Received: by 2002:a05:7412:3b8b:b0:fc:a2b0:25d7 with SMTP id nd11csp44065rdb; Wed, 7 Feb 2024 20:36:18 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUUKCoWziB/xD9ZiOmug9uKHCQTjbP0jVwvvhX05p6e3RbxVDGZuIRibk/Vkc+VWefwT1Fl1i3yVSAcyP8HJ+rbE+G3CECysexz3hlShA== X-Google-Smtp-Source: AGHT+IEFfL+MuG43qonsXEiptRMpIfDqCy1fR9bykAcH2WMmMJO0HH74PjMQ0hJMOpE5NC7zvul3 X-Received: by 2002:a05:6102:c13:b0:46d:169f:acbf with SMTP id x19-20020a0561020c1300b0046d169facbfmr5962314vss.3.1707366978446; Wed, 07 Feb 2024 20:36:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707366978; cv=pass; d=google.com; s=arc-20160816; b=Op1efqdr1GTF4K3M1zKTkowRgw2i7LOfNTjiWv+ACKlMdbdiQLOmFpworXtj0LGpyC 6wWaR3grs05xQVsX8tfDTpFHj5hCskojb2txv3hBR3MqzLEOw+22fGiTAz5uk34fqynf y3wI1EdcxdyGCRwn7Ojjz9flvhFike67UiZ1ko5k+Okif3oQ80XzA73EMwCBe4I6nZNY qWJuSgIYyjnv6oeRDaUfyYrC585neoxNrd3LFSE3VXITsj09fdoWacyC98Njz2NrPlpO PPUHhANmAl9dl+s6X0qjx5pu5c+InIQDMT/3LOQtK15e1719zkIhlsSWoHl87eY8wzXy HCXg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=vvHAu/+YCZ29JhQzvIPtE+VPoX0j5OlOJgC9edo20+0=; fh=HBuCC8joU+T9UrWsaSVeBLERmET3nb8z/QYKAtt2V5k=; b=x9ebSU8Dx09OyljRwLveG252AoCScVy2xuzGqTKUC4cwAF3D7lAwMFyqs15S2sogGW N4h/FV3BiUiYLUmLi/Xe+KFkXv+1VXvnSCTIU5FNtLNMrAZLDZmAb+VXSHTaBl565zXF +3r853kl3aPuMVG8ZVMAJxM1822HCII46FLIzC+0EWjHeD4rKayWXyrEYcfnIt/qU/yz lyGt7sqR3B+1YpDoLbJOdk5QSfzNJkUeq7EedGwMCpeoS1Ab5KOHZkBbgpczH3amOjSG oaILaTBh38SjdiNSSlOaOhnwIs9Q9T+THmpUFP0a4jlJkNNNLQ9OLBIPmd4313w0zbY4 4ioQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ey4rpNhG; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-1903-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1903-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org X-Forwarded-Encrypted: i=2; AJvYcCVLEqbI+pqM9AAtzpn63oOblK9PkmFKi3rjSKk2EFARw/r/4moK2oYYpbbLjrwWuUoYcwac26dccGBDNFbEWHS5k5ii7NIgHZlJ7D7K4Q== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id bp40-20020a05620a45a800b007859976fd7bsi2767503qkb.577.2024.02.07.20.36.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Feb 2024 20:36:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1903-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ey4rpNhG; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-1903-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1903-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 35E771C23962 for ; Thu, 8 Feb 2024 04:36:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 21E2C679E4; Thu, 8 Feb 2024 04:36:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ey4rpNhG" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D17C12C6B0; Thu, 8 Feb 2024 04:36:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707366972; cv=none; b=XWLoFpFVev5B8ZVEZEupMhATwnaqpEkHKZo6EjctA/FyBB67kSBlKicaT0e0E9+H5PXpVALkwV0WmBfvo7Kin6z1aU/PyTGqp6mYOI2kofaEB2sd8eJbCT8dBubVXqxypNc7RkDaLEFeqIG1RkEYf/PkvWPFG7um4Bd8T/5IGfI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707366972; c=relaxed/simple; bh=eRBc1wEUZT7QcGKf0MvMI/BhD33ksuk1JOQTxl5173Y=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=DJvUs+FGAK/AyLfKzXOih3cZ8zGxyZABzZNYDnonL7SVeZIQyS4HdnyX5Yh67NTe1sHYAtyzl9/pPnJ2qNaOuY1nJVW7t3nezJqXdPhln8A+nbXlRHW168CM6pdQx8TzrCQ6eIJwzoqQSdUUz7y5P7DFYfSTDDvx9iHu2NXX0/g= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ey4rpNhG; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 09625C433C7; Thu, 8 Feb 2024 04:36:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707366972; bh=eRBc1wEUZT7QcGKf0MvMI/BhD33ksuk1JOQTxl5173Y=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ey4rpNhGYVZde/rqWa5A9iC4sEuMAn+buoWy2+57ZsLy+3O9sbQLY3lRklLB+Q1bj F9eudHJziSzYNIYsFQebhQGsZEv+CzXJthkoRE8lXXWztmHCbfY5Ja3Sf7o4f6C5bz XEohWoXkbLVynIb0Gj3iPxG0R2mpx3EXfb7kDgok56wT0PJTRcm5ee/tBqtKLh4GuM z+urj7dpXFzgOxQ2gDUC2sBvJrEwqHPRXQJeX01GlVsE/QHGWzHVddwLNS6lwMrWRE l4NR6OVZszWq54QyiE2T5kzZq5vwVgHlgeJhlpds1o0SkcZPivbyeMk9P4CH6QHjXA +JkiGReyjpeuA== Date: Wed, 7 Feb 2024 20:36:10 -0800 From: Eric Biggers To: Mikulas Patocka Cc: Herbert Xu , "David S. Miller" , linux-crypto@vger.kernel.org, dm-devel@lists.linux.dev Subject: Re: A question about modifying the buffer under authenticated encryption Message-ID: <20240208043610.GB85799@sol.localdomain> References: <20240207004723.GA35324@sol.localdomain> <1a4713fc-62c7-4a8f-e28a-14fc5d04977@redhat.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1a4713fc-62c7-4a8f-e28a-14fc5d04977@redhat.com> On Wed, Feb 07, 2024 at 01:51:51PM +0100, Mikulas Patocka wrote: > > > On Tue, 6 Feb 2024, Eric Biggers wrote: > > > On Tue, Feb 06, 2024 at 10:46:59PM +0100, Mikulas Patocka wrote: > > > Hi > > > > > > I'm trying to fix some problems in dm-crypt that it may report > > > authentication failures when the user reads data with O_DIRECT and > > > modifies the read buffer while it is being read. > > > > > > I'd like to ask you: > > > > > > 1. If the authenticated encryption encrypts a message, reading from > > > buffer1 and writing to buffer2 - and buffer1 changes while reading from > > > it - is it possible that it generates invalid authentication tag? > > > > > > 2. If the authenticated encryption decrypts a message, reading from > > > buffer1 and writing to buffer2 - and buffer2 changes while writing to > > > it - is is possible that it reports authentication tag mismatch? > > > > > > > Yes, both scenarios are possible. But it depends on the AEAD algorithm and how > > it happens to be implemented, and on whether the data overlaps or not. > > > > This is very much a "don't do that" sort of thing. > > > > - Eric > > I see. So I will copy the data to a kernel buffer before encryption or > decryption. > > I assume that authenticated encryption or decryption using the same buffer > as a source and as a destination should be ok. Right? > The crypto_aead API allows the source and destination to overlap, yes. - Eric