-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AuthenticatedDecryptionFilter with AAD throws an exception when used with a FileSource #817
Comments
My apologies I did not Ack earlier. I've been mulling over this...
Yes, agreed. Something is bent/broke if you can't swap-in a source for any other source. I'm going to need some time to sort through it. The pipelines can be tricky to maintain, so we have to be careful of knocking something loose. |
Can you provide a stand alone test case demonstrating the problem. I'm having a little trouble creating the stand alone reproducer. I think it includes your Step (7), but I am not clear on what Step (5) has to do with things. Also, as far as I know, you can only use the pipeline with confidential data. The default Sources put all their data on the DEFAULT_CHANNEL. None of the Sources put their data on the AAD_CHANNEL. Put another way, there's no Source that says, "take some of the file and put it on the AAD_CHANNEL, and take the rest of the file and put it on the DEFAULT_CHANNEL". A custom Source would probably be able to do it, though. |
@noloader,
As you note, it is not necessary to show the problem: section 7 is what is needed, so I have reduced the code in CryptoPP_short_test.cpp. |
I am having a similar problem. I could trace back the problem to the following position:
in the method I checked, and all implementations of |
Relevant parts of the backtrace:
|
I checked in the fix provided by @Nyk72 in Item 9: class CRYPTOPP_DLL AuthenticatedDecryptionFilter
{
...
size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking)
{ return ChannelPut2(channel, begin, length, messageEnd, blocking); }
}; Also see Commit ff110c6e183e. Thanks for the help, and sorry about the delay. |
I found a strange behaviour using a
FileSource
to decrypt a text encrypted with AES/EAX using both channels provided byAuthenticatedEncryptionFilter
andAuthenticatedDecryptionFilter
: it seems that the operations sequence used (successfully) with aStringSource
cannot be used with aFileSource
instead.Digging into the library code, I think the reason is that
AuthenticatedDecryptionFilter
does not redefine theChannelPutModifiable2
method, but only theChannelPut2
one. I don't know whetherAuthenticatedDecryptionFilter
is really bugged or not, but it sounds odd to me that the code working with aStringSource
does not work with aFileSource
, so I searched a way to remove this discrepancy.The attached code, adapted from the Crypto++ Wiki example EAX-AEAD-Test.zip, shows what I found:
cipher
using aStringSource
by first putting the authenticated data into the AAD channel and then pumping all the source contents;cipher
into a file;FileSource
and the same operations used in section 5, but the library throws anInvalidArgument
exception;AuthenticatedDecryptionFilter
with the methodChannelPutModifiable2
redefined;AuthenticatedDecryptionFilter
(I don't know if either this "fix" or the other could be right: they are simply two ways to mimic what happens in theStringSource
case, i.e. to callm_hashVerifier.ForceNextPut()
at the right moment).The program output is the following:
I'm using Crypto++ 8.1.0 build with Visual Studio 2012 and the OS is Windows 10 Pro (1803).
CryptoPP_test.cpp
The text was updated successfully, but these errors were encountered: