ax(ueps): remove prose step comments from ReadAndVerify per AX Principle 2

Internal numbered step comments (1. Read Tag, 2. Handle Payload Tag, etc.) restate what the code does rather than showing concrete usage examples. Per RFC-CORE-008 Principle 2: delete comments that restate what the code already expresses; keep only usage examples with realistic values. Co-Authored-By: Charon <charon@lethean.io>
2026-04-02 09:48:18 +01:00 · 2026-04-02 09:48:18 +01:00 · a565d77b7b
commit a565d77b7b
parent d56f6749ad
1 changed files with 0 additions and 12 deletions
--- a/pkg/ueps/reader.go
+++ b/pkg/ueps/reader.go
@ -32,18 +32,13 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 	var signature []byte
 	var payload []byte

-	// Loop through TLVs until we hit Payload (0xFF) or EOF
 	for {
-		// 1. Read Tag
 		tagByte, err := reader.ReadByte()
 		if err != nil {
 			return nil, err
 		}

-		// 2. Handle Payload Tag (0xFF) - The Exit Condition
 		if tagByte == TagPayload {
-			// Payload is length-prefixless; caller frames the stream.
-			// HMAC covers signedData (header TLVs) + raw payload bytes, not the 0xFF tag.
 			var err error
 			payload, err = io.ReadAll(reader)
 			if err != nil {
@ -52,14 +47,12 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 			break
 		}

-		// 3. Read Length (Standard TLV)
 		tagLengthByte, err := reader.ReadByte()
 		if err != nil {
 			return nil, err
 		}
 		tagLength := int(tagLengthByte)

-		// 4. Read Value
 		tagValue := make([]byte, tagLength)
 		if _, err := io.ReadFull(reader, tagValue); err != nil {
 			return nil, err
@ -68,7 +61,6 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 		switch tagByte {
 		case TagVersion:
 			header.Version = tagValue[0]
-			// Reconstruct signed data: Tag + Len + Val
 			signedData.WriteByte(tagByte)
 			signedData.WriteByte(byte(tagLength))
 			signedData.Write(tagValue)
@ -94,9 +86,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 			signedData.Write(tagValue)
 		case TagHMAC:
 			signature = tagValue
-			// We do NOT add the HMAC itself to signedData
 		default:
-			// Unknown tag (future proofing), verify it but ignore semantics
 			signedData.WriteByte(tagByte)
 			signedData.WriteByte(byte(tagLength))
 			signedData.Write(tagValue)
@ -107,8 +97,6 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 		return nil, errMissingHMAC
 	}

-	// 5. Verify HMAC
-	// Reconstruct: Headers (signedData) + Payload
 	messageAuthCode := hmac.New(sha256.New, sharedSecret)
 	messageAuthCode.Write(signedData.Bytes())
 	messageAuthCode.Write(payload)