pkcs7: align pkix.AlgorithmIdentifier Null Parameters with others

emmansun · Oct 30, 2024 · 8e2f6c1 · 8e2f6c1 · emmansun · Oct 30, 2024
1 parent 559da49
commit 8e2f6c1
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 26 deletions.
diff --git a/pkcs/kdf_pbkdf2.go b/pkcs/kdf_pbkdf2.go
@@ -74,35 +74,35 @@ func newPRFParamFromHash(h Hash) (pkix.AlgorithmIdentifier, error) {
 	case SHA1:
 		return pkix.AlgorithmIdentifier{
 			Algorithm:  oidHMACWithSHA1,
-			Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil
+			Parameters: asn1.NullRawValue}, nil
 	case SHA224:
 		return pkix.AlgorithmIdentifier{
 			Algorithm:  oidHMACWithSHA224,
-			Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil
+			Parameters: asn1.NullRawValue}, nil
 	case SHA256:
 		return pkix.AlgorithmIdentifier{
 			Algorithm:  oidHMACWithSHA256,
-			Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil
+			Parameters: asn1.NullRawValue}, nil
 	case SHA384:
 		return pkix.AlgorithmIdentifier{
 			Algorithm:  oidHMACWithSHA384,
-			Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil
+			Parameters: asn1.NullRawValue}, nil
 	case SHA512:
 		return pkix.AlgorithmIdentifier{
 			Algorithm:  oidHMACWithSHA512,
-			Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil
+			Parameters: asn1.NullRawValue}, nil
 	case SHA512_224:
 		return pkix.AlgorithmIdentifier{
 			Algorithm:  oidHMACWithSHA512_224,
-			Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil
+			Parameters: asn1.NullRawValue}, nil
 	case SHA512_256:
 		return pkix.AlgorithmIdentifier{
 			Algorithm:  oidHMACWithSHA512_256,
-			Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil
+			Parameters: asn1.NullRawValue}, nil
 	case SM3:
 		return pkix.AlgorithmIdentifier{
 			Algorithm:  oidHMACWithSM3,
-			Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil
+			Parameters: asn1.NullRawValue}, nil
 
 	}
 	return pkix.AlgorithmIdentifier{}, errors.New("pbes/pbkdf2: unsupported hash function")

diff --git a/pkcs7/envelope.go b/pkcs7/envelope.go
@@ -191,7 +191,8 @@ func (ed *EnvelopedData) AddRecipient(cert *smx509.Certificate, version int, enc
 		Version:               version,
 		IssuerAndSerialNumber: ias,
 		KeyEncryptionAlgorithm: pkix.AlgorithmIdentifier{
-			Algorithm: keyEncryptionAlgorithm,
+			Algorithm:  keyEncryptionAlgorithm,
+			Parameters: asn1.NullRawValue,
 		},
 		EncryptedKey: encrypted,
 	}

