From 8e2f6c13dedfb4c9b271a60e5c8f8ce0dbb936e3 Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Wed, 30 Oct 2024 08:57:45 +0800 Subject: [PATCH] pkcs7: align pkix.AlgorithmIdentifier Null Parameters with others --- pkcs/kdf_pbkdf2.go | 16 ++++++++-------- pkcs7/envelope.go | 3 ++- pkcs7/sign.go | 12 ++++++------ pkcs7/sign_enveloped.go | 9 +++++---- sm4/gcm_cipher_asm.go | 7 ------- 5 files changed, 21 insertions(+), 26 deletions(-) diff --git a/pkcs/kdf_pbkdf2.go b/pkcs/kdf_pbkdf2.go index 176b459..f66f0c6 100644 --- a/pkcs/kdf_pbkdf2.go +++ b/pkcs/kdf_pbkdf2.go @@ -74,35 +74,35 @@ func newPRFParamFromHash(h Hash) (pkix.AlgorithmIdentifier, error) { case SHA1: return pkix.AlgorithmIdentifier{ Algorithm: oidHMACWithSHA1, - Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil + Parameters: asn1.NullRawValue}, nil case SHA224: return pkix.AlgorithmIdentifier{ Algorithm: oidHMACWithSHA224, - Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil + Parameters: asn1.NullRawValue}, nil case SHA256: return pkix.AlgorithmIdentifier{ Algorithm: oidHMACWithSHA256, - Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil + Parameters: asn1.NullRawValue}, nil case SHA384: return pkix.AlgorithmIdentifier{ Algorithm: oidHMACWithSHA384, - Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil + Parameters: asn1.NullRawValue}, nil case SHA512: return pkix.AlgorithmIdentifier{ Algorithm: oidHMACWithSHA512, - Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil + Parameters: asn1.NullRawValue}, nil case SHA512_224: return pkix.AlgorithmIdentifier{ Algorithm: oidHMACWithSHA512_224, - Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil + Parameters: asn1.NullRawValue}, nil case SHA512_256: return pkix.AlgorithmIdentifier{ Algorithm: oidHMACWithSHA512_256, - Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil + Parameters: asn1.NullRawValue}, nil case SM3: return pkix.AlgorithmIdentifier{ Algorithm: oidHMACWithSM3, - Parameters: asn1.RawValue{Tag: asn1.TagNull}}, nil + Parameters: asn1.NullRawValue}, nil } return pkix.AlgorithmIdentifier{}, errors.New("pbes/pbkdf2: unsupported hash function") diff --git a/pkcs7/envelope.go b/pkcs7/envelope.go index 887b281..2ad1719 100644 --- a/pkcs7/envelope.go +++ b/pkcs7/envelope.go @@ -191,7 +191,8 @@ func (ed *EnvelopedData) AddRecipient(cert *smx509.Certificate, version int, enc Version: version, IssuerAndSerialNumber: ias, KeyEncryptionAlgorithm: pkix.AlgorithmIdentifier{ - Algorithm: keyEncryptionAlgorithm, + Algorithm: keyEncryptionAlgorithm, + Parameters: asn1.NullRawValue, }, EncryptedKey: encrypted, } diff --git a/pkcs7/sign.go b/pkcs7/sign.go index 0bc91df..0887da7 100644 --- a/pkcs7/sign.go +++ b/pkcs7/sign.go @@ -161,7 +161,7 @@ func (sd *SignedData) AddSignerChain(ee *smx509.Certificate, pkey crypto.Private ias.IssuerName = asn1.RawValue{FullBytes: parents[0].RawSubject} } sd.sd.DigestAlgorithmIdentifiers = append(sd.sd.DigestAlgorithmIdentifiers, - pkix.AlgorithmIdentifier{Algorithm: sd.digestOid}, + pkix.AlgorithmIdentifier{Algorithm: sd.digestOid, Parameters: asn1.NullRawValue}, ) hasher, err := getHashForOID(sd.digestOid) if err != nil { @@ -192,8 +192,8 @@ func (sd *SignedData) AddSignerChain(ee *smx509.Certificate, pkey crypto.Private } signer := signerInfo{ AuthenticatedAttributes: finalAttrs, - DigestAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.digestOid}, - DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: encryptionOid}, + DigestAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.digestOid, Parameters: asn1.NullRawValue}, + DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: encryptionOid, Parameters: asn1.NullRawValue}, IssuerAndSerialNumber: ias, EncryptedDigest: signature, Version: 1, @@ -231,7 +231,7 @@ func newHash(hasher crypto.Hash, hashOid asn1.ObjectIdentifier) hash.Hash { // applications. func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error { var signature []byte - sd.sd.DigestAlgorithmIdentifiers = append(sd.sd.DigestAlgorithmIdentifiers, pkix.AlgorithmIdentifier{Algorithm: sd.digestOid}) + sd.sd.DigestAlgorithmIdentifiers = append(sd.sd.DigestAlgorithmIdentifiers, pkix.AlgorithmIdentifier{Algorithm: sd.digestOid, Parameters: asn1.NullRawValue}) hasher, err := getHashForOID(sd.digestOid) if err != nil { return err @@ -265,8 +265,8 @@ func (sd *SignedData) SignWithoutAttr(ee *smx509.Certificate, pkey crypto.Privat return err } signer := signerInfo{ - DigestAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.digestOid}, - DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.encryptionOid}, + DigestAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.digestOid, Parameters: asn1.NullRawValue}, + DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: sd.encryptionOid, Parameters: asn1.NullRawValue}, IssuerAndSerialNumber: ias, EncryptedDigest: signature, Version: 1, diff --git a/pkcs7/sign_enveloped.go b/pkcs7/sign_enveloped.go index 64b2170..9c3787f 100644 --- a/pkcs7/sign_enveloped.go +++ b/pkcs7/sign_enveloped.go @@ -217,7 +217,7 @@ func (saed *SignedAndEnvelopedData) AddSignerChain(ee *smx509.Certificate, pkey ias.IssuerName = asn1.RawValue{FullBytes: parents[0].RawSubject} } saed.sed.DigestAlgorithmIdentifiers = append(saed.sed.DigestAlgorithmIdentifiers, - pkix.AlgorithmIdentifier{Algorithm: saed.digestOid}, + pkix.AlgorithmIdentifier{Algorithm: saed.digestOid, Parameters: asn1.NullRawValue}, ) hasher, err := getHashForOID(saed.digestOid) if err != nil { @@ -250,8 +250,8 @@ func (saed *SignedAndEnvelopedData) AddSignerChain(ee *smx509.Certificate, pkey return err } signer := signerInfo{ - DigestAlgorithm: pkix.AlgorithmIdentifier{Algorithm: saed.digestOid}, - DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: signatureOid}, + DigestAlgorithm: pkix.AlgorithmIdentifier{Algorithm: saed.digestOid, Parameters: asn1.NullRawValue}, + DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{Algorithm: signatureOid, Parameters: asn1.NullRawValue}, IssuerAndSerialNumber: ias, EncryptedDigest: signature, Version: 1, @@ -287,7 +287,8 @@ func (saed *SignedAndEnvelopedData) AddRecipient(recipient *smx509.Certificate) Version: 1, IssuerAndSerialNumber: ias, KeyEncryptionAlgorithm: pkix.AlgorithmIdentifier{ - Algorithm: keyEncryptionAlgorithm, + Algorithm: keyEncryptionAlgorithm, + Parameters: asn1.NullRawValue, }, EncryptedKey: encryptedKey, } diff --git a/sm4/gcm_cipher_asm.go b/sm4/gcm_cipher_asm.go index a3be083..c068019 100644 --- a/sm4/gcm_cipher_asm.go +++ b/sm4/gcm_cipher_asm.go @@ -162,13 +162,6 @@ func (g *gcm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { return ret, nil } -// reverseBits reverses the order of the bits of 4-bit number in i. -func reverseBits(i int) int { - i = ((i << 2) & 0xc) | ((i >> 2) & 0x3) - i = ((i << 1) & 0xa) | ((i >> 1) & 0x5) - return i -} - // gcmAdd adds two elements of GF(2¹²⁸) and returns the sum. func gcmAdd(x, y *gcmFieldElement) gcmFieldElement { // Addition in a characteristic 2 field is just XOR.