From patchwork Sun Nov 16 21:23:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 717 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org Authentication-Results: mail.u-boot.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=PbROMvkD; dkim-atps=neutral Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id D1D1A68641 for ; Sun, 16 Nov 2025 14:23:56 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id wkFk3t-qCIdn for ; Sun, 16 Nov 2025 14:23:56 -0700 (MST) Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id E65E56862B for ; Sun, 16 Nov 2025 14:23:54 -0700 (MST) Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 6E836684C5 for ; Sun, 16 Nov 2025 14:23:51 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id OvTm_RkK48np for ; Sun, 16 Nov 2025 14:23:51 -0700 (MST) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.166.48; helo=mail-io1-f48.google.com; envelope-from=sjg@chromium.org; receiver=u-boot.org Received: from mail-io1-f48.google.com (mail-io1-f48.google.com [209.85.166.48]) by mail.u-boot.org (Postfix) with ESMTPS id E21E9685F2 for ; Sun, 16 Nov 2025 14:23:48 -0700 (MST) Received: by mail-io1-f48.google.com with SMTP id ca18e2360f4ac-9486248f01bso125683739f.0 for ; Sun, 16 Nov 2025 13:23:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1763328227; x=1763933027; darn=u-boot.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=o/pCs5gUZRrgAbscDrn25UrOhS7c7yUamOyTi+ASi6Q=; b=PbROMvkDO9d+ZNbFyfCjcu+PJJWM0l+BLw63kr+IyrFJdyWYCSS7RBlQAbnTvY1xFQ 4iOZxf9+NlEFCAj4PJXKPe/2dCGtbKwXKyOv9+QanBW5eSScqnyLF2hDdrSgdwTC3Co8 /ok3kyvE+nM+QgGbi/41+heS55m1+PZqNDk6M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763328227; x=1763933027; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=o/pCs5gUZRrgAbscDrn25UrOhS7c7yUamOyTi+ASi6Q=; b=lM85/yd+nVS1q9ai/Kn4BL+FEjKkejG5K6cJvKQO6BwDDgJ81m1ompk/dDHlF9XtGT T1l0Hrb51mZEf6rdljcHW96VlTiGvyaoR1dXERx8aOI7kr2VEi2p8X2YnhgWG6CTHe3f JhOY9gnSKuh36DM4dSGru65iy5dx0SjR1bvBtdeSYu1GPMm//whatTC8uGEPcPem7To+ 6JUwwzdtuD/W1TfIAqCDurDlzW42k7ovsYeQp7VZZSkt2rE9BTPISPwxwNfyQy2bK5k7 wEA2RSVk8JZ3bpWmKol0k04cnECbFKf3n/GkkhdeDgrqIFUmXeugqkeoCCcBETxBFI3X 8NzA== X-Gm-Message-State: AOJu0YwAqAmZI1TCR6ots8uZ2bGjtAflKndQ+Pp1c1sU6yfI6KTyxppX qbBF+bm19irCEGDkJWnNWkjY3Zcki5srOl1g5yHqK2XWLwxJKxLYcbgHfF5reZOE12bG14M9jYd xwnA= X-Gm-Gg: ASbGncsjht9dYnQtMPB693a9YRSNrsadKaJ6KgrWXeimB3hSadF9NAZZEfxl6UzVI72 V4hsHnx5/4q4kCEsIFgt7gHjJYuZiwSU8cbNTCiUQ8h3MUJtMjguyYQH9iNAOdaaoVViHVrd8yF w/eJxHUkikwFn8YZJwkfJ/rFVnj/Zv5InfTp0DRvK0mgreBFt7YiyxfOBLWFfrPLV2tdQHRYRuq Y9mm9KECQ7liTe3w/TSr1pg3sjrPzI/MLBtBvb2KdklnO1ssL554bvB3jMqPVDYvDYzrYFVBku4 wO/awsMASCyOPtttdHEa8UNu/dph98IHawOFs5rFxBXkgV59UOiMyO6LlVgGAJmFOJeUBZcZ5t+ 859mjg4Pyfxsgsvmz/GNuefjybwggXVl+Z/N2c0ldAyLP7oLxtd3l3jqW3O7SFsOvTgMDxl2otU I710309A9xnmCMEyvN X-Google-Smtp-Source: AGHT+IGeb16SxEVoJGU7Gl6uW/RGgXaFlBqrx818cosa+Dn7LiNkizYkb3Lz+aKPhlmuhXE9zaVx8Q== X-Received: by 2002:a05:6602:3416:b0:949:b4c:3875 with SMTP id ca18e2360f4ac-9490b4c4007mr110115439f.11.1763328227347; Sun, 16 Nov 2025 13:23:47 -0800 (PST) Received: from chromium.org ([73.34.74.121]) by smtp.gmail.com with ESMTPSA id ca18e2360f4ac-948d2d162dcsm577962339f.13.2025.11.16.13.23.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 16 Nov 2025 13:23:45 -0800 (PST) From: Simon Glass X-Google-Original-From: Simon Glass To: U-Boot Concept Date: Sun, 16 Nov 2025 14:23:16 -0700 Message-ID: <20251116212334.1603490-3-simon.glass@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251116212334.1603490-1-simon.glass@canonical.com> References: <20251116212334.1603490-1-simon.glass@canonical.com> MIME-Version: 1.0 Message-ID-Hash: YEMIGJQBZ3KZ5HWFG62YJBIXUA7KT6WO X-Message-ID-Hash: YEMIGJQBZ3KZ5HWFG62YJBIXUA7KT6WO X-MailFrom: sjg@chromium.