Re: A question about modifying the buffer under authenticated encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 06, 2024 at 10:46:59PM +0100, Mikulas Patocka wrote:
> Hi
> 
> I'm trying to fix some problems in dm-crypt that it may report 
> authentication failures when the user reads data with O_DIRECT and 
> modifies the read buffer while it is being read.
> 
> I'd like to ask you:
> 
> 1. If the authenticated encryption encrypts a message, reading from 
>    buffer1 and writing to buffer2 - and buffer1 changes while reading from 
>    it - is it possible that it generates invalid authentication tag?
> 
> 2. If the authenticated encryption decrypts a message, reading from 
>    buffer1 and writing to buffer2 - and buffer2 changes while writing to 
>    it - is is possible that it reports authentication tag mismatch?
> 

Yes, both scenarios are possible.  But it depends on the AEAD algorithm and how
it happens to be implemented, and on whether the data overlaps or not.

This is very much a "don't do that" sort of thing.

- Eric




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux