change to use go's own XORBytes function #315

cbcmac/cbcmac.go

@@ -7,8 +7,8 @@ package cbcmac
 
 import (
 	"crypto/cipher"
+	"crypto/subtle"
 
-	"github.com/emmansun/gmsm/internal/subtle"
 	"github.com/emmansun/gmsm/padding"
 )
 

cipher/bc.go

@@ -4,18 +4,17 @@ package cipher
 
 import (
 	"bytes"
-	_cipher "crypto/cipher"
-
-	"github.com/emmansun/gmsm/internal/subtle"
+	"crypto/cipher"
+	"crypto/subtle"
 )
 
 type bc struct {
-	b         _cipher.Block
+	b         cipher.Block
 	blockSize int
 	iv        []byte
 }
 
-func newBC(b _cipher.Block, iv []byte) *bc {
+func newBC(b cipher.Block, iv []byte) *bc {
 	return &bc{
 		b:         b,
 		blockSize: b.BlockSize(),
@@ -30,13 +29,13 @@ type bcEncrypter bc
 // NewBCEncrypter will check for this interface and return the specific
 // BlockMode if found.
 type bcEncAble interface {
-	NewBCEncrypter(iv []byte) _cipher.BlockMode
+	NewBCEncrypter(iv []byte) cipher.BlockMode
 }
 
 // NewBCEncrypter returns a BlockMode which encrypts in block chaining
 // mode, using the given Block. The length of iv must be the same as the
 // Block's block size.
-func NewBCEncrypter(b _cipher.Block, iv []byte) _cipher.BlockMode {
+func NewBCEncrypter(b cipher.Block, iv []byte) cipher.BlockMode {
 	if len(iv) != b.BlockSize() {
 		panic("cipher.NewBCEncrypter: IV length must equal block size")
 	}
@@ -81,13 +80,13 @@ type bcDecrypter bc
 // NewBCDecrypter will check for this interface and return the specific
 // BlockMode if found.
 type bcDecAble interface {
-	NewBCDecrypter(iv []byte) _cipher.BlockMode
+	NewBCDecrypter(iv []byte) cipher.BlockMode
 }
 
 // NewBCDecrypter returns a BlockMode which decrypts in block chaining
 // mode, using the given Block. The length of iv must be the same as the
 // Block's block size and must match the iv used to encrypt the data.
-func NewBCDecrypter(b _cipher.Block, iv []byte) _cipher.BlockMode {
+func NewBCDecrypter(b cipher.Block, iv []byte) cipher.BlockMode {
 	if len(iv) != b.BlockSize() {
 		panic("cipher.NewBCDecrypter: IV length must equal block size")
 	}

cipher/ccm.go

@@ -2,15 +2,14 @@
 package cipher
 
 import (
-	goCipher "crypto/cipher"
-	goSubtle "crypto/subtle"
+	"crypto/cipher"
+	"crypto/subtle"
 	"math"
 
 	"errors"
 
 	"github.com/emmansun/gmsm/internal/alias"
 	"github.com/emmansun/gmsm/internal/byteorder"
-	"github.com/emmansun/gmsm/internal/subtle"
 )
 
 const (
@@ -23,11 +22,11 @@ const (
 // ccmAble is an interface implemented by ciphers that have a specific optimized
 // implementation of CCM.
 type ccmAble interface {
-	NewCCM(nonceSize, tagSize int) (goCipher.AEAD, error)
+	NewCCM(nonceSize, tagSize int) (cipher.AEAD, error)
 }
 
 type ccm struct {
-	cipher    goCipher.Block
+	cipher    cipher.Block
 	nonceSize int
 	tagSize   int
 }
@@ -57,14 +56,14 @@ func maxlen(L, tagsize int) int {
 
 // NewCCM returns the given 128-bit, block cipher wrapped in CCM
 // with the standard nonce length.
-func NewCCM(cipher goCipher.Block) (goCipher.AEAD, error) {
+func NewCCM(cipher cipher.Block) (cipher.AEAD, error) {
 	return NewCCMWithNonceAndTagSize(cipher, ccmStandardNonceSize, ccmTagSize)
 }
 
