-
ISSUE OVERVIEW When GParted tries to resize an open LUKS encryption mapping and the volume (master) key was stored in the kernel keyring service [1] it fails like this: Check and repair file system ([Encrypted] ext4) on /dev/...(ERROR) + calibrate /dev/sdd1 (SUCCESS) + check file system on /dev/mapper/sdd1_crypt for errors...(SUCCESS) + grow encryption volume to fill the partition (ERROR) + cryptsetup -v resize 'sdd1_crypt' (ERROR) Command failed with code -1 (wrong or missing parameters). Nothing to read on input. This error occurs with cryptsetup >= 2.0, kernel >= 4.10 and LUKS2 format because the crypt Device-Mapper target no longer has the volume key so cryptsetup resize prompts for a passphrase, but GParted doesn't provide it. THIS COMMIT Additionally capture the location of the volume (master) key location for active encryption mappings. Do this the using the same method that cryptsetup uses [2][3]. Namely if the first character of the KEY is a ":" then the key *was* stored in the kernel keyring service, otherwise it *is* store in the Device-Mapper crypt target as previously. # echo -n badpassword | cryptsetup luksFormat --type luks1 /dev/sdb1 - # echo -n badpassword | cryptsetup luksOpen /dev/sdb1 sdb1_crypt # cryptsetup status sdb1_crypt | egrep 'type|key location' type: LUKS1 key location: dm-crypt # echo -n badpassword | cryptsetup luksFormat --type luks2 /dev/sdb2 - # echo -n badpassword | cryptsetup luksOpen /dev/sdb2 sdb2_crypt # cryptsetup status sdb2_crypt | egrep 'type|key location' type: LUKS2 key location: keyring # dmsetup table --target crypt sdb1_crypt: 0 520192 crypt aes-xts-plain64 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0 8:17 4096 sdb2_crypt: 0 491520 crypt aes-xts-plain64 :64:logon:cryptsetup:3d040240-97ba-4559-af98-72c3be500498-d0 0 8:18 32768 ^ First character of the KEY field --------------' [1] Integration with the kernel keyring service https://gitlab.com/cryptsetup/cryptsetup/blob/v2.0.0/docs/Keyring.txt " Starting with cryptsetup 2.0 we load [Volume Key] VK in kernel keyring by default for LUKSv2 devices ... In summary, the key description visible in dm-crypt table line is a reference to VK that usually no longer exists in kernel keyring service if you used cryptsetup to for device activation. " [2] cryptsetup/v2.3.5/lib/libdevmapper.c:_dm_target_query_crypt() https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.3.5/lib/libdevmapper.c#L2031 if (key_[0] == ':') *act_flags |= CRYPT_ACTIVATE_KEYRING_KEY; [3] cryptsetup/v2.3.5/src/cryptsetup.c:action_status() https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.3.5/src/cryptsetup.c#L839 log_std(" key location: %s\n", (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) ? "keyring" : "dm-crypt"); Closes #59 - Resize of LUKS2 encrypted file system fails with "Nothing to read on input"099b85fe
