Can I assume that AesGcm.Encrypt/Decrypt is safe for in-place operation?

[GF-Huang]

I means that the plaintext and ciphertext buffer are same buffer.

Use case:

using var aes = new AesGcm(...);
var buffer = new byte[64];
var tag = new byte[16];
aes.Encrypt(
    nonce: ...,
    plaintext: buffer,
    ciphertext: buffer,
    tag: tag
);

And how can I determine if an algorithm is supports in-place operation?

[danmoseley]

@dotnet/area-System-Security

[bartonjs]

Yes, it's a thing we explicitly test for.

runtime/src/libraries/System.Security.Cryptography/tests/AesGcmTests.cs

Lines 337 to 354 in 0c513d9

	public static void InplaceEncryptDecrypt()
	{
	byte[] key = "d5a194ed90cfe08abecd4691997ceb2c".HexToByteArray();
	byte[] nonce = new byte[12];
	byte[] originalPlaintext = new byte[] { 1, 2, 8, 12, 16, 99, 0 };
	byte[] data = (byte[])originalPlaintext.Clone();
	byte[] tag = new byte[16];
	RandomNumberGenerator.Fill(nonce);
	using (var aesGcm = new AesGcm(key, tag.Length))
	{
	aesGcm.Encrypt(nonce, data, data, tag);
	Assert.NotEqual(originalPlaintext, data);
	aesGcm.Decrypt(nonce, data, tag, data);
	Assert.Equal(originalPlaintext, data);
	}
	}

I believe that all of our cryptographic routines allow the plaintext and ciphertext to be the same buffer. My recollection was that we made "overlapping, but with an offset fail", but it has already been pointed out to me that sometimes we make that work.

[GF-Huang]

Thanks your point it out. Hopefully the documentation for the .NET API will mention this explicitly.

[danmoseley]

@GF-Huang could you open a docs issue if necessary?

[GF-Huang]

dotnet/dotnet-api-docs#9494