On Tue, May 19, 2009 at 15:02 +0000, Mike Belopuhov wrote:
> On Tue, May 19, 2009 at 14:35 +0000, Mike Belopuhov wrote:
> > re,
> >
> > openbsd softraid is nomore, therefore we need to remove relevant
> > chunks from bioctl. here we go: this diff downgrades bioctl.c to
> > rev 1.48 and merges in revs 1.53, 1.59, 1.60. this allowes to
> > proceed with the build.
> >
> > ok to commit?
> >
>
> these files (pbkdf2.c, pbkdf2.h) are shared with wpa-psk(8), so they
> will be moved to sbin/wpa-psk.
>
proper diff this time.
Index: bioctl/Makefile
===================================================================
RCS file: /cvs/src/sbin/bioctl/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- bioctl/Makefile 26 Dec 2008 18:50:47 -0000 1.2
+++ bioctl/Makefile 21 May 2009 23:37:27 -0000
@@ -1,6 +1,6 @@
PROG= bioctl
-SRCS= bioctl.c pbkdf2.c
+SRCS= bioctl.c
CFLAGS+=-Wall
LDADD= -lutil
DPADD= ${LIBUTIL}
Index: bioctl/bioctl.8
===================================================================
RCS file: /cvs/src/sbin/bioctl/bioctl.8,v
retrieving revision 1.2
diff -u -p -r1.2 bioctl.8
--- bioctl/bioctl.8 26 Dec 2008 18:50:47 -0000 1.2
+++ bioctl/bioctl.8 21 May 2009 23:37:27 -0000
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 26 2008 $
+.Dd $Mdocdate$
.Dt BIOCTL 8
.Os
.Sh NAME
@@ -31,14 +31,10 @@
.Sh SYNOPSIS
.Nm bioctl
.Bk -words
-.Op Fl dhiqv
+.Op Fl hiqv
.Op Fl a Ar alarm-function
.Op Fl b Ar channel:target[.lun]
-.Op Fl C Ar flag[,flag,...]
-.Op Fl c Ar raidlevel
.Op Fl H Ar channel:target[.lun]
-.Op Fl l Ar special[,special,...]
-.Op Fl r Ar rounds
.Op Fl u Ar channel:target[.lun]
.Ar device
.Ek
@@ -81,42 +77,6 @@ to start blinking, if there is
or
.Xr safte 4
support in the enclosure.
-.It Fl C Ar flag[,flag,...]
-Pass flags when doing operations with
-.Nm .
-May be one of:
-.Pp
-.Bl -tag -width disable -compact
-.It Ar force
-Force the operation, e.g. to force creation of volumes
-with unclean data in the metatdata areas.
-.It Ar noauto
-Ignore this RAID volume upon reboot.
-.El
-.It Fl c Ar raidlevel
-Create a
-.Xr softraid 4
-device of level
-.Ar raidlevel .
-The device must begin with
-.Dq softraid
-followed by a number.
-.Pp
-Valid raidlevels are:
-.Pp
-.Bl -tag -width Ds -offset indent -compact
-.It 0
-RAID 0:
-A striping discipline.
-.It 1
-RAID 1:
-A mirroring discipline.
-.It C
-CRYPTO:
-An encrypting discipline.
-.El
-.It Fl d
-Delete volume specified by device.
.It Fl H Ar channel:target[.lun]
If the device at
.Ar channel:target[.lun]
@@ -131,22 +91,6 @@ Gigabyte, Terabyte, Petabyte, Exabyte in
digits to four or less.
.It Fl i
Enumerate the selected RAID devices.
-.It Fl l Ar special[,special,...]
-Use
-.Ar special
-device list to create within the
-.Xr softraid 4
-framework.
-Requires
-.Fl c .
-.It Fl q
-Show vendor, product, revision, and serial number for the given disk.
-.It Fl r Ar rounds
-When creating an encrypted volume, specifies the number of iterations of
-the algorithm used to convert a passphrase into a key.
-Higher iteration counts take more time, but offer more resistance to key
-guessing attacks.
-The minimum is 1000 rounds and the default is 8192.
.It Fl u Ar channel:target[.lun]
Instruct the device at
.Ar channel:target[.lun]
@@ -155,6 +99,8 @@ to cease blinking, if there is
or
.Xr safte 4
support in the enclosure.
+.It Fl q
+Show vendor, product, revision and serial number for the given disk.
.It Fl v
Be more verbose in output.
.It Ar device
@@ -166,30 +112,6 @@ or
enclosures, it is also possible to directly specify the enclosure name
(e.g. safte0).
.El
-.Sh EXAMPLES
-The following command, executed from the command line, would configure
-the device softraid0 with 4 special devices
-(/dev/sd2e, /dev/sd3e, /dev/sd4e, /dev/sd5e) and
-a raid level of 1:
-.Bd -literal -offset 3n
-# bioctl -c 1 -l /dev/sd2e,/dev/sd3e,/dev/sd4e,/dev/sd5e softraid0
-.Ed
-.Pp
-The following command, executed from the command line, would configure the
-device softraid0 with one special device (/dev/sd2e) and an encrypting
-volume:
-.Bd -literal -offset 3n
-# bioctl -c C -l /dev/sd2e softraid0
-.Ed
-.Pp
-.Nm
-will ask for a passphrase, that will be needed to unlock the encrypted
-disk.
