diff --git a/drbg/common.go b/drbg/common.go index e85a4b4..24d1a9d 100644 --- a/drbg/common.go +++ b/drbg/common.go @@ -24,7 +24,7 @@ const DRBG_RESEED_TIME_INTERVAL_LEVEL1 = time.Duration(600) * time.Second const MAX_BYTES = 1 << 27 const MAX_BYTES_PER_GENERATE = 1 << 11 -var ErrReseedRequired = errors.New("reseed reuqired") +var ErrReseedRequired = errors.New("drbg: reseed reuqired") type SecurityLevel byte @@ -52,7 +52,7 @@ func NewCtrDrbgPrng(cipherProvider func(key []byte) (cipher.Block, error), keyLe prng.securityStrength = selectSecurityStrength(securityStrength) if gm && securityStrength < 32 { - return nil, errors.New("invalid security strength") + return nil, errors.New("drbg: invalid security strength") } // Get entropy input @@ -97,7 +97,7 @@ func NewHashDrbgPrng(newHash func() hash.Hash, entropySource io.Reader, security } prng.securityStrength = selectSecurityStrength(securityStrength) if gm && securityStrength < 32 { - return nil, errors.New("invalid security strength") + return nil, errors.New("drbg: invalid security strength") } // Get entropy input @@ -138,7 +138,7 @@ func (prng *DrbgPrng) getEntropy(entropyInput []byte) error { return err } if n != len(entropyInput) { - return errors.New("fail to read enough entropy input") + return errors.New("drbg: fail to read enough entropy input") } return nil } diff --git a/drbg/ctr_drbg.go b/drbg/ctr_drbg.go index 2fd17b5..e8caf3f 100644 --- a/drbg/ctr_drbg.go +++ b/drbg/ctr_drbg.go @@ -27,16 +27,16 @@ func NewCtrDrbg(cipherProvider func(key []byte) (cipher.Block, error), keyLen in // here for the min length, we just check <=0 now if len(entropy) == 0 || (hd.gm && len(entropy) < 32) || len(entropy) >= MAX_BYTES { - return nil, errors.New("invalid entropy length") + return nil, errors.New("drbg: invalid entropy length") } // here for the min length, we just check <=0 now if len(nonce) == 0 || (hd.gm && len(nonce) < 16) || len(nonce) >= MAX_BYTES>>1 { - return nil, errors.New("invalid nonce length") + return nil, errors.New("drbg: invalid nonce length") } if len(personalization) >= MAX_BYTES { - return nil, errors.New("personalization is too long") + return nil, errors.New("drbg: personalization is too long") } hd.cipherProvider = cipherProvider @@ -78,11 +78,11 @@ func NewGMCtrDrbg(securityLevel SecurityLevel, entropy, nonce, personalization [ func (hd *CtrDrbg) Reseed(entropy, additional []byte) error { // here for the min length, we just check <=0 now if len(entropy) <= 0 || (hd.gm && len(entropy) < 32) || len(entropy) >= MAX_BYTES { - return errors.New("invalid entropy length") + return errors.New("drbg: invalid entropy length") } if len(additional) >= MAX_BYTES { - return errors.New("additional input too long") + return errors.New("drbg: additional input too long") } // seed_material = entropy_input || additional_input @@ -126,7 +126,7 @@ func (hd *CtrDrbg) Generate(b, additional []byte) error { } outlen := len(hd.v) if (hd.gm && len(b) > outlen) || (!hd.gm && len(b) > MAX_BYTES_PER_GENERATE) { - return errors.New("too many bytes requested") + return errors.New("drbg: too many bytes requested") } // If len(additional_input) > 0, then diff --git a/drbg/hash_drbg.go b/drbg/hash_drbg.go index 2411f5f..8774467 100644 --- a/drbg/hash_drbg.go +++ b/drbg/hash_drbg.go @@ -33,16 +33,16 @@ func NewHashDrbg(newHash func() hash.Hash, securityLevel SecurityLevel, gm bool, // here for the min length, we just check <=0 now if len(entropy) == 0 || (hd.gm && len(entropy) < hd.hashSize) || len(entropy) >= MAX_BYTES { - return nil, errors.New("invalid entropy length") + return nil, errors.New("drbg: invalid entropy length") } // here for the min length, we just check <=0 now if len(nonce) == 0 || (hd.gm && len(nonce) < hd.hashSize/2) || len(nonce) >= MAX_BYTES>>1 { - return nil, errors.New("invalid nonce length") + return nil, errors.New("drbg: invalid nonce length") } if len(personalization) >= MAX_BYTES { - return nil, errors.New("personalization is too long") + return nil, errors.New("drbg: personalization is too long") } if hd.hashSize <= sm3.Size { @@ -92,11 +92,11 @@ func NewGMHashDrbg(securityLevel SecurityLevel, entropy, nonce, personalization func (hd *HashDrbg) Reseed(entropy, additional []byte) error { // here for the min length, we just check <=0 now if len(entropy) == 0 || (hd.gm && len(entropy) < hd.hashSize) || len(entropy) >= MAX_BYTES { - return errors.New("invalid entropy length") + return errors.New("drbg: invalid entropy length") } if len(additional) >= MAX_BYTES { - return errors.New("additional