Reinstate pbkdf serialization flag in device activation.

oniko · oniko · commit 5d69c34f59db · 2025-11-27T14:51:44.000+01:00
crypt_activate_by_keyslot_context never respected pbkdf serialation flag (CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF). In fact it worked only when device was activated via passphrase or via passphrase file. It was never respected when device was activated by a token for example. When the internal code was fully switched to activation via keyslot context the legacy code for passphrase based activation was dropped and we lost track of serialization flag completely. This fixes all of the issues so now the serialization flag will be respected also with tokens (and all other activation methods unlocking LUKS2 keyslot with memory hard pbkdf). Fixes: 58385d6 (Allow activation via keyslot context) Fixes: #968.
diff --git a/lib/setup.c b/lib/setup.c
@@ -5450,6 +5450,9 @@ int crypt_activate_by_keyslot_context(struct crypt_device *cd,
 		return _activate_loopaes(cd, name, passphrase, passphrase_size, flags);
 	}
 
+	if (flags & CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF)
+		cd->memory_hard_pbkdf_lock_enabled = true;
+
 	/* acquire the volume key(s) */
 	r = -EINVAL;
 	if (isLUKS1(cd->type)) {

Original file line number	Diff line number	Diff line change
`@@ -5450,6 +5450,9 @@ int crypt_activate_by_keyslot_context(struct crypt_device *cd,`
`5450`	`5450`	`return _activate_loopaes(cd, name, passphrase, passphrase_size, flags);`
`5451`	`5451`	`}`
`5452`	`5452`
	`5453`	`+ if (flags & CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF)`
	`5454`	`+ cd->memory_hard_pbkdf_lock_enabled = true;`
	`5455`	`+`
`5453`	`5456`	`/* acquire the volume key(s) */`
`5454`	`5457`	`r = -EINVAL;`
`5455`	`5458`	`if (isLUKS1(cd->type)) {`