-After creating a new encrypted disk, it should be zeroed with the
-following command (assuming the new disk is sd3):
-.Bd -literal -offset 3n
-# dd if=/dev/zero of=/dev/rsd3c
-.Ed
.Sh SEE ALSO
.Xr ami 4 ,
.Xr arc 4 ,
@@ -198,8 +120,7 @@ following command (assuming the new disk
.Xr mfi 4 ,
.Xr safte 4 ,
.Xr scsi 4 ,
-.Xr ses 4 ,
-.Xr softraid 4
+.Xr ses 4
.Sh HISTORY
The
.Nm
@@ -210,5 +131,3 @@ The
.Nm
interface was written by
.An Marco Peereboom Aq [email protected] .
-.Sh CAVEATS
-Use of the crypto discipline is currently considered experimental.
Index: bioctl/bioctl.c
===================================================================
RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
retrieving revision 1.2
diff -u -p -r1.2 bioctl.c
--- bioctl/bioctl.c 26 Dec 2008 18:50:47 -0000 1.2
+++ bioctl/bioctl.c 21 May 2009 23:37:27 -0000
@@ -26,17 +26,15 @@
*/
#ifndef lint
-static const char rcsid[] = "$ABSD: bioctl.c,v 1.2 2008/12/26 18:50:47 mickey
Exp $";
+static const char rcsid[] = "$ABSD: bioctl.c,v 1.2 2008/12/26 18:50:47 mickey
$";
#endif
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/queue.h>
-#include <sys/stat.h>
#include <scsi/scsi_disk.h>
#include <scsi/scsi_all.h>
#include <dev/biovar.h>
-#include <dev/softraidvar.h>
#include <errno.h>
#include <err.h>
@@ -49,62 +47,46 @@ static const char rcsid[] = "$ABSD: bioc
#include <ctype.h>
#include <util.h>
#include <vis.h>
-#include <readpassphrase.h>
-
-#include "pbkdf2.h"
struct locator {
- int channel;
- int target;
- int lun;
+ int channel;
+ int target;
+ int lun;
};
-void usage(void);
-const char *str2locator(const char *, struct locator *);
-void cleanup(void);
-int bio_parse_devlist(char *, dev_t *);
-void bio_kdf_derive(struct sr_crypto_kdfinfo *,
- struct sr_crypto_kdf_pbkdf2 *);
-void bio_kdf_generate(struct sr_crypto_kdfinfo *);
-void derive_key_pkcs(int, u_int8_t *, size_t, u_int8_t *,
- size_t, int);
-
-void bio_inq(char *);
-void bio_alarm(char *);
-void bio_setstate(char *);
-void bio_setblink(char *, char *, int);
-void bio_blink(char *, int, int);
-void bio_createraid(u_int16_t, char *);
-void bio_deleteraid(char *);
-u_int32_t bio_createflags(char *);
-char *bio_vis(char *);
-void bio_diskinq(char *);
-
-int devh = -1;
-int human;
-int verbose;
-u_int32_t cflags = 0;
-int rflag = 8192;
+void usage(void);
+const char *str2locator(const char *, struct locator *);
+void cleanup(void);
+
+void bio_inq(char *);
+void bio_alarm(char *);
+void bio_setstate(char *);
+void bio_setblink(char *, char *, int);
+void bio_blink(char *, int, int);
+char *bio_vis(char *);
+void bio_diskinq(char *);
+
+int devh = -1;
+int human;
+int verbose;
-struct bio_locate bl;
+struct bio_locate bl;
int
main(int argc, char *argv[])
{
- extern char *optarg;
- u_int64_t func = 0;
+ extern char *optarg;
+ u_int64_t func = 0;
/* u_int64_t subfunc = 0; */
- char *bioc_dev = NULL, *sd_dev = NULL;
- char *realname = NULL, *al_arg = NULL;
- char *bl_arg = NULL, *dev_list = NULL;
- const char *errstr;
- int ch, rv, blink = 0, diskinq = 0;
- u_int16_t cr_level = 0;
+ char *bioc_dev = NULL, *sd_dev = NULL;
+ char *realname = NULL, *al_arg = NULL;
+ char *bl_arg = NULL;
+ int ch, rv, blink = 0, diskinq = 0;
if (argc < 2)
usage();
- while ((ch = getopt(argc, argv, "a:b:C:c:dH:hil:qr:vu:")) != -1) {
+ while ((ch = getopt(argc, argv, "b:u:H:ha:iqv")) != -1) {
switch (ch) {
case 'a': /* alarm */
func |= BIOC_ALARM;
@@ -115,20 +97,6 @@ main(int argc, char *argv[])
blink = BIOC_SBBLINK;
bl_arg = optarg;
break;
- case 'C': /* creation flags */
- cflags = bio_createflags(optarg);
- break;
- case 'c': /* create */
- func |= BIOC_CREATERAID;
- if (isdigit(*optarg))
- cr_level = atoi(optarg);
- else
- cr_level = *optarg;
- break;
- case 'd':
- /* delete volume */
- func |= BIOC_DELETERAID;
- break;
case 'u': /* unblink */
func |= BIOC_BLINK;
blink = BIOC_SBUNBLINK;
@@ -144,22 +112,12 @@ main(int argc, char *argv[])
case 'i': /* inquiry */
func |= BIOC_INQ;
break;
- case 'l': /* device list */
