sm2: add deprecated comment

sm2/sm2.go

@@ -374,7 +374,7 @@ func parseCiphertext(c *sm2Curve, ciphertext []byte, opts *DecrypterOpts) (*_sm2
 	b := ciphertext[0]
 	switch b {
 	case uncompressed:
-		if len(ciphertext) <= 1+2*byteLen {
+		if len(ciphertext) <= 1+2*byteLen+sm3.Size {
 			return nil, nil, nil, errors.New("sm2: invalid ciphertext length")
 		}
 		C1, err := c.newPoint().SetBytes(ciphertext[:1+2*byteLen])
@@ -384,9 +384,6 @@ func parseCiphertext(c *sm2Curve, ciphertext []byte, opts *DecrypterOpts) (*_sm2
 		c2, c3 := parseCiphertextC2C3(ciphertext[1+2*byteLen:], splicingOrder)
 		return C1, c2, c3, nil
 	case compressed02, compressed03:
-		if len(ciphertext) <= 1+byteLen {
-			return nil, nil, nil, errors.New("sm2: invalid ciphertext length")
-		}
 		C1, err := c.newPoint().SetBytes(ciphertext[:1+byteLen])
 		if err != nil {
 			return nil, nil, nil, err
@@ -407,6 +404,25 @@ func parseCiphertextC2C3(ciphertext []byte, order ciphertextSplicingOrder) ([]by
 	return ciphertext[:len(ciphertext)-sm3.Size], ciphertext[len(ciphertext)-sm3.Size:]
 }
 
+func unmarshalASN1Ciphertext(ciphertext []byte) (*big.Int, *big.Int, []byte, []byte, error) {
+	var (
+		x1, y1 = &big.Int{}, &big.Int{}
+		c2, c3 []byte
+		inner  cryptobyte.String
+	)
+	input := cryptobyte.String(ciphertext)
+	if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
+		!input.Empty() ||
+		!inner.ReadASN1Integer(x1) ||
+		!inner.ReadASN1Integer(y1) ||
+		!inner.ReadASN1Bytes(&c3, asn1.OCTET_STRING) ||
+		!inner.ReadASN1Bytes(&c2, asn1.OCTET_STRING) ||
+		!inner.Empty() {
+		return nil, nil, nil, nil, errors.New("sm2: invalid asn1 format ciphertext")
+	}
+	return x1, y1, c2, c3, nil
+}
+
 func parseCiphertextASN1(c *sm2Curve, ciphertext []byte) (*_sm2ec.SM2P256Point, []byte, []byte, error) {
 	x1, y1, c2, c3, err := unmarshalASN1Ciphertext(ciphertext)
 	if err != nil {

sm2/sm2_keyexchange.go

@@ -11,6 +11,8 @@ import (
 	"github.com/emmansun/gmsm/sm3"
 )
 
+// This file contains a math/big implementation of SM2 key exchange which is deprecated, please use ecdh instead.
+
 // KeyExchange key exchange struct, include internal stat in whole key exchange flow.
 // Initiator's flow will be: NewKeyExchange -> InitKeyExchange -> transmission -> ConfirmResponder
 // Responder's flow will be: NewKeyExchange -> waiting ... -> RepondKeyExchange -> transmission -> ConfirmInitiator

sm2/sm2_legacy.go

@@ -18,6 +18,9 @@ import (
 	"golang.org/x/crypto/cryptobyte/asn1"
 )
 
+// This file contains a math/big implementation of SM2 DSA/Encryption that is only used for
+// deprecated custom curves.
+
 // A invertible implements fast inverse in GF(N).
 type invertible interface {
 	// Inverse returns the inverse of k mod Params().N.
@@ -301,25 +304,6 @@ func mashalASN1Ciphertext(x1, y1 *big.Int, c2, c3 []byte) ([]byte, error) {
 	return b.Bytes()
 }
 
-func unmarshalASN1Ciphertext(ciphertext []byte) (*big.Int, *big.Int, []byte, []byte, error) {
-	var (
-		x1, y1 = &big.Int{}, &big.Int{}
-		c2, c3 []byte
-		inner  cryptobyte.String
-	)
-	input := cryptobyte.String(ciphertext)
-	if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
-		!input.Empty() ||
-		!inner.ReadASN1Integer(x1) ||
-		!inner.ReadASN1Integer(y1) ||
-		!inner.ReadASN1Bytes(&c3, asn1.OCTET_STRING) ||
-		!inner.ReadASN1Bytes(&c2, asn1.OCTET_STRING) ||
-		!inner.Empty() {
-		return nil, nil, nil, nil, errors.New("sm2: invalid asn1 format ciphertext")
-	}
-	return x1, y1, c2, c3, nil
-}
-
 // ASN1Ciphertext2Plain utility method to convert ASN.1 encoding ciphertext to plain encoding format
 func ASN1Ciphertext2Plain(ciphertext []byte, opts *EncrypterOpts) ([]byte, error) {
 	if opts == nil {