sm9,internal/sm9: update comments #314

2025-04-26 20:26:19 +08:00 · 2025-03-14 15:26:34 +08:00 · 2025-03-14 15:26:34 +08:00 · 82ccb95527
commit 82ccb95527
parent e79aab4935
5 changed files with 153 additions and 97 deletions
--- a/internal/sm9/sm9.go
+++ b/internal/sm9/sm9.go
@ -103,7 +103,7 @@ func randomScalar(rand io.Reader) (k *bigmod.Nat, err error) {
 // The signature is randomized. Most applications should use [crypto/rand.Reader]
 // as rand. Note that the returned signature does not depend deterministically on
 // the bytes read from rand, and may change between calls and/or between versions.
-func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte, opts crypto.SignerOpts) ([]byte, []byte, error) {
+func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte, opts crypto.SignerOpts) (h []byte, S []byte, err error) {
 	var (
 		hNat *bigmod.Nat
 		s    *bn256.G1
@ -120,13 +120,12 @@ func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte, opts crypto.Signer
 			return nil, nil, err
 		}

-		var buffer []byte
-		buffer = append(append(buffer, hash...), w.Marshal()...)
+		buffer := append(append([]byte{}, hash...), w.Marshal()...)

 		hNat = hashH2(buffer)
 		r.Sub(hNat, orderNat)

-		if r.IsZero() == 0 {
+		if r.IsZero() == 0 { // r != 0
 			s, err = new(bn256.G1).ScalarMult(priv.PrivateKey, r.Bytes(orderNat))
 			if err != nil {
 				return nil, nil, err
@ -134,13 +133,18 @@ func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte, opts crypto.Signer
 			break
 		}
 	}
-	return hNat.Bytes(orderNat), s.MarshalUncompressed(), nil
+	h = hNat.Bytes(orderNat)
+	S = s.MarshalUncompressed()
+	return
 }

 // Verify checks the validity of a signature using the provided parameters.
-func (pub *SignMasterPublicKey) Verify(uid []byte, hid byte, hash, h, s []byte) bool {
+func (pub *SignMasterPublicKey) Verify(uid []byte, hid byte, hash, h, S []byte) bool {
 	sPoint := new(bn256.G1)
-	_, err := sPoint.Unmarshal(s[1:])
+	if len(S) == len(bn256.OrderMinus1Bytes)+1 && S[0] != 0x04 {
+		return false
+	}
+	_, err := sPoint.Unmarshal(S[1:])
 	if err != nil || !sPoint.IsOnCurve() {
 		return false
 	}
@ -178,14 +182,12 @@ func (pub *SignMasterPublicKey) Verify(uid []byte, hid byte, hash, h, s []byte)
 // - A byte slice containing the generated key.
 // - A byte slice containing the uncompressed ciphertext.
 // - An error if any occurs during the key wrapping process.
-func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte, kLen int) ([]byte, []byte, error) {
+func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte, kLen int) (key []byte, cipher []byte, err error) {
 	q := pub.GenerateUserPublicKey(uid, hid)
 	var (
-		err    error
-		r      *bigmod.Nat
-		w      *bn256.GT
-		cipher *bn256.G1
-		key    []byte
+		r *bigmod.Nat
+		w *bn256.GT
+		c *bn256.G1
 	)
 	for {
 		r, err = randomScalar(rand)
@ -194,7 +196,7 @@ func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte,
 		}

 		rBytes := r.Bytes(orderNat)
-		cipher, err = new(bn256.G1).ScalarMult(q, rBytes)
+		c, err = new(bn256.G1).ScalarMult(q, rBytes)
 		if err != nil {
 			return nil, nil, err
 		}
@ -204,7 +206,7 @@ func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte,
 			return nil, nil, err
 		}
 		var buffer []byte
-		buffer = append(buffer, cipher.Marshal()...)
+		buffer = append(buffer, c.Marshal()...)
 		buffer = append(buffer, w.Marshal()...)
 		buffer = append(buffer, uid...)

@ -213,21 +215,25 @@ func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte,
 			break
 		}
 	}
-	return key, cipher.MarshalUncompressed(), nil
+	cipher = c.MarshalUncompressed()
+	return
 }