- func |= BIOC_DEVLIST;
- dev_list = optarg;
- break;
- case 'r':
- rflag = strtonum(optarg, 1000, 1<<30, &errstr);
- if (errstr != NULL)
- errx(1, "Number of rounds is %s: %s",
- errstr, optarg);
+ case 'q':
+ diskinq = 1;
break;
case 'v':
verbose = 1;
break;
- case 'q':
- diskinq = 1;
- break;
default:
usage();
/* NOTREACHED */
@@ -208,16 +166,6 @@ main(int argc, char *argv[])
bio_setblink(sd_dev, bl_arg, blink);
} else if (func == BIOC_SETSTATE) {
bio_setstate(al_arg);
- } else if (func == BIOC_DELETERAID && sd_dev != NULL) {
- bio_deleteraid(sd_dev);
- } else if (func & BIOC_CREATERAID || func & BIOC_DEVLIST) {
- if (!(func & BIOC_CREATERAID))
- errx(1, "need -c parameter");
- if (!(func & BIOC_DEVLIST))
- errx(1, "need -l parameter");
- if (sd_dev)
- errx(1, "can't use sd device");
- bio_createraid(cr_level, dev_list);
}
return (0);
@@ -226,25 +174,18 @@ main(int argc, char *argv[])
void
usage(void)
{
- extern char *__progname;
+ extern char *__progname;
- fprintf(stderr,
- "usage: %s [-dhiqv] [-a alarm-function] "
- "[-b channel:target[.lun]]\n"
- "\t[-C flag[,flag,...]] [-c raidlevel] "
- "[-H channel:target[.lun]]\n"
- "\t[-l special[,special,...]] [-r rounds] "
- "[-u channel:target[.lun]]\n"
- "\tdevice\n", __progname);
-
+ fprintf(stderr, "usage: %s [-hiqv] [-a alarm-function]"
+ " [[-bHu] chan:targ[.lun]] device\n", __progname);
exit(1);
}
const char *
str2locator(const char *string, struct locator *location)
{
- const char *errstr;
- char parse[80], *targ, *lun;
+ const char *errstr;
+ char parse[80], *targ, *lun;
strlcpy(parse, string, sizeof parse);
targ = strchr(parse, ':');
@@ -273,13 +214,13 @@ str2locator(const char *string, struct l
void
bio_inq(char *name)
{
- char *status, size[64], scsiname[16], volname[32];
- char percent[10], seconds[20];
- int rv, i, d, volheader, hotspare, unused;
- char encname[16], serial[32];
- struct bioc_disk bd;
- struct bioc_inq bi;
- struct bioc_vol bv;
+ char *status, size[64], scsiname[16], volname[32];
+ char percent[10], seconds[20];
+ int rv, i, d, volheader, hotspare, unused;
+ char encname[16], serial[32];
+ struct bioc_disk bd;
+ struct bioc_inq bi;
+ struct bioc_vol bv;
memset(&bi, 0, sizeof(bi));
@@ -362,19 +303,9 @@ bio_inq(char *name)
else
snprintf(size, sizeof size, "%14llu",
bv.bv_size);
- switch (bv.bv_level) {
- case 'C':
- printf("%7s %-10s %14s %-7s CRYPTO%s%s\n",
- volname, status, size, bv.bv_dev,
- percent, seconds);
- break;
- default:
- printf("%7s %-10s %14s %-7s RAID%u%s%s\n",
- volname, status, size, bv.bv_dev,
- bv.bv_level, percent, seconds);
- break;
- }
-
+ printf("%7s %-10s %14s %-7s RAID%u%s%s\n",
+ volname, status, size, bv.bv_dev,
+ bv.bv_level, percent, seconds);
}
for (d = 0; d < bv.bv_nodisk; d++) {
@@ -450,8 +381,8 @@ bio_inq(char *name)
void
bio_alarm(char *arg)
{
- int rv;
- struct bioc_alarm ba;
+ int rv;
+ struct bioc_alarm ba;
ba.ba_cookie = bl.bl_cookie;
@@ -616,227 +547,6 @@ bio_blink(char *enclosure, int target, i
close(bioh);
}
-void
-bio_createraid(u_int16_t level, char *dev_list)
-{
- struct bioc_createraid create;
- struct sr_crypto_kdfinfo kdfinfo;
- struct sr_crypto_kdf_pbkdf2 kdfhint;
- int rv, no_dev;
- dev_t *dt;
- u_int16_t min_disks = 0;
-
- if (!dev_list)
- errx(1, "no devices specified");
-
- dt = (dev_t *)malloc(BIOC_CRMAXLEN);
- if (!dt)
- err(1, "not enough memory for dev_t list");
- memset(dt, 0, BIOC_CRMAXLEN);
-
- no_dev = bio_parse_devlist(dev_list, dt);
-
- switch (level) {
- case 0:
- min_disks = 2;
- break;
- case 1:
- min_disks = 2;
- break;
- case 'C':
- min_disks = 1;
- break;
- case 'c':
- min_disks = 1;
- break;
- default:
- errx(1, "unsupported raid level");
- }
-
- if (no_dev < min_disks)
- errx(1, "not enough disks");
-
- /* for crypto raid we only allow one single chunk */
- if (level == 'C' && no_dev != min_disks)
- errx(1, "not exactly one disks");
-
-
- memset(&create, 0, sizeof(create));
- create.bc_cookie = bl.bl_cookie;
- create.bc_level = level;
