From d3d6e4ae280f206771290dedc4a86958ff48dd52 Mon Sep 17 00:00:00 2001 From: David Gstir Date: Tue, 14 Jun 2022 16:24:14 +0200 Subject: [PATCH] Fix decryption error handling in Go implementations Whenever decrypt() reports an authentication failure, don't increment the nonce in CipherState. Doing so will result in all subsequent packets being rejected as their nonces will not match anymore. This might also be abused for DoS attacks. --- implementations/go/I1K.noise.go | 4 +++- implementations/go/I1K1.noise.go | 4 +++- implementations/go/I1N.noise.go | 4 +++- implementations/go/I1X.noise.go | 4 +++- implementations/go/I1X1.noise.go | 4 +++- implementations/go/IK.noise.go | 4 +++- implementations/go/IK1.noise.go | 4 +++- implementations/go/IKpsk1.noise.go | 4 +++- implementations/go/IKpsk2.noise.go | 4 +++- implementations/go/IN.noise.go | 4 +++- implementations/go/INpsk1.noise.go | 4 +++- implementations/go/INpsk2.noise.go | 4 +++- implementations/go/IX.noise.go | 4 +++- implementations/go/IX1.noise.go | 4 +++- implementations/go/IXpsk2.noise.go | 4 +++- implementations/go/K.noise.go | 4 +++- implementations/go/K1K.noise.go | 4 +++- implementations/go/K1K1.noise.go | 4 +++- implementations/go/K1N.noise.go | 4 +++- implementations/go/K1X.noise.go | 4 +++- implementations/go/K1X1.noise.go | 4 +++- implementations/go/KK.noise.go | 4 +++- implementations/go/KK1.noise.go | 4 +++- implementations/go/KKpsk0.noise.go | 4 +++- implementations/go/KKpsk2.noise.go | 4 +++- implementations/go/KN.noise.go | 4 +++- implementations/go/KNpsk0.noise.go | 4 +++- implementations/go/KNpsk2.noise.go | 4 +++- implementations/go/KX.noise.go | 4 +++- implementations/go/KX1.noise.go | 4 +++- implementations/go/KXpsk2.noise.go | 4 +++- implementations/go/Kpsk0.noise.go | 4 +++- implementations/go/N.noise.go | 4 +++- implementations/go/NK.noise.go | 4 +++- implementations/go/NK1.noise.go | 4 +++- implementations/go/NKpsk0.noise.go | 4 +++- implementations/go/NKpsk2.noise.go | 4 +++- implementations/go/NN.noise.go | 4 +++- implementations/go/NNpsk0.noise.go | 4 +++- implementations/go/NNpsk2.noise.go | 4 +++- implementations/go/NX.noise.go | 4 +++- implementations/go/NX1.noise.go | 4 +++- implementations/go/NXpsk2.noise.go | 4 +++- implementations/go/Npsk0.noise.go | 4 +++- implementations/go/X.noise.go | 4 +++- implementations/go/X1K.noise.go | 4 +++- implementations/go/X1K1.noise.go | 4 +++- implementations/go/X1N.noise.go | 4 +++- implementations/go/X1X.noise.go | 4 +++- implementations/go/X1X1.noise.go | 4 +++- implementations/go/XK.noise.go | 4 +++- implementations/go/XK1.noise.go | 4 +++- implementations/go/XKpsk3.noise.go | 4 +++- implementations/go/XN.noise.go | 4 +++- implementations/go/XNpsk3.noise.go | 4 +++- implementations/go/XX.noise.go | 4 +++- implementations/go/XX1.noise.go | 4 +++- implementations/go/XXpsk3.noise.go | 4 +++- implementations/go/Xpsk1.noise.go | 4 +++- implementations/go/tests/I1K/I1K.noise.go | 4 +++- implementations/go/tests/I1K1/I1K1.noise.go | 4 +++- implementations/go/tests/I1N/I1N.noise.go | 4 +++- implementations/go/tests/I1X/I1X.noise.go | 4 +++- implementations/go/tests/I1X1/I1X1.noise.go | 4 +++- implementations/go/tests/IK/IK.noise.go | 4 +++- implementations/go/tests/IK1/IK1.noise.go | 4 +++- implementations/go/tests/IKpsk1/IKpsk1.noise.go | 4 +++- implementations/go/tests/IKpsk2/IKpsk2.noise.go | 4 +++- implementations/go/tests/IN/IN.noise.go | 4 +++- implementations/go/tests/INpsk1/INpsk1.noise.go | 4 +++- implementations/go/tests/INpsk2/INpsk2.noise.go | 4 +++- implementations/go/tests/IX/IX.noise.go | 4 +++- implementations/go/tests/IX1/IX1.noise.go | 4 +++- implementations/go/tests/IXpsk2/IXpsk2.noise.go | 4 +++- implementations/go/tests/K/K.noise.go | 4 +++- implementations/go/tests/K1K/K1K.noise.go | 4 +++- implementations/go/tests/K1K1/K1K1.noise.go | 4 +++- implementations/go/tests/K1N/K1N.noise.go | 4 +++- implementations/go/tests/K1X/K1X.noise.go | 4 +++- implementations/go/tests/K1X1/K1X1.noise.go | 4 +++- implementations/go/tests/KK/KK.noise.go | 4 +++- implementations/go/tests/KK1/KK1.noise.go | 4 +++- implementations/go/tests/KKpsk0/KKpsk0.noise.go | 4 +++- implementations/go/tests/KKpsk2/KKpsk2.noise.go | 4 +++- implementations/go/tests/KN/KN.noise.go | 4 +++- implementations/go/tests/KNpsk0/KNpsk0.noise.go | 4 +++- implementations/go/tests/KNpsk2/KNpsk2.noise.go | 4 +++- implementations/go/tests/KX/KX.noise.go | 4 +++- implementations/go/tests/KX1/KX1.noise.go | 4 +++- implementations/go/tests/KXpsk2/KXpsk2.noise.go | 4 +++- implementations/go/tests/Kpsk0/Kpsk0.noise.go | 4 +++- implementations/go/tests/N/N.noise.go | 4 +++- implementations/go/tests/NK/NK.noise.go | 4 +++- implementations/go/tests/NK1/NK1.noise.go | 4 +++- implementations/go/tests/NKpsk0/NKpsk0.noise.go | 4 +++- implementations/go/tests/NKpsk2/NKpsk2.noise.go | 4 +++- implementations/go/tests/NN/NN.noise.go | 4 +++- implementations/go/tests/NNpsk0/NNpsk0.noise.go | 4 +++- implementations/go/tests/NNpsk2/NNpsk2.noise.go | 4 +++- implementations/go/tests/NX/NX.noise.go | 4 +++- implementations/go/tests/NX1/NX1.noise.go | 4 +++- implementations/go/tests/NXpsk2/NXpsk2.noise.go | 4 +++- implementations/go/tests/Npsk0/Npsk0.noise.go | 4 +++- implementations/go/tests/X/X.noise.go | 4 +++- implementations/go/tests/X1K/X1K.noise.go | 4 +++- implementations/go/tests/X1K1/X1K1.noise.go | 4 +++- implementations/go/tests/X1N/X1N.noise.go | 4 +++- implementations/go/tests/X1X/X1X.noise.go | 4 +++- implementations/go/tests/X1X1/X1X1.noise.go | 4 +++- implementations/go/tests/XK/XK.noise.go | 4 +++- implementations/go/tests/XK1/XK1.noise.go | 4 +++- implementations/go/tests/XKpsk3/XKpsk3.noise.go | 4 +++- implementations/go/tests/XN/XN.noise.go | 4 +++- implementations/go/tests/XNpsk3/XNpsk3.noise.go | 4 +++- implementations/go/tests/XX/XX.noise.go | 4 +++- implementations/go/tests/XX1/XX1.noise.go | 4 +++- implementations/go/tests/XXpsk3/XXpsk3.noise.go | 4 +++- implementations/go/tests/Xpsk1/Xpsk1.noise.go | 4 +++- src/go/5state.go | 4 +++- 119 files changed, 357 insertions(+), 119 deletions(-) diff --git a/implementations/go/I1K.noise.go b/implementations/go/I1K.noise.go index 8434c253..f0aed949 100755 --- a/implementations/go/I1K.noise.go +++ b/implementations/go/I1K.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/I1K1.noise.go b/implementations/go/I1K1.noise.go index 52b81af0..f3f9f0ee 100755 --- a/implementations/go/I1K1.noise.go +++ b/implementations/go/I1K1.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/I1N.noise.go b/implementations/go/I1N.noise.go index 732fb5eb..97543f6a 100755 --- a/implementations/go/I1N.noise.go +++ b/implementations/go/I1N.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/I1X.noise.go b/implementations/go/I1X.noise.go index 7b9765b2..300f42a7 100755 --- a/implementations/go/I1X.noise.go +++ b/implementations/go/I1X.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/I1X1.noise.go b/implementations/go/I1X1.noise.go index 14129408..1eacbe43 100755 --- a/implementations/go/I1X1.noise.go +++ b/implementations/go/I1X1.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/IK.noise.go b/implementations/go/IK.noise.go index 69397ab1..df4ab7c7 100755 --- a/implementations/go/IK.noise.go +++ b/implementations/go/IK.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/IK1.noise.go b/implementations/go/IK1.noise.go index d99c6be0..49792d63 100755 --- a/implementations/go/IK1.noise.go +++ b/implementations/go/IK1.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/IKpsk1.noise.go b/implementations/go/IKpsk1.noise.go index 5113bec5..ae605b16 100755 --- a/implementations/go/IKpsk1.noise.go +++ b/implementations/go/IKpsk1.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/IKpsk2.noise.go b/implementations/go/IKpsk2.noise.go index efe4ffea..9c23b49f 100755 --- a/implementations/go/IKpsk2.noise.go +++ b/implementations/go/IKpsk2.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/IN.noise.go b/implementations/go/IN.noise.go index 0c1b08b9..7095b450 100755 --- a/implementations/go/IN.noise.go +++ b/implementations/go/IN.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/INpsk1.noise.go b/implementations/go/INpsk1.noise.go index 0b17a2c0..e630024f 100755 --- a/implementations/go/INpsk1.noise.go +++ b/implementations/go/INpsk1.