diff --git a/pkcs7/sign.go b/pkcs7/sign.go
@@ -161,7 +161,7 @@ func (sd *SignedData) AddSignerChain(ee *smx509.Certificate, pkey crypto.Private
 		ias.IssuerName = asn1.RawValue{FullBytes: parents[0].RawSubject}
 	}
 	sd.sd.DigestAlgorithmIdentifiers = append(sd.sd.DigestAlgorithmIdentifiers,
-		pkix.AlgorithmIdentifier{Algorithm: sd.digestOid},
+		pkix.AlgorithmIdentifier{Algorithm: sd.digestOid, Parameters: asn1.NullRawValue},
 	)
 	hasher, err := getHashForOID(sd.digestOid)
 	if err != nil {
@@ -192,8 +192,8 @@ func (sd *SignedData) AddSignerChain(ee *smx509.Certificate, pkey crypto.Private
 	}
 	signer := signerInfo{
 		AuthenticatedAttributes:   finalAttrs,
-		DigestAlgorithm:           pkix.AlgorithmIdentifier{Algorithm: sd.digestOid},
-		DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: encryptionOid},
+		DigestAlgorithm:           pkix.AlgorithmIdentifier{Algorithm: sd.digestOid, Parameters: asn1.NullRawValue},
+		DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: encryptionOid, Parameters: asn1.NullRawValue},
 		IssuerAndSerialNumber:     ias,
 		EncryptedDigest:           signature,
 		Version:                   1,
@@ -231,7 +231,7 @@ func newHash(hasher crypto.Hash, hashOid asn1.ObjectIdentifier) hash.Hash {
 // applications.
 func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error {
 	var signature []byte
-	sd.sd.DigestAlgorithmIdentifiers = append(sd.sd.DigestAlgorithmIdentifiers, pkix.AlgorithmIdentifier{Algorithm: sd.digestOid})
+	sd.sd.DigestAlgorithmIdentifiers = append(sd.sd.DigestAlgorithmIdentifiers, pkix.AlgorithmIdentifier{Algorithm: sd.digestOid, Parameters: asn1.NullRawValue})
 	hasher, err := getHashForOID(sd.digestOid)
 	if err != nil {
 		return err
@@ -265,8 +265,8 @@ func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.Privat
 		return err
 	}
 	signer := signerInfo{
-		DigestAlgorithm:           pkix.AlgorithmIdentifier{Algorithm: sd.digestOid},
-		DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.encryptionOid},
+		DigestAlgorithm:           pkix.AlgorithmIdentifier{Algorithm: sd.digestOid, Parameters: asn1.NullRawValue},
+		DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.encryptionOid, Parameters: asn1.NullRawValue},
 		IssuerAndSerialNumber:     ias,
 		EncryptedDigest:           signature,
 		Version:                   1,

diff --git a/pkcs7/sign_enveloped.go b/pkcs7/sign_enveloped.go
@@ -217,7 +217,7 @@ func (saed *SignedAndEnvelopedData) AddSignerChain(ee *smx509.Certificate, pkey
 		ias.IssuerName = asn1.RawValue{FullBytes: parents[0].RawSubject}
 	}
 	saed.sed.DigestAlgorithmIdentifiers = append(saed.sed.DigestAlgorithmIdentifiers,
-		pkix.AlgorithmIdentifier{Algorithm: saed.digestOid},
+		pkix.AlgorithmIdentifier{Algorithm: saed.digestOid, Parameters: asn1.NullRawValue},
 	)
 	hasher, err := getHashForOID(saed.digestOid)
 	if err != nil {
@@ -250,8 +250,8 @@ func (saed *SignedAndEnvelopedData) AddSignerChain(ee *smx509.Certificate, pkey
 		return err
 	}
 	signer := signerInfo{
-		DigestAlgorithm:           pkix.AlgorithmIdentifier{Algorithm: saed.digestOid},
-		DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: signatureOid},
+		DigestAlgorithm:           pkix.AlgorithmIdentifier{Algorithm: saed.digestOid, Parameters: asn1.NullRawValue},
+		DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: signatureOid, Parameters: asn1.NullRawValue},
 		IssuerAndSerialNumber:     ias,
 		EncryptedDigest:           signature,
 		Version:                   1,
@@ -287,7 +287,8 @@ func (saed *SignedAndEnvelopedData) AddRecipient(recipient *smx509.Certificate)
 		Version:               1,
 		IssuerAndSerialNumber: ias,
 		KeyEncryptionAlgorithm: pkix.AlgorithmIdentifier{
-			Algorithm: keyEncryptionAlgorithm,
+			Algorithm:  keyEncryptionAlgorithm,
+			Parameters: asn1.NullRawValue,
 		},
 		EncryptedKey: encryptedKey,
 	}

diff --git a/sm4/gcm_cipher_asm.go b/sm4/gcm_cipher_asm.go
@@ -162,13 +162,6 @@ func (g *gcm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	return ret, nil
 }
 
-// reverseBits reverses the order of the bits of 4-bit number in i.
-func reverseBits(i int) int {
-	i = ((i << 2) & 0xc) | ((i >> 2) & 0x3)
-	i = ((i << 1) & 0xa) | ((i >> 1) & 0x5)
-	return i
-}
-
 // gcmAdd adds two elements of GF(2¹²⁸) and returns the sum.
 func gcmAdd(x, y *gcmFieldElement) gcmFieldElement {
 	// Addition in a characteristic 2 field is just XOR.