I'd like to use AES-GCM with BouncyCastle as the provider in order to avail myself of integrity checks using decryption. I'm curious about the kind of exception raised when the integrity check fails. Is it InvalidCipherTextException?
Also are there any other exceptions I should be handling in the context of decrypting an AES-GCM encrypted blob?
I see that there are a few more exceptions listed out at http://www.cs.berkeley.edu/~jonah/bc/org/bouncycastle/crypto/package-tree.html
For the lightweight API, the resulting exception is indeed the InvalidCipherTextException. This answer has been extracted from the Bouncy Castle source code, which is openly available (e.g. using anonymous access to the source repository).
if (!Arrays.constantTimeAreEqual(this.macBlock, msgMac))
{
throw new InvalidCipherTextException("mac check in GCM failed");
}
This seems identical in the 1.13 to 1.18 version of this file in the repository, please check again for later versions.