|
 |
6d3351 |
From 603a58f73e71323294c0d840bbfef4b5d9676e32 Mon Sep 17 00:00:00 2001
|
|
|
6d3351 |
Message-Id: <603a58f73e71323294c0d840bbfef4b5d9676e32@dist-git>
|
|
|
6d3351 |
From: "Daniel P. Berrange" <berrange@redhat.com>
|
|
|
6d3351 |
Date: Wed, 3 May 2017 08:52:13 +0200
|
|
|
6d3351 |
Subject: [PATCH] Fix padding of encrypted data
|
|
|
6d3351 |
|
|
|
6d3351 |
If we are encoding a block of data that is 16 bytes in length,
|
|
|
6d3351 |
we cannot leave it as 16 bytes, we must pad it out to the next
|
|
|
6d3351 |
block boundary, 32 bytes. Without this padding, the decoder will
|
|
|
6d3351 |
incorrectly treat the last byte of plain text as the padding
|
|
|
6d3351 |
length, as it can't distinguish padded from non-padded data.
|
|
|
6d3351 |
|
|
|
6d3351 |
The problem exhibited itself when using a 16 byte passphrase
|
|
|
6d3351 |
for a LUKS volume
|
|
|
6d3351 |
|
|
|
6d3351 |
$ virsh secret-set-value 55806c7d-8e93-456f-829b-607d8c198367 \
|
|
|
6d3351 |
$(echo -n 1234567812345678 | base64)
|
|
|
6d3351 |
Secret value set
|
|
|
6d3351 |
|
|
|
6d3351 |
$ virsh start demo
|
|
|
6d3351 |
error: Failed to start domain demo
|
|
|
6d3351 |
error: internal error: process exited while connecting to monitor: >>>>>>>>>>Len 16
|
|
|
6d3351 |
2017-05-02T10:35:40.016390Z qemu-system-x86_64: -object \
|
|
|
6d3351 |
secret,id=virtio-disk1-luks-secret0,data=SEtNi5vDUeyseMKHwc1c1Q==,\
|
|
|
6d3351 |
keyid=masterKey0,iv=zm7apUB1A6dPcH53VW960Q==,format=base64: \
|
|
|
6d3351 |
Incorrect number of padding bytes (56) found on decrypted data
|
|
|
6d3351 |
|
|
|
6d3351 |
Notice how the padding '56' corresponds to the ordinal value of
|
|
|
6d3351 |
the character '8'.
|
|
|
6d3351 |
|
|
|
6d3351 |
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
6d3351 |
(cherry picked from commit 71890992daf37ec78b00b4ce873369421dc99731)
|
|
|
6d3351 |
|
|
|
6d3351 |
https://bugzilla.redhat.com/show_bug.cgi?id=1447297
|
|
|
6d3351 |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
6d3351 |
---
|
|
|
6d3351 |
src/util/vircrypto.c | 10 ++++++++--
|
|
|
6d3351 |
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
6d3351 |
|
|
|
6d3351 |
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
|
|
|
6d3351 |
index 8748e1c4e..48b04fc8c 100644
|
|
|
6d3351 |
--- a/src/util/vircrypto.c
|
|
|
6d3351 |
+++ b/src/util/vircrypto.c
|
|
|
6d3351 |
@@ -152,8 +152,14 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
|
|
|
6d3351 |
uint8_t *ciphertext;
|
|
|
6d3351 |
size_t ciphertextlen;
|
|
|
6d3351 |
|
|
|
6d3351 |
- /* Allocate a padded buffer, copy in the data */
|
|
|
6d3351 |
- ciphertextlen = VIR_ROUND_UP(datalen, 16);
|
|
|
6d3351 |
+ /* Allocate a padded buffer, copy in the data.
|
|
|
6d3351 |
+ *
|
|
|
6d3351 |
+ * NB, we must *always* have at least 1 byte of
|
|
|
6d3351 |
+ * padding - we can't skip it on multiples of
|
|
|
6d3351 |
+ * 16, otherwise decoder can't distinguish padded
|
|
|
6d3351 |
+ * data from non-padded data. Hence datalen + 1
|
|
|
6d3351 |
+ */
|
|
|
6d3351 |
+ ciphertextlen = VIR_ROUND_UP(datalen + 1, 16);
|
|
|
6d3351 |
if (VIR_ALLOC_N(ciphertext, ciphertextlen) < 0)
|
|
|
6d3351 |
return -1;
|
|
|
6d3351 |
memcpy(ciphertext, data, datalen);
|
|
|
6d3351 |
--
|
|
|
6d3351 |
2.12.2
|
|
|
6d3351 |
|