mbedtls: Allow use of PKCS#5 functions

Add a few Kconfig options to allow PKCS#5 (PBKDF2) to be used within
U-Boot

Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

lib/mbedtls/Kconfig

@@ -231,6 +231,13 @@ config HKDF_MBEDTLS
 	  This option enables support of key derivation using HKDF algorithm
 	  with MbedTLS crypto library.
 
+config PKCS5_MBEDTLS
+	bool "Enable PKCS#5 support with MbedTLS crypto library"
+	depends on MBEDTLS_LIB_CRYPTO
+	help
+	  This option enables support of PKCS#5 functions (PBKDF2) with
+	  MbedTLS crypto library. Required for LUKS decryption.
+
 endif # MBEDTLS_LIB_CRYPTO
 
 config MBEDTLS_LIB_X509
@@ -489,6 +496,13 @@ config SPL_HKDF_MBEDTLS
 	  This option enables support of key derivation using HKDF algorithm
 	  with MbedTLS crypto library in SPL.
 
+config SPL_PKCS5_MBEDTLS
+	bool "Enable PKCS#5 support with MbedTLS crypto library (SPL)"
+	depends on SPL_MBEDTLS_LIB_CRYPTO
+	help
+	  This option enables support of PKCS#5 functions (PBKDF2) with
+	  MbedTLS crypto library in SPL. Required for LUKS decryption.
+
 endif # SPL_MBEDTLS_LIB_CRYPTO
 
 config SPL_MBEDTLS_LIB_X509

lib/mbedtls/Makefile

@@ -35,6 +35,8 @@ mbedtls_lib_crypto-$(CONFIG_$(PHASE_)SHA512_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/sha512.o
 mbedtls_lib_crypto-$(CONFIG_$(PHASE_)HKDF_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/hkdf.o
+mbedtls_lib_crypto-$(CONFIG_$(PHASE_)PKCS5_MBEDTLS) += \
+	$(MBEDTLS_LIB_DIR)/pkcs5.o
 
 # MbedTLS X509 library
 obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o

lib/mbedtls/mbedtls_def_config.h

@@ -60,6 +60,10 @@
 #define MBEDTLS_HKDF_C
 #endif
 
+#if CONFIG_IS_ENABLED(PKCS5_MBEDTLS)
+#define MBEDTLS_PKCS5_C
+#endif
+
 #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)
 
 #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)