eCryptfs

New file could not be encrypted due to an error from the Qualcomm crypto module in OpenWRT

Bug #1928207 reported by Raj Vora
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eCryptfs
Invalid
Undecided
Unassigned

Bug Description

Steps to encryt the file in openwrt

Created new directory --> mkdir tests

root@OpenWrt:/# mount.ecryptfs tests/ tests/
Unable to find a list of options to parse, defaulting to interactive mount
Passphrase:
Select cipher:
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32
 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
aes
Selection [aes]: Select key bytes:
 1) 16
 2) 32
 3) 24
32
n
n
Unable to find a list of options to parse, defaulting to interactive mount
Selection [16]: Enable plaintext passthrough (y/n) [n]: Enable filename encryption (y/n) [n]: Attempting to mount w:
  ecryptfs_unlink_sigs
  ecryptfs_key_bytes=32
  ecryptfs_cipher=aes
  ecryptfs_sig=09a8a73a4ff6c2c2
Mounted eCryptfs

Copied the random file to encrypt

root@OpenWrt:/# cp /etc/hosts tests/
[ 2947.608917] crypt_extent: Error attempting to crypt page with page_index = [0], extent_offset = [0]; rc = [-22]
[ 2947.608951] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
[ 2947.629065] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])
[ 2947.629163] crypt_extent: Error attempting to crypt page with page_index = [0], extent_offset = [0]; rc = [-22]
[ 2947.636273] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
[ 2947.659065] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])
cp: write error: Invalid argument

Why I have this error, does anyone have any idea ?

Raj Vora (g565198)
tags: added: ecryptfs
Raj Vora (g565198)
tags: added: ecryptfs-utils
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Hey Raj - I have a few questions:

1) What kernel and architecture is this? (uname -a)
2) Can you attach the contents of /proc/crypto after reproducing this issue?
3) Can you attach the contents of /proc/keys after reproducing this issue?

Thanks!

Tyler Hicks (tyhicks)
Changed in ecryptfs:
status: New → Incomplete
Revision history for this message
Raj Vora (g565198) wrote :
Download full text (28.6 KiB)

Thank you for your response.

root@OpenWrt:/# uname -a
Linux OpenWrt 4.4.60 #0 SMP PREEMPT Tue Apr 27 08:18:08 2021 aarch64 GNU/Linux

root@OpenWrt:/# cat /proc/crypto
name : cbc(aes)
driver : nss-cbc-aes
module : kernel
priority : 10000
refcnt : 2
selftest : passed
internal : no
type : givcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : eseqiv

name : ecb(aes)
driver : ecb(aes-generic)
module : kernel
priority : 100
refcnt : 2
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : hmac(sha512)
driver : nss-hmac-sha512
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 128
digestsize : 64

name : hmac(sha384)
driver : nss-hmac-sha384
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 128
digestsize : 48

name : hmac(sha256)
driver : nss-hmac-sha256
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 32

name : hmac(sha224)
driver : nss-hmac-sha224
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 28

name : hmac(sha1)
driver : nss-hmac-sha1
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 20

name : hmac(md5)
driver : nss-hmac-md5
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 16

name : sha512
driver : nss-sha512
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 128
digestsize : 64

name : sha384
driver : nss-sha384
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 128
digestsize : 48

name : sha256
driver : nss-sha256
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 32

name : sha224
driver : nss-sha224
module : qca_nss_cfi_cryptoapi
priority : 1000
refcnt : 1
selftest : passed
internal : no
type : ahash
async : yes
blocksize : 64
digestsize : 28

name : s...

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Unfortunately, I don't see anything that looks wrong in the files you pasted. I'm not sure what the problem is and I'm unable to support that old of an openwrt distro kernel at this time.

I suggest testing different ciphers and different key lengths to see if there's any difference. Judging by the log messages you pasted (are those complete? are you sure there wasn't one more messages before what you pasted?), then the error is coming from the crypto API's crypto_ablkcipher_encrypt() function which eCryptfs uses to encrypt a page of data.

Were you using eCryptfs previously and it broke when upgrading to a new kernel version or is this the first time you're trying to set up eCryptfs?

Changed in ecryptfs:
status: Incomplete → Won't Fix
Revision history for this message
Raj Vora (g565198) wrote :

Hello,

I tried the ciphers cast5, it works.

Yes, first time i am trying to set up eCryptfs.

So, I have the problem related to aes crypto package ?

Revision history for this message
Raj Vora (g565198) wrote :

5489:May 17 13:50:16 OpenWrt kern:err [ 5157.974813] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
5490:May 17 13:50:16 OpenWrt kern:warning [ 5157.984230] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])
5492:May 17 13:50:16 OpenWrt kern:err [ 5157.998514] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
5493:May 17 13:50:16 OpenWrt kern:warning [ 5158.008491] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])
5767:May 17 13:50:55 OpenWrt kern:err [ 5196.682166] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
5768:May 17 13:50:55 OpenWrt kern:warning [ 5196.691554] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])
5770:May 17 13:50:55 OpenWrt kern:err [ 5196.706004] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
5771:May 17 13:50:55 OpenWrt kern:warning [ 5196.715860] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])
6044:May 17 13:51:37 OpenWrt kern:err [ 5238.888140] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
6045:May 17 13:51:37 OpenWrt kern:warning [ 5238.897092] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])
6047:May 17 13:51:37 OpenWrt kern:err [ 5238.911857] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
6048:May 17 13:51:37 OpenWrt kern:warning [ 5238.921717] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])
6541:May 17 13:52:50 OpenWrt kern:err [ 5311.996642] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
6542:May 17 13:52:50 OpenWrt kern:warning [ 5312.006089] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])
6544:May 17 13:52:51 OpenWrt kern:err [ 5312.020531] ecryptfs_encrypt_page: Error encrypting extent; rc = [-22]
6545:May 17 13:52:51 OpenWrt kern:warning [ 5312.030467] ecryptfs_write_end: Error encrypting page (upper index [0x0000000000000000])

Revision history for this message
Tyler Hicks (tyhicks) wrote :

The OpenWRT kernel that you're using seems to have an out-of-tree crypto driver that's likely at fault here. You'll notice in your /proc/crypto file that the highest priority "cbc(aes)" implementation is "nss-cbc-aes". Those "nss-*" drivers are provided by the "qca_nss_cfi_cryptoapi" module. AFAICT, that's an out-of-tree driver and I don't see any mention of it in the upstream kernel. This is something that will need to be sorted out by the OpenWRT team instead of upstream eCryptfs.

Revision history for this message
Raj Vora (g565198) wrote :

thanks a lot for your help and time.
I deactivate the token qca-nss-cryptoapi and it works now...

Revision history for this message
Tyler Hicks (tyhicks) wrote :

That's great news! I'm glad it is working now.

Revision history for this message
Raj Vora (g565198) wrote :

Yes, need to see with qualcomm for the conflict of the packages.

thanks a lot.

Tyler Hicks (tyhicks)
summary: - File is not encrypted after mounting
+ New file could not be encrypted due to an error from the Qualcomm crypto
+ module in OpenWRT
Changed in ecryptfs:
status: Won't Fix → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.