Add more linters

author: Levi Durfee <levi.durfee@gmail.com> 2026-01-07 14:09:15 -0500
committer: Levi Durfee <levi.durfee@gmail.com> 2026-01-07 14:11:00 -0500
commit: fb6725c11a01ac6da64ff9c448e9ee405e16b485 (patch)
tree: 5260cea7a9329c491bcc6085fc594c98ff6c0300
parent: de1db90a04360ae99e0f93c3fca01e1e7713699e (diff)
5 files changed, 17 insertions, 4 deletions
diff --git a/.golangci.yml b/.golangci.yml
index 4bbb013..ce01f88 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,3 +1,7 @@
 version: "2"
 linters:
   default: standard
+  enable:
+    - nlreturn
+    - mnd
+    - gosec
diff --git a/cmd/goaes/commands/commands.go b/cmd/goaes/commands/commands.go
new file mode 100644
index 0000000..f7086a9
--- /dev/null
+++ b/cmd/goaes/commands/commands.go
@@ -0,0 +1,3 @@
+package commands
+
+const fileMode = 0600
diff --git a/cmd/goaes/commands/decrypt.go b/cmd/goaes/commands/decrypt.go
index 8f73c42..1912c1a 100644
--- a/cmd/goaes/commands/decrypt.go
+++ b/cmd/goaes/commands/decrypt.go
@@ -39,7 +39,7 @@ func Decrypt(ctx context.Context, cmd *cli.Command) error {
 		return err
 	}
 
-	err = os.WriteFile(destination, plaintext, 0666)
+	err = os.WriteFile(destination, plaintext, fileMode)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/goaes/commands/encrypt.go b/cmd/goaes/commands/encrypt.go
index 47809c4..c658780 100644
--- a/cmd/goaes/commands/encrypt.go
+++ b/cmd/goaes/commands/encrypt.go
@@ -32,7 +32,7 @@ func Encrypt(ctx context.Context, cmd *cli.Command) error {
 		return err
 	}
 
-	err = os.WriteFile(destination, dataBuffer.Bytes(), 0666)
+	err = os.WriteFile(destination, dataBuffer.Bytes(), fileMode)
 	if err != nil {
 		return err
 	}
diff --git a/internal/goaes.go b/internal/goaes.go
index 65d898d..805a386 100644
--- a/internal/goaes.go
+++ b/internal/goaes.go
@@ -41,33 +41,38 @@ func NewKEKFromEnvB64(passphraseEnvVar string, salt Salt) (KEK, error) {
 }
 
 func NewDEK() (DEK, error) {
-	key := make([]byte, 32)
+	key := make([]byte, keyLen)
 	if _, err := io.ReadFull(rand.Reader, key); err != nil {
 		return nil, fmt.Errorf("random DEK gen: %w", err)
 	}
+
 	return DEK(key), nil
 }
 
 func NewSalt() (Salt, error) {
-	key := make([]byte, 32)
+	key := make([]byte, keyLen)
 	if _, err := io.ReadFull(rand.Reader, key); err != nil {
 		return nil, fmt.Errorf("random salt gen: %w", err)
 	}
+
 	return Salt(key), nil
 }
 
 func WrapDEK(dek DEK, kek KEK) (WrappedDEK, error) {
 	edek, err := encryptAEAD([]byte(dek), []byte(kek), aadWrapDEK)
+
 	return WrappedDEK(edek), err
 }
 
 func UnwrapDEK(edek WrappedDEK, kek KEK) (DEK, error) {
 	dek, err := decryptAEAD([]byte(edek), []byte(kek), aadWrapDEK)
+
 	return DEK(dek), err
 }
 
 func EncryptData(plaintext []byte, dek DEK) (Ciphertext, error) {
 	ct, err := encryptAEAD(plaintext, []byte(dek), aadDataMsg)
+
 	return Ciphertext(ct), err
 }
 
@@ -121,6 +126,7 @@ func decryptAEAD(ciphertext, key, aad []byte) ([]byte, error) {
 
 	nonce := ciphertext[:ns]
 	body := ciphertext[ns:]
+
 	return gcm.Open(nil, nonce, body, aad)
 }
author	Levi Durfee <levi.durfee@gmail.com>	2026-01-07 14:09:15 -0500
committer	Levi Durfee <levi.durfee@gmail.com>	2026-01-07 14:11:00 -0500
commit	fb6725c11a01ac6da64ff9c448e9ee405e16b485 (patch)
tree	5260cea7a9329c491bcc6085fc594c98ff6c0300
parent	de1db90a04360ae99e0f93c3fca01e1e7713699e (diff)