all: lint

cbcmac/cbcmac.go

@@ -286,7 +286,7 @@ func (d *cmac) Write(p []byte) (nn int, err error) {
 	}
 	// save remaining partial/full block
 	if len(p) > 0 {
-		d.nx = copy(d.x[:], p)
+		d.nx = copy(d.x, p)
 	}
 	return
 }
@@ -309,19 +309,20 @@ func (d *cmac) Sum(in []byte) []byte {
 	d0.tag = make([]byte, d.blockSize)
 	copy(d0.tag, d.tag)
 	hash := d0.checkSum()
-	return append(in, hash[:]...)
+	return append(in, hash...)
 }
 
 func (c *cmac) checkSum() []byte {
 	tag := make([]byte, c.size)
-	if c.nx == 0 {
+	switch c.nx {
+	case 0:
 		// Special-cased as a single empty partial final block.
 		copy(c.tag, c.k2)
 		c.tag[0] ^= 0b10000000
-	} else if c.nx == c.blockSize {
+	case c.blockSize:
 		subtle.XORBytes(c.tag, c.x, c.tag)
 		subtle.XORBytes(c.tag, c.k1, c.tag)
-	} else {
+	default:
 		subtle.XORBytes(c.tag, c.x, c.tag)
 		c.tag[c.nx] ^= 0b10000000
 		subtle.XORBytes(c.tag, c.k2, c.tag)

cfca/pkcs10_test.go

@@ -147,10 +147,8 @@ func TestCreateCertificateRequest(t *testing.T) {
 			if err.Error() != tc.errormsg {
 				t.Fatalf("expected error %s, got %s", tc.errormsg, err.Error())
 			}
-		} else {
-			if err != nil {
-				t.Fatal(err)
-			}
+		} else if err != nil {
+			t.Fatal(err)
 		}
 	}
 }

cipher/benchmark_test.go

@@ -131,9 +131,7 @@ func BenchmarkSM4CBCDecrypt1K(b *testing.B) {
 func benchmarkStream(b *testing.B, block cipher.Block, mode func(cipher.Block, []byte) cipher.Stream, buf []byte) {
 	b.SetBytes(int64(len(buf)))
 
-	//var key [16]byte
 	var iv [16]byte
-	//c, _ := sm4.NewCipher(key[:])
 	stream := mode(block, iv[:])
 
 	b.ResetTimer()
@@ -452,12 +450,10 @@ func benchmarkXTS(b *testing.B, isGB bool, cipherFunc func([]byte) (cipher.Block
 		}
 	}
 
-	//decrypted := make([]byte, length)
 	b.SetBytes(int64(len(plaintext)))
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		c.CryptBlocks(encrypted, plaintext)
-	//c.Decrypt(decrypted, encrypted[:len(plaintext)], 0)
 	}
 }
 

drbg/ctr_drbg.go

@@ -77,7 +77,7 @@ func NewGMCtrDrbg(securityLevel SecurityLevel, entropy, nonce, personalization [
 
 func (hd *CtrDrbg) Reseed(entropy, additional []byte) error {
 	// here for the min length, we just check <=0 now
-	if len(entropy) <= 0 || (hd.gm && len(entropy) < 32) || len(entropy) >= MAX_BYTES {
+	if len(entropy) == 0 || (hd.gm && len(entropy) < 32) || len(entropy) >= MAX_BYTES {
 		return errors.New("drbg: invalid entropy length")
 	}
 

internal/bigmod/nat.go

@@ -530,8 +530,8 @@ func minusInverseModW(x uint) uint {
 	//
 	// See https://crypto.stackexchange.com/a/47496.
 	y := x
-	for i := 0; i < 5; i++ {
-		y = y * (2 - x*y)
+	for range 5 {
+		y *= (2 - x*y)
 	}
 	return -y
 }

internal/cpuid/cpuid_arm64.go

@@ -5,7 +5,7 @@ package cpuid
 import "github.com/emmansun/gmsm/internal/deps/cpu"
 
 var (
-	HasAES = cpu.ARM64.HasAES
-	HasGFMUL = cpu.ARM64.HasPMULL
-	HasVPMSUMD = false
+    HasAES     = cpu.ARM64.HasAES
+    HasGFMUL   = cpu.ARM64.HasPMULL
+    HasVPMSUMD = false
 )

