diff options
author | lloyd <[email protected]> | 2014-12-31 12:58:24 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2014-12-31 12:58:24 +0000 |
commit | c25cd2bf6058d92a09a38c27252cec74158f23e4 (patch) | |
tree | 4a7561298143ea42dbab38ac14cef348e0c5a70b /doc/manual/aead.rst | |
parent | b5b92a8a3847e2f3ad5ea2b429c4c6129ed6cb53 (diff) |
More info on AEAD decryption handling
Diffstat (limited to 'doc/manual/aead.rst')
-rw-r--r-- | doc/manual/aead.rst | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/manual/aead.rst b/doc/manual/aead.rst index a5c60c14b..9798cac3b 100644 --- a/doc/manual/aead.rst +++ b/doc/manual/aead.rst @@ -65,6 +65,16 @@ AEAD modes currently available include GCM, OCB, and EAX. All three use a Note that if you have the entire message in hand, calling finish without ever calling update is both efficient and convenient. + .. note:: + During decryption, finish will throw an instance of Integrity_Failure + if the MAC does not validate. If this occurs, all plaintext previously + output via calls to update must be destroyed and not used in any + way that an attacker could observe the effects of. + + One simply way to assure this could never happen is to never + call update, and instead always marshall the entire message + into a single buffer and call finish on it when decrypting. + .. cpp:function:: size_t update_granularity() const The AEAD interface requires :cpp:func:`update` be called with blocks of |