Ubuntu
loop-aes-utils package

ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (256 bits) not supported by kernel

Bug #174738 reported by LimCore
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
loop-aes-utils (Ubuntu)
Invalid
Undecided
LimCore

Bug Description

ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (256 bits) not supported by kernel
when setting up losetup -e aes-256 (or aes-128)
Ubuntu 7.10 on amd64 with 2.6.22-14-generic #1 SMP Sun Oct 14 21:45:15 GMT 2007 x86_64 GNU/Linux

---------
REPRODUCE ERROR

root@rafal-desktop:~# dd if=/dev/urandom of=./asdf.img bs=1024 count=10 && losetup /dev/loop0 -e aes-256 ./asdf.img
10+0 records in
10+0 records out
10240 bytes (10 kB) copied, 0.00378175 seconds, 2.7 MB/s
Password:

ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (256 bits) not supported by kernel
---------

ii loop-aes-utils 2.12r-16

root@rafal-desktop:~# dpkg -l linux* | grep ii
ii linux-generic 2.6.22.14.21 Complete Generic Linux kernel
ii linux-headers-2.6.22-14 2.6.22-14.46 Header files related to Linux kernel version
ii linux-headers-2.6.22-14-generic 2.6.22-14.46 Linux kernel headers for version 2.6.22 on x
ii linux-headers-generic 2.6.22.14.21 Generic Linux kernel headers
ii linux-image-2.6.22-14-generic 2.6.22-14.46 Linux kernel image for version 2.6.22 on x86
ii linux-image-generic 2.6.22.14.21 Generic Linux kernel image
ii linux-libc-dev 2.6.22-14.46 Linux Kernel Headers for development
ii linux-restricted-modules-2.6.22-14-generic 2.6.22.4-14.10 Non-free Linux 2.6.22 modules on x86/x86_64
ii linux-restricted-modules-common 2.6.22.4-14.10 Non-free Linux 2.6.22 modules helper script
ii linux-restricted-modules-generic 2.6.22.14.21 Restricted Linux modules for generic kernels
ii linux-sound-base 1.0.14-1ubuntu2 base package for ALSA and OSS sound systems
ii linux-ubuntu-modules-2.6.22-14-generic 2.6.22-14.37 Ubuntu supplied Linux modules for version 2.

root@rafal-desktop:~# uname -a
Linux rafal-desktop 2.6.22-14-generic #1 SMP Sun Oct 14 21:45:15 GMT 2007 x86_64 GNU/Linux

root@rafal-desktop:~# modprobe aes
root@rafal-desktop:~# cat /proc/crypto
name : aes
driver : aes-generic
module : aes
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : blowfish
[...]

name : md5
[...]

Strace shows:

fstat(3, {st_mode=S_IFREG|0644, st_size=254020, ...}) = 0
mmap(NULL, 254020, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b1d8fe65000
close(3) = 0
open("./doc.img", O_RDWR) = 3
open("/dev/loop2", O_RDWR) = 4
mlockall(MCL_CURRENT|MCL_FUTURE) = 0
open("/dev/tty", O_RDWR|O_CREAT|O_TRUNC, 0666) = 5
ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(5, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost -isig icanon -echo ...}) = 0
ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost -isig icanon -echo ...}) = 0
fstat(5, {st_mode=S_IFCHR|0666, st_rdev=makedev(5, 0), ...}) = 0
ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost -isig icanon -echo ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b1d8fea4000

write(5, "Password: ", 10Password: ) = 10
read(5, "asdfasdfasdfasdfasdfadsf\n", 4096) = 25
write(5, "\n", 1
) = 1

ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost -isig icanon -echo ...}) = 0
ioctl(5, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost isig icanon echo ...}) = 0
ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
close(5) = 0

munmap(0x2b1d8fea4000, 4096) = 0
ioctl(4, 0x4c00, 0x3) = 0
ioctl(4, 0x4c05, 0x7fff1ad51400) = 0
ioctl(4, 0x4c04, 0x7fff1ad53050) = -1 EINVAL (Invalid argument)
ioctl(4, 0x4c02, 0x7fff1ad514f0) = -1 EINVAL (Invalid argument)
ioctl(4, 0x4c05, 0x7fff1ad51400) = 0
ioctl(4, 0x4c04, 0x7fff1ad53050) = -1 EINVAL (Invalid argument)
ioctl(4, 0x4c02, 0x7fff1ad514f0) = -1 EINVAL (Invalid argument)

open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[...]
open("/usr/share/locale-langpack/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)

write(2, "ioctl: LOOP_SET_STATUS: Invalid "..., 108ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (256 bits) not supported by kernel
) = 108
ioctl(4, 0x4c01, 0) = 0
close(4) = 0
close(3) = 0
exit_group(1) = ?
Process 21304 detached

Tags: aes amd64 kernel
Revision history for this message
LimCore (limcore) wrote :

The test is done after modprobing for aes.