 // NewCCMWithNonceSize returns the given 128-bit, block cipher wrapped in CCM,
 // which accepts nonces of the given length. The length must not
 // be zero.
-func NewCCMWithNonceSize(cipher goCipher.Block, size int) (goCipher.AEAD, error) {
+func NewCCMWithNonceSize(cipher cipher.Block, size int) (cipher.AEAD, error) {
 	return NewCCMWithNonceAndTagSize(cipher, size, ccmTagSize)
 }
 
@@ -72,12 +71,12 @@ func NewCCMWithNonceSize(cipher goCipher.Block, size int) (goCipher.AEAD, error)
 // which generates tags with the given length.
 //
 // Tag sizes between 8 and 16 bytes are allowed.
-func NewCCMWithTagSize(cipher goCipher.Block, tagSize int) (goCipher.AEAD, error) {
+func NewCCMWithTagSize(cipher cipher.Block, tagSize int) (cipher.AEAD, error) {
 	return NewCCMWithNonceAndTagSize(cipher, ccmStandardNonceSize, tagSize)
 }
 
 // https://tools.ietf.org/html/rfc3610
-func NewCCMWithNonceAndTagSize(cipher goCipher.Block, nonceSize, tagSize int) (goCipher.AEAD, error) {
+func NewCCMWithNonceAndTagSize(cipher cipher.Block, nonceSize, tagSize int) (cipher.AEAD, error) {
 	if tagSize < ccmMinimumTagSize || tagSize > ccmBlockSize || tagSize&1 != 0 {
 		return nil, errors.New("cipher: incorrect tag size given to CCM")
 	}
@@ -189,7 +188,7 @@ func (c *ccm) Seal(dst, nonce, plaintext, data []byte) []byte {
 	c.cipher.Encrypt(tagMask[:], counter[:])
 
 	counter[len(counter)-1] |= 1
-	ctr := goCipher.NewCTR(c.cipher, counter[:])
+	ctr := cipher.NewCTR(c.cipher, counter[:])
 	ctr.XORKeyStream(out, plaintext)
 
 	tag := c.auth(nonce, plaintext, data, &tagMask)
@@ -231,10 +230,10 @@ func (c *ccm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	}
 
 	counter[len(counter)-1] |= 1
-	ctr := goCipher.NewCTR(c.cipher, counter[:])
+	ctr := cipher.NewCTR(c.cipher, counter[:])
 	ctr.XORKeyStream(out, ciphertext)
 	expectedTag := c.auth(nonce, out, data, &tagMask)
-	if goSubtle.ConstantTimeCompare(expectedTag, tag) != 1 {
+	if subtle.ConstantTimeCompare(expectedTag, tag) != 1 {
 		// The AESNI code decrypts and authenticates concurrently, and
 		// so overwrites dst in the event of a tag mismatch. That
 		// behavior is mimicked here in order to be consistent across

cipher/hctr.go

@@ -1,12 +1,12 @@
 package cipher
 
 import (
-	_cipher "crypto/cipher"
+	"crypto/cipher"
+	"crypto/subtle"
 	"errors"
 
 	"github.com/emmansun/gmsm/internal/alias"
 	"github.com/emmansun/gmsm/internal/byteorder"
-	"github.com/emmansun/gmsm/internal/subtle"
 )
 
 // A LengthPreservingMode represents a block cipher running in a length preserving mode (HCTR,
@@ -105,7 +105,7 @@ var hctrReductionTable = []uint16{
 // https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.470.5288
 // GB/T 17964-2021 第11章 带泛杂凑函数的计数器工作模式
 type hctr struct {
-	cipher _cipher.Block
+	cipher cipher.Block
 	tweak  [blockSize]byte
 	// productTable contains the first sixteen powers of the hash key.
 	// However, they are in bit reversed order.
@@ -118,7 +118,7 @@ func (h *hctr) BlockSize() int {
 
