Replace PBKDF2 implementation pulled in from vnconfig with one

derived from Damien Bergamini's wpa-psk. This implementation is
smaller, cleaner and uses the libc SHA1 functions instead of
pulling in OpenSSL.

make bioctl.c -Wall clean too

Verified with rfc3962 test vectors and against a assembled cryptoraid;
ok hshoexer@

4 files changed, 303 insertions, 20 deletions

diff --git a/sbin/bioctl/Makefile b/sbin/bioctl/Makefile
index 7de33853409..e7038874231 100644
--- a/sbin/bioctl/Makefile
+++ b/sbin/bioctl/Makefile
@@ -1,11 +1,22 @@
-#	$OpenBSD: Makefile,v 1.9 2008/06/13 21:03:40 hshoexer Exp $
+#	$OpenBSD: Makefile,v 1.10 2008/06/14 06:28:27 djm Exp $
 
 PROG=	bioctl
-SRCS=	bioctl.c pkcs5_pbkdf2.c
-.PATH:	${.CURDIR}/../mount_vnd
-CFLAGS+=-Wall -I${.CURDIR}/../mount_vnd
-LDADD=	-lutil -lcrypto
+SRCS=	bioctl.c pbkdf2.c
+
+LDADD=	-lutil
 DPADD=	${LIBUTIL}
+
+CDIAGFLAGS=     -Wall
+CDIAGFLAGS+=    -Werror
+CDIAGFLAGS+=    -Wpointer-arith
+CDIAGFLAGS+=    -Wno-uninitialized
+CDIAGFLAGS+=    -Wstrict-prototypes
+CDIAGFLAGS+=    -Wmissing-prototypes
+CDIAGFLAGS+=    -Wunused
+CDIAGFLAGS+=    -Wsign-compare
+CDIAGFLAGS+=    -Wbounded
+CDIAGFLAGS+=    -Wshadow
+
 MAN=	bioctl.8
 
 .include <bsd.prog.mk>
diff --git a/sbin/bioctl/bioctl.c b/sbin/bioctl/bioctl.c
index 71387212b8a..9ea26511c8f 100644
--- a/sbin/bioctl/bioctl.c
+++ b/sbin/bioctl/bioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bioctl.c,v 1.66 2008/06/14 00:05:47 djm Exp $       */
+/* $OpenBSD: bioctl.c,v 1.67 2008/06/14 06:28:27 djm Exp $       */
 
 /*
  * Copyright (c) 2004, 2005 Marco Peereboom
@@ -49,7 +49,7 @@
 #include <util.h>
 #include <vis.h>
 
-#include "pkcs5_pbkdf2.h"
+#include "pbkdf2.h"
 
 struct locator {
 	int		channel;
@@ -733,7 +733,7 @@ bio_parse_devlist(char *lst, dev_t *dt)
 	u_int32_t		sz = 0;
 	int			no_dev = 0, i, x;
 	struct stat		sb;
-	char			devname[MAXPATHLEN];
+	char			dev[MAXPATHLEN];
 
 	if (!lst)
 		errx(1, "invalid device list");
@@ -746,12 +746,12 @@ bio_parse_devlist(char *lst, dev_t *dt)
 		else if (*(e + 1) == '\0' || *(e + 1) == ',') {
 			/* got one */
 			sz = e - s + 1;
-			strlcpy(devname, s, sz + 1);
-			if (stat(devname, &sb) == -1)
-				err(1, "could not stat %s", devname);
+			strlcpy(dev, s, sz + 1);
+			if (stat(dev, &sb) == -1)
+				err(1, "could not stat %s", dev);
 			dt[no_dev] = sb.st_rdev;
 			no_dev++;
-			if (no_dev > (BIOC_CRMAXLEN / sizeof(dev_t)))
+			if (no_dev > (int)(BIOC_CRMAXLEN / sizeof(dev_t)))
 				errx(1, "too many devices on device list");
 		}
 		e++;
@@ -847,7 +847,6 @@ void
 get_pkcs_key(int rounds, u_int8_t *key, size_t keysz, u_int8_t *salt,
     size_t saltsz)
 {
-	u_int8_t	*keybuf;
 	char		*passphrase;
 
 	if (!key)
@@ -863,13 +862,9 @@ get_pkcs_key(int rounds, u_int8_t *key, size_t keysz, u_int8_t *salt,
 		errx(1, "Need a passphrase");
 