- create.bc_dev_list_len = no_dev * sizeof(dev_t);
- create.bc_dev_list = dt;
- create.bc_flags = BIOC_SCDEVT | cflags;
-
- if (level == 'C') {
- memset(&kdfinfo, 0, sizeof(kdfinfo));
- memset(&kdfhint, 0, sizeof(kdfhint));
-
- create.bc_opaque = &kdfhint;
- create.bc_opaque_size = sizeof(kdfhint);
- create.bc_opaque_flags = BIOC_SOOUT;
-
- /* try to get KDF hint */
- if (ioctl(devh, BIOCCREATERAID, &create) == -1)
- err(1, "ioctl");
-
- if (create.bc_opaque_status == BIOC_SOINOUT_OK) {
- bio_kdf_derive(&kdfinfo, &kdfhint);
- memset(&kdfhint, 0, sizeof(kdfhint));
- } else {
- bio_kdf_generate(&kdfinfo);
- /* no auto assembling */
- create.bc_flags |= BIOC_SCNOAUTOASSEMBLE;
- }
-
- create.bc_opaque = &kdfinfo;
- create.bc_opaque_size = sizeof(kdfinfo);
- create.bc_opaque_flags = BIOC_SOIN;
- }
-
- rv = ioctl(devh, BIOCCREATERAID, &create);
- memset(&kdfinfo, 0, sizeof(kdfinfo));
- memset(&create, 0, sizeof(create));
- if (rv == -1) {
- if (errno == EPERM)
- errx(1, "Incorrect passphrase");
- err(1, "BIOCCREATERAID");
- }
-
- free(dt);
-}
-
-void
-bio_kdf_derive(struct sr_crypto_kdfinfo *kdfinfo, struct sr_crypto_kdf_pbkdf2
- *kdfhint)
-{
- if (!kdfinfo)
- errx(1, "invalid KDF info");
- if (!kdfhint)
- errx(1, "invalid KDF hint");
-
- if (kdfhint->len != sizeof(*kdfhint))
- errx(1, "KDF hint has invalid size");
- if (kdfhint->type != SR_CRYPTOKDFT_PBKDF2)
- errx(1, "unknown KDF type %d", kdfhint->type);
- if (kdfhint->rounds < 1000)
- errx(1, "number of KDF rounds too low: %d", kdfhint->rounds);
-
- kdfinfo->flags = SR_CRYPTOKDF_KEY;
- kdfinfo->len = sizeof(*kdfinfo);
-
- derive_key_pkcs(kdfhint->rounds,
- kdfinfo->maskkey, sizeof(kdfinfo->maskkey),
- kdfhint->salt, sizeof(kdfhint->salt), 0);
-}
-
-void
-bio_kdf_generate(struct sr_crypto_kdfinfo *kdfinfo)
-{
- if (!kdfinfo)
- errx(1, "invalid KDF info");
-
- kdfinfo->pbkdf2.len = sizeof(kdfinfo->pbkdf2);
- kdfinfo->pbkdf2.type = SR_CRYPTOKDFT_PBKDF2;
- kdfinfo->pbkdf2.rounds = rflag;
- kdfinfo->len = sizeof(*kdfinfo);
- kdfinfo->flags = (SR_CRYPTOKDF_KEY | SR_CRYPTOKDF_HINT);
-
- /* generate salt */
- arc4random_buf(kdfinfo->pbkdf2.salt, sizeof(kdfinfo->pbkdf2.salt));
-
- derive_key_pkcs(kdfinfo->pbkdf2.rounds,
- kdfinfo->maskkey, sizeof(kdfinfo->maskkey),
- kdfinfo->pbkdf2.salt, sizeof(kdfinfo->pbkdf2.salt), 1);
-}
-
-int
-bio_parse_devlist(char *lst, dev_t *dt)
-{
- char *s, *e;
- u_int32_t sz = 0;
- int no_dev = 0, i, x;
- struct stat sb;
- char dev[MAXPATHLEN];
-
- if (!lst)
- errx(1, "invalid device list");
-
- s = e = lst;
- /* make sure we have a valid device list like /dev/sdNa,/dev/sdNNa */
- while (*e != '\0') {
- if (*e == ',')
- s = e + 1;
- else if (*(e + 1) == '\0' || *(e + 1) == ',') {
- /* got one */
- sz = e - s + 1;
- strlcpy(dev, s, sz + 1);
- if (stat(dev, &sb) == -1)
- err(1, "could not stat %s", dev);
- dt[no_dev] = sb.st_rdev;
- no_dev++;
- if (no_dev > (int)(BIOC_CRMAXLEN / sizeof(dev_t)))
- errx(1, "too many devices on device list");
- }
- e++;
- }
-
- for (i = 0; i < no_dev; i++)
- for (x = 0; x < no_dev; x++)
- if (dt[i] == dt[x] && x != i)
- errx(1, "duplicate device in list");
-
- return (no_dev);
-}
-
-u_int32_t
-bio_createflags(char *lst)
-{
- char *s, *e, fs[32];
- u_int32_t sz = 0;
- u_int32_t flags = 0;
-
- if (!lst)
- errx(1, "invalid flags list");
-
- s = e = lst;
- /* make sure we have a valid flags list like force,noassemeble */
- while (*e != '\0') {
- if (*e == ',')
- s = e + 1;
- else if (*(e + 1) == '\0' || *(e + 1) == ',') {
- /* got one */
- sz = e - s + 1;
- switch (s[0]) {
- case 'f':
- flags |= BIOC_SCFORCE;
- break;
- case 'n':
- flags |= BIOC_SCNOAUTOASSEMBLE;
- break;
- default:
- strlcpy(fs, s, sz + 1);
- errx(1, "invalid flag %s", fs);
- }
- }
- e++;
- }
-
- return (flags);
-}
-
-void
-bio_deleteraid(char *dev)
-{
- struct bioc_deleteraid bd;
- memset(&bd, 0, sizeof(bd));
-
- bd.bd_cookie = bd.bd_cookie;
- strlcpy(bd.bd_dev, dev, sizeof bd.bd_dev);
- if (ioctl(devh, BIOCDELETERAID, &bd))
- errx(1, "delete volume %s failed", dev);
