeyFormat = errors.New("aes_cbc_hmac_aead_key_manager: invalid key format")
 	maxTagSize                        = map[commonpb.HashType]uint32{ //nolint:gochecknoglobals
 		commonpb.HashType_SHA1:   maxTagSizeSHA1,
 		commonpb.HashType_SHA224: maxTagSizeSHA224,

crypto/tinkcrypto/primitive/aead/aes_cbc_hmac_aead_key_manager_test.go

@@ -45,7 +45,7 @@ func TestNewKeyMultipleTimes(t *testing.T) {
 
 	const numTests = 24
 
-	for i := 0; i < numTests/2; i++ {
+	for range numTests / 2 {
 		k, err := keyManager.NewKey(keyTemplate.Value)
 		require.NoError(t, err)
 

crypto/tinkcrypto/primitive/aead/subtle/aes_cbc_test.go

@@ -24,7 +24,7 @@ func TestNewAESCBC(t *testing.T) {
 	key := make([]byte, 64)
 
 	// Test various key sizes with a fixed IV size.
-	for i := 0; i < 64; i++ {
+	for i := range 64 {
 		k := key[:i]
 		c, err := subtle.NewAESCBC(k)
 
@@ -168,7 +168,7 @@ func TestMultipleEncrypt(t *testing.T) {
 	// Encrypt 100 times and verify that the result is 100 different ciphertexts.
 	ciphertexts := map[string]bool{}
 
-	for i := 0; i < 100; i++ {
+	for i := range 100 {
 		c, err := cbc.Encrypt(plaintext)
 		require.NoErrorf(t, err, fmt.Sprintf("encryption failed for iteration %d, error: %v", i, err))
 
@@ -233,7 +233,7 @@ func TestEncryptRandomMessage(t *testing.T) {
 	cbc, err := subtle.NewAESCBC(key)
 	require.NoError(t, err)
 
-	for i := 0; i < 256; i++ {
+	for i := range 256 {
 		message := random.GetRandomBytes(uint32(i))
 		ciphertext, err := cbc.Encrypt(message)
 		require.NoError(t, err)
@@ -247,7 +247,7 @@ func TestEncryptRandomMessage(t *testing.T) {
 }
 
 func TestEncryptRandomKeyAndMessage(t *testing.T) {
-	for i := 0; i < 256; i++ {
+	for i := range 256 {
 		key := random.GetRandomBytes(16)
 
 		cbc, err := subtle.NewAESCBC(key)

crypto/tinkcrypto/primitive/aead/subtle/gojose_aes_cbc_hmac_test.go

@@ -23,7 +23,7 @@ func TestNewAESCBCHMAC(t *testing.T) {
 	key := make([]byte, 64)
 
 	// Test various key sizes.
-	for i := 0; i < 64; i++ {
+	for i := range 64 {
 		k := key[:i]
 		keySize := len(k)
 

crypto/tinkcrypto/primitive/aead/subtle/subtle_test.go

@@ -15,8 +15,7 @@ import (
 )
 
 func TestValidateAESKeySize(t *testing.T) {
-	var i uint32
-	for i = 0; i < 65; i++ {
+	for i := range uint32(65) {
 		err := subtle.ValidateAESKeySize(i)
 
 		switch i {

crypto/tinkcrypto/primitive/bbs/bbs_signer_factory.go

@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 package bbs
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/google/tink/go/core/cryptofmt"
@@ -41,13 +42,13 @@ type wrappedSigner struct {
 // newWrappedSigner constructor creates a new wrappedSigner and checks primitives in ps are all of BBS Signer type.
 func newWrappedSigner(ps *primitiveset.PrimitiveSet) (*wrappedSigner, error) {
 	if _, ok := (ps.Primary.Primitive).(bbsapi.Signer); !ok {
-		return nil, fmt.Errorf("bbs_signer_factory: not a BBS Signer primitive")
+		return nil, errors.New("bbs_signer_factory: not a BBS Signer primitive")
 	}
 
 	for _, primitives := range ps.Entries {
 		for _, p := range primitives {
 			if _, ok := (p.Primitive).(bbsapi.Signer); !ok {
-				return nil, fmt.Errorf("bbs_signer_factory: not a BBS Signer primitive")
+				return nil, errors.New("bbs_signer_factory: not a BBS Signer primitive")
 			}
 		}
 	}
@@ -64,7 +65,7 @@ func (ws *wrappedSigner) Sign(messages [][]byte) ([]byte, error) {
 
 	signer, ok := (primary.Primitive).(bbsapi.Signer)
 	if !ok {
-		return nil, fmt.Errorf("bbs_signer_factory: not a BBS Signer primitive")
+		return nil, errors.New("bbs_signer_factory: not a BBS Signer primitive")
 	}
 