 // NewHCTR returns a [LengthPreservingMode] which encrypts/decrypts useing the given [Block]
 // in HCTR mode. The lenght of tweak and hash key must be the same as the [Block]'s block size.
-func NewHCTR(cipher _cipher.Block, tweak, hkey []byte) (LengthPreservingMode, error) {
+func NewHCTR(cipher cipher.Block, tweak, hkey []byte) (LengthPreservingMode, error) {
 	if len(tweak) != blockSize || len(hkey) != blockSize {
 		return nil, errors.New("cipher: invalid tweak and/or hash key length")
 	}

cipher/xts.go

@@ -1,17 +1,18 @@
 package cipher
 
 import (
-	_cipher "crypto/cipher"
+	"crypto/cipher"
+	"crypto/subtle"
+
 	"errors"
 
 	"github.com/emmansun/gmsm/internal/alias"
 	"github.com/emmansun/gmsm/internal/byteorder"
-	"github.com/emmansun/gmsm/internal/subtle"
 )
 
 const GF128_FDBK byte = 0x87
 
-type CipherCreator func([]byte) (_cipher.Block, error)
+type CipherCreator func([]byte) (cipher.Block, error)
 
 type concurrentBlocks interface {
 	Concurrency() int
@@ -21,7 +22,7 @@ type concurrentBlocks interface {
 
 // Cipher contains an expanded key structure. It is unsafe for concurrent use.
 type xts struct {
-	b     _cipher.Block
+	b     cipher.Block
 	tweak [blockSize]byte
 	isGB  bool // if true, follows GB/T 17964-2021
 }
@@ -37,18 +38,18 @@ type xtsEncrypter xts
 // NewXTSEncrypter will check for this interface and return the specific
 // BlockMode if found.
 type xtsEncAble interface {
-	NewXTSEncrypter(encryptedTweak *[blockSize]byte, isGB bool) _cipher.BlockMode
+	NewXTSEncrypter(encryptedTweak *[blockSize]byte, isGB bool) cipher.BlockMode
 }
 
 // NewXTSEncrypter creates a Cipher given a function for creating the underlying
 // block cipher (which must have a block size of 16 bytes).
-func NewXTSEncrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte) (_cipher.BlockMode, error) {
+func NewXTSEncrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte) (cipher.BlockMode, error) {
 	return newXTSEncrypter(cipherFunc, key, tweakKey, tweak, false)
 }
 
 // NewXTSEncrypterWithSector creates a Cipher given a function for creating the underlying
 // block cipher (which must have a block size of 16 bytes) with sector number.
-func NewXTSEncrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, sectorNum uint64) (_cipher.BlockMode, error) {
+func NewXTSEncrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, sectorNum uint64) (cipher.BlockMode, error) {
 	tweak := make([]byte, blockSize)
 	byteorder.LEPutUint64(tweak[:8], sectorNum)
 	return NewXTSEncrypter(cipherFunc, key, tweakKey, tweak)
@@ -57,20 +58,20 @@ func NewXTSEncrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, s
 // NewGBXTSEncrypter creates a Cipher given a function for creating the underlying
 // block cipher (which must have a block size of 16 bytes).
 // It follows GB/T 17964-2021.
-func NewGBXTSEncrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte) (_cipher.BlockMode, error) {
+func NewGBXTSEncrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte) (cipher.BlockMode, error) {
 	return newXTSEncrypter(cipherFunc, key, tweakKey, tweak, true)
 }
 
 // NewGBXTSEncrypterWithSector creates a Cipher given a function for creating the underlying
 // block cipher (which must have a block size of 16 bytes) with sector number.
 // It follows GB/T 17964-2021.
-func NewGBXTSEncrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, sectorNum uint64) (_cipher.BlockMode, error) {
+func NewGBXTSEncrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, sectorNum uint64) (cipher.BlockMode, error) {
 	tweak := make([]byte, blockSize)
 	byteorder.LEPutUint64(tweak[:8], sectorNum)
 	return NewGBXTSEncrypter(cipherFunc, key, tweakKey, tweak)
 }
 
