From patchwork Tue Nov 11 12:41:17 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@u-boot.org>
X-Patchwork-Id: 682
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org>
X-Original-To: u-boot-concept@u-boot.org
Delivered-To: u-boot-concept@u-boot.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1762864965;
	bh=9qno9R2tCQ8dUo/P5qnqNKRNwZkgKonmrzBsjaefTWc=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=LN849sNK0725PvCZR1heT395nYM9DbQYFH6A5eoNND4b418yJPz/jzmPR6BKJ3+J/
	 XPY+ps8gHOyPOXaebXY1sEd3nhb2JNlPLdgP3aT4cKpwp8x0bmFjf8F6S0iV3C19bb
	 LG3Cs94lpSI3CFcxQP2mW7hwjodawfS5hsm5wHbRuihR0UZmEomvr5ON4MQi5w8gcd
	 f2ZScOsIPesJrI3dXCjSy0uxjmRQxlZYJvUna1qYQcrZ0FtAs9cTOjd1qyMfZ298Jd
	 3DciOY+xlCwGPZ0fHBgb0Bn0OByEQcD/4fVKt3LUg16tYRRcHtFLlD3KyNJIZJQqiK
	 GzryvfE8bWZeA==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 5939D684C7
	for <u-boot-concept@u-boot.org>; Tue, 11 Nov 2025 05:42:45 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id VqOI2S4o6Qsa for <u-boot-concept@u-boot.org>;
 Tue, 11 Nov 2025 05:42:45 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1762864965;
	bh=9qno9R2tCQ8dUo/P5qnqNKRNwZkgKonmrzBsjaefTWc=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=LN849sNK0725PvCZR1heT395nYM9DbQYFH6A5eoNND4b418yJPz/jzmPR6BKJ3+J/
	 XPY+ps8gHOyPOXaebXY1sEd3nhb2JNlPLdgP3aT4cKpwp8x0bmFjf8F6S0iV3C19bb
	 LG3Cs94lpSI3CFcxQP2mW7hwjodawfS5hsm5wHbRuihR0UZmEomvr5ON4MQi5w8gcd
	 f2ZScOsIPesJrI3dXCjSy0uxjmRQxlZYJvUna1qYQcrZ0FtAs9cTOjd1qyMfZ298Jd
	 3DciOY+xlCwGPZ0fHBgb0Bn0OByEQcD/4fVKt3LUg16tYRRcHtFLlD3KyNJIZJQqiK
	 GzryvfE8bWZeA==
Received: from mail.u-boot.org (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 3D3876846C
	for <u-boot-concept@u-boot.org>; Tue, 11 Nov 2025 05:42:45 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1762864963;
	bh=ZeVnNYPJdzooYP9nOsoA8BPENMU9keon6+YkVAifSEM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=jsUtLJG2qIT0LuOICercXFqOLrsXSgggGRgKe7K3Yh8IwWJpdiYI5yGl+SoDUDt65
	 +CE/uPmKlx5tProyQJrPzmQczq9ggU2k7qzCI9lplGponR8pvoCHBU4paSOVIwYms+
	 F6Dd71cbpgaE4gPr6BTC16zLYLHQlR3zRomXfI28uiWES/e2sSHj3LziaKSfVk3D0i
	 Sx6pMMNoYhjxmPBehz6i9Fm2gH6XZgzbobOF9eIwyw2wIOn/9Kg8YkGWOrWquTiQgG
	 LBuHBk5RiIMDI2t7RUvnBIgQjMz5Ly12T8yZpgrfjiC/YAWPPvF62QRev3KhYYqlQK
	 +pk4tEtpjNdvg==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 314116841A;
	Tue, 11 Nov 2025 05:42:43 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP
 id vuB751qtSIOU; Tue, 11 Nov 2025 05:42:43 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1762864956;
	bh=7VEwlzLB3S/vJbqM/paDucmY+sWC38ET4Skz6v4fSwo=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=isOBfXKdaZ8QZAgbrb3zGlaGJ7rQPeEoyRcTSr3yXnNECqY7+jTcWreOsaTVZSz3q
	 UrWA9EcqnSpUYPPrD0T6J4R5tOkCusYgdEmJjUbj+rEcTITD2szj02JyE9Q81HZfr8
	 LwQo/d9+bBZd+0Vqp3d39i5NghQHMvtEw0zJsKgNGq8IocanjzLkA3lTJGyI92RXxu
	 KZAlNC6hFIhgxNAKPB2uM/KLKD5s9+M5GTtYDdqzPqS2h+abyPKnrSHjU48Itz8b/z
	 oq3PZPiBA2fXDrOBzKZggOGARJ8tvmpb/AK+Mt2oNtJ5UqsljT6EoWEA3U0Q13vYVI
	 ZKVA62soklvWg==
Received: from u-boot.org (unknown [73.34.74.121])
	by mail.u-boot.org (Postfix) with ESMTPSA id 065B26846C;
	Tue, 11 Nov 2025 05:42:35 -0700 (MST)
From: Simon Glass <sjg@u-boot.org>
To: U-Boot Concept <concept@u-boot.org>
Date: Tue, 11 Nov 2025 05:41:17 -0700
Message-ID: <20251111124131.1198930-12-sjg@u-boot.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251111124131.1198930-1-sjg@u-boot.org>
References: <20251111124131.1198930-1-sjg@u-boot.org>
MIME-Version: 1.0
Message-ID-Hash: V2NUBIBWQSOXEONK2U2WRI75MFFZJ3YB
X-Message-ID-Hash: V2NUBIBWQSOXEONK2U2WRI75MFFZJ3YB
X-MailFrom: sjg@u-boot.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Simon Glass <simon.glass@canonical.com>, Claude <noreply@anthropic.com>
X-Mailman-Version: 3.3.10
Precedence: list
Subject: [Concept] [PATCH 11/15] luks: Export the af_merge() function
List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org>
Archived-At: 
 <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/V2NUBIBWQSOXEONK2U2WRI75MFFZJ3YB/>
List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/>
List-Help: <mailto:concept-request@u-boot.org?subject=help>
List-Owner: <mailto:concept-owner@u-boot.org>
List-Post: <mailto:concept@u-boot.org>
List-Subscribe: <mailto:concept-join@u-boot.org>
List-Unsubscribe: <mailto:concept-leave@u-boot.org>

