On Tue, 6 Feb 2024, Eric Biggers wrote:
> On Tue, Feb 06, 2024 at 10:46:59PM +0100, Mikulas Patocka wrote:
> > Hi
> >
> > I'm trying to fix some problems in dm-crypt that it may report
> > authentication failures when the user reads data with O_DIRECT and
> > modifies the read buffer while it is being read.
> >
> > I'd like to ask you:
> >
> > 1. If the authenticated encryption encrypts a message, reading from
> > buffer1 and writing to buffer2 - and buffer1 changes while reading from
> > it - is it possible that it generates invalid authentication tag?
> >
> > 2. If the authenticated encryption decrypts a message, reading from
> > buffer1 and writing to buffer2 - and buffer2 changes while writing to
> > it - is is possible that it reports authentication tag mismatch?
> >
>
> Yes, both scenarios are possible. But it depends on the AEAD algorithm and
> how
> it happens to be implemented, and on whether the data overlaps or not.
>
> This is very much a "don't do that" sort of thing.
>
> - Eric
I see. So I will copy the data to a kernel buffer before encryption or
decryption.
I assume that authenticated encryption or decryption using the same buffer
as a source and as a destination should be ok. Right?
Mikulas
