[Concept] [PATCH 12/15] luks: Tidy up the code style in the block driver

11 Nov 2025

From: Simon Glass <simon.glass@canonical.com>

In preparation for luks v2, make a few code-style tweaks:
- shorter vars in some cases
- 80cols in a few places
- drop an unwanted blank line
- use 'pass' instead of 'passphrase'
- unnecessary assignments to NULL

Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 drivers/block/luks.c | 112 +++++++++++++++++++++----------------------
 include/luks.h       |   4 +-
 2 files changed, 56 insertions(+), 60 deletions(-)

diff --git a/drivers/block/luks.c b/drivers/block/luks.c
index 826fe062757..05df5b12c53 100644
--- a/drivers/block/luks.c
+++ b/drivers/block/luks.c
@@ -33,7 +33,6 @@ int luks_get_version(struct udevice *blk, struct disk_partition *pinfo)
 	ALLOC_CACHE_ALIGN_BUFFER(unsigned char, buffer, desc->blksz);
 	int version;
 
-
 	/* Read first block of the partition */
 	if (blk_read(blk, pinfo->start, 1, buffer) != 1) {
 		log_debug("Error: failed to read LUKS header\n");
@@ -114,19 +113,19 @@ int luks_show_info(struct udevice *blk, struct disk_partition *pinfo)
 		if (IS_ENABLED(CONFIG_JSON)) {
 			u64 json_size;
 			char *json_start;
-			int blocks;
+			int count;
 
 			/* Read the full header to get JSON area */
-			blocks = (hdr_size + desc->blksz - 1) / desc->blksz;
-			ALLOC_CACHE_ALIGN_BUFFER(unsigned char, full_hdr, blocks * desc->blksz);
+			count = (hdr_size + desc->blksz - 1) / desc->blksz;
+			ALLOC_CACHE_ALIGN_BUFFER(u8, hdr, count * desc->blksz);
 
-			if (blk_read(blk, pinfo->start, blocks, full_hdr) != blocks) {
-				printf("Error: failed to read full LUKS2 header\n");
+			if (blk_read(blk, pinfo->start, count, hdr) != count) {
+				printf("Error: can't read full LUKS2 header\n");
 				return -EIO;
 			}
 
 			/* JSON starts after the 4096-byte binary header */
-			json_start = (char *)(full_hdr + 4096);
+			json_start = (char *)(hdr + 4096);
 			json_size = hdr_size - 4096;
 
 			printf("\nJSON metadata (%llx bytes):\n", json_size);
@@ -196,9 +195,9 @@ static int af_hash(struct hash_algo *algo, size_t key_size, u8 *block_buf)
 /**
  * af_merge() - Merge anti-forensic split key into original key
  *
- * This performs the LUKS AF-merge operation to recover the original key from its
- * AF-split representation. The algorithm XORs all stripes together, applying
- * diffusion between each stripe.
+ * This performs the LUKS AF-merge operation to recover the original key from
+ * its AF-split representation. The algorithm XORs all stripes together,
+ * applying diffusion between each stripe.
  *
  * @src:	AF-split key material (key_size * stripes bytes)
  * @dst:	Output buffer for merged key (key_size bytes)
@@ -248,25 +247,6 @@ int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes,
 	return 0;
 }
 
-/**
- * try_keyslot() - Unlock a LUKS key slot with a passphrase
- *
- * @blk:		Block device
- * @pinfo:		Partition information
- * @hdr:		LUKS header
- * @slot_idx:		Key slot index to try
- * @passphrase:		Passphrase to try
- * @md_type:		Hash algorithm type
- * @key_size:		Size of the key
- * @derived_key:	Buffer for derived key (key_size bytes)
- * @km:			Buffer for encrypted key material
- * @km_blocks:		Size of km buffer in blocks
- * @split_key:		Buffer for AF-split key
- * @candidate_key:	Buffer to receive decrypted master key
- *
- * Return: 0 on success (correct passphrase), -EPROTO on mbedtls error, -ve on
- * other error
- */
 /**
  * essiv_decrypt() - Decrypt key material using ESSIV mode
  *
@@ -282,8 +262,8 @@ int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes,
  * @km_blocks: Number of blocks of key material
  * @blksz: Block size in bytes
  */
-static void essiv_decrypt(u8 *derived_key, uint key_size, u8 *expkey,
-			  u8 *km, u8 *split_key, uint km_blocks, uint blksz)
+static void essiv_decrypt(u8 *derived_key, uint key_size, u8 *expkey, u8 *km,
+			  u8 *split_key, uint km_blocks, uint blksz)
 {
 	u8 essiv_expkey[AES256_EXPAND_KEY_LENGTH];
 	u8 essiv_key_material[SHA256_SUM_LEN];
@@ -333,14 +313,33 @@ static void essiv_decrypt(u8 *derived_key, uint key_size, u8 *expkey,
 	}
 }
 
