sm4: use new functions: clear(), bytes.Clone()

2025-04-21 17:56:19 +08:00 · 2025-02-26 10:19:56 +08:00 · 2025-02-26 10:19:56 +08:00 · 27e7ceacbc
commit 27e7ceacbc
parent ec8580b01f
6 changed files with 18 additions and 32 deletions
--- a/sm4/cbc_cipher_asm.go
+++ b/sm4/cbc_cipher_asm.go
@ -3,6 +3,7 @@
 package sm4
 import (
 	"bytes"
 	"crypto/cipher"
 	"github.com/emmansun/gmsm/internal/alias"
@ -23,21 +24,19 @@ type cbc struct {
 }
 func (b *sm4CipherAsm) NewCBCEncrypter(iv []byte) cipher.BlockMode {
-	var c cbc
+	return &cbc{
-	c.b = b
+		b:   b,
-	c.enc = cbcEncrypt
+		iv:  bytes.Clone(iv),
-	c.iv = make([]byte, BlockSize)
+		enc: cbcEncrypt,
-	copy(c.iv, iv)
+	}
 	return &c
 }
 func (b *sm4CipherAsm) NewCBCDecrypter(iv []byte) cipher.BlockMode {
-	var c cbc
+	return &cbc{
-	c.b = b
+		b:   b,
-	c.enc = cbcDecrypt
+		iv:  bytes.Clone(iv),
-	c.iv = make([]byte, BlockSize)
+		enc: cbcDecrypt,
-	copy(c.iv, iv)
+	}
 	return &c
 }
 func (x *cbc) BlockSize() int { return BlockSize }
--- a/sm4/ctr_cipher_asm.go
+++ b/sm4/ctr_cipher_asm.go
@ -3,6 +3,7 @@
 package sm4
 import (
 	"bytes"
 	"crypto/cipher"
 	"github.com/emmansun/gmsm/internal/alias"
@ -33,11 +34,10 @@ func (c *sm4CipherAsm) NewCTR(iv []byte) cipher.Stream {
 	}
 	s := &ctr{
 		b:       c,
-		ctr:     make([]byte, c.blocksSize),
+		ctr:     bytes.Clone(iv),
 		out:     make([]byte, 0, bufSize),
 		outUsed: 0,
 	}
 	copy(s.ctr, iv)
 	for i := 1; i < c.batchBlocks; i++ {
 		s.genCtr(i * BlockSize)
 	}
--- a/sm4/ecb_cipher_asm.go
+++ b/sm4/ecb_cipher_asm.go
@ -33,17 +33,11 @@ func (x *ecb) validate(dst, src []byte) {
 }
 func (b *sm4CipherAsm) NewECBEncrypter() cipher.BlockMode {
-	var c ecb
+	return &ecb{b: b, enc: ecbEncrypt}
 	c.b = b
 	c.enc = ecbEncrypt
 	return &c
 }
 func (b *sm4CipherAsm) NewECBDecrypter() cipher.BlockMode {
-	var c ecb
+	return &ecb{b: b, enc: ecbDecrypt}
 	c.b = b
 	c.enc = ecbDecrypt
 	return &c
 }
 func (x *ecb) BlockSize() int { return BlockSize }
--- a/sm4/gcm_cipher_asm.go
+++ b/sm4/gcm_cipher_asm.go
@ -152,9 +152,7 @@ func (g *gcm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 		// so overwrites dst in the event of a tag mismatch. That
 		// behavior is mimicked here in order to be consistent across
 		// platforms.
-		for i := range out {
+		clear(out)
 			out[i] = 0
 		}
 		return nil, errOpen
 	}
--- a/sm4/gcm_ppc64x.go
+++ b/sm4/gcm_ppc64x.go
@ -237,10 +237,7 @@ func (g *gcmAsm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	}
 	if _subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
-		// clear(out)
+		clear(out)
 		for i := range out {
 			out[i] = 0
 		}
 		return nil, errOpen
 	}
--- a/sm4/sm4ni_gcm_asm.go
+++ b/sm4/sm4ni_gcm_asm.go
@ -135,9 +135,7 @@ func (g *gcmNI) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	gcmSm4Finish(&g.bytesProductTable, &tagMask, &expectedTag, uint64(len(ciphertext)), uint64(len(data)))
 	if subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
-		for i := range out {
+		clear(out)
 			out[i] = 0
 		}
 		return nil, errOpen
 	}
 	return ret, nil