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/INpsk2.noise.go b/implementations/go/INpsk2.noise.go index b62b9951..5c08bf42 100755 --- a/implementations/go/INpsk2.noise.go +++ b/implementations/go/INpsk2.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/IX.noise.go b/implementations/go/IX.noise.go index 8fa2054f..e8114ea5 100755 --- a/implementations/go/IX.noise.go +++ b/implementations/go/IX.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/IX1.noise.go b/implementations/go/IX1.noise.go index a5655098..a7164345 100755 --- a/implementations/go/IX1.noise.go +++ b/implementations/go/IX1.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/IXpsk2.noise.go b/implementations/go/IXpsk2.noise.go index 855772ee..fb2cb23c 100755 --- a/implementations/go/IXpsk2.noise.go +++ b/implementations/go/IXpsk2.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/K.noise.go b/implementations/go/K.noise.go index 0ab1e17c..874c9844 100755 --- a/implementations/go/K.noise.go +++ b/implementations/go/K.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/K1K.noise.go b/implementations/go/K1K.noise.go index be5be643..a42267a6 100755 --- a/implementations/go/K1K.noise.go +++ b/implementations/go/K1K.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/K1K1.noise.go b/implementations/go/K1K1.noise.go index e0fd65e1..c759e43b 100755 --- a/implementations/go/K1K1.noise.go +++ b/implementations/go/K1K1.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/K1N.noise.go b/implementations/go/K1N.noise.go index 2677f5e9..4734bf0e 100755 --- a/implementations/go/K1N.noise.go +++ b/implementations/go/K1N.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/K1X.noise.go b/implementations/go/K1X.noise.go index 0340596a..591b5b68 100755 --- a/implementations/go/K1X.noise.go +++ b/implementations/go/K1X.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/K1X1.noise.go b/implementations/go/K1X1.noise.go index b7fa92ab..e0ddf8af 100755 --- a/implementations/go/K1X1.noise.go +++ b/implementations/go/K1X1.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KK.noise.go b/implementations/go/KK.noise.go index 2fd8236f..0788cf0b 100755 --- a/implementations/go/KK.noise.go +++ b/implementations/go/KK.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KK1.noise.go b/implementations/go/KK1.noise.go index db6e1460..aa3f2aa3 100755 --- a/implementations/go/KK1.noise.go +++ b/implementations/go/KK1.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KKpsk0.noise.go b/implementations/go/KKpsk0.noise.go index 471f6f4d..b560ca1e 100755 --- a/implementations/go/KKpsk0.noise.go +++ b/implementations/go/KKpsk0.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KKpsk2.noise.go b/implementations/go/KKpsk2.noise.go index d95cd8f0..4d07694f 100755 --- a/implementations/go/KKpsk2.noise.go +++ b/implementations/go/KKpsk2.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KN.noise.go b/implementations/go/KN.noise.go index cb90adcd..e93c4692 100755 --- a/implementations/go/KN.noise.go +++ b/implementations/go/KN.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KNpsk0.noise.go b/implementations/go/KNpsk0.noise.go index 0ddcaa5c..6f75a9aa 100755 --- a/implementations/go/KNpsk0.noise.go +++ b/implementations/go/KNpsk0.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KNpsk2.noise.go b/implementations/go/KNpsk2.noise.go index 6ed4339d..e69291df 100755 --- a/implementations/go/KNpsk2.noise.go +++ b/implementations/go/KNpsk2.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KX.noise.go b/implementations/go/KX.noise.go index ea7e6d28..36587739 100755 --- a/implementations/go/KX.noise.go +++ b/implementations/go/KX.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KX1.noise.go b/implementations/go/KX1.noise.go index 83069318..75d6bec0 100755 --- a/implementations/go/KX1.noise.go +++ b/implementations/go/KX1.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/KXpsk2.noise.go b/implementations/go/KXpsk2.noise.go index d5c409a2..2cf5085d 100755 --- a/implementations/go/KXpsk2.noise.go +++ b/implementations/go/KXpsk2.