"cryptsetup convert" error message is too vague
When trying to convert LUKS2 to LUKS1:
Cannot convert to LUKS1 format - keyslot 0 is not LUKS1 compatible.
This is even with the keyslot using pbkdf2.
Looking at the source, there are several checks that are done, one of which is that the keyslot hash equals the AF hash. This was not true in my case and changing the keyslot hash to equal the AF hash made the conversion succeed.
Error message: https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.1/lib/luks2/luks2_luks1_convert.c?ref_type=tags#L789
Check function: https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.1/lib/luks2/luks2_luks1_convert.c?ref_type=tags#L654
It checks that:
- keyslot type is luks2
- keyslot kdf type is pbkdf2
- keyslot kdf hash equals digest hash
- AF stripes is LUKS_STRIPES (4000)
- AF hash equals digest hash
- keyslot cipher equals data cipher
- keyslot key size equals data key size
- keyslot area length is LUKS1 compatible (?)
It would be nice if each of the above checks print a separate error message.
Also add documentation about the required preconditions for conversion from LUKS2 to LUKS1 (and vice-versa).