-func newXTSEncrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte, isGB bool) (_cipher.BlockMode, error) {
+func newXTSEncrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte, isGB bool) (cipher.BlockMode, error) {
 	if len(tweak) != blockSize {
 		return nil, errors.New("cipher: invalid tweak length")
 	}
@@ -109,18 +110,18 @@ type xtsDecrypter xts
 // NewXTSDecrypter will check for this interface and return the specific
 // BlockMode if found.
 type xtsDecAble interface {
-	NewXTSDecrypter(encryptedTweak *[blockSize]byte, isGB bool) _cipher.BlockMode
+	NewXTSDecrypter(encryptedTweak *[blockSize]byte, isGB bool) cipher.BlockMode
 }
 
 // NewXTSDecrypter creates a Cipher given a function for creating the underlying
 // block cipher (which must have a block size of 16 bytes) for decryption.
-func NewXTSDecrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte) (_cipher.BlockMode, error) {
+func NewXTSDecrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte) (cipher.BlockMode, error) {
 	return newXTSDecrypter(cipherFunc, key, tweakKey, tweak, false)
 }
 
 // NewXTSDecrypterWithSector creates a Cipher given a function for creating the underlying
 // block cipher (which must have a block size of 16 bytes) with sector number for decryption.
-func NewXTSDecrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, sectorNum uint64) (_cipher.BlockMode, error) {
+func NewXTSDecrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, sectorNum uint64) (cipher.BlockMode, error) {
 	tweak := make([]byte, blockSize)
 	byteorder.LEPutUint64(tweak[:8], sectorNum)
 	return NewXTSDecrypter(cipherFunc, key, tweakKey, tweak)
@@ -129,20 +130,20 @@ func NewXTSDecrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, s
 // NewGBXTSDecrypter creates a Cipher given a function for creating the underlying
 // block cipher (which must have a block size of 16 bytes) for decryption.
 // It follows GB/T 17964-2021.
-func NewGBXTSDecrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte) (_cipher.BlockMode, error) {
+func NewGBXTSDecrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte) (cipher.BlockMode, error) {
 	return newXTSDecrypter(cipherFunc, key, tweakKey, tweak, true)
 }
 
 // NewGBXTSDecrypterWithSector creates a Cipher given a function for creating the underlying
 // block cipher (which must have a block size of 16 bytes) with sector number for decryption.
 // It follows GB/T 17964-2021.
-func NewGBXTSDecrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, sectorNum uint64) (_cipher.BlockMode, error) {
+func NewGBXTSDecrypterWithSector(cipherFunc CipherCreator, key, tweakKey []byte, sectorNum uint64) (cipher.BlockMode, error) {
 	tweak := make([]byte, blockSize)
 	byteorder.LEPutUint64(tweak[:8], sectorNum)
 	return NewGBXTSDecrypter(cipherFunc, key, tweakKey, tweak)
 }
 
-func newXTSDecrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte, isGB bool) (_cipher.BlockMode, error) {
+func newXTSDecrypter(cipherFunc CipherCreator, key, tweakKey, tweak []byte, isGB bool) (cipher.BlockMode, error) {
 	if len(tweak) != blockSize {
 		return nil, errors.New("cipher: invalid tweak length")
 	}

drbg/ctr_drbg.go

@@ -2,11 +2,11 @@ package drbg
 
 import (
 	"crypto/cipher"
+	"crypto/subtle"
 	"errors"
 	"time"
 
 	"github.com/emmansun/gmsm/internal/byteorder"
-	"github.com/emmansun/gmsm/internal/subtle"
 	"github.com/emmansun/gmsm/sm4"
 )
 

internal/cryptotest/stream.go

@@ -7,11 +7,10 @@ package cryptotest
 import (
 	"bytes"
 	"crypto/cipher"
+	"crypto/subtle"
 	"fmt"
 	"strings"
 	"testing"
-
-	"github.com/emmansun/gmsm/internal/subtle"
 )
 
 // Each test is executed with each of the buffer lengths in bufLens.

