From: Simon Glass <simon.glass@canonical.com> Provide this function through an internal header, so that luks2 will be able to use it. Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com> --- drivers/block/luks.c | 5 +++-- drivers/block/luks_internal.h | 30 ++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 drivers/block/luks_internal.h diff --git a/drivers/block/luks.c b/drivers/block/luks.c index 4400f1cfd84..826fe062757 100644 --- a/drivers/block/luks.c +++ b/drivers/block/luks.c @@ -25,6 +25,7 @@ #include <mbedtls/pkcs5.h> #include <u-boot/sha256.h> #include <u-boot/sha512.h> +#include "luks_internal.h" int luks_get_version(struct udevice *blk, struct disk_partition *pinfo) { @@ -206,8 +207,8 @@ static int af_hash(struct hash_algo *algo, size_t key_size, u8 *block_buf) * @hash_spec: Hash algorithm name (e.g., "sha256") * Return: 0 on success, -ve on error */ -static int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes, - const char *hash_spec) +int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes, + const char *hash_spec) { struct hash_algo *algo; u8 block_buf[128]; diff --git a/drivers/block/luks_internal.h b/drivers/block/luks_internal.h new file mode 100644 index 00000000000..32714787550 --- /dev/null +++ b/drivers/block/luks_internal.h @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * LUKS (Linux Unified Key Setup) internal interfaces + * + * Copyright (C) 2025 Canonical Ltd + */ + +#ifndef __LUKS_INTERNAL_H__ +#define __LUKS_INTERNAL_H__ + +#include <hash.h> + +/** + * af_merge() - Merge anti-forensic split key into original key + * + * This performs the LUKS AF-merge operation to recover the original key from + * its AF-split representation. The algorithm XORs all stripes together, + * applying diffusion between each stripe. Used by both LUKS1 and LUKS2. + * + * @src: AF-split key material (key_size * stripes bytes) + * @dst: Output buffer for merged key (key_size bytes) + * @key_size: Size of the original key + * @stripes: Number of anti-forensic stripes + * @hash_spec: Hash algorithm name (e.g., "sha256") + * Return: 0 on success, -ve on error + */ +int af_merge(const u8 *src, u8 *dst, size_t key_size, uint stripes, + const char *hash_spec); + +#endif /* __LUKS_INTERNAL_H__ */ -- 2.43.0