-
 // UnwrapKey decrypts the given cipher text using the private key and user ID (uid).
 // It returns the decrypted key of the specified length (kLen) or an error if decryption fails.
-func (priv *EncryptPrivateKey) UnwrapKey(uid, cipher []byte, kLen int) ([]byte, error) {
-	if len(cipher) == 65 && cipher[0] != 0x04 {
-		return nil, ErrDecryption
-	}
-	if len(cipher) == 65 {
+func (priv *EncryptPrivateKey) UnwrapKey(uid, cipher []byte, kLen int) (key []byte, err error) {
+	numBytes := 2 * len(bn256.OrderBytes)
+	if len(cipher) == numBytes+1 {
+		if cipher[0] != 0x04 {
+			return nil, ErrDecryption
+		}
 		cipher = cipher[1:]
 	}
+	if len(cipher) != numBytes {
+		return nil, ErrDecryption
+	}
 	p := new(bn256.G1)
-	_, err := p.Unmarshal(cipher)
+	_, err = p.Unmarshal(cipher)
 	if err != nil || !p.IsOnCurve() {
 		return nil, ErrDecryption
 	}
@ -239,11 +245,11 @@ func (priv *EncryptPrivateKey) UnwrapKey(uid, cipher []byte, kLen int) ([]byte,
 	buffer = append(buffer, w.Marshal()...)
 	buffer = append(buffer, uid...)

-	key := sm3.Kdf(buffer, kLen)
+	key = sm3.Kdf(buffer, kLen)
 	if subtle.ConstantTimeAllZero(key) == 1 {
 		return nil, ErrDecryption
 	}
-	return key, nil
+	return
 }

 // ErrDecryption represents a failure to decrypt a message.
@ -359,6 +365,10 @@ func (ke *KeyExchange) generateSharedKey(isResponder bool) ([]byte, error) {
 }

 func respondKeyExchange(ke *KeyExchange, hid byte, r *bigmod.Nat, rA []byte) ([]byte, []byte, error) {
+	numBytes := 2 * len(bn256.OrderBytes)
+	if len(rA) != numBytes+1 || rA[0] != 0x04 {
+		return nil, nil, errors.New("sm9: invalid initiator's ephemeral public key")
+	}
 	rP := new(bn256.G1)
 	_, err := rP.Unmarshal(rA[1:])
 	if err != nil || !rP.IsOnCurve() {
@ -406,6 +416,10 @@ func (ke *KeyExchange) RespondKeyExchange(rand io.Reader, hid byte, rA []byte) (

 // ConfirmResponder for initiator's step A5-A7
 func (ke *KeyExchange) ConfirmResponder(rB, sB []byte) ([]byte, []byte, error) {
+	numBytes := 2 * len(bn256.OrderBytes)
+	if len(rB) != numBytes+1 || rB[0] != 0x04 {
+		return nil, nil, errors.New("sm9: invalid responder's ephemeral public key")
+	}
 	pB := new(bn256.G1)
 	_, err := pB.Unmarshal(rB[1:])
 	if err != nil || !pB.IsOnCurve() {
--- a/internal/sm9/sm9_key.go
+++ b/internal/sm9/sm9_key.go
@ -16,13 +16,13 @@ import (
 	"github.com/emmansun/gmsm/internal/subtle"
 )

-// SignMasterPrivateKey master private key for sign, generated by KGC
+// SignMasterPrivateKey is a signature master private key, generated by KGC
 type SignMasterPrivateKey struct {
 	*SignMasterPublicKey        // master public key
 	privateKey           []byte // master private key
 }

-// SignMasterPublicKey master public key for sign, generated by KGC
+// SignMasterPublicKey is a signature master public key, generated by KGC
 type SignMasterPublicKey struct {
 	MasterPublicKey *bn256.G2 // master public key
 	pairOnce        sync.Once
@ -31,19 +31,19 @@ type SignMasterPublicKey struct {
 	table           *[32 * 2]bn256.GTFieldTable // precomputed basePoint^n
 }

-// SignPrivateKey user private key for sign, generated by KGC
+// SignPrivateKey is a signature private key, generated by KGC
 type SignPrivateKey struct {
 	PrivateKey           *bn256.G1 // user private key
 	*SignMasterPublicKey           // master public key
 }

-// EncryptMasterPrivateKey master private key for encryption, generated by KGC
+// EncryptMasterPrivateKey is an encryption master private key, generated by KGC
 type EncryptMasterPrivateKey struct {
 	*EncryptMasterPublicKey        // master public key
 	privateKey              []byte // master private key
 }

-// EncryptMasterPublicKey master private key for encryption, generated by KGC
+// EncryptMasterPublicKey is an encryption master public key, generated by KGC
 type EncryptMasterPublicKey struct {
 	MasterPublicKey *bn256.G1 // public key
 	pairOnce        sync.Once
@ -52,13 +52,13 @@ type EncryptMasterPublicKey struct {
 	table           *[32 * 2]bn256.GTFieldTable // precomputed basePoint^n
 }

-// EncryptPrivateKey user private key for encryption, generated by KGC
+// EncryptPrivateKey is an encryption private key, generated by KGC
 type EncryptPrivateKey struct {
 	PrivateKey              *bn256.G2 // user private key
 	*EncryptMasterPublicKey           // master public key
 }

