package gost28147
import (
- "errors"
+ "fmt"
)
var (
// following ones are fed to Write function.
func (c *Cipher) NewMAC(size int, iv []byte) (*MAC, error) {
if size == 0 || size > 8 {
- return nil, errors.New("gogost/gost28147: invalid tag size")
+ return nil, fmt.Errorf("gogost/gost28147: invalid tag size (0<%d<=8)", size)
}
if len(iv) != BlockSize {
- return nil, errors.New("gogost/gost28147: len(iv) != 8")
+ return nil, fmt.Errorf("gogost/gost28147: len(iv)=%d != %d", len(iv), BlockSize)
}
m := MAC{c: c, size: size, iv: iv}
n2, n1 := block2nvs(iv)
func NewPrivateKey(c *Curve, raw []byte) (*PrivateKey, error) {
pointSize := c.PointSize()
if len(raw) != pointSize {
- return nil, fmt.Errorf("gogost/gost3410: len(key) != %d", pointSize)
+ return nil, fmt.Errorf("gogost/gost3410: len(key)=%d != %d", len(raw), pointSize)
}
key := make([]byte, pointSize)
for i := 0; i < len(key); i++ {
func GenPrivateKey(c *Curve, rand io.Reader) (*PrivateKey, error) {
raw := make([]byte, c.PointSize())
if _, err := io.ReadFull(rand, raw); err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.GenPrivateKey: %w", err)
}
return NewPrivateKey(c, raw)
}
func (prv *PrivateKey) PublicKey() (*PublicKey, error) {
x, y, err := prv.C.Exp(prv.Key, prv.C.X, prv.C.Y)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.PublicKey: %w", err)
}
return &PublicKey{prv.C, x, y}, nil
}
s := big.NewInt(0)
Retry:
if _, err = io.ReadFull(rand, kRaw); err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.SignDigest: %w", err)
}
k = bytes2big(kRaw)
k.Mod(k, prv.C.Q)
}
r, _, err = prv.C.Exp(k, prv.C.X, prv.C.Y)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.SignDigest: %w", err)
}
r.Mod(r, prv.C.Q)
if r.Cmp(zero) == 0 {
func (pub *PublicKey) VerifyDigest(digest, signature []byte) (bool, error) {
pointSize := pub.C.PointSize()
if len(signature) != 2*pointSize {
- return false, fmt.Errorf("gogost/gost3410: len(signature) != %d", 2*pointSize)
+ return false, fmt.Errorf("gogost/gost3410: len(signature)=%d != %d", len(signature), 2*pointSize)
}
s := bytes2big(signature[:pointSize])
r := bytes2big(signature[pointSize:])
package gost3410
import (
+ "fmt"
"math/big"
)
func (prv *PrivateKey) KEK(pub *PublicKey, ukm *big.Int) ([]byte, error) {
keyX, keyY, err := prv.C.Exp(prv.Key, pub.X, pub.Y)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.KEK: %w", err)
}
u := big.NewInt(0).Set(ukm).Mul(ukm, prv.C.Co)
if u.Cmp(bigInt1) != 0 {
keyX, keyY, err = prv.C.Exp(u, keyX, keyY)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.KEK: %w", err)
}
}
pk := PublicKey{prv.C, keyX, keyY}
import (
"errors"
+ "fmt"
"math/big"
"go.cypherpunks.ru/gogost/v5/gost28147"
}
key, err := prv.KEK(pub, ukm)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.KEK2001: %w", err)
}
h := gost341194.New(&gost28147.SboxIdGostR341194CryptoProParamSet)
if _, err = h.Write(key); err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.KEK2001: %w", err)
}
return h.Sum(key[:0]), nil
}
package gost3410
import (
+ "fmt"
"math/big"
"go.cypherpunks.ru/gogost/v5/gost34112012256"
func (prv *PrivateKey) KEK2012256(pub *PublicKey, ukm *big.Int) ([]byte, error) {
key, err := prv.KEK(pub, ukm)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.KEK2012256: %w", err)
}
h := gost34112012256.New()
if _, err = h.Write(key); err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.KEK2012256: %w", err)
}
return h.Sum(key[:0]), nil
}
func (prv *PrivateKey) KEK2012512(pub *PublicKey, ukm *big.Int) ([]byte, error) {
key, err := prv.KEK(pub, ukm)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.KEK2012256: %w", err)
}
h := gost34112012512.New()
if _, err = h.Write(key); err != nil {
- return nil, err
+ return nil, fmt.Errorf("gogost/gost3410.PrivateKey.KEK2012256: %w", err)
}
return h.Sum(key[:0]), nil
}
func (h *Hash) UnmarshalBinary(data []byte) error {
expectedLen := len(MarshaledName) + 1 + 8 + 2*BlockSize
if len(data) < expectedLen {
- return fmt.Errorf("gogost/internal/gost34112012: len(data) != %d", expectedLen)
+ return fmt.Errorf("gogost/internal/gost34112012: len(data)=%d != %d", len(data), expectedLen)
}
if !bytes.HasPrefix(data, []byte(MarshaledName)) {
return errors.New("gogost/internal/gost34112012: no hash name prefix")
"crypto/hmac"
"encoding/binary"
"errors"
+ "fmt"
)
var InvalidTag = errors.New("gogost/mgm: invalid authentication tag")
func NewMGM(cipher cipher.Block, tagSize int) (cipher.AEAD, error) {
blockSize := cipher.BlockSize()
if !(blockSize == 8 || blockSize == 16) {
- return nil, errors.New("gogost/mgm: only 64/128 blocksizes allowed")
+ return nil, errors.New("gogost/mgm: only {64|128} blocksizes allowed")
}
if tagSize < 4 || tagSize > blockSize {
- return nil, errors.New("gogost/mgm: invalid tag size")
+ return nil, fmt.Errorf("gogost/mgm: invalid tag size (4<=%d<=%d)", tagSize, blockSize)
}
mgm := MGM{
MaxSize: uint64(1<<uint(blockSize*8/2) - 1),
mgm.validateNonce(nonce)
mgm.validateSizes(ciphertext, additionalData)
if len(ciphertext) < mgm.TagSize {
- return nil, errors.New("ciphertext is too short")
+ return nil, fmt.Errorf("ciphertext is too short (%d<%d)", len(ciphertext), mgm.TagSize)
}
if uint64(len(ciphertext)-mgm.TagSize) > mgm.MaxSize {
panic("ciphertext is too big")