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/Kpsk0.noise.go b/implementations/go/Kpsk0.noise.go index c9a894e7..fba79335 100755 --- a/implementations/go/Kpsk0.noise.go +++ b/implementations/go/Kpsk0.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/N.noise.go b/implementations/go/N.noise.go index 4898dd66..d66b13e3 100755 --- a/implementations/go/N.noise.go +++ b/implementations/go/N.noise.go @@ -238,7 +238,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NK.noise.go b/implementations/go/NK.noise.go index 8e0ac4ea..c9c6fe0f 100755 --- a/implementations/go/NK.noise.go +++ b/implementations/go/NK.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NK1.noise.go b/implementations/go/NK1.noise.go index 7e89cc66..7a7c37dc 100755 --- a/implementations/go/NK1.noise.go +++ b/implementations/go/NK1.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NKpsk0.noise.go b/implementations/go/NKpsk0.noise.go index 53b4bbe8..8a9cf4b4 100755 --- a/implementations/go/NKpsk0.noise.go +++ b/implementations/go/NKpsk0.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NKpsk2.noise.go b/implementations/go/NKpsk2.noise.go index 6e7c0f47..60798b6b 100755 --- a/implementations/go/NKpsk2.noise.go +++ b/implementations/go/NKpsk2.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NN.noise.go b/implementations/go/NN.noise.go index 3c2fbe4e..fdd83b4a 100755 --- a/implementations/go/NN.noise.go +++ b/implementations/go/NN.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NNpsk0.noise.go b/implementations/go/NNpsk0.noise.go index 02082a38..def8600f 100755 --- a/implementations/go/NNpsk0.noise.go +++ b/implementations/go/NNpsk0.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NNpsk2.noise.go b/implementations/go/NNpsk2.noise.go index 6944ff3a..5599d5f2 100755 --- a/implementations/go/NNpsk2.noise.go +++ b/implementations/go/NNpsk2.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NX.noise.go b/implementations/go/NX.noise.go index 90b83027..4d233df1 100755 --- a/implementations/go/NX.noise.go +++ b/implementations/go/NX.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NX1.noise.go b/implementations/go/NX1.noise.go index 477d274b..03b23d83 100755 --- a/implementations/go/NX1.noise.go +++ b/implementations/go/NX1.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/NXpsk2.noise.go b/implementations/go/NXpsk2.noise.go index 3afa3879..38b3586b 100755 --- a/implementations/go/NXpsk2.noise.go +++ b/implementations/go/NXpsk2.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/Npsk0.noise.go b/implementations/go/Npsk0.noise.go index b9b80d6b..dcff6bd5 100755 --- a/implementations/go/Npsk0.noise.go +++ b/implementations/go/Npsk0.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/X.noise.go b/implementations/go/X.noise.go index 75715c58..34d07a71 100755 --- a/implementations/go/X.noise.go +++ b/implementations/go/X.noise.go @@ -238,7 +238,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/X1K.noise.go b/implementations/go/X1K.noise.go index a4f39de6..9d939d43 100755 --- a/implementations/go/X1K.noise.go +++ b/implementations/go/X1K.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/X1K1.noise.go b/implementations/go/X1K1.noise.go index 11f1faf2..0ac52ef4 100755 --- a/implementations/go/X1K1.noise.go +++ b/implementations/go/X1K1.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/X1N.noise.go b/implementations/go/X1N.noise.go index 31b560e2..2d86d8d0 100755 --- a/implementations/go/X1N.noise.go +++ b/implementations/go/X1N.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/X1X.noise.go b/implementations/go/X1X.noise.go index 21ddc2d9..5c8cbace 100755 --- a/implementations/go/X1X.noise.go +++ b/implementations/go/X1X.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/X1X1.noise.go b/implementations/go/X1X1.noise.go index 0f0cc408..1d40a1c1 100755 --- a/implementations/go/X1X1.noise.go +++ b/implementations/go/X1X1.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/XK.noise.go b/implementations/go/XK.noise.go index 22cf0300..4ac947da 100755 --- a/implementations/go/XK.noise.go +++ b/implementations/go/XK.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/XK1.noise.go b/implementations/go/XK1.noise.go index beaa6c17..fba6f1d3 100755 --- a/implementations/go/XK1.noise.go +++ b/implementations/go/XK1.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/XKpsk3.noise.go b/implementations/go/XKpsk3.noise.go index 716c871f..6dd3922a 100755 --- a/implementations/go/XKpsk3.noise.go +++ b/implementations/go/XKpsk3.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/XN.noise.go b/implementations/go/XN.noise.go index 2ee32445..b122399b 100755 --- a/implementations/go/XN.noise.go +++ b/implementations/go/XN.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/XNpsk3.noise.go b/implementations/go/XNpsk3.noise.go index 80e17b4e..f33a682a 100755 --- a/implementations/go/XNpsk3.noise.go +++ b/implementations/go/XNpsk3.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/XX.noise.go b/implementations/go/XX.noise.go index 445d6f6b..b7b6b8bf 100755 --- a/implementations/go/XX.noise.go +++ b/implementations/go/XX.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/XX1.noise.go b/implementations/go/XX1.noise.go index e3c62f24..e4a90c05 100755 --- a/implementations/go/XX1.noise.go +++ b/implementations/go/XX1.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/XXpsk3.noise.go b/implementations/go/XXpsk3.noise.go index 7ea1d0a8..f6130c8f 100755 --- a/implementations/go/XXpsk3.noise.go +++ b/implementations/go/XXpsk3.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/Xpsk1.noise.go b/implementations/go/Xpsk1.noise.go index e46a2fa3..7197c163 100755 --- a/implementations/go/Xpsk1.noise.go +++ b/implementations/go/Xpsk1.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/I1K/I1K.noise.go b/implementations/go/tests/I1K/I1K.noise.go index b183fe14..f83b1cf6 100755 --- a/implementations/go/tests/I1K/I1K.noise.go +++ b/implementations/go/tests/I1K/I1K.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/I1K1/I1K1.noise.go b/implementations/go/tests/I1K1/I1K1.noise.go index 43192d12..ba8b20ef 100755 --- a/implementations/go/tests/I1K1/I1K1.noise.go +++ b/implementations/go/tests/I1K1/I1K1.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/I1N/I1N.noise.go b/implementations/go/tests/I1N/I1N.noise.go index 26a6d06b..410a0e08 100755 --- a/implementations/go/tests/I1N/I1N.noise.go +++ b/implementations/go/tests/I1N/I1N.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/I1X/I1X.noise.go b/implementations/go/tests/I1X/I1X.noise.go index ea37a6ac..c805e1db 100755 --- a/implementations/go/tests/I1X/I1X.noise.go +++ b/implementations/go/tests/I1X/I1X.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/I1X1/I1X1.noise.go b/implementations/go/tests/I1X1/I1X1.noise.go index 9788647d..e06d4b27 100755 --- a/implementations/go/tests/I1X1/I1X1.noise.go +++ b/implementations/go/tests/I1X1/I1X1.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/IK/IK.noise.go b/implementations/go/tests/IK/IK.noise.go index 32b4d4df..a49d1fa5 100755 --- a/implementations/go/tests/IK/IK.noise.go +++ b/implementations/go/tests/IK/IK.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/IK1/IK1.noise.go b/implementations/go/tests/IK1/IK1.noise.go index d90a0506..5ac828d3 100755 --- a/implementations/go/tests/IK1/IK1.noise.go +++ b/implementations/go/tests/IK1/IK1.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/IKpsk1/IKpsk1.noise.go b/implementations/go/tests/IKpsk1/IKpsk1.noise.go index 02e7cc92..1ac7af88 100755 --- a/implementations/go/tests/IKpsk1/IKpsk1.noise.go +++ b/implementations/go/tests/IKpsk1/IKpsk1.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/IKpsk2/IKpsk2.noise.go b/implementations/go/tests/IKpsk2/IKpsk2.noise.go index b8807626..99bef18c 100755 --- a/implementations/go/tests/IKpsk2/IKpsk2.noise.go +++ b/implementations/go/tests/IKpsk2/IKpsk2.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/IN/IN.noise.go b/implementations/go/tests/IN/IN.noise.go index 336b7c9c..cb3e9d1d 100755 --- a/implementations/go/tests/IN/IN.noise.go +++ b/implementations/go/tests/IN/IN.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/INpsk1/INpsk1.noise.go b/implementations/go/tests/INpsk1/INpsk1.noise.go index ec5da751..ab870850 100755 --- a/implementations/go/tests/INpsk1/INpsk1.noise.go +++ b/implementations/go/tests/INpsk1/INpsk1.