+/**
+ * try_keyslot() - Unlock a LUKS key slot with a passphrase
+ *
+ * @blk:		Block device
+ * @pinfo:		Partition information
+ * @hdr:		LUKS header
+ * @slot_idx:		Key slot index to try
+ * @pass:		Passphrase to try
+ * @md_type:		Hash algorithm type
+ * @key_size:		Size of the key
+ * @derived_key:	Buffer for derived key (key_size bytes)
+ * @km:			Buffer for encrypted key material
+ * @km_blocks:		Size of km buffer in blocks
+ * @split_key:		Buffer for AF-split key
+ * @candidate_key:	Buffer to receive decrypted master key
+ *
+ * Return: 0 on success (correct passphrase), -EPROTO on mbedtls error, -ve on
+ * other error
+ */
 static int try_keyslot(struct udevice *blk, struct disk_partition *pinfo,
 		       struct luks1_phdr *hdr, int slot_idx,
-		       const char *passphrase, mbedtls_md_type_t md_type,
+		       const char *pass, mbedtls_md_type_t md_type,
 		       uint key_size, u8 *derived_key, u8 *km, uint km_blocks,
 		       u8 *split_key, u8 *candidate_key)
 {
 	struct luks1_keyslot *slot = &hdr->key_slot[slot_idx];
-	uint iterations, km_offset, stripes, split_key_size;
+	uint iters, km_offset, stripes, split_key_size;
 	struct blk_desc *desc = dev_get_uclass_plat(blk);
 	u8 expkey[AES256_EXPAND_KEY_LENGTH];
 	u8 key_digest[LUKS_DIGESTSIZE];
@@ -353,21 +352,20 @@ static int try_keyslot(struct udevice *blk, struct disk_partition *pinfo,
 
 	log_debug("trying key slot %d...\n", slot_idx);
 
-	iterations = be32_to_cpu(slot->iterations);
+	iters = be32_to_cpu(slot->iterations);
 	km_offset = be32_to_cpu(slot->key_material_offset);
 	stripes = be32_to_cpu(slot->stripes);
 	split_key_size = key_size * stripes;
 
 	/* Derive key from passphrase using PBKDF2 */
-	log_debug("PBKDF2(pass '%s'[len %zu], ", passphrase,
-		  strlen(passphrase));
+	log_debug("PBKDF2(pass '%s'[len %zu], ", pass, strlen(pass));
 	log_debug_hex("salt[0-7]", (u8 *)slot->salt, 8);
-	log_debug("iter %u, keylen %u)\n", iterations, key_size);
-	ret = mbedtls_pkcs5_pbkdf2_hmac_ext(md_type, (const u8 *)passphrase,
-					    strlen(passphrase),
+	log_debug("iter %u, keylen %u)\n", iters, key_size);
+	ret = mbedtls_pkcs5_pbkdf2_hmac_ext(md_type, (const u8 *)pass,
+					    strlen(pass),
 					    (const u8 *)slot->salt,
-					    LUKS_SALTSIZE, iterations,
-					    key_size, derived_key);
+					    LUKS_SALTSIZE, iters, key_size,
+					    derived_key);
 	if (ret) {
 		log_debug("PBKDF2 failed: %d\n", ret);
 		return -EPROTO;
@@ -389,7 +387,6 @@ static int try_keyslot(struct udevice *blk, struct disk_partition *pinfo,
 	log_debug_hex("input key (derived_key) full:", derived_key, key_size);
 
 	aes_expand_key(derived_key, key_size * 8, expkey);
-
 	log_debug_hex("expanded key [0-15]:", expkey, 16);
 
 	/* Decrypt with CBC mode: first check if ESSIV is used */
@@ -433,7 +430,7 @@ static int try_keyslot(struct udevice *blk, struct disk_partition *pinfo,
 	log_debug_hex("mk_digest[0-7]", (u8 *)hdr->mk_digest, 8);
 
 	/* Check if the digest matches */
-	if (memcmp(key_digest, hdr->mk_digest, LUKS_DIGESTSIZE) == 0) {
+	if (!memcmp(key_digest, hdr->mk_digest, LUKS_DIGESTSIZE)) {
 		log_debug("Uunlocked with key slot %d\n", slot_idx);
 		return 0;
 	}
@@ -443,20 +440,18 @@ static int try_keyslot(struct udevice *blk, struct disk_partition *pinfo,
 }
 
 int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
-		const char *passphrase, u8 *master_key, u32 *key_size)
+		const char *pass, u8 *master_key, u32 *key_size)
 {
 	uint version, split_key_size, km_blocks, hdr_blocks;
+	u8 *split_key, *derived_key;
 	struct hash_algo *hash_algo;
+	u8 candidate_key[128], *km;
 	mbedtls_md_type_t md_type;
 	struct luks1_phdr *hdr;
 	struct blk_desc *desc;
-	u8 candidate_key[128];
-	u8 *split_key = NULL;
-	u8 *derived_key = NULL;
-	u8 *km = NULL;
-	int i, ret = -EINVAL;
+	int i, ret;
 
