On Wed, Feb 07, 2024 at 01:51:51PM +0100, Mikulas Patocka wrote: > > > On Tue, 6 Feb 2024, Eric Biggers wrote: > > > On Tue, Feb 06, 2024 at 10:46:59PM +0100, Mikulas Patocka wrote: > > > Hi > > > > > > I'm trying to fix some problems in dm-crypt that it may report > > > authentication failures when the user reads data with O_DIRECT and > > > modifies the read buffer while it is being read. > > > > > > I'd like to ask you: > > > > > > 1. If the authenticated encryption encrypts a message, reading from > > > buffer1 and writing to buffer2 - and buffer1 changes while reading from > > > it - is it possible that it generates invalid authentication tag? > > > > > > 2. If the authenticated encryption decrypts a message, reading from > > > buffer1 and writing to buffer2 - and buffer2 changes while writing to > > > it - is is possible that it reports authentication tag mismatch? > > > > > > > Yes, both scenarios are possible. But it depends on the AEAD algorithm and how > > it happens to be implemented, and on whether the data overlaps or not. > > > > This is very much a "don't do that" sort of thing. > > > > - Eric > > I see. So I will copy the data to a kernel buffer before encryption or > decryption. > > I assume that authenticated encryption or decryption using the same buffer > as a source and as a destination should be ok. Right? > The crypto_aead API allows the source and destination to overlap, yes. - Eric