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/INpsk2/INpsk2.noise.go b/implementations/go/tests/INpsk2/INpsk2.noise.go index eb57b794..71d3bebe 100755 --- a/implementations/go/tests/INpsk2/INpsk2.noise.go +++ b/implementations/go/tests/INpsk2/INpsk2.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/IX/IX.noise.go b/implementations/go/tests/IX/IX.noise.go index 02e1de33..468131f0 100755 --- a/implementations/go/tests/IX/IX.noise.go +++ b/implementations/go/tests/IX/IX.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/IX1/IX1.noise.go b/implementations/go/tests/IX1/IX1.noise.go index d1a872f8..822c23b9 100755 --- a/implementations/go/tests/IX1/IX1.noise.go +++ b/implementations/go/tests/IX1/IX1.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/IXpsk2/IXpsk2.noise.go b/implementations/go/tests/IXpsk2/IXpsk2.noise.go index e236bcec..b68dc25f 100755 --- a/implementations/go/tests/IXpsk2/IXpsk2.noise.go +++ b/implementations/go/tests/IXpsk2/IXpsk2.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/K/K.noise.go b/implementations/go/tests/K/K.noise.go index 83f7fec6..94700414 100755 --- a/implementations/go/tests/K/K.noise.go +++ b/implementations/go/tests/K/K.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/K1K/K1K.noise.go b/implementations/go/tests/K1K/K1K.noise.go index db91e69c..58701460 100755 --- a/implementations/go/tests/K1K/K1K.noise.go +++ b/implementations/go/tests/K1K/K1K.noise.go @@ -244,7 +244,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/K1K1/K1K1.noise.go b/implementations/go/tests/K1K1/K1K1.noise.go index d1695ab0..41ec8203 100755 --- a/implementations/go/tests/K1K1/K1K1.noise.go +++ b/implementations/go/tests/K1K1/K1K1.noise.go @@ -244,7 +244,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/K1N/K1N.noise.go b/implementations/go/tests/K1N/K1N.noise.go index 402ccdb5..756386aa 100755 --- a/implementations/go/tests/K1N/K1N.noise.go +++ b/implementations/go/tests/K1N/K1N.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/K1X/K1X.noise.go b/implementations/go/tests/K1X/K1X.noise.go index c78ca231..31c14e77 100755 --- a/implementations/go/tests/K1X/K1X.noise.go +++ b/implementations/go/tests/K1X/K1X.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/K1X1/K1X1.noise.go b/implementations/go/tests/K1X1/K1X1.noise.go index fcb404fa..ccc67c94 100755 --- a/implementations/go/tests/K1X1/K1X1.noise.go +++ b/implementations/go/tests/K1X1/K1X1.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KK/KK.noise.go b/implementations/go/tests/KK/KK.noise.go index c5c0cc24..e9fe7628 100755 --- a/implementations/go/tests/KK/KK.noise.go +++ b/implementations/go/tests/KK/KK.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KK1/KK1.noise.go b/implementations/go/tests/KK1/KK1.noise.go index b34e2dbd..c7232c40 100755 --- a/implementations/go/tests/KK1/KK1.noise.go +++ b/implementations/go/tests/KK1/KK1.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KKpsk0/KKpsk0.noise.go b/implementations/go/tests/KKpsk0/KKpsk0.noise.go index fc505366..a7690847 100755 --- a/implementations/go/tests/KKpsk0/KKpsk0.noise.go +++ b/implementations/go/tests/KKpsk0/KKpsk0.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KKpsk2/KKpsk2.noise.go b/implementations/go/tests/KKpsk2/KKpsk2.noise.go index 03d01890..23793476 100755 --- a/implementations/go/tests/KKpsk2/KKpsk2.noise.go +++ b/implementations/go/tests/KKpsk2/KKpsk2.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KN/KN.noise.go b/implementations/go/tests/KN/KN.noise.go index a86b5a59..fe0d6f05 100755 --- a/implementations/go/tests/KN/KN.noise.go +++ b/implementations/go/tests/KN/KN.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KNpsk0/KNpsk0.noise.go b/implementations/go/tests/KNpsk0/KNpsk0.noise.go index 6e0d27e7..1acf409c 100755 --- a/implementations/go/tests/KNpsk0/KNpsk0.noise.go +++ b/implementations/go/tests/KNpsk0/KNpsk0.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KNpsk2/KNpsk2.noise.go b/implementations/go/tests/KNpsk2/KNpsk2.noise.go index d12138f8..fcac4906 100755 --- a/implementations/go/tests/KNpsk2/KNpsk2.noise.go +++ b/implementations/go/tests/KNpsk2/KNpsk2.