luks: Update luks_unlock() to take binary passphrase

Update luks_unlock() to accept a binary passphrase, to match the LUKS2
implementation.

Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>

cmd/luks.c

@@ -88,8 +88,8 @@ static int do_luks_unlock(struct cmd_tbl *cmdtp, int flag, int argc,
 	printf("Unlocking LUKS%d partition...\n", version);
 
 	/* Unlock the partition to get the master key */
-	ret = luks_unlock(dev_desc->bdev, &info, passphrase, master_key,
-			  &key_size);
+	ret = luks_unlock(dev_desc->bdev, &info, (const u8 *)passphrase,
+			  strlen(passphrase), master_key, &key_size);
 	if (ret) {
 		printf("Failed to unlock LUKS partition (err %dE)\n", ret);
 		return CMD_RET_FAILURE;

drivers/block/luks.c

@@ -415,7 +415,8 @@ static int try_keyslot(struct udevice *blk, struct disk_partition *pinfo,
 }
 
 int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
-		const char *pass, u8 *master_key, u32 *key_size)
+		const u8 *pass, size_t pass_len, u8 *master_key,
+		u32 *key_size)
 {
 	uint version, split_key_size, km_blocks, hdr_blocks;
 	u8 *split_key, *derived_key;
@@ -452,8 +453,8 @@ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
 
 	version = be16_to_cpu(*(__be16 *)(buffer + LUKS_MAGIC_LEN));
 	if (version == LUKS_VERSION_2)
-		return unlock_luks2(blk, pinfo, (const u8 *)pass, strlen(pass),
-				    master_key, key_size);
+		return unlock_luks2(blk, pinfo, pass, pass_len, master_key,
+				    key_size);
 
 	if (version != LUKS_VERSION_1) {
 		log_debug("unsupported LUKS version %d\n", version);
@@ -516,10 +517,9 @@ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
 
 	/* Try each key slot */
 	for (i = 0; i < LUKS_NUMKEYS; i++) {
-		ret = try_keyslot(blk, pinfo, hdr, i, (const u8 *)pass,
-				  strlen(pass), md_type, *key_size,
-				  derived_key, km, km_blocks, split_key,
-				  candidate_key);
+		ret = try_keyslot(blk, pinfo, hdr, i, pass, pass_len, md_type,
+				  *key_size, derived_key, km, km_blocks,
+				  split_key, candidate_key);
 
 		if (!ret) {
 			/* Successfully unlocked */

include/luks.h

@@ -146,6 +146,7 @@ int luks_show_info(struct udevice *blk, struct disk_partition *pinfo);
  * @blk:	Block device
  * @pinfo:	Partition information
  * @pass:	Passphrase to unlock the partition
+ * @pass_len:	Length of the passphrase in bytes
  * @master_key:	Buffer to receive the decrypted master key
  * @key_size:	Size of the master_key buffer
  * Return:	0 on success,
@@ -157,7 +158,8 @@ int luks_show_info(struct udevice *blk, struct disk_partition *pinfo);
  *		-EIO if failed to read from block device
  */
 int luks_unlock(struct udevice *blk, struct disk_partition *pinfo,
-		const char *pass, u8 *master_key, u32 *key_size);
+		const u8 *pass, size_t pass_len, u8 *master_key,
+		u32 *key_size);
 
 /**
  * luks_create_blkmap() - Create a blkmap device for a LUKS partition

test/boot/luks.c

@@ -274,8 +274,8 @@ static int bootstd_test_luks2_unlock(struct unit_test_state *uts)
 
 	/* Test that unlock fails for partition 1 (not LUKS) */
 	ut_assertok(part_get_info(desc, 1, &info));
-	ut_asserteq(-ENOENT, luks_unlock(desc->bdev, &info, "test", master_key,
-					 &key_size));
+	ut_asserteq(-ENOENT, luks_unlock(desc->bdev, &info, (const u8 *)"test",
+					 4, master_key, &key_size));
 
 	/* Test unlocking partition 2 with correct passphrase */
 	ut_assertok(run_command("luks unlock mmc c:2 test", 0));