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Simon Glass , Claude X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 02/14] luks: Make essiv_decrypt() a shared function List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Both luks.c and luks2.c have similar implementations of essiv_decrypt(). Drop the version in the later to reduce code duplication. Drop the duplicate function comments while we are here, since exported functions should have the information in the header file. Co-developed-by: Claude Signed-off-by: Simon Glass --- drivers/block/luks.c | 48 ++------------------------ drivers/block/luks2.c | 63 ----------------------------------- drivers/block/luks_internal.h | 18 ++++++++++ 3 files changed, 20 insertions(+), 109 deletions(-) diff --git a/drivers/block/luks.c b/drivers/block/luks.c index 923932c0dad..a7f5b436e12 100644 --- a/drivers/block/luks.c +++ b/drivers/block/luks.c @@ -195,20 +195,6 @@ static int af_hash(struct hash_algo *algo, size_t key_size, u8 *block_buf) return 0; } -/** - * af_merge() - Merge anti-forensic split key into original key - * - * This performs the LUKS AF-merge operation to recover the original key from - * its AF-split representation. The algorithm XORs all stripes together, - * applying diffusion between each stripe. - * - * @src: AF-split key material (key_size * stripes bytes) - * @dst: Output buffer for merged key (key_size bytes) - * @key_size: Size of the original key - * @stripes: Number of anti-forensic stripes - * @hash_spec: Hash algorithm name (e.g., "sha256") - * Return: 0 on success, -ve on error - */ int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes, const char *hash_spec) { @@ -250,23 +236,8 @@ int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes, return 0; } -/** - * essiv_decrypt() - Decrypt key material using ESSIV mode - * - * ESSIV (Encrypted Salt-Sector Initialization Vector) mode generates a unique - * IV for each sector by encrypting the sector number with a key derived from - * hashing the encryption key. - * - * @derived_key: Key derived from passphrase - * @key_size: Size of the encryption key in bytes - * @expkey: Expanded AES key for decryption - * @km: Encrypted key material buffer - * @split_key: Output buffer for decrypted key material - * @km_blocks: Number of blocks of key material - * @blksz: Block size in bytes - */ -static void essiv_decrypt(u8 *derived_key, uint key_size, u8 *expkey, u8 *km, - u8 *split_key, uint km_blocks, uint blksz) +void essiv_decrypt(const u8 *derived_key, uint key_size, u8 *expkey, + u8 *km, u8 *split_key, uint km_blocks, uint blksz) { u8 essiv_expkey[AES256_EXPAND_KEY_LENGTH]; u8 essiv_key_material[SHA256_SUM_LEN]; @@ -576,21 +547,6 @@ out: return ret; } -/** - * luks_create_blkmap() - Create a blkmap device for a LUKS partition - * - * This creates and configures a blkmap device to provide access to the - * decrypted contents of a LUKS partition. The master key must already be - * unlocked using luks_unlock(). - * - * @blk: Block device containing the LUKS partition - * @pinfo: Partition information - * @master_key: Unlocked master key - * @key_size: Size of the master key in bytes - * @label: Label for the blkmap device - * @blkmapp: Output pointer for created blkmap device - * Return: 0 on success, -ve on error - */ int