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KX/KX.noise.go b/implementations/go/tests/KX/KX.noise.go index 33bb1bba..5c1f33a8 100755 --- a/implementations/go/tests/KX/KX.noise.go +++ b/implementations/go/tests/KX/KX.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KX1/KX1.noise.go b/implementations/go/tests/KX1/KX1.noise.go index 24179a9d..f165f046 100755 --- a/implementations/go/tests/KX1/KX1.noise.go +++ b/implementations/go/tests/KX1/KX1.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/KXpsk2/KXpsk2.noise.go b/implementations/go/tests/KXpsk2/KXpsk2.noise.go index 9b34d283..2c2f80b4 100755 --- a/implementations/go/tests/KXpsk2/KXpsk2.noise.go +++ b/implementations/go/tests/KXpsk2/KXpsk2.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/Kpsk0/Kpsk0.noise.go b/implementations/go/tests/Kpsk0/Kpsk0.noise.go index 82444b79..76a8b621 100755 --- a/implementations/go/tests/Kpsk0/Kpsk0.noise.go +++ b/implementations/go/tests/Kpsk0/Kpsk0.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/N/N.noise.go b/implementations/go/tests/N/N.noise.go index 9f61eabb..a234a2af 100755 --- a/implementations/go/tests/N/N.noise.go +++ b/implementations/go/tests/N/N.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NK/NK.noise.go b/implementations/go/tests/NK/NK.noise.go index 9455e385..80673cea 100755 --- a/implementations/go/tests/NK/NK.noise.go +++ b/implementations/go/tests/NK/NK.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NK1/NK1.noise.go b/implementations/go/tests/NK1/NK1.noise.go index e1139900..06aebfa3 100755 --- a/implementations/go/tests/NK1/NK1.noise.go +++ b/implementations/go/tests/NK1/NK1.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NKpsk0/NKpsk0.noise.go b/implementations/go/tests/NKpsk0/NKpsk0.noise.go index 20f9dfc3..31fe07d3 100755 --- a/implementations/go/tests/NKpsk0/NKpsk0.noise.go +++ b/implementations/go/tests/NKpsk0/NKpsk0.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NKpsk2/NKpsk2.noise.go b/implementations/go/tests/NKpsk2/NKpsk2.noise.go index 93b9e5df..60a7fa05 100755 --- a/implementations/go/tests/NKpsk2/NKpsk2.noise.go +++ b/implementations/go/tests/NKpsk2/NKpsk2.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NN/NN.noise.go b/implementations/go/tests/NN/NN.noise.go index 5babe7db..65b12fcf 100755 --- a/implementations/go/tests/NN/NN.noise.go +++ b/implementations/go/tests/NN/NN.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NNpsk0/NNpsk0.noise.go b/implementations/go/tests/NNpsk0/NNpsk0.noise.go index 4622ab86..3ef35dc3 100755 --- a/implementations/go/tests/NNpsk0/NNpsk0.noise.go +++ b/implementations/go/tests/NNpsk0/NNpsk0.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NNpsk2/NNpsk2.noise.go b/implementations/go/tests/NNpsk2/NNpsk2.noise.go index 87db7b25..64de3e11 100755 --- a/implementations/go/tests/NNpsk2/NNpsk2.noise.go +++ b/implementations/go/tests/NNpsk2/NNpsk2.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NX/NX.noise.go b/implementations/go/tests/NX/NX.noise.go index 065d5cc9..152b93b3 100755 --- a/implementations/go/tests/NX/NX.noise.go +++ b/implementations/go/tests/NX/NX.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NX1/NX1.noise.go b/implementations/go/tests/NX1/NX1.noise.go index 16fc4c73..ea779ad8 100755 --- a/implementations/go/tests/NX1/NX1.noise.go +++ b/implementations/go/tests/NX1/NX1.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/NXpsk2/NXpsk2.noise.go b/implementations/go/tests/NXpsk2/NXpsk2.noise.go index 6bb777e0..be47915c 100755 --- a/implementations/go/tests/NXpsk2/NXpsk2.noise.go +++ b/implementations/go/tests/NXpsk2/NXpsk2.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/Npsk0/Npsk0.noise.go b/implementations/go/tests/Npsk0/Npsk0.noise.go index 81b83db0..e67b506a 100755 --- a/implementations/go/tests/Npsk0/Npsk0.noise.go +++ b/implementations/go/tests/Npsk0/Npsk0.