From 6b1be52e6bbd8a9364e8f7d08b12238df7c50db9 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Wed, 20 Nov 2019 22:07:52 +0100
Subject: [PATCH] Fix LUKS1 format if pkbdf benchamr is disabled.

We use minimum iteration for key digest in this case
(the same already used in LUKS2).

Fixes: #478.
---
 lib/luks1/keymanage.c      |  7 ++++++-
 src/cryptsetup.c           |  1 +
 src/cryptsetup_reencrypt.c |  1 +
 tests/api-test.c           | 12 ++++++++++++
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c
index af4d54a6..cb8edf58 100644
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -787,10 +787,15 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 		return r;
 	assert(pbkdf->iterations);
 
-	PBKDF2_temp = (double)pbkdf->iterations * LUKS_MKD_ITERATIONS_MS / pbkdf->time_ms;
+	if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK && pbkdf->time_ms == 0)
+		PBKDF2_temp = LUKS_MKD_ITERATIONS_MIN;
+	else	/* iterations per ms * LUKS_MKD_ITERATIONS_MS */
+		PBKDF2_temp = (double)pbkdf->iterations * LUKS_MKD_ITERATIONS_MS / pbkdf->time_ms;
+
 	if (PBKDF2_temp > (double)UINT32_MAX)
 		return -EINVAL;
 	header->mkDigestIterations = at_least((uint32_t)PBKDF2_temp, LUKS_MKD_ITERATIONS_MIN);
+	assert(header->mkDigestIterations);
 
 	r = crypt_pbkdf(CRYPT_KDF_PBKDF2, header->hashSpec, vk->key,vk->keylength,
 			header->mkDigestSalt, LUKS_SALTSIZE,
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index d92e6e8d..0a02d128 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -983,6 +983,7 @@ static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
 
 	if (opt_pbkdf_iterations) {
 		pbkdf.iterations = opt_pbkdf_iterations;
+		pbkdf.time_ms = 0;
 		pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
 	}
 
diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c
index e639fbab..534ea7aa 100644
--- a/src/cryptsetup_reencrypt.c
+++ b/src/cryptsetup_reencrypt.c
@@ -485,6 +485,7 @@ static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
 
 	if (opt_pbkdf_iterations) {
 		pbkdf.iterations = opt_pbkdf_iterations;
+		pbkdf.time_ms = 0;
 		pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
 	}
 
diff --git a/tests/api-test.c b/tests/api-test.c
index 0ff78e7e..a78800db 100644
--- a/tests/api-test.c
+++ b/tests/api-test.c
@@ -985,6 +985,18 @@ static void AddDeviceLuks(void)
 
 	FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
 	CRYPT_FREE(cd);
+
+	// No benchmark PBKDF2
+	pbkdf.flags = CRYPT_PBKDF_NO_BENCHMARK;
+	pbkdf.hash = "sha256";
+	pbkdf.iterations = 1000;
+	pbkdf.time_ms = 0;
+
+	OK_(crypt_init(&cd, DEVICE_2));
+	OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+	OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params));
+	CRYPT_FREE(cd);
+
 	_cleanup_dmdevices();
 }