-// GenerateSignMasterKey generates a master public and private key pair for DSA usage.
+// GenerateSignMasterKey generates a signature master key pair for DSA usage.
 func GenerateSignMasterKey(rand io.Reader) (*SignMasterPrivateKey, error) {
 	key := make([]byte, len(bn256.OrderMinus1Bytes))
 	randutil.MaybeReadByte(rand)
@ -137,7 +137,7 @@ func (master *SignMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*Sign

 	t1Nat.Add(d, orderNat)
 	if t1Nat.IsZero() == 1 {
-		return nil, errors.New("sm9: need to re-generate sign master private key")
+		return nil, errors.New("sm9: need to re-generate signature master private key")
 	}

 	t1Nat = bigmod.NewNat().Exp(t1Nat, bn256.OrderMinus2Bytes, orderNat)
@ -154,7 +154,7 @@ func (master *SignMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*Sign
 	return priv, nil
 }

-// Public returns the public key corresponding to priv.
+// Public returns the public key corresponding to the private key.
 func (master *SignMasterPrivateKey) Public() *SignMasterPublicKey {
 	return master.SignMasterPublicKey
 }
@ -195,7 +195,7 @@ func (pub *SignMasterPublicKey) ScalarBaseMult(scalar []byte) (*bn256.GT, error)
 	return bn256.ScalarBaseMultGT(tables, scalar)
 }

-// GenerateUserPublicKey generate user sign public key
+// GenerateUserPublicKey generate a signature public key for given user.
 func (pub *SignMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) *bn256.G2 {
 	var buffer []byte
 	buffer = append(append(buffer, uid...), hid)
@ -220,12 +220,12 @@ func (priv *SignPrivateKey) Bytes() []byte {
 	return priv.PrivateKey.MarshalUncompressed()
 }

-// MasterPublic returns the master public key corresponding to priv.
+// MasterPublic returns the master public key corresponding to the private key.
 func (priv *SignPrivateKey) MasterPublic() *SignMasterPublicKey {
 	return priv.SignMasterPublicKey
 }

-// SetMasterPublicKey bind the sign master public key to it.
+// SetMasterPublicKey bind the signature master public key to it.
 func (priv *SignPrivateKey) SetMasterPublicKey(pub *SignMasterPublicKey) {
 	if priv.SignMasterPublicKey == nil || priv.SignMasterPublicKey.MasterPublicKey == nil {
 		priv.SignMasterPublicKey = pub
@ -251,7 +251,7 @@ func unmarshalG2(bytes []byte) (*bn256.G2, error) {
 	return g2, nil
 }

-// UnmarshalRaw unmarsal raw bytes data to sign master public key
+// UnmarshalRaw unmarsal raw bytes data to signature master public key
 func (pub *SignMasterPublicKey) UnmarshalRaw(bytes []byte) error {
 	g2, err := unmarshalG2(bytes)
 	if err != nil {
@ -280,7 +280,7 @@ func unmarshalG1(bytes []byte) (*bn256.G1, error) {
 	return g, nil
 }

-// UnmarshalRaw unmarsal raw bytes data to sign user private key
+// UnmarshalRaw unmarsal raw bytes data to the signature private key
 // Note, priv's SignMasterPublicKey should be handled separately.
 func (priv *SignPrivateKey) UnmarshalRaw(bytes []byte) error {
 	g, err := unmarshalG1(bytes)
@ -291,7 +291,7 @@ func (priv *SignPrivateKey) UnmarshalRaw(bytes []byte) error {
 	return nil
 }

-// GenerateEncryptMasterKey generates a master public and private key pair for encryption usage.
+// GenerateEncryptMasterKey generates an encryption master key pair.
 func GenerateEncryptMasterKey(rand io.Reader) (*EncryptMasterPrivateKey, error) {
 	key := make([]byte, len(bn256.OrderMinus1Bytes))
 	randutil.MaybeReadByte(rand)
@ -356,7 +356,7 @@ func (master *EncryptMasterPrivateKey) Equal(x *EncryptMasterPrivateKey) bool {
 	return master.EncryptMasterPublicKey.Equal(x.EncryptMasterPublicKey) && _subtle.ConstantTimeCompare(master.privateKey, x.privateKey) == 1
 }

-// GenerateUserKey generate an user key for encryption.
+// GenerateUserKey generate an encryption private key for the given user.
 func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*EncryptPrivateKey, error) {
 	var id []byte
 	id = append(append(id, uid...), hid)
@ -370,7 +370,7 @@ func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*E

 	t1Nat.Add(d, orderNat)
 	if t1Nat.IsZero() == 1 {
-		return nil, errors.New("sm9: need to re-generate encrypt master private key")
+		return nil, errors.New("sm9: need to re-generate encryption master private key")
 	}

 	t1Nat = bigmod.NewNat().Exp(t1Nat, bn256.OrderMinus2Bytes, orderNat)
@ -387,7 +387,7 @@ func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*E
 	return priv, nil
 }

