Fix LUKS1 format if pkbdf benchamr is disabled.

We use minimum iteration for key digest in this case
(the same already used in LUKS2).

Fixes: #478.

lib/luks1/keymanage.c

@@ -787,10 +787,15 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 		return r;
 	assert(pbkdf->iterations);
 
-	PBKDF2_temp = (double)pbkdf->iterations * LUKS_MKD_ITERATIONS_MS / pbkdf->time_ms;
+	if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK && pbkdf->time_ms == 0)
+		PBKDF2_temp = LUKS_MKD_ITERATIONS_MIN;
+	else	/* iterations per ms * LUKS_MKD_ITERATIONS_MS */
+		PBKDF2_temp = (double)pbkdf->iterations * LUKS_MKD_ITERATIONS_MS / pbkdf->time_ms;
+
 	if (PBKDF2_temp > (double)UINT32_MAX)
 		return -EINVAL;
 	header->mkDigestIterations = at_least((uint32_t)PBKDF2_temp, LUKS_MKD_ITERATIONS_MIN);
+	assert(header->mkDigestIterations);
 
 	r = crypt_pbkdf(CRYPT_KDF_PBKDF2, header->hashSpec, vk->key,vk->keylength,
 			header->mkDigestSalt, LUKS_SALTSIZE,

src/cryptsetup.c

@@ -983,6 +983,7 @@ static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
 
 	if (opt_pbkdf_iterations) {
 		pbkdf.iterations = opt_pbkdf_iterations;
+		pbkdf.time_ms = 0;
 		pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
 	}
 

src/cryptsetup_reencrypt.c

@@ -485,6 +485,7 @@ static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
 
 	if (opt_pbkdf_iterations) {
 		pbkdf.iterations = opt_pbkdf_iterations;
+		pbkdf.time_ms = 0;
 		pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
 	}
 

tests/api-test.c

@@ -985,6 +985,18 @@ static void AddDeviceLuks(void)
 
 	FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
 	CRYPT_FREE(cd);
+
+	// No benchmark PBKDF2
+	pbkdf.flags = CRYPT_PBKDF_NO_BENCHMARK;
+	pbkdf.hash = "sha256";
+	pbkdf.iterations = 1000;
+	pbkdf.time_ms = 0;
+
+	OK_(crypt_init(&cd, DEVICE_2));
+	OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+	OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params));
+	CRYPT_FREE(cd);
+
 	_cleanup_dmdevices();
 }