Check hash value in pbkdf setting early.

lib/crypto_backend/pbkdf_check.c

@@ -48,7 +48,7 @@ int crypt_pbkdf_get_limits(const char *kdf, struct crypt_pbkdf_limits *limits)
 		limits->min_parallel   = 0; /* N/A */
 		limits->max_parallel   = 0; /* N/A */
 		return 0;
-	} else if (!strncmp(kdf, "argon2", 6)) {
+	} else if (!strcmp(kdf, "argon2i") || !strcmp(kdf, "argon2id")) {
 		limits->min_iterations = 4;
 		limits->max_iterations = UINT32_MAX;
 		limits->min_memory     = 32;

lib/utils_pbkdf.c

@@ -63,7 +63,11 @@ int verify_pbkdf_params(struct crypt_device *cd,
 {
 	struct crypt_pbkdf_limits pbkdf_limits;
 	const char *pbkdf_type;
-	int r = 0;
+	int r;
+
+	r = init_crypto(cd);
+	if (r < 0)
+		return r;
 
 	if (!pbkdf->type ||
 	    (!pbkdf->hash && !strcmp(pbkdf->type, "pbkdf2")))
@@ -74,13 +78,17 @@ int verify_pbkdf_params(struct crypt_device *cd,
 		return -EINVAL;
 	}
 
-	/* TODO: initialise crypto and check the hash and pbkdf are both available */
 	r = crypt_parse_pbkdf(pbkdf->type, &pbkdf_type);
 	if (r < 0) {
 		log_err(cd, _("Unknown PBKDF type %s."), pbkdf->type);
 		return r;
 	}
 
+	if (pbkdf->hash && crypt_hash_size(pbkdf->hash) < 0) {
+		log_err(cd, _("Requested hash %s is not supported."), pbkdf->hash);
+		return -EINVAL;
+	}
+
 	r = crypt_pbkdf_get_limits(pbkdf->type, &pbkdf_limits);
 	if (r < 0)
 		return r;
@@ -161,11 +169,6 @@ int init_pbkdf_type(struct crypt_device *cd,
 	if (r < 0)
 		return r;
 
-	/*
-	 * Crypto backend may be not initialized here,
-	 * cannot check if algorithms are really available.
-	 * It will fail later anyway :-)
-	 */
 	type = strdup(pbkdf->type);
 	hash = pbkdf->hash ? strdup(pbkdf->hash) : NULL;
 

tests/api-test-2.c

@@ -2269,9 +2269,8 @@ static void Pbkdf(void)
 	bad.type = NULL;
 	bad.hash = DEFAULT_LUKS1_HASH;
 	FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty");
-	// following test fails atm
-	// bad.hash = "hamster_hash";
-	// FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
+	bad.hash = "hamster_hash";
+	FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
 	crypt_free(cd);
 	// test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call
 	OK_(crypt_init(&cd, DEVICE_1));