// following ones are fed to Write function.
func (c *Cipher) NewMAC(size int, iv []byte) (*MAC, error) {
if size == 0 || size > 8 {
- return nil, errors.New("Invalid tag size")
+ return nil, errors.New("gogost/gost28147: invalid tag size")
}
if len(iv) != BlockSize {
- return nil, errors.New("iv length is not equal to blocksize")
+ return nil, errors.New("gogost/gost28147: len(iv) != 8")
}
m := MAC{c: c, size: size, iv: iv}
n2, n1 := block2nvs(iv)
r2.Mod(r2, c.P)
c.pos(r2)
if r1.Cmp(r2) != 0 {
- return nil, errors.New("Invalid curve parameters")
+ return nil, errors.New("gogost/gost3410: invalid curve parameters")
}
if e != nil && d != nil {
c.E = e
func (c *Curve) Exp(degree, xS, yS *big.Int) (*big.Int, *big.Int, error) {
if degree.Cmp(zero) == 0 {
- return nil, nil, errors.New("Bad degree value")
+ return nil, nil, errors.New("gogost/gost3410: zero degree value")
}
dg := big.NewInt(0).Sub(degree, bigInt1)
tx := big.NewInt(0).Set(xS)
import (
"crypto"
"errors"
+ "fmt"
"io"
"math/big"
)
func NewPrivateKey(curve *Curve, mode Mode, raw []byte) (*PrivateKey, error) {
if len(raw) != int(mode) {
- return nil, errors.New("Invalid private key length")
+ return nil, fmt.Errorf("gogost/gost3410: len(key) != %d", mode)
}
key := make([]byte, int(mode))
for i := 0; i < len(key); i++ {
}
k := bytes2big(key)
if k.Cmp(zero) == 0 {
- return nil, errors.New("Zero private key")
+ return nil, errors.New("gogost/gost3410: zero private key")
}
return &PrivateKey{curve, mode, k}, nil
}
package gost3410
import (
- "errors"
+ "fmt"
"math/big"
)
func NewPublicKey(curve *Curve, mode Mode, raw []byte) (*PublicKey, error) {
key := make([]byte, 2*int(mode))
if len(raw) != len(key) {
- return nil, errors.New("Invalid public key length")
+ return nil, fmt.Errorf("gogost/gost3410: len(key) != %d", len(key))
}
for i := 0; i < len(key); i++ {
key[i] = raw[len(raw)-i-1]
func (pub *PublicKey) VerifyDigest(digest, signature []byte) (bool, error) {
if len(signature) != 2*int(pub.Mode) {
- return false, errors.New("Invalid signature length")
+ return false, fmt.Errorf("gogost/gost3410: len(signature) != %d", 2*int(pub.Mode))
}
s := bytes2big(signature[:pub.Mode])
r := bytes2big(signature[pub.Mode:])
- if r.Cmp(zero) <= 0 || r.Cmp(pub.C.Q) >= 0 || s.Cmp(zero) <= 0 || s.Cmp(pub.C.Q) >= 0 {
+ if r.Cmp(zero) <= 0 ||
+ r.Cmp(pub.C.Q) >= 0 ||
+ s.Cmp(zero) <= 0 ||
+ s.Cmp(pub.C.Q) >= 0 {
return false, nil
}
e := bytes2big(digest)
// UKM is user keying material, also called VKO-factor.
func (prv *PrivateKey) KEK2001(pub *PublicKey, ukm *big.Int) ([]byte, error) {
if prv.Mode != Mode2001 {
- return nil, errors.New("KEK2001 can not be used in Mode2012")
+ return nil, errors.New("gogost/gost3410: KEK2001 can not be used in Mode2012")
}
key, err := prv.KEK(pub, ukm)
if err != nil {
"bytes"
"encoding/binary"
"errors"
+ "fmt"
)
const (
}
func (h *Hash) UnmarshalBinary(data []byte) error {
- if len(data) < len(MarshaledName)+1+8+3*BlockSize {
- return errors.New("too short data")
+ expectedLen := len(MarshaledName) + 1 + 8 + 3*BlockSize
+ if len(data) < expectedLen {
+ return fmt.Errorf("gogost/internal/gost34112012: len(data) != %d", expectedLen)
}
if !bytes.HasPrefix(data, []byte(MarshaledName)) {
- return errors.New("no hash name prefix")
+ return errors.New("gogost/internal/gost34112012: no hash name prefix")
}
idx := len(MarshaledName)
h.size = int(data[idx])
func NewMGM(cipher cipher.Block, tagSize int) (cipher.AEAD, error) {
blockSize := cipher.BlockSize()
if !(blockSize == 8 || blockSize == 16) {
- return nil, errors.New("MGM supports only 64/128 blocksizes")
+ return nil, errors.New("gogost/mgm: only 64/128 blocksizes allowed")
}
if tagSize < 4 || tagSize > blockSize {
- return nil, errors.New("invalid tag size")
+ return nil, errors.New("gogost/mgm: invalid tag size")
}
mgm := MGM{
maxSize: uint64(1<<uint(blockSize*8/2) - 1),
copy(mgm.icn, nonce)
mgm.auth(mgm.sum, ct, additionalData)
if !hmac.Equal(mgm.sum[:mgm.tagSize], ciphertext[len(ciphertext)-mgm.tagSize:]) {
- return nil, errors.New("invalid authentication tag")
+ return nil, errors.New("gogost/mgm: invalid authentication tag")
}
mgm.crypt(out, ct)
return ret, nil