From: Simon Glass <simon.glass@canonical.com>

Provide this function through an internal header, so that luks2 will be
able to use it.

Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 drivers/block/luks.c          |  5 +++--
 drivers/block/luks_internal.h | 30 ++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 drivers/block/luks_internal.h

diff --git a/drivers/block/luks.c b/drivers/block/luks.c
index 4400f1cfd84..826fe062757 100644
--- a/drivers/block/luks.c
+++ b/drivers/block/luks.c
@@ -25,6 +25,7 @@
 #include <mbedtls/pkcs5.h>
 #include <u-boot/sha256.h>
 #include <u-boot/sha512.h>
+#include "luks_internal.h"
 
 int luks_get_version(struct udevice *blk, struct disk_partition *pinfo)
 {
@@ -206,8 +207,8 @@ static int af_hash(struct hash_algo *algo, size_t key_size, u8 *block_buf)
  * @hash_spec:	Hash algorithm name (e.g., "sha256")
  * Return:	0 on success, -ve on error
  */
-static int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes,
-		    const char *hash_spec)
+int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes,
+	     const char *hash_spec)
 {
 	struct hash_algo *algo;
 	u8 block_buf[128];
diff --git a/drivers/block/luks_internal.h b/drivers/block/luks_internal.h
new file mode 100644
index 00000000000..32714787550
--- /dev/null
+++ b/drivers/block/luks_internal.h
@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * LUKS (Linux Unified Key Setup) internal interfaces
+ *
+ * Copyright (C) 2025 Canonical Ltd
+ */
+
+#ifndef __LUKS_INTERNAL_H__
+#define __LUKS_INTERNAL_H__
+
+#include <hash.h>
+
+/**
+ * af_merge() - Merge anti-forensic split key into original key
+ *
+ * This performs the LUKS AF-merge operation to recover the original key from
+ * its AF-split representation. The algorithm XORs all stripes together,
+ * applying diffusion between each stripe. Used by both LUKS1 and LUKS2.
+ *
+ * @src:	AF-split key material (key_size * stripes bytes)
+ * @dst:	Output buffer for merged key (key_size bytes)
+ * @key_size:	Size of the original key
+ * @stripes:	Number of anti-forensic stripes
+ * @hash_spec:	Hash algorithm name (e.g., "sha256")
+ * Return:	0 on success, -ve on error
+ */
+int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes,
+	     const char *hash_spec);
+
+#endif /* __LUKS_INTERNAL_H__ */