-}
-
#define BIOCTL_VIS_NBUF 4
#define BIOCTL_VIS_BUFLEN 80
@@ -865,50 +575,4 @@ bio_diskinq(char *sd_dev)
printf("%s: <%s, %s, %s>, serial %s\n", sd_dev, bio_vis(di.vendor),
bio_vis(di.product), bio_vis(di.revision), bio_vis(di.serial));
-}
-
-void
-derive_key_pkcs(int rounds, u_int8_t *key, size_t keysz, u_int8_t *salt,
- size_t saltsz, int verify)
-{
- char passphrase[1024], verifybuf[1024];
-
- if (!key)
- errx(1, "Invalid key");
- if (!salt)
- errx(1, "Invalid salt");
- if (rounds < 1000)
- errx(1, "Too less rounds: %d", rounds);
-
- /* get passphrase */
- if (readpassphrase("Passphrase: ", passphrase, sizeof(passphrase),
- RPP_REQUIRE_TTY) == NULL)
- errx(1, "unable to read passphrase");
-
- if (verify) {
- /* request user to re-type it */
- if (readpassphrase("Re-type passphrase: ", verifybuf,
- sizeof(verifybuf), RPP_REQUIRE_TTY) == NULL) {
- memset(passphrase, 0, sizeof(passphrase));
- errx(1, "unable to read passphrase");
- }
- if ((strlen(passphrase) != strlen(verifybuf)) ||
- (strcmp(passphrase, verifybuf) != 0)) {
- memset(passphrase, 0, sizeof(passphrase));
- memset(verifybuf, 0, sizeof(verifybuf));
- errx(1, "Passphrases did not match");
- }
- /* forget the re-typed one */
- memset(verifybuf, 0, strlen(verifybuf));
- }
-
- /* derive key from passphrase */
- if (pkcs5_pbkdf2(passphrase, strlen(passphrase), salt, saltsz,
- key, keysz, rounds) != 0)
- errx(1, "pbkdf2 failed");
-
- /* forget passphrase */
- memset(passphrase, 0, sizeof(passphrase));
-
- return;
}
Index: bioctl/pbkdf2.c
===================================================================
RCS file: bioctl/pbkdf2.c
diff -N bioctl/pbkdf2.c
--- bioctl/pbkdf2.c 26 Dec 2008 18:50:47 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,253 +0,0 @@
-/* $OpenBSD$ */
-
-/*-
- * Copyright (c) 2008 Damien Bergamini <[email protected]>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-
-#include <string.h>
-#include <limits.h>
-#include <stdlib.h>
-
-#include <sha1.h>
-
-#include "pbkdf2.h"
-
-/* #define PBKDF2_MAIN */
-
-/*
- * HMAC-SHA-1 (from RFC 2202).
- */
-static void
-hmac_sha1(const u_int8_t *text, size_t text_len, const u_int8_t *key,
- size_t key_len, u_int8_t digest[SHA1_DIGEST_LENGTH])
-{
- SHA1_CTX ctx;
- u_int8_t k_pad[SHA1_BLOCK_LENGTH];
- u_int8_t tk[SHA1_DIGEST_LENGTH];
- int i;
-
- if (key_len > SHA1_BLOCK_LENGTH) {
- SHA1Init(&ctx);
- SHA1Update(&ctx, key, key_len);
- SHA1Final(tk, &ctx);
-
- key = tk;
- key_len = SHA1_DIGEST_LENGTH;
- }
-
- bzero(k_pad, sizeof k_pad);
- bcopy(key, k_pad, key_len);
- for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
- k_pad[i] ^= 0x36;
-
- SHA1Init(&ctx);
- SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
- SHA1Update(&ctx, text, text_len);
- SHA1Final(digest, &ctx);
-
- bzero(k_pad, sizeof k_pad);
- bcopy(key, k_pad, key_len);
- for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
- k_pad[i] ^= 0x5c;
-
- SHA1Init(&ctx);
- SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
- SHA1Update(&ctx, digest, SHA1_DIGEST_LENGTH);
- SHA1Final(digest, &ctx);
-}
-
-/*
- * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
- * Code based on IEEE Std 802.11-2007, Annex H.4.2.
- */
-int
-pkcs5_pbkdf2(const char *pass, size_t pass_len, const char *salt, size_t
salt_len,
- u_int8_t *key, size_t key_len, u_int rounds)
-{
- u_int8_t *asalt, obuf[SHA1_DIGEST_LENGTH];
- u_int8_t d1[SHA1_DIGEST_LENGTH], d2[SHA1_DIGEST_LENGTH];
- u_int i, j;
- u_int count;
- size_t r;
-
- if (rounds < 1 || key_len == 0)
- return -1;
- if (salt_len == 0 || salt_len > SIZE_MAX - 1)
- return -1;
- if ((asalt = malloc(salt_len + 4)) == NULL)
- return -1;
-
- memcpy(asalt, salt, salt_len);
-
- for (count = 1; key_len > 0; count++) {
- asalt[salt_len + 0] = (count >> 24) & 0xff;
- asalt[salt_len + 1] = (count >> 16) & 0xff;
- asalt[salt_len + 2] = (count >> 8) & 0xff;
- asalt[salt_len + 3] = count & 0xff;
- hmac_sha1(asalt, salt_len + 4, pass, pass_len, d1);
- memcpy(obuf, d1, sizeof(obuf));
-
- for (i = 1; i < rounds; i++) {