input too long") + return errors.New("drbg: additional input too long") } seedMaterial := make([]byte, len(entropy)+hd.seedLength+len(additional)+1) seedMaterial[0] = 1 @@ -164,7 +164,7 @@ func (hd *HashDrbg) Generate(b, additional []byte) error { return ErrReseedRequired } if (hd.gm && len(b) > hd.hashSize) || (!hd.gm && len(b) > MAX_BYTES_PER_GENERATE) { - return errors.New("too many bytes requested") + return errors.New("drbg: too many bytes requested") } md := hd.newHash() m := len(b) diff --git a/padding/ansi_x923.go b/padding/ansi_x923.go index 22a174a..b8a46c5 100644 --- a/padding/ansi_x923.go +++ b/padding/ansi_x923.go @@ -27,15 +27,15 @@ func (pad ansiX923Padding) Pad(src []byte) []byte { func (pad ansiX923Padding) Unpad(src []byte) ([]byte, error) { srcLen := len(src) if srcLen == 0 || srcLen%pad.BlockSize() != 0 { - return nil, errors.New("ansi x9.23: src length is not multiple of block size") + return nil, errors.New("padding: src length is not multiple of block size") } paddedLen := src[srcLen-1] if paddedLen == 0 || int(paddedLen) > pad.BlockSize() { - return nil, errors.New("ansi x9.23: invalid padding length") + return nil, errors.New("padding: invalid padding length") } for _, b := range src[srcLen-int(paddedLen) : srcLen-1] { if b != 0 { - return nil, errors.New("ansi x9.23: invalid padding bytes") + return nil, errors.New("padding: invalid padding bytes") } } return src[:srcLen-int(paddedLen)], nil diff --git a/padding/iso9797_m2.go b/padding/iso9797_m2.go index 64e776d..6c01f61 100644 --- a/padding/iso9797_m2.go +++ b/padding/iso9797_m2.go @@ -31,7 +31,7 @@ func (pad iso9797M2Padding) Pad(src []byte) []byte { func (pad iso9797M2Padding) Unpad(src []byte) ([]byte, error) { srcLen := len(src) if srcLen == 0 || srcLen%pad.BlockSize() != 0 { - return nil, errors.New("iso/iec 9797-1 method 2: src length is not multiple of block size") + return nil, errors.New("padding: src length is not multiple of block size") } padStart := -1 diff --git a/padding/pkcs7.go b/padding/pkcs7.go index 8a1f8a0..de84da5 100644 --- a/padding/pkcs7.go +++ b/padding/pkcs7.go @@ -26,15 +26,15 @@ func (pad pkcs7Padding) Pad(src []byte) []byte { func (pad pkcs7Padding) Unpad(src []byte) ([]byte, error) { srcLen := len(src) if srcLen == 0 || srcLen%pad.BlockSize() != 0 { - return nil, errors.New("pkcs7: src length is not multiple of block size") + return nil, errors.New("padding: src length is not multiple of block size") } paddedLen := src[srcLen-1] if paddedLen == 0 || int(paddedLen) > pad.BlockSize() { - return nil, errors.New("pkcs7: invalid padding byte/length") + return nil, errors.New("padding: invalid padding byte/length") } for _, b := range src[srcLen-int(paddedLen) : srcLen-1] { if b != paddedLen { - return nil, errors.New("pkcs7: inconsistent padding bytes") + return nil, errors.New("padding: inconsistent padding bytes") } } return src[:srcLen-int(paddedLen)], nil diff --git a/zuc/eia.go b/zuc/eia.go index 2fbcac7..ccdb9a2 100644 --- a/zuc/eia.go +++ b/zuc/eia.go @@ -30,10 +30,10 @@ func NewHash(key, iv []byte) (*ZUC128Mac, error) { switch k { default: - return nil, fmt.Errorf("zuc/eia: invalid key size %d, expect 16 in bytes", k) + return nil, fmt.Errorf("zuc: invalid key size %d, expect 16 in bytes", k) case 16: // ZUC-128 if ivLen != IVSize128 { - return nil, fmt.Errorf("zuc/eia: invalid iv size %d, expect %d in bytes", ivLen, IVSize128) + return nil, fmt.Errorf("zuc: invalid iv size %d, expect %d in bytes", ivLen, IVSize128) } mac.loadKeyIV16(key, iv) } diff --git a/zuc/eia256.go b/zuc/eia256.go index 99028ca..935a439 100644 --- a/zuc/eia256.go +++ b/zuc/eia256.go @@ -26,7 +26,7 @@ func NewHash256(key, iv []byte, tagSize int) (*ZUC256Mac, error) { var d []byte switch tagSize { default: - return nil, fmt.Errorf("zuc/eia: invalid tag size %d, support 4/8/16 in bytes", tagSize) + return nil, fmt.Errorf("zuc: invalid tag size %d, support 4/8/16 in bytes", tagSize) case 4: d = zuc256_d[0][:] case 8: @@ -38,10 +38,10 @@ func NewHash256(key, iv []byte, tagSize int) (*ZUC256Mac, error) { mac.t = make([]uint32, mac.tagSize/4) switch k { default: - return nil, fmt.Errorf("zuc/eia: invalid key size %d, expect 32 in bytes", k) + return nil, fmt.Errorf("zuc: invalid key size %d, expect 32 in bytes", k) case 32: // ZUC-256 if ivLen != IVSize256 { - return nil, fmt.Errorf("zuc/eia: invalid iv size %d, expect %d in bytes", ivLen, IVSize256) + return nil, fmt.Errorf("zuc: invalid iv size %d, expect %d in bytes", ivLen, IVSize256) } mac.loadKeyIV32(key, iv, d) }