From: Simon Glass <simon.glass@canonical.com> In preparation for adding support for a new algorithm, move the decryption part of blkmap_crypt_read() into its own function. Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com> --- drivers/block/blkmap_crypt.c | 67 ++++++++++++++++++++++-------------- 1 file changed, 42 insertions(+), 25 deletions(-) diff --git a/drivers/block/blkmap_crypt.c b/drivers/block/blkmap_crypt.c index bc77ddc2751..2de6be23662 100644 --- a/drivers/block/blkmap_crypt.c +++ b/drivers/block/blkmap_crypt.c @@ -45,37 +45,17 @@ struct blkmap_crypt { u8 essiv_key[32]; }; -static ulong blkmap_crypt_read(struct blkmap *bm, struct blkmap_slice *bms, - lbaint_t blknr, lbaint_t blkcnt, void *buffer) +static ulong crypt_read_cbc(struct blkmap *bm, struct blkmap_crypt *bmc, + lbaint_t blknr, lbaint_t blkcnt, + u8 *encrypted_buf, void *buffer) { - struct blkmap_crypt *bmc = container_of(bms, struct blkmap_crypt, slice); struct blk_desc *bd = dev_get_uclass_plat(bm->blk); - struct blk_desc *src_bd = dev_get_uclass_plat(bmc->blk); - lbaint_t src_blknr, blocks_read; - u8 *encrypted_buf, *dest = buffer; u8 expkey[AES256_EXPAND_KEY_LENGTH]; u8 iv[AES_BLOCK_LENGTH]; + u8 *dest = buffer; u64 sector; lbaint_t i; - /* Allocate buffer for encrypted data */ - encrypted_buf = malloc_cache_aligned(blkcnt * src_bd->blksz); - if (!encrypted_buf) - return 0; - - /* - * Calculate source block number (LUKS payload offset + requested - * block) - */ - src_blknr = bmc->blknr + bmc->payload_offset + blknr; - - /* Read encrypted data from underlying device */ - blocks_read = blk_read(bmc->blk, src_blknr, blkcnt, encrypted_buf); - if (blocks_read != blkcnt) { - free(encrypted_buf); - return 0; - } - /* Expand AES key */ aes_expand_key(bmc->master_key, bmc->key_size * 8, expkey); @@ -116,11 +96,48 @@ static ulong blkmap_crypt_read(struct blkmap *bm, struct blkmap_slice *bms, dest + i * bd->blksz, bd->blksz / AES_BLOCK_LENGTH); } - free(encrypted_buf); return blkcnt; } +static ulong blkmap_crypt_read(struct blkmap *bm, struct blkmap_slice *bms, + lbaint_t blknr, lbaint_t blkcnt, void *buffer) +{ + struct blkmap_crypt *bmc = container_of(bms, struct blkmap_crypt, slice); + struct blk_desc *src_bd = dev_get_uclass_plat(bmc->blk); + lbaint_t src_blknr, blocks_read; + u8 *encrypted_buf; + ulong result; + + /* Allocate buffer for encrypted data */ + encrypted_buf = malloc_cache_aligned(blkcnt * src_bd->blksz); + if (!encrypted_buf) + return 0; + + /* + * Calculate source block number (LUKS payload offset + requested + * block) + */ + src_blknr = bmc->blknr + bmc->payload_offset + blknr; + + /* Read encrypted data from underlying device */ + blocks_read = blk_read(bmc->blk, src_blknr, blkcnt, encrypted_buf); + if (blocks_read != blkcnt) { + free(encrypted_buf); + return 0; + } + + if (blknr == 0 && blkcnt >= 1) { + log_debug("First 32 bytes of ENCRYPTED data:\n"); + log_debug_hex("", encrypted_buf, 32); + } + + result = crypt_read_cbc(bm, bmc, blknr, blkcnt, encrypted_buf, buffer); + free(encrypted_buf); + + return result; +} + static void blkmap_crypt_destroy(struct blkmap *bm, struct blkmap_slice *bms) { struct blkmap_crypt *bmc = container_of(bms, struct blkmap_crypt, slice); -- 2.43.0