hypervisor: 0.984
device: 0.979
virtual: 0.946
user-level: 0.883
graphic: 0.881
architecture: 0.864
socket: 0.860
ppc: 0.855
register: 0.852
performance: 0.810
kernel: 0.782
PID: 0.754
arm: 0.753
x86: 0.747
KVM: 0.730
debug: 0.710
files: 0.709
mistranslation: 0.706
peripherals: 0.689
VMM: 0.686
semantic: 0.682
vnc: 0.682
TCG: 0.667
risc-v: 0.656
boot: 0.634
network: 0.619
permissions: 0.613
assembly: 0.491
i386: 0.479

qemu: Cryptography adding encrypted disk with luks format failed

I'm using libvirt to attach luks encrypted disk to a running VM. The qemu-monitor-command like the 

following:

{"execute":"object-add","arguments":{"qom-type":"secret","id":"virtio-disk11-luks-secret0","props":{"data":"El7jOYLCZwrij2Mue0q2tA==","keyid":"masterKey0","iv":"J2je0WJjCa89L3iKc1lceg==","format":"base64"}}

the masterKey0 specify the secret which has been created before. 

command above return with error message "Incorrect number of padding bytes XXX found on decrypted 

data". This is triggered by the following code snippets in qemu/crypto/secret.c:
         
if (plaintext[ciphertextlen - 1] > 16 ||
             plaintext[ciphertextlen - 1] > ciphertextlen) {
             error_setg(errp, "Incorrect number of padding bytes (%d) "
                     "found on decrypted data",
                     (int)plaintext[ciphertextlen - 1]); 
                   …
         }

The bug is: There is on padding in plaintext if the actual length of the plaintext  decrypted is 

equal to ciphertext.

In this case, the last element in plaintext array may be one of the character in base64 code table 

or other.

I would like to know why length of padding bytes cannot exceed 16 and whether i can remove 

judement: “plaintext[ciphertextlen - 1] > 16” so that I can eliminate the error above. 

Much appreciate it if doubts above is cleared up.

libvirt/qemu version:

# virsh version
Compiled against library: libvirt 3.0.0
Using library: libvirt 3.0.0
Using API: QEMU 3.0.0
Running hypervisor: QEMU 2.7.1

OS: Ubuntu 12.04 LTS

If the alg is GCRY_CIPHER_AES256 and length of data to be encrypted is multiple of 16 (16/32/48...),the length of encryted data is equal to the raw data. There is no padding and the bug is triggerd.

The QEMU project is currently considering to move its bug tracking to another system. For this we need to know which bugs are still valid and which could be closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state back to "New" within the next 60 days, otherwise this report will be marked as "Expired". Thank you and sorry for the inconvenience.

[Expired for QEMU because there has been no activity for 60 days.]