blob: f4fccfadc634581d1002b0d2f5966e3228f0b7f5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
qemu: Cryptography adding encrypted disk with luks format failed
I'm using libvirt to attach luks encrypted disk to a running VM. The qemu-monitor-command like the
following:
{"execute":"object-add","arguments":{"qom-type":"secret","id":"virtio-disk11-luks-secret0","props":{"data":"El7jOYLCZwrij2Mue0q2tA==","keyid":"masterKey0","iv":"J2je0WJjCa89L3iKc1lceg==","format":"base64"}}
the masterKey0 specify the secret which has been created before.
command above return with error message "Incorrect number of padding bytes XXX found on decrypted
data". This is triggered by the following code snippets in qemu/crypto/secret.c:
if (plaintext[ciphertextlen - 1] > 16 ||
plaintext[ciphertextlen - 1] > ciphertextlen) {
error_setg(errp, "Incorrect number of padding bytes (%d) "
"found on decrypted data",
(int)plaintext[ciphertextlen - 1]);
…
}
The bug is: There is on padding in plaintext if the actual length of the plaintext decrypted is
equal to ciphertext.
In this case, the last element in plaintext array may be one of the character in base64 code table
or other.
I would like to know why length of padding bytes cannot exceed 16 and whether i can remove
judement: “plaintext[ciphertextlen - 1] > 16” so that I can eliminate the error above.
Much appreciate it if doubts above is cleared up.
libvirt/qemu version:
# virsh version
Compiled against library: libvirt 3.0.0
Using library: libvirt 3.0.0
Using API: QEMU 3.0.0
Running hypervisor: QEMU 2.7.1
OS: Ubuntu 12.04 LTS
|