internal/sm4/cbc_cipher_asm.go

@@ -5,9 +5,9 @@ package sm4
 import (
 	"bytes"
 	"crypto/cipher"
+	"crypto/subtle"
 
 	"github.com/emmansun/gmsm/internal/alias"
-	"github.com/emmansun/gmsm/internal/subtle"
 )
 
 // Assert that sm4CipherAsm implements the cbcEncAble and cbcDecAble interfaces.

internal/sm4/ctr_cipher_asm.go

@@ -4,9 +4,9 @@ package sm4
 
 import (
 	"crypto/cipher"
+	"crypto/subtle"
 
 	"github.com/emmansun/gmsm/internal/alias"
-	"github.com/emmansun/gmsm/internal/subtle"
 )
 
 // Assert that sm4CipherAsm implements the ctrAble interface.

internal/sm4/gcm_cipher_asm.go

@@ -4,12 +4,11 @@ package sm4
 
 import (
 	"crypto/cipher"
-	goSubtle "crypto/subtle"
+	"crypto/subtle"
 	"errors"
 
 	"github.com/emmansun/gmsm/internal/alias"
 	"github.com/emmansun/gmsm/internal/byteorder"
-	"github.com/emmansun/gmsm/internal/subtle"
 )
 
 // Assert that sm4CipherAsm implements the gcmAble interface.
@@ -147,7 +146,7 @@ func (g *gcm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 		panic("cipher: invalid buffer overlap")
 	}
 
-	if goSubtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
+	if subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
 		// The AESNI code decrypts and authenticates concurrently, and
 		// so overwrites dst in the event of a tag mismatch. That
 		// behavior is mimicked here in order to be consistent across

internal/sm4/gcm_ppc64x.go

@@ -8,13 +8,12 @@ package sm4
 
 import (
 	"crypto/cipher"
-	_subtle "crypto/subtle"
+	"crypto/subtle"
 	"errors"
 	"runtime"
 
 	"github.com/emmansun/gmsm/internal/alias"
 	"github.com/emmansun/gmsm/internal/byteorder"
-	"github.com/emmansun/gmsm/internal/subtle"
 )
 
 // Assert that sm4CipherAsm implements the gcmAble interface.
@@ -236,7 +235,7 @@ func (g *gcmAsm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 		panic("cipher: invalid buffer overlap")
 	}
 
-	if _subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
+	if subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
 		clear(out)
 		return nil, errOpen
 	}

internal/zuc/eea.go

@@ -1,9 +1,10 @@
 package zuc
 
 import (
+	"crypto/subtle"
+
 	"github.com/emmansun/gmsm/internal/alias"
 	"github.com/emmansun/gmsm/internal/byteorder"
-	"github.com/emmansun/gmsm/internal/subtle"
 )
 
 const (

sm2/sm2_legacy.go

@@ -3,16 +3,16 @@ package sm2
 import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
-	_subtle "crypto/subtle"
+	"crypto/subtle"
 	"errors"
 	"fmt"
 	"io"
 	"math/big"
 	"strings"
 
-	"github.com/emmansun/gmsm/internal/subtle"
 	"github.com/emmansun/gmsm/sm2/sm2ec"
 	"github.com/emmansun/gmsm/sm3"
+	_subtle "github.com/emmansun/gmsm/internal/subtle"
 	"golang.org/x/crypto/cryptobyte"
 	"golang.org/x/crypto/cryptobyte/asn1"
 )
@@ -260,7 +260,7 @@ func encryptLegacy(random io.Reader, pub *ecdsa.PublicKey, msg []byte, opts *Enc
 
