AuthenticatedDecryptionFilter, THROW_EXCEPTION, and the wiki AE example

[fbenhamo]

Hi,

I'm interested in AuthenticatedDecryptionFilter.

On https://www.cryptopp.com/wiki/GCM_Mode, in the AE example (https://www.cryptopp.com/w/images/2/2a/GCM-AE-Test.zip), GetLastResult is checked, even if DEFAULT_FLAGS is used.

This makes the code more complex, as it requires the use of a Redirector. (There is even a long comment about it in the code.)

Is there any reason for this?

Is it possible that even with DEFAULT_FLAGS (which is THROW_EXCEPTION), no exception is thrown when the tag/mac is invalid?

Thanks,

Best,

Fabrice

PS: In the code of the AE example on the wiki page (not the one in the zip file), DEFAULT_FLAGS should be replaced by AuthenticatedDecryptionFilter::DEFAULT_FLAGS.

[Jeffrey Walton]

I'm interested in AuthenticatedDecryptionFilter.

On https://www.cryptopp.com/wiki/GCM_Mode, in the AE example (https://www.cryptopp.com/w/images/2/2a/GCM-AE-Test.zip), GetLastResult is checked, even if DEFAULT_FLAGS is used.

This makes the code more complex, as it requires the use of a Redirector. (There is even a long comment about it in the code.)

Is there any reason for this?

Wow, that's going back a long time for my fading memory...

I *think* the idea at the time was to show how to get the DecodingResult when used in a pipeline. Without the Redirector, then the DecodingResult would be lost to the pipeline. That is, once destructors run and the pipeline is destroyed, then the DecodingResult is no longer valid.
 

Is it possible that even with DEFAULT_FLAGS (which is THROW_EXCEPTION), no exception is thrown when the tag/mac is invalid?

I don't believe so. If the verification fails and THROW_EXCEPTION is present, then the exception will be thrown.

But like I said, its been a long time. I seem to recall we were writing the docs as Wei was implementing the interfaces and modes of operation. Wei would check-in; and we would run a sample program to see what happens; and then we would change the wiki page to match observed behavior. If something did not work as expected, then we would ping Wei and ask him about it.

Jeff