diff mbox series

[Concept,4/5] luks: Split out crypt reading into its own function

Message ID 20251112124252.1081477-5-sjg@u-boot.org
State New
Headers
Series luks: Support the AES-XTS cipher mode |

Commit Message

Simon Glass Nov. 12, 2025, 12:42 p.m. UTC 
  From: Simon Glass <simon.glass@canonical.com>

In preparation for adding support for a new algorithm, move the
decryption part of blkmap_crypt_read() into its own function.

Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 drivers/block/blkmap_crypt.c | 67 ++++++++++++++++++++++--------------
 1 file changed, 42 insertions(+), 25 deletions(-)
diff mbox series

Patch

diff --git a/drivers/block/blkmap_crypt.c b/drivers/block/blkmap_crypt.c
index bc77ddc2751..2de6be23662 100644
--- a/drivers/block/blkmap_crypt.c
+++ b/drivers/block/blkmap_crypt.c
@@ -45,37 +45,17 @@  struct blkmap_crypt {
 	u8 essiv_key[32];
 };
 
-static ulong blkmap_crypt_read(struct blkmap *bm, struct blkmap_slice *bms,
-			       lbaint_t blknr, lbaint_t blkcnt, void *buffer)
+static ulong crypt_read_cbc(struct blkmap *bm, struct blkmap_crypt *bmc,
+			    lbaint_t blknr, lbaint_t blkcnt,
+			    u8 *encrypted_buf, void *buffer)
 {
-	struct blkmap_crypt *bmc = container_of(bms, struct blkmap_crypt, slice);
 	struct blk_desc *bd = dev_get_uclass_plat(bm->blk);
-	struct blk_desc *src_bd = dev_get_uclass_plat(bmc->blk);
-	lbaint_t src_blknr, blocks_read;
-	u8 *encrypted_buf, *dest = buffer;
 	u8 expkey[AES256_EXPAND_KEY_LENGTH];
 	u8 iv[AES_BLOCK_LENGTH];
+	u8 *dest = buffer;
 	u64 sector;
 	lbaint_t i;
 
-	/* Allocate buffer for encrypted data */
-	encrypted_buf = malloc_cache_aligned(blkcnt * src_bd->blksz);
-	if (!encrypted_buf)
-		return 0;
-
-	/*
-	 * Calculate source block number (LUKS payload offset + requested
-	 * block)
-	 */
-	src_blknr = bmc->blknr + bmc->payload_offset + blknr;
-
-	/* Read encrypted data from underlying device */
-	blocks_read = blk_read(bmc->blk, src_blknr, blkcnt, encrypted_buf);
-	if (blocks_read != blkcnt) {
-		free(encrypted_buf);
-		return 0;
-	}
-
 	/* Expand AES key */
 	aes_expand_key(bmc->master_key, bmc->key_size * 8, expkey);
 
@@ -116,11 +96,48 @@  static ulong blkmap_crypt_read(struct blkmap *bm, struct blkmap_slice *bms,
 				       dest + i * bd->blksz,
 				       bd->blksz / AES_BLOCK_LENGTH);
 	}
-	free(encrypted_buf);
 
 	return blkcnt;
 }
 
+static ulong blkmap_crypt_read(struct blkmap *bm, struct blkmap_slice *bms,
+			       lbaint_t blknr, lbaint_t blkcnt, void *buffer)
+{
+	struct blkmap_crypt *bmc = container_of(bms, struct blkmap_crypt, slice);
+	struct blk_desc *src_bd = dev_get_uclass_plat(bmc->blk);
+	lbaint_t src_blknr, blocks_read;
+	u8 *encrypted_buf;
+	ulong result;
+
+	/* Allocate buffer for encrypted data */
+	encrypted_buf = malloc_cache_aligned(blkcnt * src_bd->blksz);
+	if (!encrypted_buf)
+		return 0;
+
+	/*
+	 * Calculate source block number (LUKS payload offset + requested
+	 * block)
+	 */
+	src_blknr = bmc->blknr + bmc->payload_offset + blknr;
+
+	/* Read encrypted data from underlying device */
+	blocks_read = blk_read(bmc->blk, src_blknr, blkcnt, encrypted_buf);
+	if (blocks_read != blkcnt) {
+		free(encrypted_buf);
+		return 0;
+	}
+
+	if (blknr == 0 && blkcnt >= 1) {
+		log_debug("First 32 bytes of ENCRYPTED data:\n");
+		log_debug_hex("", encrypted_buf, 32);
+	}
+
+	result = crypt_read_cbc(bm, bmc, blknr, blkcnt, encrypted_buf, buffer);
+	free(encrypted_buf);
+
+	return result;
+}
+
 static void blkmap_crypt_destroy(struct blkmap *bm, struct blkmap_slice *bms)
 {
 	struct blkmap_crypt *bmc = container_of(bms, struct blkmap_crypt, slice);