This algorithm can use a lot of memory, so add a check for this condition
and return the correct error.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
In some cases we may wish to provide a pre-derived key, e.g. obtained
from a TKey. Provide an option for this with LUKSv2. For now it is not
exported.
Improve the error-return documentation while we are here.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Update unlock_luks2() and related functions to accept a binary
passphrase instead of a string passphrase. This will allow unlocking
using hashed data.
For now this is internal to the luks implementation.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Both luks.c and luks2.c have similar implementations of essiv_decrypt().
Drop the version in the later to reduce code duplication.
Drop the duplicate function comments while we are here, since exported
functions should have the information in the header file.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add supports for luks v2 which is a more common version used on modern
systems.
This makes use of Argon2 and also the JSON->FDT parser.
Enable this feature for sandbox, tidying up the defconfig while we are
here.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
