From 27e7ceacbc2bc8da9e123afe7daaf39d20a05bc6 Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Wed, 26 Feb 2025 10:19:56 +0800 Subject: [PATCH] sm4: use new functions: clear(), bytes.Clone() --- sm4/cbc_cipher_asm.go | 23 +++++++++++------------ sm4/ctr_cipher_asm.go | 4 ++-- sm4/ecb_cipher_asm.go | 10 ++-------- sm4/gcm_cipher_asm.go | 4 +--- sm4/gcm_ppc64x.go | 5 +---- sm4/sm4ni_gcm_asm.go | 4 +--- 6 files changed, 18 insertions(+), 32 deletions(-) diff --git a/sm4/cbc_cipher_asm.go b/sm4/cbc_cipher_asm.go index 572b77a..cb4a040 100644 --- a/sm4/cbc_cipher_asm.go +++ b/sm4/cbc_cipher_asm.go @@ -3,6 +3,7 @@ package sm4 import ( + "bytes" "crypto/cipher" "github.com/emmansun/gmsm/internal/alias" @@ -23,21 +24,19 @@ type cbc struct { } func (b *sm4CipherAsm) NewCBCEncrypter(iv []byte) cipher.BlockMode { - var c cbc - c.b = b - c.enc = cbcEncrypt - c.iv = make([]byte, BlockSize) - copy(c.iv, iv) - return &c + return &cbc{ + b: b, + iv: bytes.Clone(iv), + enc: cbcEncrypt, + } } func (b *sm4CipherAsm) NewCBCDecrypter(iv []byte) cipher.BlockMode { - var c cbc - c.b = b - c.enc = cbcDecrypt - c.iv = make([]byte, BlockSize) - copy(c.iv, iv) - return &c + return &cbc{ + b: b, + iv: bytes.Clone(iv), + enc: cbcDecrypt, + } } func (x *cbc) BlockSize() int { return BlockSize } diff --git a/sm4/ctr_cipher_asm.go b/sm4/ctr_cipher_asm.go index cce6500..8920568 100644 --- a/sm4/ctr_cipher_asm.go +++ b/sm4/ctr_cipher_asm.go @@ -3,6 +3,7 @@ package sm4 import ( + "bytes" "crypto/cipher" "github.com/emmansun/gmsm/internal/alias" @@ -33,11 +34,10 @@ func (c *sm4CipherAsm) NewCTR(iv []byte) cipher.Stream { } s := &ctr{ b: c, - ctr: make([]byte, c.blocksSize), + ctr: bytes.Clone(iv), out: make([]byte, 0, bufSize), outUsed: 0, } - copy(s.ctr, iv) for i := 1; i < c.batchBlocks; i++ { s.genCtr(i * BlockSize) } diff --git a/sm4/ecb_cipher_asm.go b/sm4/ecb_cipher_asm.go index 0468690..90f6d05 100644 --- a/sm4/ecb_cipher_asm.go +++ b/sm4/ecb_cipher_asm.go @@ -33,17 +33,11 @@ func (x *ecb) validate(dst, src []byte) { } func (b *sm4CipherAsm) NewECBEncrypter() cipher.BlockMode { - var c ecb - c.b = b - c.enc = ecbEncrypt - return &c + return &ecb{b: b, enc: ecbEncrypt} } func (b *sm4CipherAsm) NewECBDecrypter() cipher.BlockMode { - var c ecb - c.b = b - c.enc = ecbDecrypt - return &c + return &ecb{b: b, enc: ecbDecrypt} } func (x *ecb) BlockSize() int { return BlockSize } diff --git a/sm4/gcm_cipher_asm.go b/sm4/gcm_cipher_asm.go index 4a4045f..33404ed 100644 --- a/sm4/gcm_cipher_asm.go +++ b/sm4/gcm_cipher_asm.go @@ -152,9 +152,7 @@ func (g *gcm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { // so overwrites dst in the event of a tag mismatch. That // behavior is mimicked here in order to be consistent across // platforms. - for i := range out { - out[i] = 0 - } + clear(out) return nil, errOpen } diff --git a/sm4/gcm_ppc64x.go b/sm4/gcm_ppc64x.go index 5c32cfa..ba2adf5 100644 --- a/sm4/gcm_ppc64x.go +++ b/sm4/gcm_ppc64x.go @@ -237,10 +237,7 @@ func (g *gcmAsm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { } if _subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 { - // clear(out) - for i := range out { - out[i] = 0 - } + clear(out) return nil, errOpen } diff --git a/sm4/sm4ni_gcm_asm.go b/sm4/sm4ni_gcm_asm.go index 12d7855..2302ead 100644 --- a/sm4/sm4ni_gcm_asm.go +++ b/sm4/sm4ni_gcm_asm.go @@ -135,9 +135,7 @@ func (g *gcmNI) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { gcmSm4Finish(&g.bytesProductTable, &tagMask, &expectedTag, uint64(len(ciphertext)), uint64(len(data))) if subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 { - for i := range out { - out[i] = 0 - } + clear(out) return nil, errOpen } return ret, nil