 	/* derive key from passphrase */
-	if (pkcs5_pbkdf2(&keybuf, keysz, passphrase, strlen(passphrase), salt,
-	    saltsz, rounds, 0))
-		errx(1, "pkcs5_pbkdf2 failed");
-
-	memcpy(key, keybuf, keysz);
-	memset(keybuf, 0, keysz);
-	free(keybuf);
+	if (pkcs5_pbkdf2(passphrase, strlen(passphrase), salt, saltsz,
+	    key, keysz, rounds) != 0)
+		errx(1, "pbkdf2 failed");
 
 	/* forget passphrase */
 	memset(passphrase, 0, strlen(passphrase));
diff --git a/sbin/bioctl/pbkdf2.c b/sbin/bioctl/pbkdf2.c
new file mode 100644
index 00000000000..eba68ad1bc7
--- /dev/null
+++ b/sbin/bioctl/pbkdf2.c
@@ -0,0 +1,253 @@
+/*	$OpenBSD: pbkdf2.c,v 1.1 2008/06/14 06:28:27 djm Exp $	*/
+
+/*-
+ * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include <string.h>
+#include <limits.h>
+#include <stdlib.h>
+
+#include <sha1.h>
+
+#include "pbkdf2.h"
+
+/* #define PBKDF2_MAIN */
+
+/*
+ * HMAC-SHA-1 (from RFC 2202).
+ */
+static void
+hmac_sha1(const u_int8_t *text, size_t text_len, const u_int8_t *key,
+    size_t key_len, u_int8_t digest[SHA1_DIGEST_LENGTH])
+{
+	SHA1_CTX ctx;
+	u_int8_t k_pad[SHA1_BLOCK_LENGTH];
+	u_int8_t tk[SHA1_DIGEST_LENGTH];
+	int i;
+
+	if (key_len > SHA1_BLOCK_LENGTH) {
+		SHA1Init(&ctx);
+		SHA1Update(&ctx, key, key_len);
+		SHA1Final(tk, &ctx);
+
+		key = tk;
+		key_len = SHA1_DIGEST_LENGTH;
+	}
+
+	bzero(k_pad, sizeof k_pad);
+	bcopy(key, k_pad, key_len);
+	for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
+		k_pad[i] ^= 0x36;
+
+	SHA1Init(&ctx);
+	SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
+	SHA1Update(&ctx, text, text_len);
+	SHA1Final(digest, &ctx);
+
+	bzero(k_pad, sizeof k_pad);
+	bcopy(key, k_pad, key_len);
+	for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
+		k_pad[i] ^= 0x5c;
+
+	SHA1Init(&ctx);
+	SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
+	SHA1Update(&ctx, digest, SHA1_DIGEST_LENGTH);
+	SHA1Final(digest, &ctx);
+}
+
+/*
+ * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
+ * Code based on IEEE Std 802.11-2007, Annex H.4.2.
+ */
+int
+pkcs5_pbkdf2(const char *pass, size_t pass_len, const char *salt, size_t salt_len,
+    u_int8_t *key, size_t key_len, u_int rounds)
+{
+	u_int8_t *asalt, obuf[SHA1_DIGEST_LENGTH];
+	u_int8_t d1[SHA1_DIGEST_LENGTH], d2[SHA1_DIGEST_LENGTH];
+	u_int i, j;
+	u_int count;