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/X/X.noise.go b/implementations/go/tests/X/X.noise.go index bc9b6fd7..8216badf 100755 --- a/implementations/go/tests/X/X.noise.go +++ b/implementations/go/tests/X/X.noise.go @@ -239,7 +239,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/X1K/X1K.noise.go b/implementations/go/tests/X1K/X1K.noise.go index 833f44fe..2ad61016 100755 --- a/implementations/go/tests/X1K/X1K.noise.go +++ b/implementations/go/tests/X1K/X1K.noise.go @@ -244,7 +244,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/X1K1/X1K1.noise.go b/implementations/go/tests/X1K1/X1K1.noise.go index 82f2b025..32ca30ba 100755 --- a/implementations/go/tests/X1K1/X1K1.noise.go +++ b/implementations/go/tests/X1K1/X1K1.noise.go @@ -244,7 +244,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/X1N/X1N.noise.go b/implementations/go/tests/X1N/X1N.noise.go index 0f5c0faa..01fdc364 100755 --- a/implementations/go/tests/X1N/X1N.noise.go +++ b/implementations/go/tests/X1N/X1N.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/X1X/X1X.noise.go b/implementations/go/tests/X1X/X1X.noise.go index d56a7eca..e400ecfc 100755 --- a/implementations/go/tests/X1X/X1X.noise.go +++ b/implementations/go/tests/X1X/X1X.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/X1X1/X1X1.noise.go b/implementations/go/tests/X1X1/X1X1.noise.go index 7aead4ca..f0b5b334 100755 --- a/implementations/go/tests/X1X1/X1X1.noise.go +++ b/implementations/go/tests/X1X1/X1X1.noise.go @@ -242,7 +242,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/XK/XK.noise.go b/implementations/go/tests/XK/XK.noise.go index fb8fbaf4..2dc81428 100755 --- a/implementations/go/tests/XK/XK.noise.go +++ b/implementations/go/tests/XK/XK.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/XK1/XK1.noise.go b/implementations/go/tests/XK1/XK1.noise.go index 5f1f6499..4664a2b7 100755 --- a/implementations/go/tests/XK1/XK1.noise.go +++ b/implementations/go/tests/XK1/XK1.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/XKpsk3/XKpsk3.noise.go b/implementations/go/tests/XKpsk3/XKpsk3.noise.go index a78a3f46..1424cbb4 100755 --- a/implementations/go/tests/XKpsk3/XKpsk3.noise.go +++ b/implementations/go/tests/XKpsk3/XKpsk3.noise.go @@ -243,7 +243,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/XN/XN.noise.go b/implementations/go/tests/XN/XN.noise.go index 3fb58d35..a3fd08f0 100755 --- a/implementations/go/tests/XN/XN.noise.go +++ b/implementations/go/tests/XN/XN.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/XNpsk3/XNpsk3.noise.go b/implementations/go/tests/XNpsk3/XNpsk3.noise.go index 475bcb6d..de942bf0 100755 --- a/implementations/go/tests/XNpsk3/XNpsk3.noise.go +++ b/implementations/go/tests/XNpsk3/XNpsk3.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/XX/XX.noise.go b/implementations/go/tests/XX/XX.noise.go index 8a2c5b7c..31a600a4 100755 --- a/implementations/go/tests/XX/XX.noise.go +++ b/implementations/go/tests/XX/XX.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/XX1/XX1.noise.go b/implementations/go/tests/XX1/XX1.noise.go index dc8b1168..603d2520 100755 --- a/implementations/go/tests/XX1/XX1.noise.go +++ b/implementations/go/tests/XX1/XX1.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/XXpsk3/XXpsk3.noise.go b/implementations/go/tests/XXpsk3/XXpsk3.noise.go index 5a7cf976..46ba6897 100755 --- a/implementations/go/tests/XXpsk3/XXpsk3.noise.go +++ b/implementations/go/tests/XXpsk3/XXpsk3.noise.go @@ -241,7 +241,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/implementations/go/tests/Xpsk1/Xpsk1.noise.go b/implementations/go/tests/Xpsk1/Xpsk1.noise.go index d8578593..a4c76acf 100755 --- a/implementations/go/tests/Xpsk1/Xpsk1.noise.go +++ b/implementations/go/tests/Xpsk1/Xpsk1.noise.go @@ -240,7 +240,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err } diff --git a/src/go/5state.go b/src/go/5state.go index bf5070e3..79dcd389 100755 --- a/src/go/5state.go +++ b/src/go/5state.go @@ -34,7 +34,9 @@ func decryptWithAd(cs *cipherstate, ad []byte, ciphertext []byte) (*cipherstate, return cs, []byte{}, false, err } valid, ad, plaintext := decrypt(cs.k, cs.n, ad, ciphertext) - cs = setNonce(cs, incrementNonce(cs.n)) + if valid { + cs = setNonce(cs, incrementNonce(cs.n)) + } return cs, plaintext, valid, err }