crypt_and_hash decrypt fail with AES-128-CTR alg

[z789]

Summary

crypt_and_hash is not working when decrypt with AES-128-CTR alg.

./crypt_and_hash 1 file.txt.enc file.txt.dec AES-128-CTR SHA512 123456
File content not a multiple of the block size (16).

https://github.com/Mbed-TLS/mbedtls/blob/development/programs/aes/crypt_and_hash.c#L405-L414

[ronald-cron-arm]

Thanks for your report. I think I agree with you that there is a bug in crypt_and_hash regarding decryption in CTR mode. Please check if you agree with the below. Would it be possible for you to fix this through a PR?

The program crypt_and_hash when decrypting a file in CTR mode checks that the size of the encrypted message (size of the file minus the size of the HMAC at the end of the file) is a multiple of the block size. This seems wrong as in CTR mode the size of an encrypted message is just the size of the associated plain text. As a consequence, encrypting and then decrypting a message whose length is not a multiple of the block size fails in CTR mode. Example of calls where the last decryption request fails with "File content not a multiple of the block size (16)".

./crypt_and_hash 0 file.txt file.txt.enc AES-128-CTR SHA512 123456
./crypt_and_hash 1 file.txt.enc file AES-128-CTR SHA512 123456