X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=mgm%2Fmode.go;h=cbba435f4755fdeb862b4f1ab82224a482a9e063;hb=d681002980ca0b115936a6e217de5649bb8966d3;hp=c4bb92ae66353fdda8f90dcada019a25eecca8ee;hpb=5fc90f4d05f0515cc91dd9feceb813e2b753cbb7;p=gogost.git diff --git a/mgm/mode.go b/mgm/mode.go index c4bb92a..cbba435 100644 --- a/mgm/mode.go +++ b/mgm/mode.go @@ -1,5 +1,5 @@ // GoGOST -- Pure Go GOST cryptographic functions library -// Copyright (C) 2015-2022 Sergey Matveev +// Copyright (C) 2015-2024 Sergey Matveev // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -21,8 +21,11 @@ import ( "crypto/hmac" "encoding/binary" "errors" + "fmt" ) +var InvalidTag = errors.New("gogost/mgm: invalid authentication tag") + type Mul interface { Mul(x, y []byte) []byte } @@ -43,10 +46,10 @@ type MGM struct { func NewMGM(cipher cipher.Block, tagSize int) (cipher.AEAD, error) { blockSize := cipher.BlockSize() if !(blockSize == 8 || blockSize == 16) { - return nil, errors.New("gogost/mgm: only 64/128 blocksizes allowed") + return nil, errors.New("gogost/mgm: only {64|128} blocksizes allowed") } if tagSize < 4 || tagSize > blockSize { - return nil, errors.New("gogost/mgm: invalid tag size") + return nil, fmt.Errorf("gogost/mgm: invalid tag size (4<=%d<=%d)", tagSize, blockSize) } mgm := MGM{ MaxSize: uint64(1< mgm.MaxSize { panic("ciphertext is too big") @@ -221,7 +226,7 @@ func (mgm *MGM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, err copy(mgm.icn, nonce) mgm.auth(mgm.sum, ct, additionalData) if !hmac.Equal(mgm.sum[:mgm.TagSize], ciphertext[len(ciphertext)-mgm.TagSize:]) { - return nil, errors.New("gogost/mgm: invalid authentication tag") + return nil, InvalidTag } mgm.crypt(out, ct) return ret, nil