Bug#785733: Key hash algorithm is ignored when using LUKS

[Jérôme Vizcaino <jerome.vizcaino@gmail.com>]

Package: partman-crypto

Version: 81

Hi,

Although keyhash is declared in the debconf entries of the package, this option is never used when calling cryptsetup.

This is a bit of a problem because, even when you select something strong like SHA512, it is not used and defaults back to SHA-1.

I've attached a patch to fix this.

Thank you

Jérôme

commit 509a0baebf38b665b49eded630280e8e7594cf58 (HEAD, refs/heads/master)
Author: Jérôme Vizcaino <jerome.vizcaino@gmail.com>
Date:   Tue May 12 16:38:23 2015 +0200

    LUKS honors the given keyhash algorithm

diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
index dbe958a..e4316d3 100644
--- a/lib/crypto-base.sh
+++ b/lib/crypto-base.sh
@@ -210,8 +210,9 @@ setup_luks () {
 	device=$2
 	cipher=$3
 	iv=$4
-	size=$5
-	pass=$6
+	hash=$5
+	size=$6
+	pass=$7
 
 	[ -x /sbin/cryptsetup ] || return 1
 
@@ -219,7 +220,7 @@ setup_luks () {
 	[ "${iv%xts-*}" = "${iv}" ] || size="$(($size * 2))"
 
 	log-output -t partman-crypto \
-	/sbin/cryptsetup -c $cipher-$iv -s $size luksFormat $device $pass
+	/sbin/cryptsetup -c $cipher-$iv -h $hash -s $size luksFormat $device $pass
 	if [ $? -ne 0 ]; then
 		log "luksFormat failed"
 		return 2
@@ -262,7 +263,7 @@ setup_cryptdev () {
 			fi
 		fi
 		if [ $keytype = passphrase ]; then
-			setup_luks $cryptdev $realdev $cipher $ivalgorithm $keysize $keyfile || return 1
+			setup_luks $cryptdev $realdev $cipher $ivalgorithm $keyhash $keysize $keyfile || return 1
 		elif [ $keytype = random ]; then
 			setup_dmcrypt $cryptdev $realdev $cipher $ivalgorithm plain $keysize /dev/urandom || return 1
 		else