-// Public returns the public key corresponding to priv.
+// Public returns the public key corresponding to the private key.
 func (master *EncryptMasterPrivateKey) Public() *EncryptMasterPublicKey {
 	return master.EncryptMasterPublicKey
 }
@ -426,7 +426,7 @@ func (pub *EncryptMasterPublicKey) ScalarBaseMult(scalar []byte) (*bn256.GT, err
 	return bn256.ScalarBaseMultGT(tables, scalar)
 }

-// GenerateUserPublicKey generate user encrypt public key
+// GenerateUserPublicKey generate an encrypt public key for the given user.
 func (pub *EncryptMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) *bn256.G1 {
 	var buffer []byte
 	buffer = append(append(buffer, uid...), hid)
@ -463,7 +463,7 @@ func (priv *EncryptPrivateKey) SetMasterPublicKey(pub *EncryptMasterPublicKey) {
 	}
 }

-// UnmarshalRaw unmarsal raw bytes data to encrypt master public key
+// UnmarshalRaw unmarsal raw bytes data to the encryption master public key
 func (pub *EncryptMasterPublicKey) UnmarshalRaw(bytes []byte) error {
 	g, err := unmarshalG1(bytes)
 	if err != nil {
@ -473,7 +473,7 @@ func (pub *EncryptMasterPublicKey) UnmarshalRaw(bytes []byte) error {
 	return nil
 }

-// UnmarshalRaw unmarsal raw bytes data to encrypt user private key
+// UnmarshalRaw unmarsal raw bytes data to the encryption private key
 // Note, priv's EncryptMasterPublicKey should be handled separately.
 func (priv *EncryptPrivateKey) UnmarshalRaw(bytes []byte) error {
 	g, err := unmarshalG2(bytes)
--- a/internal/sm9/sm9_test.go
+++ b/internal/sm9/sm9_test.go
@ -175,6 +175,25 @@ func TestWrapKey(t *testing.T) {
 	if !bytes.Equal(key, key2) {
 		t.Errorf("expected %x, got %x", key, key2)
 	}
+
+	key2, err = userKey.UnwrapKey(uid, cipher[1:], 16)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !bytes.Equal(key, key2) {
+		t.Errorf("expected %x, got %x", key, key2)
+	}
+
+	cipher[0] = 0
+	_, err = userKey.UnwrapKey(uid, cipher, 16)
+	if err != ErrDecryption {
+		t.Errorf("expected ErrDecryption, got %v", err)
+	}
+	_, err = userKey.UnwrapKey(uid, nil, 16)
+	if err != ErrDecryption {
+		t.Errorf("expected ErrDecryption, got %v", err)
+	}
 }

 // SM9 Appendix C
@ -431,12 +450,35 @@ func TestKeyExchange(t *testing.T) {
 	}

 	// B1 - B7
+	if _, _, err = responder.RespondKeyExchange(rand.Reader, hid, nil); err == nil {
+		t.Errorf("should fail")
+	}
+	if _, _, err = responder.RespondKeyExchange(rand.Reader, hid, rA[1:]); err == nil {
+		t.Errorf("should fail")
+	}
+	rA[0] = 0
+	if _, _, err = responder.RespondKeyExchange(rand.Reader, hid, rA); err == nil {
+		t.Errorf("should fail")
+	}
+	rA[0] = 0x4
+
 	rB, sigB, err := responder.RespondKeyExchange(rand.Reader, hid, rA)
 	if err != nil {
 		t.Fatal(err)
 	}

 	// A5 -A8
+	if _, _, err = initiator.ConfirmResponder(nil, sigB); err == nil {
+		t.Errorf("should fail")
+	}
+	if _, _, err = initiator.ConfirmResponder(rB[1:], sigB); err == nil {
+		t.Errorf("should fail")
+	}
+	rB[0] = 0
+	if _, _, err = initiator.ConfirmResponder(rB, sigB); err == nil {
+		t.Errorf("should fail")
+	}
+	rB[0] = 0x4
 	key1, sigA, err := initiator.ConfirmResponder(rB, sigB)
 	if err != nil {
 		t.Fatal(err)
--- a/sm9/sm9_key.go
+++ b/sm9/sm9_key.go
@ -12,37 +12,37 @@ import (
 	cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1"
 )

-// SignMasterPrivateKey master private key for sign, generated by KGC
+// SignMasterPrivateKey is a signature master private key, generated by KGC
 type SignMasterPrivateKey struct {
 	privateKey *sm9.SignMasterPrivateKey
 }

-// SignMasterPublicKey master public key for sign, generated by KGC
+// SignMasterPublicKey is a signature master public key, generated by KGC
 type SignMasterPublicKey struct {
 	publicKey *sm9.SignMasterPublicKey
 }

-// SignPrivateKey user private key for sign, generated by KGC
+// SignPrivateKey is a signature private key, generated by KGC
 type SignPrivateKey struct {
 	privateKey *sm9.SignPrivateKey
 }

-// EncryptMasterPrivateKey master private key for encryption, generated by KGC
+// EncryptMasterPrivateKey is an encryption master private key, generated by KGC
 type EncryptMasterPrivateKey struct {
 	privateKey *sm9.EncryptMasterPrivateKey
 }

-// EncryptMasterPublicKey master private key for encryption, generated by KGC
+// EncryptMasterPublicKey is an encryption master public key, generated by KGC
 type EncryptMasterPublicKey struct {
 	publicKey *sm9.EncryptMasterPublicKey
 }

-// EncryptPrivateKey user private key for encryption, generated by KGC
+// EncryptPrivateKey is an encryption private key, generated by KGC
 type EncryptPrivateKey struct {
 	privateKey *sm9.EncryptPrivateKey
 }

-// GenerateSignMasterKey generates a master public and private key pair for DSA usage.
+// GenerateSignMasterKey generates a signature master key pair for DSA usage.
 func GenerateSignMasterKey(rand io.Reader) (*SignMasterPrivateKey, error) {
 	priv, err := sm9.GenerateSignMasterKey(rand)
 	if err != nil {
@ -72,7 +72,7 @@ func (master *SignMasterPrivateKey) MarshalASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// UnmarshalSignMasterPrivateKeyASN1 unmarsal der data to sign master private key
+// UnmarshalSignMasterPrivateKeyASN1 unmarsal der data to a signature master private key
 func UnmarshalSignMasterPrivateKeyASN1(der []byte) (*SignMasterPrivateKey, error) {
 	input := cryptobyte.String(der)
 	d := &big.Int{}
@ -83,14 +83,14 @@ func UnmarshalSignMasterPrivateKeyASN1(der []byte) (*SignMasterPrivateKey, error
 		if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) ||
 			!input.Empty() ||
 			!inner.ReadASN1Integer(d) {
-			return nil, errors.New("sm9: invalid sign master private key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for signature master private key")
 		}
 		// Just parse it, didn't validate it
 		if !inner.Empty() && (!inner.ReadASN1BitStringAsBytes(&pubBytes) || !inner.Empty()) {
-			return nil, errors.New("sm9: invalid sign master public key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for signature master public key")
 		}
 	} else if !input.ReadASN1Integer(d) || !input.Empty() {
-		return nil, errors.New("sm9: invalid sign master private key asn1 data")
+		return nil, errors.New("sm9: invalid ASN.1 data for signature master private key")
 	}

 	privateKey, err := sm9.NewSignMasterPrivateKey(d.Bytes())
@ -100,7 +100,7 @@ func UnmarshalSignMasterPrivateKeyASN1(der []byte) (*SignMasterPrivateKey, error
 	return &SignMasterPrivateKey{privateKey: privateKey}, nil
 }

-// GenerateUserKey generate an user dsa key.
+// GenerateUserKey generate a signature private key for the given user.
 func (master *SignMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*SignPrivateKey, error) {
 	priv, err := master.privateKey.GenerateUserKey(uid, hid)
 	if err != nil {
@ -109,7 +109,7 @@ func (master *SignMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*Sign
 	return &SignPrivateKey{privateKey: priv}, nil
 }

-// Public returns the public key corresponding to priv.
+// Public returns the public key corresponding to the private key.
 func (master *SignMasterPrivateKey) Public() *SignMasterPublicKey {
 	return &SignMasterPublicKey{master.privateKey.Public()}
 }
@ -126,7 +126,7 @@ func (pub *SignMasterPublicKey) Bytes() []byte {
 	return pub.publicKey.Bytes()
 }

-// MarshalASN1 marshal sign master public key to asn.1 format data according
+// MarshalASN1 marshal signature master public key to asn.1 format data according
 // SM9 cryptographic algorithm application specification
 func (pub *SignMasterPublicKey) MarshalASN1() ([]byte, error) {
 	var b cryptobyte.Builder
@ -134,7 +134,7 @@ func (pub *SignMasterPublicKey) MarshalASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// MarshalCompressedASN1 marshal sign master public key to asn.1 format data according
+// MarshalCompressedASN1 marshal signature master public key to asn.1 format data according
 // SM9 cryptographic algorithm application specification, the curve point is in compressed form.
 func (pub *SignMasterPublicKey) MarshalCompressedASN1() ([]byte, error) {
 	var b cryptobyte.Builder
@ -142,7 +142,7 @@ func (pub *SignMasterPublicKey) MarshalCompressedASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// UnmarshalSignMasterPublicKeyRaw unmarsal raw bytes data to sign master public key
+// UnmarshalSignMasterPublicKeyRaw unmarsal raw bytes data to signature master public key
 func UnmarshalSignMasterPublicKeyRaw(bytes []byte) (pub *SignMasterPublicKey, err error) {
 	pub = new(SignMasterPublicKey)
 	pub.publicKey = new(sm9.SignMasterPublicKey)
@ -150,7 +150,7 @@ func UnmarshalSignMasterPublicKeyRaw(bytes []byte) (pub *SignMasterPublicKey, er
 	return
 }