-	if (!blk || !pinfo || !passphrase || !master_key || !key_size)
+	if (!blk || !pinfo || !pass || !master_key || !key_size)
 		return -EINVAL;
 
 	desc = dev_get_uclass_plat(blk);
@@ -482,14 +477,15 @@ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
 
 	version = be16_to_cpu(*(__be16 *)(buffer + LUKS_MAGIC_LEN));
 	if (version != LUKS_VERSION_1) {
-		log_debug("only LUKS1 decryption is currently supported\n");
+		log_debug("unsupported LUKS version %d\n", version);
 		return -ENOTSUPP;
 	}
 
 	hdr = (struct luks1_phdr *)buffer;
 
 	/* Debug: show what we read from header */
-	log_debug("Read header at sector %llu, mk_digest[0-7] ", (unsigned long long)pinfo->start);
+	log_debug("Read header at sector %llu, mk_digest[0-7] ",
+		  (unsigned long long)pinfo->start);
 	log_debug_hex("", (u8 *)hdr->mk_digest, 8);
 
 	/* Verify cipher mode - only CBC supported */
@@ -518,7 +514,7 @@ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
 			break;
 		}
 	}
-	if (stripes == 0) {
+	if (!stripes) {
 		log_debug("no active key slots found\n");
 		return -ENOENT;
 	}
@@ -541,7 +537,7 @@ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
 
 	/* Try each key slot */
 	for (i = 0; i < LUKS_NUMKEYS; i++) {
-		ret = try_keyslot(blk, pinfo, hdr, i, passphrase, md_type,
+		ret = try_keyslot(blk, pinfo, hdr, i, pass, md_type,
 				  *key_size, derived_key, km, km_blocks,
 				  split_key, candidate_key);
 
@@ -586,12 +582,12 @@ out:
  * @master_key:	Unlocked master key
  * @key_size:	Size of the master key in bytes
  * @label:	Label for the blkmap device
- * @blkmap_dev:	Output pointer for created blkmap device
+ * @blkmapp:	Output pointer for created blkmap device
  * Return:	0 on success, -ve on error
  */
 int luks_create_blkmap(struct udevice *blk, struct disk_partition *pinfo,
 		       const u8 *master_key, u32 key_size, const char *label,
-		       struct udevice **blkmap_dev)
+		       struct udevice **blkmapp)
 {
 	u8 essiv_key[SHA256_SUM_LEN];  /* SHA-256 output */
 	struct luks1_phdr *hdr;
@@ -601,7 +597,7 @@ int luks_create_blkmap(struct udevice *blk, struct disk_partition *pinfo,
 	bool use_essiv;
 	int ret;
 
-	if (!blk || !pinfo || !master_key || !label || !blkmap_dev)
+	if (!blk || !pinfo || !master_key || !label || !blkmapp)
 		return -EINVAL;
 
 	desc = dev_get_uclass_plat(blk);
@@ -651,7 +647,7 @@ int luks_create_blkmap(struct udevice *blk, struct disk_partition *pinfo,
 	/* Wipe ESSIV key from stack */
 	if (use_essiv)
 		memset(essiv_key, '\0', sizeof(essiv_key));
-	*blkmap_dev = dev;
+	*blkmapp = dev;
 
 	return 0;
 }
diff --git a/include/luks.h b/include/luks.h
index f8fda27e132..2c52cc48689 100644
--- a/include/luks.h
+++ b/include/luks.h
@@ -145,13 +145,13 @@ int luks_show_info(struct udevice *blk, struct disk_partition *pinfo);
  *
  * @blk:	Block device
  * @pinfo:	Partition information
- * @passphrase:	Passphrase to unlock the partition
+ * @pass:	Passphrase to unlock the partition
  * @master_key:	Buffer to receive the decrypted master key
  * @key_size:	Size of the master_key buffer
  * Return:	0 on success, -ve on error
  */
 int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
-		const char *passphrase, u8 *master_key, u32 *key_size);
+		const char *pass, u8 *master_key, u32 *key_size);
 
 /**
  * luks_create_blkmap() - Create a blkmap device for a LUKS partition
-- 
2.43.0

    