From aede405cdd1c56ee84a29d33ad65b02d2a89d400 Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Thu, 24 Nov 2022 10:18:03 +0800 Subject: [PATCH] sm2: add deprecated comment --- sm2/sm2.go | 24 ++++++++++++++++++++---- sm2/sm2_keyexchange.go | 2 ++ sm2/sm2_legacy.go | 22 +++------------------- 3 files changed, 25 insertions(+), 23 deletions(-) diff --git a/sm2/sm2.go b/sm2/sm2.go index 69f1ae8..adf45a8 100644 --- a/sm2/sm2.go +++ b/sm2/sm2.go @@ -374,7 +374,7 @@ func parseCiphertext(c *sm2Curve, ciphertext []byte, opts *DecrypterOpts) (*_sm2 b := ciphertext[0] switch b { case uncompressed: - if len(ciphertext) <= 1+2*byteLen { + if len(ciphertext) <= 1+2*byteLen+sm3.Size { return nil, nil, nil, errors.New("sm2: invalid ciphertext length") } C1, err := c.newPoint().SetBytes(ciphertext[:1+2*byteLen]) @@ -384,9 +384,6 @@ func parseCiphertext(c *sm2Curve, ciphertext []byte, opts *DecrypterOpts) (*_sm2 c2, c3 := parseCiphertextC2C3(ciphertext[1+2*byteLen:], splicingOrder) return C1, c2, c3, nil case compressed02, compressed03: - if len(ciphertext) <= 1+byteLen { - return nil, nil, nil, errors.New("sm2: invalid ciphertext length") - } C1, err := c.newPoint().SetBytes(ciphertext[:1+byteLen]) if err != nil { return nil, nil, nil, err @@ -407,6 +404,25 @@ func parseCiphertextC2C3(ciphertext []byte, order ciphertextSplicingOrder) ([]by return ciphertext[:len(ciphertext)-sm3.Size], ciphertext[len(ciphertext)-sm3.Size:] } +func unmarshalASN1Ciphertext(ciphertext []byte) (*big.Int, *big.Int, []byte, []byte, error) { + var ( + x1, y1 = &big.Int{}, &big.Int{} + c2, c3 []byte + inner cryptobyte.String + ) + input := cryptobyte.String(ciphertext) + if !input.ReadASN1(&inner, asn1.SEQUENCE) || + !input.Empty() || + !inner.ReadASN1Integer(x1) || + !inner.ReadASN1Integer(y1) || + !inner.ReadASN1Bytes(&c3, asn1.OCTET_STRING) || + !inner.ReadASN1Bytes(&c2, asn1.OCTET_STRING) || + !inner.Empty() { + return nil, nil, nil, nil, errors.New("sm2: invalid asn1 format ciphertext") + } + return x1, y1, c2, c3, nil +} + func parseCiphertextASN1(c *sm2Curve, ciphertext []byte) (*_sm2ec.SM2P256Point, []byte, []byte, error) { x1, y1, c2, c3, err := unmarshalASN1Ciphertext(ciphertext) if err != nil { diff --git a/sm2/sm2_keyexchange.go b/sm2/sm2_keyexchange.go index 993b192..7e84dd4 100644 --- a/sm2/sm2_keyexchange.go +++ b/sm2/sm2_keyexchange.go @@ -11,6 +11,8 @@ import ( "github.com/emmansun/gmsm/sm3" ) +// This file contains a math/big implementation of SM2 key exchange which is deprecated, please use ecdh instead. + // KeyExchange key exchange struct, include internal stat in whole key exchange flow. // Initiator's flow will be: NewKeyExchange -> InitKeyExchange -> transmission -> ConfirmResponder // Responder's flow will be: NewKeyExchange -> waiting ... -> RepondKeyExchange -> transmission -> ConfirmInitiator diff --git a/sm2/sm2_legacy.go b/sm2/sm2_legacy.go index 657bd3e..efd1bea 100644 --- a/sm2/sm2_legacy.go +++ b/sm2/sm2_legacy.go @@ -18,6 +18,9 @@ import ( "golang.org/x/crypto/cryptobyte/asn1" ) +// This file contains a math/big implementation of SM2 DSA/Encryption that is only used for +// deprecated custom curves. + // A invertible implements fast inverse in GF(N). type invertible interface { // Inverse returns the inverse of k mod Params().N. @@ -301,25 +304,6 @@ func mashalASN1Ciphertext(x1, y1 *big.Int, c2, c3 []byte) ([]byte, error) { return b.Bytes() } -func unmarshalASN1Ciphertext(ciphertext []byte) (*big.Int, *big.Int, []byte, []byte, error) { - var ( - x1, y1 = &big.Int{}, &big.Int{} - c2, c3 []byte - inner cryptobyte.String - ) - input := cryptobyte.String(ciphertext) - if !input.ReadASN1(&inner, asn1.SEQUENCE) || - !input.Empty() || - !inner.ReadASN1Integer(x1) || - !inner.ReadASN1Integer(y1) || - !inner.ReadASN1Bytes(&c3, asn1.OCTET_STRING) || - !inner.ReadASN1Bytes(&c2, asn1.OCTET_STRING) || - !inner.Empty() { - return nil, nil, nil, nil, errors.New("sm2: invalid asn1 format ciphertext") - } - return x1, y1, c2, c3, nil -} - // ASN1Ciphertext2Plain utility method to convert ASN.1 encoding ciphertext to plain encoding format func ASN1Ciphertext2Plain(ciphertext []byte, opts *EncrypterOpts) ([]byte, error) { if opts == nil {