 	var dataToSign [][]byte

crypto/tinkcrypto/primitive/bbs/bbs_verifier_factory.go

@@ -104,7 +104,7 @@ func (wv *wrappedVerifier) Verify(messages [][]byte, signature []byte) error {
 	// try non-raw keys
 	entries, err := wv.ps.EntriesForPrefix(string(prefix))
 	if err == nil {
-		for i := 0; i < len(entries); i++ {
+		for i := range entries {
 			var verifier bbsapi.Verifier
 
 			verifier, err = toBBSVerifier(entries[i].Primitive)
@@ -122,7 +122,7 @@ func (wv *wrappedVerifier) Verify(messages [][]byte, signature []byte) error {
 	// try raw keys
 	entries, err = wv.ps.RawEntries()
 	if err == nil {
-		for i := 0; i < len(entries); i++ {
+		for i := range entries {
 			var verifier bbsapi.Verifier
 
 			verifier, err = toBBSVerifier(entries[i].Primitive)
@@ -149,7 +149,7 @@ func (wv *wrappedVerifier) VerifyProof(messages [][]byte, proof, nonce []byte) e
 	// try non-raw keys
 	entries, err := wv.ps.EntriesForPrefix(string(prefix))
 	if err == nil {
-		for i := 0; i < len(entries); i++ {
+		for i := range entries {
 			var verifier bbsapi.Verifier
 
 			verifier, err = toBBSVerifier(entries[i].Primitive)
@@ -167,7 +167,7 @@ func (wv *wrappedVerifier) VerifyProof(messages [][]byte, proof, nonce []byte) e
 	// try raw keys
 	entries, err = wv.ps.RawEntries()
 	if err == nil {
-		for i := 0; i < len(entries); i++ {
+		for i := range entries {
 			var verifier bbsapi.Verifier
 
 			verifier, err = toBBSVerifier(entries[i].Primitive)
@@ -196,7 +196,7 @@ func (wv *wrappedVerifier) DeriveProof(messages [][]byte, signature, nonce []byt
 	// try non-raw keys
 	entries, err := wv.ps.EntriesForPrefix(string(prefix))
 	if err == nil {
-		for i := 0; i < len(entries); i++ {
+		for i := range entries {
 			var (
 				verifier bbsapi.Verifier
 				proof    []byte
@@ -221,7 +221,7 @@ func (wv *wrappedVerifier) DeriveProof(messages [][]byte, signature, nonce []byt
 	// try raw keys
 	entries, err = wv.ps.RawEntries()
 	if err == nil {
-		for i := 0; i < len(entries); i++ {
+		for i := range entries {
 			var (
 				verifier bbsapi.Verifier
 				proof    []byte

crypto/tinkcrypto/primitive/composite/ecdh/ecdh_factory_test.go

@@ -98,7 +98,7 @@ func TestECDHESFactory(t *testing.T) {
 	xd, err := NewECDHDecrypt(xKHPriv)
 	require.NoError(t, err)
 
-	for i := 0; i < 1000; i++ {
+	for range 1000 {
 		pt := random.GetRandomBytes(20)
 		aadRndNb := random.GetRandomBytes(10)
 

crypto/tinkcrypto/primitive/composite/ecdh/subtle/ecdh_aes_aead_composite_decrypt.go

@@ -8,7 +8,7 @@ package subtle
 
 import (
 	"encoding/json"
-	"fmt"
+	"errors"
 
 	"github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite"
 )
@@ -42,7 +42,7 @@ func (d *ECDHAEADCompositeDecrypt) Decrypt(ciphertext, aad []byte) ([]byte, erro
 	}
 
 	if d.cek == nil {
-		return nil, fmt.Errorf("ecdh decrypt: missing cek")
+		return nil, errors.New("ecdh decrypt: missing cek")
 	}
 
 	aead, err := d.encHelper.GetAEAD(d.cek)

crypto/tinkcrypto/primitive/composite/ecdh/subtle/ecdh_aes_aead_composite_encrypt.go

@@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 package subtle
 
 import (
-	"fmt"
+	"errors"
 
 	"github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite"
 	"github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite/api"
@@ -34,7 +34,7 @@ func NewECDHAEADCompositeEncrypt(encHelper composite.EncrypterHelper, cek []byte
 // Encrypt using composite ECDH with a Concat KDF key wrap and CBC+HMAC content encryption.
 func (e *ECDHAEADCompositeEncrypt) Encrypt(plaintext, aad []byte) ([]byte, error) {
 	if e.cek == nil {
-		return nil, fmt.Errorf("ecdhAEADCompositeEncrypt: missing cek")
+		return nil, errors.New("ecdhAEADCompositeEncrypt: missing cek")
 	}
 
 	aead, err := e.encHelper.GetAEAD(e.cek)