 		//A5, calculate t=KDF(x2||y2, klen)
 		c2 := sm3.Kdf(append(bigIntToBytes(curve, x2), bigIntToBytes(curve, y2)...), msgLen)
-		if subtle.ConstantTimeAllZero(c2) == 1 {
+		if _subtle.ConstantTimeAllZero(c2) == 1 {
 			retryCount++
 			if retryCount > maxRetryLimit {
 				return nil, fmt.Errorf("sm2: A5, failed to calculate valid t, tried %v times", retryCount)
@@ -319,7 +319,7 @@ func rawDecrypt(priv *PrivateKey, x1, y1 *big.Int, c2, c3 []byte) ([]byte, error
 	x2, y2 := curve.ScalarMult(x1, y1, priv.D.Bytes())
 	msgLen := len(c2)
 	msg := sm3.Kdf(append(bigIntToBytes(curve, x2), bigIntToBytes(curve, y2)...), msgLen)
-	if subtle.ConstantTimeAllZero(c2) == 1 {
+	if _subtle.ConstantTimeAllZero(c2) == 1 {
 		return nil, ErrDecryption
 	}
 
@@ -327,7 +327,7 @@ func rawDecrypt(priv *PrivateKey, x1, y1 *big.Int, c2, c3 []byte) ([]byte, error
 	subtle.XORBytes(msg, c2, msg)
 
 	u := calculateC3(curve, x2, y2, msg)
-	if _subtle.ConstantTimeCompare(u, c3) == 1 {
+	if subtle.ConstantTimeCompare(u, c3) == 1 {
 		return msg, nil
 	}
 	return nil, ErrDecryption

sm2/sm2_pke.go

@@ -12,7 +12,7 @@ package sm2
 import (
 	"crypto"
 	"crypto/ecdsa"
-	_subtle "crypto/subtle"
+	"crypto/subtle"
 	"errors"
 	"fmt"
 	"io"
@@ -20,7 +20,7 @@ import (
 
 	"github.com/emmansun/gmsm/internal/bigmod"
 	_sm2ec "github.com/emmansun/gmsm/internal/sm2ec"
-	"github.com/emmansun/gmsm/internal/subtle"
+	_subtle "github.com/emmansun/gmsm/internal/subtle"
 	"github.com/emmansun/gmsm/sm3"
 	"golang.org/x/crypto/cryptobyte"
 	"golang.org/x/crypto/cryptobyte/asn1"
@@ -175,7 +175,7 @@ func encryptSM2EC(c *sm2Curve, pub *ecdsa.PublicKey, random io.Reader, msg []byt
 		}
 		C2Bytes := C2.Bytes()[1:]
 		c2 := sm3.Kdf(C2Bytes, len(msg))
-		if subtle.ConstantTimeAllZero(c2) == 1 {
+		if _subtle.ConstantTimeAllZero(c2) == 1 {
 			retryCount++
 			if retryCount > maxRetryLimit {
 				return nil, fmt.Errorf("sm2: A5, failed to calculate valid t, tried %v times", retryCount)
@@ -271,7 +271,7 @@ func decryptSM2EC(c *sm2Curve, priv *PrivateKey, ciphertext []byte, opts *Decryp
 	C2Bytes := C2.Bytes()[1:]
 	msgLen := len(c2)
 	msg := sm3.Kdf(C2Bytes, msgLen)
-	if subtle.ConstantTimeAllZero(c2) == 1 {
+	if _subtle.ConstantTimeAllZero(c2) == 1 {
 		return nil, ErrDecryption
 	}
 
@@ -284,7 +284,7 @@ func decryptSM2EC(c *sm2Curve, priv *PrivateKey, ciphertext []byte, opts *Decryp
 	md.Write(C2Bytes[len(C2Bytes)/2:])
 	u := md.Sum(nil)
 
-	if _subtle.ConstantTimeCompare(u, c3) == 1 {
+	if subtle.ConstantTimeCompare(u, c3) == 1 {
 		return msg, nil
 	}
 	return nil, ErrDecryption

sm9/enc_mode.go

@@ -2,10 +2,10 @@ package sm9
 
 import (
 	"crypto/cipher"
+	"crypto/subtle"
 	"io"
 
 	_cipher "github.com/emmansun/gmsm/cipher"
-	"github.com/emmansun/gmsm/internal/subtle"
 	"github.com/emmansun/gmsm/padding"
 	"github.com/emmansun/gmsm/sm4"
 )