+	size_t r;
+
+	if (rounds < 1 || key_len == 0)
+		return -1;
+	if (salt_len == 0 || salt_len > SIZE_MAX - 1)
+		return -1;
+	if ((asalt = malloc(salt_len + 4)) == NULL)
+		return -1;
+
+	memcpy(asalt, salt, salt_len);
+
+	for (count = 1; key_len > 0; count++) {
+		asalt[salt_len + 0] = (count >> 24) & 0xff;
+		asalt[salt_len + 1] = (count >> 16) & 0xff;
+		asalt[salt_len + 2] = (count >> 8) & 0xff;
+		asalt[salt_len + 3] = count & 0xff;
+		hmac_sha1(asalt, salt_len + 4, pass, pass_len, d1);
+		memcpy(obuf, d1, sizeof(obuf));
+
+		for (i = 1; i < rounds; i++) {
+			hmac_sha1(d1, sizeof(d1), pass, pass_len, d2);
+			memcpy(d1, d2, sizeof(d1));
+			for (j = 0; j < sizeof(obuf); j++)
+				obuf[j] ^= d1[j];
+		}
+
+		r = MIN(key_len, SHA1_DIGEST_LENGTH);
+		memcpy(key, obuf, r);
+		key += r;
+		key_len -= r;
+	};
+	bzero(asalt, salt_len + 4);
+	free(asalt);
+	bzero(d1, sizeof(d1));
+	bzero(d2, sizeof(d2));
+	bzero(obuf, sizeof(obuf));
+
+	return 0;
+}
+
+#ifdef PBKDF2_MAIN
+struct test_vector {
+	u_int rounds;
+	const char *pass;
+	const char *salt;
+	const char expected[32];
+};
+
+/*
+ * Test vectors from RFC 3962
+ */
+struct test_vector test_vectors[] = {
+	{
+		1,
+		"password",
+		"ATHENA.MIT.EDUraeburn",
+		{
+			0xcd, 0xed, 0xb5, 0x28, 0x1b, 0xb2, 0xf8, 0x01,
+			0x56, 0x5a, 0x11, 0x22, 0xb2, 0x56, 0x35, 0x15,
+			0x0a, 0xd1, 0xf7, 0xa0, 0x4b, 0xb9, 0xf3, 0xa3,
+			0x33, 0xec, 0xc0, 0xe2, 0xe1, 0xf7, 0x08, 0x37
+		},
+	}, {
+		2,
+		"password",
+		"ATHENA.MIT.EDUraeburn",
+		{
+			0x01, 0xdb, 0xee, 0x7f, 0x4a, 0x9e, 0x24, 0x3e, 
+			0x98, 0x8b, 0x62, 0xc7, 0x3c, 0xda, 0x93, 0x5d,
+			0xa0, 0x53, 0x78, 0xb9, 0x32, 0x44, 0xec, 0x8f,
+			0x48, 0xa9, 0x9e, 0x61, 0xad, 0x79, 0x9d, 0x86
+		},
+	}, {
+		1200,
+		"password",
+		"ATHENA.MIT.EDUraeburn",
+		{
+			0x5c, 0x08, 0xeb, 0x61, 0xfd, 0xf7, 0x1e, 0x4e,
+			0x4e, 0xc3, 0xcf, 0x6b, 0xa1, 0xf5, 0x51, 0x2b,
+			0xa7, 0xe5, 0x2d, 0xdb, 0xc5, 0xe5, 0x14, 0x2f,
+			0x70, 0x8a, 0x31, 0xe2, 0xe6, 0x2b, 0x1e, 0x13
+		},
+	}, {
+		5,
+		"password",
+		"\0224VxxV4\022", /* 0x1234567878563412 */
+		{
+			0xd1, 0xda, 0xa7, 0x86, 0x15, 0xf2, 0x87, 0xe6,
+			0xa1, 0xc8, 0xb1, 0x20, 0xd7, 0x06, 0x2a, 0x49,
+			0x3f, 0x98, 0xd2, 0x03, 0xe6, 0xbe, 0x49, 0xa6,
+			0xad, 0xf4, 0xfa, 0x57, 0x4b, 0x6e, 0x64, 0xee
+		},
