eCryptfs

ecryptfsd doesn't prompt for PIN...

Bug #1698562 reported by IULIAN POPA on 2017-06-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	eCryptfs	New	Undecided	Unassigned

Bug Description

I'm trying to use ecryptfs to encrypt my home folder. I'm using it in combination with Alladin eToken and opensc on Ubuntu 16.04.
Almost everything is going fine, mounting, copying files into mounted location, unmounting, but when I'm trying to mount again and access the previous encrypted files, that's what I get:

$ cat filename

cat: filename: Input/output error

...and this is the output from

$ ecryptfsd -f

ecryptfsd[7018]: PKCS#11: pkcs11h_addProvider entry version='1.11', pid=7018, reference='opensc', provider_location='/usr/lib/onepin-opensc-pkcs11.so', allow_protected_auth=1, mask_private_mode=00000000, cert_is_private=0
ecryptfsd[7018]: PKCS#11: Adding provider 'opensc'-'/usr/lib/onepin-opensc-pkcs11.so'
ecryptfsd[7018]: PKCS#11: pkcs11h_addProvider Provider 'opensc' manufacturerID 'OpenSC Project'
ecryptfsd[7018]: PKCS#11: _pkcs11h_slotevent_notify entry
ecryptfsd[7018]: PKCS#11: _pkcs11h_slotevent_notify return
ecryptfsd[7018]: PKCS#11: Provider 'opensc' added rv=0-'CKR_OK'
ecryptfsd[7018]: PKCS#11: pkcs11h_addProvider return rv=0-'CKR_OK'
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=0x7ffc2038fc90, sz='OpenSC\x20Project/PKCS\x2315/2737C00F090A/Iulian\x20Daniel\x20Popa/957C05A0FD3FF39DB34CBD89A1ECB8B24EA37F73'
ecryptfsd[7018]: PKCS#11: _pkcs11h_certificate_newCertificateId entry p_certificate_id=0x7ffc2038fc48
ecryptfsd[7018]: PKCS#11: _pkcs11h_certificate_newCertificateId return rv=0-'CKR_OK', *p_certificate_id=0xe89f20
ecryptfsd[7018]: PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=0xe89f20, sz='OpenSC\x20Project/PKCS\x2315/2737C00F090A/Iulian\x20Daniel\x20Popa'
ecryptfsd[7018]: PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=0x7ffc2038fb98
ecryptfsd[7018]: PKCS#11: _pkcs11h_token_newTokenId return rv=0-'CKR_OK', *p_token_id=0xe8a350
ecryptfsd[7018]: PKCS#11: pkcs11h_token_deserializeTokenId return rv=0-'CKR_OK'
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=0-'CKR_OK'
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_setCertificateIdCertificateBlob entry certificate_id=0xe89f20
ecryptfsd[7018]: PKCS#11: __pkcs11h_certificate_updateCertificateIdDescription entry certificate_id=0xe89f20
ecryptfsd[7018]: PKCS#11: __pkcs11h_certificate_updateCertificateIdDescription return displayName='/C=RO/ST=SB/L=SB/O=XXXX/OU=XXXX/CN=Iulian Daniel <email address hidden> on Iulian Daniel Popa'
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_setCertificateIdCertificateBlob return rv=0-'CKR_OK'
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_create entry certificate_id=0xe89f20, user_data=0xe89ebf, mask_prompt=00000003, pin_cache_period=-1, p_certificate=0x7ffc2038fc98
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_duplicateCertificateId entry to=0xe8abe0 form=0xe89f20
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_duplicateCertificateId return rv=0-'CKR_OK', *to=0xe8ad00
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_getSessionByTokenId entry token_id=0xe8b130, p_session=0xe8abf0
ecryptfsd[7018]: PKCS#11: Creating a new session
ecryptfsd[7018]: PKCS#11: pkcs11h_token_duplicateTokenId entry to=0xe89388 form=0xe8b130
ecryptfsd[7018]: PKCS#11: pkcs11h_token_duplicateTokenId return rv=0-'CKR_OK', *to=0xe8b9c0
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_getSessionByTokenId return rv=0-'CKR_OK', *p_session=0xe89370
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_create return rv=0-'CKR_OK' *p_certificate=0xe8abe0
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_decryptAny entry certificate=0xe8abe0, mech_type=1, source=0xe89260, source_size=0000000000000100, target=(nil), *p_target_size=0000000000000000
ecryptfsd[7018]: PKCS#11: Getting key attributes
ecryptfsd[7018]: PKCS#11: __pkcs11h_certificate_getKeyAttributes entry certificate=0xe8abe0
