From 6f6e1efbc8918ae9c6134307242ef5222f1ad64d Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Wed, 11 Apr 2018 16:18:44 +0200
Subject: [PATCH] Abort conversion when wrapped key cipher is used.

---
 lib/luks2/luks2_luks1_convert.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
index 89f7bdd7..2af4fd79 100644
--- a/lib/luks2/luks2_luks1_convert.c
+++ b/lib/luks2/luks2_luks1_convert.c
@@ -664,6 +664,15 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 		return -EINVAL;
 	}
 
+	r = crypt_parse_name_and_mode(LUKS2_get_cipher(hdr2, CRYPT_DEFAULT_SEGMENT), cipher, NULL, cipher_mode);
+	if (r < 0)
+		return r;
+
+	if (crypt_cipher_wrapped_key(cipher)) {
+		log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapped key cipher %s.\n"), cipher);
+		return -EINVAL;
+	}
+
 	r = LUKS2_tokens_count(hdr2);
 	if (r < 0)
 		return r;