- hmac_sha1(d1, sizeof(d1), pass, pass_len, d2);
- memcpy(d1, d2, sizeof(d1));
- for (j = 0; j < sizeof(obuf); j++)
- obuf[j] ^= d1[j];
- }
-
- r = MIN(key_len, SHA1_DIGEST_LENGTH);
- memcpy(key, obuf, r);
- key += r;
- key_len -= r;
- };
- bzero(asalt, salt_len + 4);
- free(asalt);
- bzero(d1, sizeof(d1));
- bzero(d2, sizeof(d2));
- bzero(obuf, sizeof(obuf));
-
- return 0;
-}
-
-#ifdef PBKDF2_MAIN
-struct test_vector {
- u_int rounds;
- const char *pass;
- const char *salt;
- const char expected[32];
-};
-
-/*
- * Test vectors from RFC 3962
- */
-struct test_vector test_vectors[] = {
- {
- 1,
- "password",
- "ATHENA.MIT.EDUraeburn",
- {
- 0xcd, 0xed, 0xb5, 0x28, 0x1b, 0xb2, 0xf8, 0x01,
- 0x56, 0x5a, 0x11, 0x22, 0xb2, 0x56, 0x35, 0x15,
- 0x0a, 0xd1, 0xf7, 0xa0, 0x4b, 0xb9, 0xf3, 0xa3,
- 0x33, 0xec, 0xc0, 0xe2, 0xe1, 0xf7, 0x08, 0x37
- },
- }, {
- 2,
- "password",
- "ATHENA.MIT.EDUraeburn",
- {
- 0x01, 0xdb, 0xee, 0x7f, 0x4a, 0x9e, 0x24, 0x3e,
- 0x98, 0x8b, 0x62, 0xc7, 0x3c, 0xda, 0x93, 0x5d,
- 0xa0, 0x53, 0x78, 0xb9, 0x32, 0x44, 0xec, 0x8f,
- 0x48, 0xa9, 0x9e, 0x61, 0xad, 0x79, 0x9d, 0x86
- },
- }, {
- 1200,
- "password",
- "ATHENA.MIT.EDUraeburn",
- {
- 0x5c, 0x08, 0xeb, 0x61, 0xfd, 0xf7, 0x1e, 0x4e,
- 0x4e, 0xc3, 0xcf, 0x6b, 0xa1, 0xf5, 0x51, 0x2b,
- 0xa7, 0xe5, 0x2d, 0xdb, 0xc5, 0xe5, 0x14, 0x2f,
- 0x70, 0x8a, 0x31, 0xe2, 0xe6, 0x2b, 0x1e, 0x13
- },
- }, {
- 5,
- "password",
- "\0224VxxV4\022", /* 0x1234567878563412 */
- {
- 0xd1, 0xda, 0xa7, 0x86, 0x15, 0xf2, 0x87, 0xe6,
- 0xa1, 0xc8, 0xb1, 0x20, 0xd7, 0x06, 0x2a, 0x49,
- 0x3f, 0x98, 0xd2, 0x03, 0xe6, 0xbe, 0x49, 0xa6,
- 0xad, 0xf4, 0xfa, 0x57, 0x4b, 0x6e, 0x64, 0xee
- },
- }, {
- 1200,
- "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
- "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase equals block size",
- {
- 0x13, 0x9c, 0x30, 0xc0, 0x96, 0x6b, 0xc3, 0x2b,
- 0xa5, 0x5f, 0xdb, 0xf2, 0x12, 0x53, 0x0a, 0xc9,
- 0xc5, 0xec, 0x59, 0xf1, 0xa4, 0x52, 0xf5, 0xcc,
- 0x9a, 0xd9, 0x40, 0xfe, 0xa0, 0x59, 0x8e, 0xd1
- },
- }, {
- 1200,
- "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
- "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase exceeds block size",
- {
- 0x9c, 0xca, 0xd6, 0xd4, 0x68, 0x77, 0x0c, 0xd5,
- 0x1b, 0x10, 0xe6, 0xa6, 0x87, 0x21, 0xbe, 0x61,
- 0x1a, 0x8b, 0x4d, 0x28, 0x26, 0x01, 0xdb, 0x3b,
- 0x36, 0xbe, 0x92, 0x46, 0x91, 0x5e, 0xc8, 0x2a
- },
- }, {
- 50,
- "\360\235\204\236", /* g-clef (0xf09d849e) */
- "EXAMPLE.COMpianist",
- {
- 0x6b, 0x9c, 0xf2, 0x6d, 0x45, 0x45, 0x5a, 0x43,
- 0xa5, 0xb8, 0xbb, 0x27, 0x6a, 0x40, 0x3b, 0x39,
- 0xe7, 0xfe, 0x37, 0xa0, 0xc4, 0x1e, 0x02, 0xc2,
- 0x81, 0xff, 0x30, 0x69, 0xe1, 0xe9, 0x4f, 0x52
- },
- }
-};
-#define NVECS (sizeof(test_vectors) / sizeof(*test_vectors))
-
-#include <stdio.h>
-#include <err.h>
-
-static void
-printhex(const char *s, const u_int8_t *buf, size_t len)
-{
- size_t i;
-
- printf("%s: ", s);
- for (i = 0; i < len; i++)
- printf("%02x", buf[i]);
- printf("\n");
- fflush(stdout);
-}
-
-int
-main(int argc, char **argv)
-{
- u_int i, j;
- u_char result[32];
- struct test_vector *vec;
-
- for (i = 0; i < NVECS; i++) {
- vec = &test_vectors[i];
- printf("vector %u\n", i);
- for (j = 1; j < sizeof(result); j += 3) {
- if (pkcs5_pbkdf2(vec->pass, strlen(vec->pass),
- vec->salt, strlen(vec->salt),
- result, j, vec->rounds) != 0)
- errx(1, "pbkdf2 failed");
- if (memcmp(result, vec->expected, j) != 0) {
- printhex(" got", result, j);
- printhex("want", vec->expected, j);
- return 1;
- }
- }
- }
- return 0;
-}
-#endif /* PBKDF2_MAIN */
Index: bioctl/pbkdf2.h
===================================================================
RCS file: bioctl/pbkdf2.h
diff -N bioctl/pbkdf2.h
--- bioctl/pbkdf2.h 26 Dec 2008 18:50:48 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,24 +0,0 @@
-/* $OpenBSD$ */
-
-/*-
- * Copyright (c) 2008 Damien Bergamini <[email protected]>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
- * Code based on IEEE Std 802.11-2007, Annex H.4.2.
