[Qemu-devel] [Bug 1712027] Re: qemu: Cryptography adding encrypted disk

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1712027] Re: qemu: Cryptography adding encrypted disk

From:	Huang Yong
Subject:	[Qemu-devel] [Bug 1712027] Re: qemu: Cryptography adding encrypted disk with luks format failed
Date:	Thu, 24 Aug 2017 10:08:39 -0000

If the alg is GCRY_CIPHER_AES256 and length of data to be encrypted is
multiple of 16 (16/32/48...),the length of encryted data is equal to the
raw data. There is no padding and the bug is triggerd.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1712027

Title:
  qemu: Cryptography adding encrypted disk with luks format failed

Status in QEMU:
  New

Bug description:
  I'm using libvirt to attach luks encrypted disk to a running VM. The
  qemu-monitor-command like the

  following:

  {"execute":"object-add","arguments":{"qom-type":"secret","id":"virtio-
  disk11-luks-
  
secret0","props":{"data":"El7jOYLCZwrij2Mue0q2tA==","keyid":"masterKey0","iv":"J2je0WJjCa89L3iKc1lceg==","format":"base64"}}

  the masterKey0 specify the secret which has been created before.

  command above return with error message "Incorrect number of padding
  bytes XXX found on decrypted

  data". This is triggered by the following code snippets in 
qemu/crypto/secret.c:
           
  if (plaintext[ciphertextlen - 1] > 16 ||
               plaintext[ciphertextlen - 1] > ciphertextlen) {
               error_setg(errp, "Incorrect number of padding bytes (%d) "
                       "found on decrypted data",
                       (int)plaintext[ciphertextlen - 1]); 
                     …
           }

  The bug is: There is on padding in plaintext if the actual length of
  the plaintext  decrypted is

  equal to ciphertext.

  In this case, the last element in plaintext array may be one of the
  character in base64 code table

  or other.

  I would like to know why length of padding bytes cannot exceed 16 and
  whether i can remove

  judement: “plaintext[ciphertextlen - 1] > 16” so that I can eliminate
  the error above.

  Much appreciate it if doubts above is cleared up.

  libvirt/qemu version:

  # virsh version
  Compiled against library: libvirt 3.0.0
  Using library: libvirt 3.0.0
  Using API: QEMU 3.0.0
  Running hypervisor: QEMU 2.7.1

  OS: Ubuntu 12.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1712027/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [Bug 1712027] [NEW] qemu: Cryptography adding encrypted disk with luks format failed, Huang Yong, 2017/08/21
- [Qemu-devel] [Bug 1712027] Re: qemu: Cryptography adding encrypted disk with luks format failed, Huang Yong <=

Prev by Date: Re: [Qemu-devel] [PATCH QEMU] xen/pt: allow QEMU to request MSI unmasking at bind time
Next by Date: [Qemu-devel] [PATCH QEMU] xen/pt: allow QEMU to request MSI unmasking at bind time
Previous by thread: [Qemu-devel] [Bug 1712027] [NEW] qemu: Cryptography adding encrypted disk with luks format failed
Next by thread: [Qemu-devel] [PATCH v6 0/6] add throttle block driver filter
Index(es):
- Date
- Thread