-// UnmarshalSignMasterPublicKeyASN1 unmarsal der data to sign master public key
+// UnmarshalSignMasterPublicKeyASN1 unmarsal der data to signature master public key
 func UnmarshalSignMasterPublicKeyASN1(der []byte) (*SignMasterPublicKey, error) {
 	var bytes []byte
 	var inner cryptobyte.String
@ -160,10 +160,10 @@ func UnmarshalSignMasterPublicKeyASN1(der []byte) (*SignMasterPublicKey, error)
 			!input.Empty() ||
 			!inner.ReadASN1BitStringAsBytes(&bytes) ||
 			!inner.Empty() {
-			return nil, errors.New("sm9: invalid sign master public key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for signature master public key")
 		}
 	} else if !input.ReadASN1BitStringAsBytes(&bytes) || !input.Empty() {
-		return nil, errors.New("sm9: invalid sign master public key asn1 data")
+		return nil, errors.New("sm9: invalid ASN.1 data for signature master public key")
 	}
 	return UnmarshalSignMasterPublicKeyRaw(bytes)
 }
@ -185,17 +185,17 @@ func (priv *SignPrivateKey) Bytes() []byte {
 	return priv.privateKey.Bytes()
 }

-// MasterPublic returns the master public key corresponding to priv.
+// MasterPublic returns the signature master public key corresponding to priv.
 func (priv *SignPrivateKey) MasterPublic() *SignMasterPublicKey {
 	return &SignMasterPublicKey{priv.privateKey.MasterPublic()}
 }

-// setMasterPublicKey bind the sign master public key to it.
+// setMasterPublicKey bind the signature master public key to it.
 func (priv *SignPrivateKey) setMasterPublicKey(pub *SignMasterPublicKey) {
 	priv.privateKey.SetMasterPublicKey(pub.publicKey)
 }

-// MarshalASN1 marshal sign user private key to asn.1 format data according
+// MarshalASN1 marshal signature private key to asn.1 format data according
 // SM9 cryptographic algorithm application specification
 func (priv *SignPrivateKey) MarshalASN1() ([]byte, error) {
 	var b cryptobyte.Builder
@ -203,7 +203,7 @@ func (priv *SignPrivateKey) MarshalASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// MarshalCompressedASN1 marshal sign user private key to asn.1 format data according
+// MarshalCompressedASN1 marshal signature private key to asn.1 format data according
 // SM9 cryptographic algorithm application specification, the curve point is in compressed form.
 func (priv *SignPrivateKey) MarshalCompressedASN1() ([]byte, error) {
 	var b cryptobyte.Builder
@ -211,7 +211,7 @@ func (priv *SignPrivateKey) MarshalCompressedASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// UnmarshalSignPrivateKeyRaw unmarsal raw bytes data to sign user private key
+// UnmarshalSignPrivateKeyRaw unmarsal raw bytes data to signature private key
 // Note, priv's SignMasterPublicKey should be handled separately.
 func UnmarshalSignPrivateKeyRaw(bytes []byte) (*SignPrivateKey, error) {
 	priv := new(SignPrivateKey)
@ -223,7 +223,7 @@ func UnmarshalSignPrivateKeyRaw(bytes []byte) (*SignPrivateKey, error) {
 	return priv, nil
 }

-// UnmarshalSignPrivateKeyASN1 unmarsal der data to sign user private key
+// UnmarshalSignPrivateKeyASN1 unmarsal der data to signature private key
 // Note, priv's SignMasterPublicKey should be handled separately.
 func UnmarshalSignPrivateKeyASN1(der []byte) (*SignPrivateKey, error) {
 	var bytes []byte
@ -234,13 +234,13 @@ func UnmarshalSignPrivateKeyASN1(der []byte) (*SignPrivateKey, error) {
 		if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) ||
 			!input.Empty() ||
 			!inner.ReadASN1BitStringAsBytes(&bytes) {
-			return nil, errors.New("sm9: invalid sign user private key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for signature private key")
 		}
 		if !inner.Empty() && (!inner.ReadASN1BitStringAsBytes(&pubBytes) || !inner.Empty()) {
-			return nil,errors.New("sm9: invalid sign master public key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for signature master public key")
 		}
 	} else if !input.ReadASN1BitStringAsBytes(&bytes) || !input.Empty() {
-		return nil, errors.New("sm9: invalid sign user private key asn1 data")
+		return nil, errors.New("sm9: invalid ASN.1 data for signature private key")
 	}

 	priv, err := UnmarshalSignPrivateKeyRaw(bytes)
@ -257,7 +257,7 @@ func UnmarshalSignPrivateKeyASN1(der []byte) (*SignPrivateKey, error) {
 	return priv, nil
 }