- */
-int pkcs5_pbkdf2(const char *, size_t, const char *, size_t,
- u_int8_t *, size_t, u_int);
Index: wpa-psk/Makefile
===================================================================
RCS file: /cvs/src/sbin/wpa-psk/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- wpa-psk/Makefile 26 Dec 2008 18:50:53 -0000 1.2
+++ wpa-psk/Makefile 21 May 2009 23:37:27 -0000
@@ -1,9 +1,7 @@
PROG= wpa-psk
SRCS= wpa-psk.c pbkdf2.c
-CFLAGS+=-Wall -I${.CURDIR}/../bioctl
+CFLAGS+=-Wall -I{.CURDIR}/
MAN= wpa-psk.8
-
-.PATH: ${.CURDIR}/../bioctl
.include <bsd.prog.mk>
Index: wpa-psk/pbkdf2.c
===================================================================
RCS file: wpa-psk/pbkdf2.c
diff -N wpa-psk/pbkdf2.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ wpa-psk/pbkdf2.c 21 May 2009 23:37:27 -0000
@@ -0,0 +1,253 @@
+/* $OpenBSD: pbkdf2.c,v 1.1 2008/06/14 06:28:27 djm Exp $ */
+
+/*-
+ * Copyright (c) 2008 Damien Bergamini <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include <string.h>
+#include <limits.h>
+#include <stdlib.h>
+
+#include <sha1.h>
+
+#include "pbkdf2.h"
+
+/* #define PBKDF2_MAIN */
+
+/*
+ * HMAC-SHA-1 (from RFC 2202).
+ */
+static void
+hmac_sha1(const u_int8_t *text, size_t text_len, const u_int8_t *key,
+ size_t key_len, u_int8_t digest[SHA1_DIGEST_LENGTH])
+{
+ SHA1_CTX ctx;
+ u_int8_t k_pad[SHA1_BLOCK_LENGTH];
+ u_int8_t tk[SHA1_DIGEST_LENGTH];
+ int i;
+
+ if (key_len > SHA1_BLOCK_LENGTH) {
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, key, key_len);
+ SHA1Final(tk, &ctx);
+
+ key = tk;
+ key_len = SHA1_DIGEST_LENGTH;
+ }
+
+ bzero(k_pad, sizeof k_pad);
+ bcopy(key, k_pad, key_len);
+ for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
+ k_pad[i] ^= 0x36;
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
+ SHA1Update(&ctx, text, text_len);
+ SHA1Final(digest, &ctx);
+
+ bzero(k_pad, sizeof k_pad);
+ bcopy(key, k_pad, key_len);
+ for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
+ k_pad[i] ^= 0x5c;
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
+ SHA1Update(&ctx, digest, SHA1_DIGEST_LENGTH);
+ SHA1Final(digest, &ctx);
+}
+
+/*
+ * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
+ * Code based on IEEE Std 802.11-2007, Annex H.4.2.
+ */
+int
+pkcs5_pbkdf2(const char *pass, size_t pass_len, const char *salt, size_t
salt_len,
+ u_int8_t *key, size_t key_len, u_int rounds)
+{
+ u_int8_t *asalt, obuf[SHA1_DIGEST_LENGTH];
+ u_int8_t d1[SHA1_DIGEST_LENGTH], d2[SHA1_DIGEST_LENGTH];
+ u_int i, j;
+ u_int count;
+ size_t r;
+
+ if (rounds < 1 || key_len == 0)
+ return -1;
+ if (salt_len == 0 || salt_len > SIZE_MAX - 1)
+ return -1;
+ if ((asalt = malloc(salt_len + 4)) == NULL)
+ return -1;
+
+ memcpy(asalt, salt, salt_len);
+
+ for (count = 1; key_len > 0; count++) {
+ asalt[salt_len + 0] = (count >> 24) & 0xff;
+ asalt[salt_len + 1] = (count >> 16) & 0xff;
+ asalt[salt_len + 2] = (count >> 8) & 0xff;
+ asalt[salt_len + 3] = count & 0xff;
+ hmac_sha1(asalt, salt_len + 4, pass, pass_len, d1);
+ memcpy(obuf, d1, sizeof(obuf));
+
+ for (i = 1; i < rounds; i++) {
+ hmac_sha1(d1, sizeof(d1), pass, pass_len, d2);
+ memcpy(d1, d2, sizeof(d1));
+ for (j = 0; j < sizeof(obuf); j++)
+ obuf[j] ^= d1[j];
+ }
+
+ r = MIN(key_len, SHA1_DIGEST_LENGTH);
+ memcpy(key, obuf, r);
+ key += r;
+ key_len -= r;
+ };
+ bzero(asalt, salt_len + 4);
+ free(asalt);
+ bzero(d1, sizeof(d1));
+ bzero(d2, sizeof(d2));
+ bzero(obuf, sizeof(obuf));
+
+ return 0;
+}
+
+#ifdef PBKDF2_MAIN
+struct test_vector {
+ u_int rounds;
+ const char *pass;
+ const char *salt;