internal/sm2ec/sm2p256_asm.go

@@ -812,13 +812,14 @@ func (p *SM2P256Point) p256BaseMult(scalar *p256OrdElement) {
 	zero := sel
 
 	for i := 1; i < 43; i++ {
-		if index >= 192 {
+		switch {
+		case index >= 192:
 			wvalue = (scalar[3] >> (index & 63)) & 0x7f
-		} else if index >= 128 {
+		case index >= 128:
 			wvalue = ((scalar[2] >> (index & 63)) + (scalar[3] << (64 - (index & 63)))) & 0x7f
-		} else if index >= 64 {
+		case index >= 64:
 			wvalue = ((scalar[1] >> (index & 63)) + (scalar[2] << (64 - (index & 63)))) & 0x7f
-		} else {
+		default:
 			wvalue = ((scalar[0] >> (index & 63)) + (scalar[1] << (64 - (index & 63)))) & 0x7f
 		}
 		index += 6

internal/sm3/kdf_mult4_asm.go

@@ -85,8 +85,8 @@ func kdfBy4(baseMD *digest, keyLen int, limit int) []byte {
 		ret = ret[Size*parallelSize4:]
 	}
 	remain := limit % parallelSize4
-	for i := 0; i < remain; i++ {
-		byteorder.BEPutUint32(tmp[:], ct)
+	for i := range remain {
+		byteorder.BEPutUint32(tmp, ct)
 		md := *baseMD
 		md.Write(tmp[:4])
 		h := md.checkSum()

internal/sm3/kdf_mult8_amd64.go

@@ -84,8 +84,8 @@ func kdfBy8(baseMD *digest, keyLen int, limit int) []byte {
 		remain -= parallelSize4
 	}
 
-	for i := 0; i < remain; i++ {
-		byteorder.BEPutUint32(tmp[:], ct)
+	for i := range remain {
+		byteorder.BEPutUint32(tmp, ct)
 		md := *baseMD
 		md.Write(tmp[:4])
 		h := md.checkSum()

internal/sm4/block.go

@@ -76,76 +76,76 @@ func expandKeyGo(key []byte, enc, dec *[rounds]uint32) {
 	b2 = byteorder.BEUint32(key[8:12]) ^ fk[2]
 	b3 = byteorder.BEUint32(key[12:16]) ^ fk[3]
 
-	b0 = b0 ^ t2(b1^b2^b3^ck[0])
+	b0 ^= t2(b1 ^ b2 ^ b3 ^ ck[0])
 	enc[0], dec[31] = b0, b0
-	b1 = b1 ^ t2(b2^b3^b0^ck[1])
+	b1 ^= t2(b2 ^ b3 ^ b0 ^ ck[1])
 	enc[1], dec[30] = b1, b1
-	b2 = b2 ^ t2(b3^b0^b1^ck[2])
+	b2 ^= t2(b3 ^ b0 ^ b1 ^ ck[2])
 	enc[2], dec[29] = b2, b2
-	b3 = b3 ^ t2(b0^b1^b2^ck[3])
+	b3 ^= t2(b0 ^ b1 ^ b2 ^ ck[3])
 	enc[3], dec[28] = b3, b3
 
-	b0 = b0 ^ t2(b1^b2^b3^ck[4])
+	b0 ^= t2(b1 ^ b2 ^ b3 ^ ck[4])
 	enc[4], dec[27] = b0, b0
-	b1 = b1 ^ t2(b2^b3^b0^ck[5])
+	b1 ^= t2(b2 ^ b3 ^ b0 ^ ck[5])
 	enc[5], dec[26] = b1, b1
-	b2 = b2 ^ t2(b3^b0^b1^ck[6])
+	b2 ^= t2(b3 ^ b0 ^ b1 ^ ck[6])
 	enc[6], dec[25] = b2, b2
-	b3 = b3 ^ t2(b0^b1^b2^ck[7])
+	b3 ^= t2(b0 ^ b1 ^ b2 ^ ck[7])
 	enc[7], dec[24] = b3, b3
 