+	}, {
+		1200,
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+		"pass phrase equals block size",
+		{
+			0x13, 0x9c, 0x30, 0xc0, 0x96, 0x6b, 0xc3, 0x2b,
+			0xa5, 0x5f, 0xdb, 0xf2, 0x12, 0x53, 0x0a, 0xc9,
+			0xc5, 0xec, 0x59, 0xf1, 0xa4, 0x52, 0xf5, 0xcc,
+			0x9a, 0xd9, 0x40, 0xfe, 0xa0, 0x59, 0x8e, 0xd1
+		},
+	}, {
+		1200,
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+		"pass phrase exceeds block size",
+		{
+			0x9c, 0xca, 0xd6, 0xd4, 0x68, 0x77, 0x0c, 0xd5,
+			0x1b, 0x10, 0xe6, 0xa6, 0x87, 0x21, 0xbe, 0x61,
+			0x1a, 0x8b, 0x4d, 0x28, 0x26, 0x01, 0xdb, 0x3b,
+			0x36, 0xbe, 0x92, 0x46, 0x91, 0x5e, 0xc8, 0x2a
+		},
+	}, {
+		50,
+		"\360\235\204\236", /* g-clef (0xf09d849e) */
+		"EXAMPLE.COMpianist",
+		{
+			0x6b, 0x9c, 0xf2, 0x6d, 0x45, 0x45, 0x5a, 0x43,
+			0xa5, 0xb8, 0xbb, 0x27, 0x6a, 0x40, 0x3b, 0x39,
+			0xe7, 0xfe, 0x37, 0xa0, 0xc4, 0x1e, 0x02, 0xc2,
+			0x81, 0xff, 0x30, 0x69, 0xe1, 0xe9, 0x4f, 0x52
+		},
+	}
+};
+#define NVECS (sizeof(test_vectors) / sizeof(*test_vectors))
+
+#include <stdio.h>
+#include <err.h>
+
+static void
+printhex(const char *s, const u_int8_t *buf, size_t len)
+{
+	size_t i;
+
+	printf("%s: ", s);
+	for (i = 0; i < len; i++)
+		printf("%02x", buf[i]);
+	printf("\n");
+	fflush(stdout);
+}
+
+int
+main(int argc, char **argv)
+{
+	u_int i, j;
+	u_char result[32];
+	struct test_vector *vec;
+
+	for (i = 0; i < NVECS; i++) {
+		vec = &test_vectors[i];
+		printf("vector %u\n", i);
+		for (j = 1; j < sizeof(result); j += 3) {
+			if (pkcs5_pbkdf2(vec->pass, strlen(vec->pass),
+			    vec->salt, strlen(vec->salt),
+			    result, j, vec->rounds) != 0)
+			errx(1, "pbkdf2 failed");
+			if (memcmp(result, vec->expected, j) != 0) {
+				printhex(" got", result, j);
+				printhex("want", vec->expected, j);
+				return 1;
+			}
+		}
+	}
+	return 0;
+}
+#endif /* PBKDF2_MAIN */
diff --git a/sbin/bioctl/pbkdf2.h b/sbin/bioctl/pbkdf2.h
new file mode 100644
index 00000000000..2ee04c72e46
--- /dev/null
+++ b/sbin/bioctl/pbkdf2.h
@@ -0,0 +1,24 @@
+/*	$OpenBSD: pbkdf2.h,v 1.1 2008/06/14 06:28:27 djm Exp $	*/
+
+/*-
+ * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
+ * Code based on IEEE Std 802.11-2007, Annex H.4.2.
+ */
+int pkcs5_pbkdf2(const char *, size_t, const char *, size_t,
+    u_int8_t *, size_t, u_int);