+ const char expected[32];
+};
+
+/*
+ * Test vectors from RFC 3962
+ */
+struct test_vector test_vectors[] = {
+ {
+ 1,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ {
+ 0xcd, 0xed, 0xb5, 0x28, 0x1b, 0xb2, 0xf8, 0x01,
+ 0x56, 0x5a, 0x11, 0x22, 0xb2, 0x56, 0x35, 0x15,
+ 0x0a, 0xd1, 0xf7, 0xa0, 0x4b, 0xb9, 0xf3, 0xa3,
+ 0x33, 0xec, 0xc0, 0xe2, 0xe1, 0xf7, 0x08, 0x37
+ },
+ }, {
+ 2,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ {
+ 0x01, 0xdb, 0xee, 0x7f, 0x4a, 0x9e, 0x24, 0x3e,
+ 0x98, 0x8b, 0x62, 0xc7, 0x3c, 0xda, 0x93, 0x5d,
+ 0xa0, 0x53, 0x78, 0xb9, 0x32, 0x44, 0xec, 0x8f,
+ 0x48, 0xa9, 0x9e, 0x61, 0xad, 0x79, 0x9d, 0x86
+ },
+ }, {
+ 1200,
+ "password",
+ "ATHENA.MIT.EDUraeburn",
+ {
+ 0x5c, 0x08, 0xeb, 0x61, 0xfd, 0xf7, 0x1e, 0x4e,
+ 0x4e, 0xc3, 0xcf, 0x6b, 0xa1, 0xf5, 0x51, 0x2b,
+ 0xa7, 0xe5, 0x2d, 0xdb, 0xc5, 0xe5, 0x14, 0x2f,
+ 0x70, 0x8a, 0x31, 0xe2, 0xe6, 0x2b, 0x1e, 0x13
+ },
+ }, {
+ 5,
+ "password",
+ "\0224VxxV4\022", /* 0x1234567878563412 */
+ {
+ 0xd1, 0xda, 0xa7, 0x86, 0x15, 0xf2, 0x87, 0xe6,
+ 0xa1, 0xc8, 0xb1, 0x20, 0xd7, 0x06, 0x2a, 0x49,
+ 0x3f, 0x98, 0xd2, 0x03, 0xe6, 0xbe, 0x49, 0xa6,
+ 0xad, 0xf4, 0xfa, 0x57, 0x4b, 0x6e, 0x64, 0xee
+ },
+ }, {
+ 1200,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase equals block size",
+ {
+ 0x13, 0x9c, 0x30, 0xc0, 0x96, 0x6b, 0xc3, 0x2b,
+ 0xa5, 0x5f, 0xdb, 0xf2, 0x12, 0x53, 0x0a, 0xc9,
+ 0xc5, 0xec, 0x59, 0xf1, 0xa4, 0x52, 0xf5, 0xcc,
+ 0x9a, 0xd9, 0x40, 0xfe, 0xa0, 0x59, 0x8e, 0xd1
+ },
+ }, {
+ 1200,
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase exceeds block size",
+ {
+ 0x9c, 0xca, 0xd6, 0xd4, 0x68, 0x77, 0x0c, 0xd5,
+ 0x1b, 0x10, 0xe6, 0xa6, 0x87, 0x21, 0xbe, 0x61,
+ 0x1a, 0x8b, 0x4d, 0x28, 0x26, 0x01, 0xdb, 0x3b,
+ 0x36, 0xbe, 0x92, 0x46, 0x91, 0x5e, 0xc8, 0x2a
+ },
+ }, {
+ 50,
+ "\360\235\204\236", /* g-clef (0xf09d849e) */
+ "EXAMPLE.COMpianist",
+ {
+ 0x6b, 0x9c, 0xf2, 0x6d, 0x45, 0x45, 0x5a, 0x43,
+ 0xa5, 0xb8, 0xbb, 0x27, 0x6a, 0x40, 0x3b, 0x39,
+ 0xe7, 0xfe, 0x37, 0xa0, 0xc4, 0x1e, 0x02, 0xc2,
+ 0x81, 0xff, 0x30, 0x69, 0xe1, 0xe9, 0x4f, 0x52
+ },
+ }
+};
+#define NVECS (sizeof(test_vectors) / sizeof(*test_vectors))
+
+#include <stdio.h>
+#include <err.h>
+
+static void
+printhex(const char *s, const u_int8_t *buf, size_t len)
+{
+ size_t i;
+
+ printf("%s: ", s);
+ for (i = 0; i < len; i++)
+ printf("%02x", buf[i]);
+ printf("\n");
+ fflush(stdout);
+}
+
+int
+main(int argc, char **argv)
+{
+ u_int i, j;
+ u_char result[32];
+ struct test_vector *vec;
+
+ for (i = 0; i < NVECS; i++) {
+ vec = &test_vectors[i];
+ printf("vector %u\n", i);
+ for (j = 1; j < sizeof(result); j += 3) {
+ if (pkcs5_pbkdf2(vec->pass, strlen(vec->pass),
+ vec->salt, strlen(vec->salt),
+ result, j, vec->rounds) != 0)
+ errx(1, "pbkdf2 failed");
+ if (memcmp(result, vec->expected, j) != 0) {
+ printhex(" got", result, j);
+ printhex("want", vec->expected, j);
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+#endif /* PBKDF2_MAIN */
Index: wpa-psk/pbkdf2.h
===================================================================
RCS file: wpa-psk/pbkdf2.h
diff -N wpa-psk/pbkdf2.h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ wpa-psk/pbkdf2.h 21 May 2009 23:37:27 -0000
@@ -0,0 +1,24 @@
+/* $OpenBSD: pbkdf2.h,v 1.1 2008/06/14 06:28:27 djm Exp $ */
+
+/*-
+ * Copyright (c) 2008 Damien Bergamini <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
+ * Code based on IEEE Std 802.11-2007, Annex H.4.2.
+ */
+int pkcs5_pbkdf2(const char *, size_t, const char *, size_t,
+ u_int8_t *, size_t, u_int);