luks_create_blkmap(struct udevice *blk, struct disk_partition *pinfo, const u8 *master_key, u32 key_size, const char *label, struct udevice **blkmapp) diff --git a/drivers/block/luks2.c b/drivers/block/luks2.c index 4720f9d92ce..6836c372de2 100644 --- a/drivers/block/luks2.c +++ b/drivers/block/luks2.c @@ -454,69 +454,6 @@ out: return ret; } -/** - * essiv_decrypt() - Decrypt key material using ESSIV mode - * - * ESSIV (Encrypted Salt-Sector Initialization Vector) mode generates a unique - * IV for each sector by encrypting the sector number with a key derived from - * hashing the encryption key. - * - * @derived_key: Key derived from passphrase - * @key_size: Size of the encryption key in bytes - * @expkey: Expanded AES key for decryption - * @km: Encrypted key material buffer - * @split_key: Output buffer for decrypted key material - * @km_blocks: Number of blocks of key material - * @blksz: Block size in bytes - */ -static void essiv_decrypt(u8 *derived_key, uint key_size, u8 *expkey, - u8 *km, u8 *split_key, uint km_blocks, uint blksz) -{ - u8 essiv_expkey[AES256_EXPAND_KEY_LENGTH]; - u8 essiv_key_material[SHA256_SUM_LEN]; - u32 num_sectors = km_blocks; - u8 iv[AES_BLOCK_LENGTH]; - uint rel_sect; - - /* Generate ESSIV key by hashing the encryption key */ - log_debug("using ESSIV mode\n"); - sha256_csum_wd(derived_key, key_size, essiv_key_material, - CHUNKSZ_SHA256); - - log_debug_hex("ESSIV key[0-7]:", essiv_key_material, 8); - - /* Expand ESSIV key for AES */ - aes_expand_key(essiv_key_material, 256, essiv_expkey); - - /* - * Decrypt each sector with its own IV - * NOTE: sector number is relative to the key material buffer, - * not an absolute disk sector - */ - for (rel_sect = 0; rel_sect < num_sectors; rel_sect++) { - u8 sector_iv[AES_BLOCK_LENGTH]; - - /* Create IV: little-endian sector number padded to 16 bytes */ - memset(sector_iv, '\0', AES_BLOCK_LENGTH); - put_unaligned_le32(rel_sect, sector_iv); - - /* Encrypt sector number with ESSIV key to get IV */ - aes_encrypt(256, sector_iv, essiv_expkey, iv); - - /* Show the first sector for debugging */ - if (!rel_sect) { - log_debug("rel_sect %x, ", rel_sect); - log_debug_hex("IV[0-7]:", iv, 8); - } - - /* Decrypt this sector */ - aes_cbc_decrypt_blocks(key_size * 8, expkey, iv, - km + (rel_sect * blksz), - split_key + (rel_sect * blksz), - blksz / AES_BLOCK_LENGTH); - } -} - /** * decrypt_km_xts() - Decrypt key material using XTS mode * diff --git a/drivers/block/luks_internal.h b/drivers/block/luks_internal.h index 14d3839fe6a..3bc572cdfd9 100644 --- a/drivers/block/luks_internal.h +++ b/drivers/block/luks_internal.h @@ -27,6 +27,24 @@ int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes, const char *hash_spec); +/** + * essiv_decrypt() - Decrypt key material using ESSIV mode + * + * ESSIV (Encrypted Salt-Sector Initialization Vector) mode generates a unique + * IV for each sector by encrypting the sector number with a key derived from + * hashing the encryption key. Used by both LUKS1 and LUKS2. + * + * @derived_key: Key derived from passphrase + * @key_size: Size of the encryption key in bytes + * @expkey: Expanded AES key for decryption + * @km: Encrypted key material buffer + * @split_key: Output buffer for decrypted key material + * @km_blocks: Number of blocks of key material + * @blksz: Block size in bytes + */ +void essiv_decrypt(const u8 *derived_key, uint key_size, u8 *expkey, u8 *km, + u8 *split_key, uint km_blocks, uint blksz); + /** * unlock_luks2() - Unlock a LUKS2 partition with a passphrase *