Disallow conversion to LUKS1 if capi string is specified.

While it works, it is a bug and we block it already in luksFormat.

lib/luks2/luks2_luks1_convert.c

@@ -570,6 +570,7 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
 	json_object *jobj = NULL;
 	size_t buf_size, buf_offset, luks1_size, luks1_shift = 2 * LUKS2_HDR_16K_LEN - LUKS_ALIGN_KEYSLOTS;
 	uint64_t required_size, max_size = crypt_get_data_offset(cd) * SECTOR_SIZE;
+	char cipher_spec[MAX_CAPI_LEN];
 
 	/* for detached headers max size == device size */
 	if (!max_size && (r = device_size(crypt_metadata_device(cd), &max_size)))
@@ -591,6 +592,15 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
 		return -EINVAL;
 	}
 
+	r = snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", hdr1->cipherName, hdr1->cipherMode);
+	if (r < 0 || (size_t)r >= sizeof(cipher_spec))
+		return -EINVAL;
+	if (LUKS2_keyslot_cipher_incompatible(cd, cipher_spec)) {
+		log_err(cd, _("Unable to use cipher specification %s-%s for LUKS2."),
+			hdr1->cipherName, hdr1->cipherMode);
+		return -EINVAL;
+	}
+
 	if (luksmeta_header_present(cd, luks1_size))
 		return -EINVAL;