mgm.InvalidTag

[gogost.git] / mgm / mode.go

diff --git a/mgm/mode.go b/mgm/mode.go
index 38b9ab349cc6bc290e8a8b3367a8890ca00fba17..3fdeaba0fbc889ca6baa59c645751bcec9d7e7d4 100644 (file)
--- a/mgm/mode.go
+++ b/mgm/mode.go
@@ -1,5 +1,5 @@
 // GoGOST -- Pure Go GOST cryptographic functions library
-// Copyright (C) 2015-2021 Sergey Matveev <stargrave@stargrave.org>
+// Copyright (C) 2015-2023 Sergey Matveev <stargrave@stargrave.org>
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
@@ -23,6 +23,8 @@ import (
        "errors"
 )
 
+var InvalidTag = errors.New("gogost/mgm: invalid authentication tag")
+
 type Mul interface {
        Mul(x, y []byte) []byte
 }
@@ -207,6 +209,8 @@ func (mgm *MGM) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
        return ret
 }
 
+// Open the authenticated ciphertext. If authentication tag is invalid,
+// then InvalidTag error is returned.
 func (mgm *MGM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
        mgm.validateNonce(nonce)
        mgm.validateSizes(ciphertext, additionalData)
@@ -221,7 +225,7 @@ func (mgm *MGM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, err
        copy(mgm.icn, nonce)
        mgm.auth(mgm.sum, ct, additionalData)
        if !hmac.Equal(mgm.sum[:mgm.TagSize], ciphertext[len(ciphertext)-mgm.TagSize:]) {
-               return nil, errors.New("gogost/mgm: invalid authentication tag")
+               return nil, InvalidTag
        }
        mgm.crypt(out, ct)
        return ret, nil