-	b0 = b0 ^ t2(b1^b2^b3^ck[8])
+	b0 ^= t2(b1 ^ b2 ^ b3 ^ ck[8])
 	enc[8], dec[23] = b0, b0
-	b1 = b1 ^ t2(b2^b3^b0^ck[9])
+	b1 ^= t2(b2 ^ b3 ^ b0 ^ ck[9])
 	enc[9], dec[22] = b1, b1
-	b2 = b2 ^ t2(b3^b0^b1^ck[10])
+	b2 ^= t2(b3 ^ b0 ^ b1 ^ ck[10])
 	enc[10], dec[21] = b2, b2
-	b3 = b3 ^ t2(b0^b1^b2^ck[11])
+	b3 ^= t2(b0 ^ b1 ^ b2 ^ ck[11])
 	enc[11], dec[20] = b3, b3
 
-	b0 = b0 ^ t2(b1^b2^b3^ck[12])
+	b0 ^= t2(b1 ^ b2 ^ b3 ^ ck[12])
 	enc[12], dec[19] = b0, b0
-	b1 = b1 ^ t2(b2^b3^b0^ck[13])
+	b1 ^= t2(b2 ^ b3 ^ b0 ^ ck[13])
 	enc[13], dec[18] = b1, b1
-	b2 = b2 ^ t2(b3^b0^b1^ck[14])
+	b2 ^= t2(b3 ^ b0 ^ b1 ^ ck[14])
 	enc[14], dec[17] = b2, b2
-	b3 = b3 ^ t2(b0^b1^b2^ck[15])
+	b3 ^= t2(b0 ^ b1 ^ b2 ^ ck[15])
 	enc[15], dec[16] = b3, b3
 
-	b0 = b0 ^ t2(b1^b2^b3^ck[16])
+	b0 ^= t2(b1 ^ b2 ^ b3 ^ ck[16])
 	enc[16], dec[15] = b0, b0
-	b1 = b1 ^ t2(b2^b3^b0^ck[17])
+	b1 ^= t2(b2 ^ b3 ^ b0 ^ ck[17])
 	enc[17], dec[14] = b1, b1
-	b2 = b2 ^ t2(b3^b0^b1^ck[18])
+	b2 ^= t2(b3 ^ b0 ^ b1 ^ ck[18])
 	enc[18], dec[13] = b2, b2
-	b3 = b3 ^ t2(b0^b1^b2^ck[19])
+	b3 ^= t2(b0 ^ b1 ^ b2 ^ ck[19])
 	enc[19], dec[12] = b3, b3
 
-	b0 = b0 ^ t2(b1^b2^b3^ck[20])
+	b0 ^= t2(b1 ^ b2 ^ b3 ^ ck[20])
 	enc[20], dec[11] = b0, b0
-	b1 = b1 ^ t2(b2^b3^b0^ck[21])
+	b1 ^= t2(b2 ^ b3 ^ b0 ^ ck[21])
 	enc[21], dec[10] = b1, b1
-	b2 = b2 ^ t2(b3^b0^b1^ck[22])
+	b2 ^= t2(b3 ^ b0 ^ b1 ^ ck[22])
 	enc[22], dec[9] = b2, b2
-	b3 = b3 ^ t2(b0^b1^b2^ck[23])
+	b3 ^= t2(b0 ^ b1 ^ b2 ^ ck[23])
 	enc[23], dec[8] = b3, b3
 
-	b0 = b0 ^ t2(b1^b2^b3^ck[24])
+	b0 ^= t2(b1 ^ b2 ^ b3 ^ ck[24])
 	enc[24], dec[7] = b0, b0
-	b1 = b1 ^ t2(b2^b3^b0^ck[25])
+	b1 ^= t2(b2 ^ b3 ^ b0 ^ ck[25])
 	enc[25], dec[6] = b1, b1
-	b2 = b2 ^ t2(b3^b0^b1^ck[26])
+	b2 ^= t2(b3 ^ b0 ^ b1 ^ ck[26])
 	enc[26], dec[5] = b2, b2
-	b3 = b3 ^ t2(b0^b1^b2^ck[27])
+	b3 ^= t2(b0 ^ b1 ^ b2 ^ ck[27])
 	enc[27], dec[4] = b3, b3
 