I am not sure, perhaps the bug should be for the kernel?

Or am I doing something wrong, but the way above worked always (tested on other distro)

Revision history for this message
TJ (tj) wrote :

Is this what you need?

$ modprobe cryptoloop aes
$ dd if=/dev/zero of=test.img bs=1024 count=1024
$ losetup /dev/loop0 -e aes -k 256 test.img
$ losetup -a
/dev/loop0: [0808]:7000939 (test.img), encryption aes (type 18)

Revision history for this message
LimCore (limcore) wrote :

Ah, cryptoloop was not polled in automagically when modprobing aes...

Hmm perhaps losetup could be a bit more verbose and hint user about lack of cryptoloop...

Thanks

Revision history for this message
LimCore (limcore) wrote :

Would it be nice to have losetup hint user about needed modules?

Changed in loop-aes-utils:
assignee: nobody → limcore
status: New → Invalid
Revision history for this message
TJ (tj) wrote :

According to

$ man losetup

"Cryptoloop is deprecated in favor of dm-crypt."

Revision history for this message
Thespian (jesse-mundis) wrote :

There has been no activity on this bug for a year, but it is still a problem in Hardy 8.04. I've got a work-around (described below) but "loop-AES" needs to be rebuilt and copied into the kernel dir after *each* kernel update for my work-around. Could we please get the Sourceforge loop-aes sources pulled into the standard Ubuntu packages so we have AES support by default, out of the box?

Work-around:
----------------------------------------------------------------
On Ubuntu 8.04, by default, the AES encryption isn't enabled in the kernal
for loopback mounting via "losetup". That has to be fixed before you
can easily mount and unmount AES-encrypted file systems.

Via apt-get or the Synaptic package manager, make sure you have the
following installed:

   loop-aes-utils
   linux-headers-generic

sudo apt-get install loop-aes-utils
sudo apt-get install linux-headers-generic

 - get http://loop-aes.sourceforge.net/loop-AES-latest.tar.bz2, extract and
open a root shell in the extracted directory
 - cd into the directory you downloaded into and...

bunzip2 loop-AES-latest.tar.bz2
tar xf loop-AES-latest.tar
cd loop-AES-v3.2e (or whatever the directory version is named)

*******
NOTE!!
*******
You will have to re-run the following steps (make, copy, and modprobe)
after a kernal upgrade until and unless the various package maintainers
fix the original problem. You'll know if you need to do this if, the
next time you try to mount your secure file system after a kernal upgrade,
you get the error:

   ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length
(256 bits) not supported by kernel

If so, just re-make against the new headers and re-copy the loop.ko file
into place, and all should be well again.
*******
NOTE!!
*******

sudo rmmod loop
sudo make clean
sudo make

(assuming the 'make" completed without errors)

sudo mv /lib/modules/`uname -r`/kernel/drivers/block/loop.ko /lib/modules/`uname -r`/kernel/drivers/block/loop.ko-ORIG

sudo cp tmp-d-kbuild/loop.ko /lib/modules/`uname -r`/kernel/drivers/block/loop.ko

sudo modprobe loop
sudo make tests

(all tests should pass)

After this, the following should work:
losetup -e aes256 /dev/loop0 aes-file-to-mount

Revision history for this message
MarkieB (ubunt-u-markbenjamin) wrote :

not now it won't - Maverick 2.6.35-14 kernel

it looks as though loop module is now internal,
$ sudo rmmod loop
ERROR: Module loop does not exist in /proc/modules

$ sudo modprobe -v -r loop
FATAL: Module loop is builtin

$ sudo modprobe cryptoloop aes
FATAL: Error inserting cryptoloop (/lib/modules/2.6.35-14-generic/kernel/drivers/block/cryptoloop.ko): Unknown symbol in module, or unknown parameter (see dmesg)

there is no 'loop.ko' module originally at the directory /lib/modules/`uname -r`/kernel/drivers/block/, modprobe to add the new loop.ko looks as though it works, although tests give the result

$ sudo make tests
rm -f -r test-file[1234] test-dir1
dd if=/dev/zero of=test-file1 bs=1024 count=33
33+0 records in
33+0 records out
33792 bytes (34 kB) copied, 0.000179856 s, 188 MB/s
cp test-file1 test-file3
echo 09876543210987654321 | /sbin/losetup -p 0 -e AES128 /dev/loop7 test-file3
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (128 bits) not supported by kernel
make: *** [tests] Error 1

loop-aes-utils 2.16.2-1

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.