On Tue, Feb 06, 2024 at 10:46:59PM +0100, Mikulas Patocka wrote: > Hi > > I'm trying to fix some problems in dm-crypt that it may report > authentication failures when the user reads data with O_DIRECT and > modifies the read buffer while it is being read. > > I'd like to ask you: > > 1. If the authenticated encryption encrypts a message, reading from > buffer1 and writing to buffer2 - and buffer1 changes while reading from > it - is it possible that it generates invalid authentication tag? > > 2. If the authenticated encryption decrypts a message, reading from > buffer1 and writing to buffer2 - and buffer2 changes while writing to > it - is is possible that it reports authentication tag mismatch? > Yes, both scenarios are possible. But it depends on the AEAD algorithm and how it happens to be implemented, and on whether the data overlaps or not. This is very much a "don't do that" sort of thing. - Eric