-// GenerateEncryptMasterKey generates a master public and private key pair for encryption usage.
+// GenerateEncryptMasterKey generates an encryption master key pair.
 func GenerateEncryptMasterKey(rand io.Reader) (*EncryptMasterPrivateKey, error) {
 	priv, err := sm9.GenerateEncryptMasterKey(rand)
 	if err != nil {
@ -278,7 +278,7 @@ func (master *EncryptMasterPrivateKey) Equal(x *EncryptMasterPrivateKey) bool {
 	return master.privateKey.Equal(x.privateKey)
 }

-// GenerateUserKey generate an user key for encryption.
+// GenerateUserKey generate an encryption private key for the given user.
 func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*EncryptPrivateKey, error) {
 	priv, err := master.privateKey.GenerateUserKey(uid, hid)
 	if err != nil {
@ -287,12 +287,12 @@ func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*E
 	return &EncryptPrivateKey{privateKey: priv}, nil
 }

-// Public returns the public key corresponding to priv.
+// Public returns the public key corresponding to the private key.
 func (master *EncryptMasterPrivateKey) Public() *EncryptMasterPublicKey {
 	return &EncryptMasterPublicKey{publicKey: master.privateKey.Public()}
 }

-// MarshalASN1 marshal encrypt master private key to asn.1 format data according
+// MarshalASN1 marshal encryption master private key to asn.1 format data according
 // SM9 cryptographic algorithm application specification
 func (master *EncryptMasterPrivateKey) MarshalASN1() ([]byte, error) {
 	d := new(big.Int).SetBytes(master.privateKey.Bytes())
@ -301,7 +301,7 @@ func (master *EncryptMasterPrivateKey) MarshalASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// UnmarshalEncryptMasterPrivateKeyASN1 unmarsal der data to encrypt master private key
+// UnmarshalEncryptMasterPrivateKeyASN1 unmarsal der data to master encryption private key
 func UnmarshalEncryptMasterPrivateKeyASN1(der []byte) (*EncryptMasterPrivateKey, error) {
 	input := cryptobyte.String(der)
 	d := &big.Int{}
@ -311,14 +311,14 @@ func UnmarshalEncryptMasterPrivateKeyASN1(der []byte) (*EncryptMasterPrivateKey,
 		if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) ||
 			!input.Empty() ||
 			!inner.ReadASN1Integer(d) {
-			return nil, errors.New("sm9: invalid encrypt master private key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for encryption master private key")
 		}
 		// Just parse it, did't validate it
 		if !inner.Empty() && (!inner.ReadASN1BitStringAsBytes(&pubBytes) || !inner.Empty()) {
-			return nil, errors.New("sm9: invalid encrypt master public key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for encryption master public key")
 		}
 	} else if !input.ReadASN1Integer(d) || !input.Empty() {
-		return nil, errors.New("sm9: invalid encrypt master private key asn1 data")
+		return nil, errors.New("sm9: invalid ASN.1 data for encryption master private key")
 	}
 	privateKey, err := sm9.NewEncryptMasterPrivateKey(d.Bytes())
 	if err != nil {
@ -339,7 +339,7 @@ func (pub *EncryptMasterPublicKey) Bytes() []byte {
 	return pub.publicKey.Bytes()
 }

-// MarshalASN1 marshal encrypt master public key to asn.1 format data according
+// MarshalASN1 marshal encryption master public key to asn.1 format data according
 // SM9 cryptographic algorithm application specification
 func (pub *EncryptMasterPublicKey) MarshalASN1() ([]byte, error) {
 	var b cryptobyte.Builder
@ -347,7 +347,7 @@ func (pub *EncryptMasterPublicKey) MarshalASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// MarshalCompressedASN1 marshal encrypt master public key to asn.1 format data according
+// MarshalCompressedASN1 marshal encryption master public key to asn.1 format data according
 // SM9 cryptographic algorithm application specification, the curve point is in compressed form.
 func (pub *EncryptMasterPublicKey) MarshalCompressedASN1() ([]byte, error) {
 	var b cryptobyte.Builder
@ -355,7 +355,7 @@ func (pub *EncryptMasterPublicKey) MarshalCompressedASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// UnmarshalEncryptMasterPublicKeyRaw unmarsal raw bytes data to encrypt master public key
+// UnmarshalEncryptMasterPublicKeyRaw unmarsal raw bytes data to encryption master public key
 func UnmarshalEncryptMasterPublicKeyRaw(bytes []byte) (*EncryptMasterPublicKey, error) {
 	pub := new(EncryptMasterPublicKey)
 	pub.publicKey = new(sm9.EncryptMasterPublicKey)
@ -375,7 +375,7 @@ func ParseEncryptMasterPublicKeyPEM(data []byte) (*EncryptMasterPublicKey, error
 	return UnmarshalEncryptMasterPublicKeyASN1(block.Bytes)
 }

-// UnmarshalEncryptMasterPublicKeyASN1 unmarsal der data to encrypt master public key
+// UnmarshalEncryptMasterPublicKeyASN1 unmarsal der data to encryption master public key
 func UnmarshalEncryptMasterPublicKeyASN1(der []byte) (*EncryptMasterPublicKey, error) {
 	var bytes []byte
 	var inner cryptobyte.String
@ -385,10 +385,10 @@ func UnmarshalEncryptMasterPublicKeyASN1(der []byte) (*EncryptMasterPublicKey, e
 			!input.Empty() ||
 			!inner.ReadASN1BitStringAsBytes(&bytes) ||
 			!inner.Empty() {
-			return nil, errors.New("sm9: invalid encrypt master public key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for encryption master public key")
 		}
 	} else if !input.ReadASN1BitStringAsBytes(&bytes) || !input.Empty() {
-		return nil, errors.New("sm9: invalid encrypt master public key asn1 data")
+		return nil, errors.New("sm9: invalid ASN.1 data for encryption master public key")
 	}
 	return UnmarshalEncryptMasterPublicKeyRaw(bytes)
 }
@ -403,7 +403,7 @@ func (priv *EncryptPrivateKey) setMasterPublicKey(pub *EncryptMasterPublicKey) {
 	priv.privateKey.SetMasterPublicKey(pub.publicKey)
 }

-// MarshalASN1 marshal encrypt user private key to asn.1 format data according
+// MarshalASN1 marshal encryption private key to asn.1 format data according
 // SM9 cryptographic algorithm application specification
 func (priv *EncryptPrivateKey) MarshalASN1() ([]byte, error) {
 	var b cryptobyte.Builder
@ -411,7 +411,7 @@ func (priv *EncryptPrivateKey) MarshalASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// MarshalCompressedASN1 marshal encrypt user private key to asn.1 format data according
+// MarshalCompressedASN1 marshal encryption private key to asn.1 format data according
 // SM9 cryptographic algorithm application specification, the curve point is in compressed form.
 func (priv *EncryptPrivateKey) MarshalCompressedASN1() ([]byte, error) {
 	var b cryptobyte.Builder
@ -419,7 +419,7 @@ func (priv *EncryptPrivateKey) MarshalCompressedASN1() ([]byte, error) {
 	return b.Bytes()
 }

-// UnmarshalEncryptPrivateKeyRaw unmarsal raw bytes data to encrypt user private key
+// UnmarshalEncryptPrivateKeyRaw unmarsal raw bytes data to encryption private key
 // Note, priv's EncryptMasterPublicKey should be handled separately.
 func UnmarshalEncryptPrivateKeyRaw(bytes []byte) (*EncryptPrivateKey, error) {
 	priv := new(EncryptPrivateKey)
@ -431,7 +431,7 @@ func UnmarshalEncryptPrivateKeyRaw(bytes []byte) (*EncryptPrivateKey, error) {
 	return priv, nil
 }

-// UnmarshalEncryptPrivateKeyASN1 unmarsal der data to encrypt user private key
+// UnmarshalEncryptPrivateKeyASN1 unmarsal der data to encryption private key
 // Note, priv's EncryptMasterPublicKey should be handled separately.
 func UnmarshalEncryptPrivateKeyASN1(der []byte) (*EncryptPrivateKey, error) {
 	var bytes []byte
@ -442,13 +442,13 @@ func UnmarshalEncryptPrivateKeyASN1(der []byte) (*EncryptPrivateKey, error) {
 		if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) ||
 			!input.Empty() ||
 			!inner.ReadASN1BitStringAsBytes(&bytes) {
-			return nil, errors.New("sm9: invalid encrypt user private key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for encryption private key")
 		}
 		if !inner.Empty() && (!inner.ReadASN1BitStringAsBytes(&pubBytes) || !inner.Empty()) {
-			return nil, errors.New("sm9: invalid encrypt master public key asn1 data")
+			return nil, errors.New("sm9: invalid ASN.1 data for encryption master public key")
 		}
 	} else if !input.ReadASN1BitStringAsBytes(&bytes) || !input.Empty() {
-		return nil, errors.New("sm9: invalid encrypt user private key asn1 data")
+		return nil, errors.New("sm9: invalid ASN.1 data for encryption private key")
 	}
 	priv, err := UnmarshalEncryptPrivateKeyRaw(bytes)
 	if err != nil {