bitlk: Do not try to use empty password for password keyslots

Passing empty password means we want to try to open the device
using the clear key so we can skip all other keyslots in this case.

This also fixes unlocking a BitLocker device where recovery
passphrase is in the first keyslot where we try to use the empty
passhrase first, hoping for a clear key, and never actually prompt
user for an actual (recovery) passphrase after.

Fixes: #973

Author: vojtechtrefny

lib/bitlk/bitlk.c

@@ -1300,6 +1300,17 @@ int BITLK_get_volume_key(struct crypt_device *cd,
 	next_vmk = params->vmks;
 	while (next_vmk) {
 		bool is_decrypted = false;
+
+		if (password == NULL && next_vmk->protection != BITLK_PROTECTION_CLEAR_KEY) {
+			/*
+			 * Clearkey is the only slot that doesn't require password so no password
+			 * means we are trying to use clearkey and we can skip all other key slots.
+			 */
+			r = -EPERM;
+			next_vmk = next_vmk->next;
+			continue;
+		}
+
 		if (next_vmk->protection == BITLK_PROTECTION_PASSPHRASE) {
 			r = bitlk_kdf(password, passwordLen, false, next_vmk->salt, &vmk_dec_key);
 			if (r) {