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_freeObjectAttributes entry attrs=0x7ffc2038fb90, count=4
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_freeObjectAttributes return
ecryptfsd[7018]: PKCS#11: Get private key attributes failed: 130:'CKR_OBJECT_HANDLE_INVALID'
ecryptfsd[7018]: PKCS#11: _pkcs11h_certificate_resetSession entry certificate=0xe8abe0, public_only=0, session_mutex_locked=1
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_login entry session=0xe89370, is_publicOnly=0, readonly=1, user_data=0xe89ebf, mask_prompt=00000003
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_logout entry session=0xe89370
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_logout return
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_reset entry session=0xe89370, user_data=0xe89ebf, mask_prompt=00000003, p_slot=0x7ffc2038f6e8
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_reset Expected token manufacturerID='OpenSC Project' model='PKCS#15', serialNumber='2737C00F090A', label='Iulian Daniel Popa'
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_getSlotList entry provider=0xe98e50, token_present=1, pSlotList=0x7ffc2038f588, pulCount=0x7ffc2038f590
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_getSlotList return rv=0-'CKR_OK' *pulCount=1
ecryptfsd[7018]: PKCS#11: _pkcs11h_token_getTokenId entry p_token_id=0x7ffc2038f598
ecryptfsd[7018]: PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=0x7ffc2038f4f0
ecryptfsd[7018]: PKCS#11: _pkcs11h_token_newTokenId return rv=0-'CKR_OK', *p_token_id=0xe8be30
ecryptfsd[7018]: PKCS#11: _pkcs11h_token_getTokenId return rv=0-'CKR_OK', *p_token_id=0xe8be30
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_reset Found token manufacturerID='OpenSC Project' model='PKCS#15', serialNumber='2737C00F090A', label='Iulian Daniel Popa'
ecryptfsd[7018]: PKCS#11: pkcs11h_token_freeTokenId entry certificate_id=0xe8be30
ecryptfsd[7018]: PKCS#11: pkcs11h_token_freeTokenId return
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_reset return rv=0-'CKR_OK', *p_slot=0
ecryptfsd[7018]: PKCS#11: Calling pin_prompt hook for 'Iulian Daniel Popa'
ecryptfsd[7018]: PKCS#11: pin_prompt hook return rv=0
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_login C_Login rv=257-'CKR_USER_NOT_LOGGED_IN'
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_login return rv=257-'CKR_USER_NOT_LOGGED_IN'
ecryptfsd[7018]: PKCS#11: _pkcs11h_certificate_resetSession return rv=257-'CKR_USER_NOT_LOGGED_IN'
ecryptfsd[7018]: PKCS#11: __pkcs11h_certificate_getKeyAttributes return rv=257-'CKR_USER_NOT_LOGGED_IN'
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_decryptAny return rv=257-'CKR_USER_NOT_LOGGED_IN', *p_target_size=0000000000000000
ecryptfsd[7018]: PKCS#11: Cannot decrypt rv=[257-'CKR_USER_NOT_LOGGED_IN']
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_freeCertificate entry certificate=0xe8abe0
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_release entry session=0xe89370
ecryptfsd[7018]: PKCS#11: _pkcs11h_session_release return rv=0-'CKR_OK'
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_freeCertificateId entry certificate_id=0xe8ad00
ecryptfsd[7018]: PKCS#11: pkcs11h_token_freeTokenId entry certificate_id=0xe8b130
ecryptfsd[7018]: PKCS#11: pkcs11h_token_freeTokenId return
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_freeCertificateId return
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_freeCertificate return
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_freeCertificateId entry certificate_id=0xe89f20
ecryptfsd[7018]: PKCS#11: pkcs11h_token_freeTokenId entry certificate_id=0xe8a350
ecryptfsd[7018]: PKCS#11: pkcs11h_token_freeTokenId return
ecryptfsd[7018]: PKCS#11: pkcs11h_certificate_freeCertificateId return
ecryptfsd[7018]: Failed to get size for decrypted key
ecryptfsd[7018]: Failed to decrypt key; rc = [-5]

So, ecryptfsd doesn't prompt for PIN ...

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.