-	b0 = b0 ^ t2(b1^b2^b3^ck[28])
+	b0 ^= t2(b1 ^ b2 ^ b3 ^ ck[28])
 	enc[28], dec[3] = b0, b0
-	b1 = b1 ^ t2(b2^b3^b0^ck[29])
+	b1 ^= t2(b2 ^ b3 ^ b0 ^ ck[29])
 	enc[29], dec[2] = b1, b1
-	b2 = b2 ^ t2(b3^b0^b1^ck[30])
+	b2 ^= t2(b3 ^ b0 ^ b1 ^ ck[30])
 	enc[30], dec[1] = b2, b2
-	b3 = b3 ^ t2(b0^b1^b2^ck[31])
+	b3 ^= t2(b0 ^ b1 ^ b2 ^ ck[31])
 	enc[31], dec[0] = b3, b3
 }
 

mldsa/field.go

@@ -22,6 +22,7 @@ type fieldElement uint32
 //}
 
 // fieldReduceOnce reduces a value a < 2q.
+// Also refer "A note on the implementation of the Number Theoretic Transform": https://eprint.iacr.org/2017/727.pdf .
 func fieldReduceOnce(a uint32) fieldElement {
 	x := a - q
 	// If x underflowed, then x >= 2^32 - q > 2^31, so the top bit is set.
@@ -130,6 +131,7 @@ var zetasMontgomery = [n]fieldElement{
 // ntt maps a ringElement to its nttElement representation.
 //
 // It implements NTT, according to FIPS 204, Algorithm 41.
+// Also refer "A note on the implementation of the Number Theoretic Transform": https://eprint.iacr.org/2017/727.pdf .
 func ntt(f ringElement) nttElement {
 	k := 1
 	// len: 128, 64, 32, ..., 1
@@ -153,6 +155,7 @@ func ntt(f ringElement) nttElement {
 // inverseNTT maps a nttElement back to the ringElement it represents.
 //
 // It implements NTT⁻¹, according to FIPS 204, Algorithm 42.
+// Also refer "A note on the implementation of the Number Theoretic Transform": https://eprint.iacr.org/2017/727.pdf .
 func inverseNTT(f nttElement) ringElement {
 	k := 255
 	for len := 1; len < n; len *= 2 {

mldsa/mldsa44.go

@@ -272,8 +272,7 @@ func dsaKeyGen44(sk *Key44, xi *[32]byte) {
 	sk.xi = *xi
 	H := sha3.NewSHAKE256()
 	H.Write(xi[:])
-	H.Write([]byte{k44})
-	H.Write([]byte{l44})
+	H.Write([]byte{k44, l44})
 	K := make([]byte, 128)
 	H.Read(K)
 	rho, rho1 := K[:32], K[32:96]

pkcs8/pkcs8.go

@@ -22,14 +22,14 @@ type ScryptOpts = pkcs.ScryptOpts
 
 var (
 	DefaultOpts = pkcs.DefaultOpts
-	SM3 = pkcs.SM3
-	SHA1 = pkcs.SHA1
-	SHA224 = pkcs.SHA224
-	SHA256 = pkcs.SHA256
-	SHA384 = pkcs.SHA384
-	SHA512 = pkcs.SHA512
-	SHA512_224 = pkcs.SHA512_224
-	SHA512_256 = pkcs.SHA512_256
+	SM3         = pkcs.SM3
+	SHA1        = pkcs.SHA1
+	SHA224      = pkcs.SHA224
+	SHA256      = pkcs.SHA256
+	SHA384      = pkcs.SHA384
+	SHA512      = pkcs.SHA512
+	SHA512_224  = pkcs.SHA512_224
+	SHA512_256  = pkcs.SHA512_256
 )
 
 // for encrypted private-key information
@@ -39,7 +39,7 @@ type encryptedPrivateKeyInfo struct {
 }
 
 var (
-	ErrUnsupportedPBES = errors.New("pkcs8: only part of PBES1/PBES2 supported")
+	ErrUnsupportedPBES   = errors.New("pkcs8: only part of PBES1/PBES2 supported")
 	ErrUnexpectedKeyType = errors.New("pkcs8: unexpected key type")
 )