From: Sergey Matveev <stargrave@stargrave.org>
Date: Wed, 5 Apr 2023 11:56:26 +0000 (+0300)
Subject: mgm.InvalidTag
X-Git-Tag: v5.10.0~6
X-Git-Url: http://www.git.cypherpunks.ru/?p=gogost.git;a=commitdiff_plain;h=b465c131a7dc5dd4563cfa85b5629baeaa403f7b

mgm.InvalidTag
---

diff --git a/gogost.go b/gogost.go
index 76095fe..2aad3a2 100644
--- a/gogost.go
+++ b/gogost.go
@@ -1,4 +1,4 @@
 // Pure Go GOST cryptographic functions library.
 package gogost
 
-const Version = "5.9.1"
+const Version = "5.10.0"
diff --git a/mgm/mode.go b/mgm/mode.go
index c62e756..3fdeaba 100644
--- a/mgm/mode.go
+++ b/mgm/mode.go
@@ -23,6 +23,8 @@ import (
 	"errors"
 )
 
+var InvalidTag = errors.New("gogost/mgm: invalid authentication tag")
+
 type Mul interface {
 	Mul(x, y []byte) []byte
 }
@@ -207,6 +209,8 @@ func (mgm *MGM) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
 	return ret
 }
 
+// Open the authenticated ciphertext. If authentication tag is invalid,
+// then InvalidTag error is returned.
 func (mgm *MGM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
 	mgm.validateNonce(nonce)
 	mgm.validateSizes(ciphertext, additionalData)
@@ -221,7 +225,7 @@ func (mgm *MGM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, err
 	copy(mgm.icn, nonce)
 	mgm.auth(mgm.sum, ct, additionalData)
 	if !hmac.Equal(mgm.sum[:mgm.TagSize], ciphertext[len(ciphertext)-mgm.TagSize:]) {
-		return nil, errors.New("gogost/mgm: invalid authentication tag")
+		return nil, InvalidTag
 	}
 	mgm.crypt(out, ct)
 	return ret, nil
diff --git a/news.texi b/news.texi
index 66e1942..341c8ea 100644
--- a/news.texi
+++ b/news.texi
@@ -3,6 +3,10 @@
 
 @table @strong
 
+@anchor{Release 5.10.0}
+@item 5.10.0
+@code{mgm.MGM.Open} returns @code{mgm.InvalidTag} for failed authentication.
+
 @anchor{Release 5.9.1}
 @item 5.9.1
 Updated and cleaned up @file{go.sum}.