hey,
this was ok'ed by djm, somebody should commit it!
On Thu, Feb 04, 2010 at 19:25 +0300, Mike Belopuhov wrote:
hey,
while looking thru bioctl stuff, i've accidentaly stumbled upon
pbkdf2 thing and found out that mount_vnd still uses local
pkcs5_pbkdf2.c from NetBSD and links against libcrypto (although
it's a static binary). reduction in size is about 2.5 times
(from 353K to 145K), so it's a win, right? :)
i've tested compatibility between old and new versions and
everything looks.. er.. compatible.
so sending this out that it won't be lost.
Index: Makefile
===
RCS file: /cvs/src/sbin/mount_vnd/Makefile,v
retrieving revision 1.6
diff -N -u -p Makefile
--- Makefile 14 Jun 2008 01:47:27 - 1.6
+++ Makefile 4 Feb 2010 16:10:01 -
@@ -1,8 +1,11 @@
# $OpenBSD: Makefile,v 1.6 2008/06/14 01:47:27 grunk Exp $
+.PATH: ${.CURDIR}/../bioctl
+CFLAGS+=-I${.CURDIR}/../bioctl
+
PROG=mount_vnd
-SRCS=mount_vnd.c pkcs5_pbkdf2.c
-LDADD= -lutil -lcrypto
+SRCS=mount_vnd.c pbkdf2.c
+LDADD= -lutil
DPADD= ${LIBUTIL}
CDIAGFLAGS+= -Wall
Index: mount_vnd.c
===
RCS file: /cvs/src/sbin/mount_vnd/mount_vnd.c,v
retrieving revision 1.8
diff -N -u -p mount_vnd.c
--- mount_vnd.c 3 Sep 2008 23:24:25 - 1.8
+++ mount_vnd.c 4 Feb 2010 16:10:01 -
@@ -49,14 +49,14 @@
#include err.h
#include errno.h
#include fcntl.h
-#include pwd.h
+#include readpassphrase.h
#include stdio.h
#include stdlib.h
#include string.h
#include unistd.h
#include util.h
-#include pkcs5_pbkdf2.h
+#include pbkdf2.h
#define DEFAULT_VND svnd0
@@ -180,19 +180,20 @@ main(int argc, char **argv)
char *
get_pkcs_key(char *arg, char *saltopt)
{
- char keybuf[128], saltbuf[128], saltfilebuf[PATH_MAX];
- char*saltfile;
+ char passphrase[128];
+ char saltbuf[128], saltfilebuf[PATH_MAX];
char*key = NULL;
+ char*saltfile;
const char *errstr;
int rounds;
rounds = strtonum(arg, 1000, INT_MAX, errstr);
if (errstr)
err(1, rounds: %s, errstr);
- key = getpass(Encryption key: );
- if (!key || strlen(key) == 0)
- errx(1, Need an encryption key);
- strncpy(keybuf, key, sizeof(keybuf));
+ bzero(passphrase, sizeof(passphrase));
+ if (readpassphrase(Encryption key: , passphrase, sizeof(passphrase),
+ RPP_REQUIRE_TTY) == NULL)
+ errx(1, Unable to read passphrase);
if (saltopt)
saltfile = saltopt;
else {
@@ -212,7 +213,8 @@ get_pkcs_key(char *arg, char *saltopt)
if (fd == -1) {
int *s;
- fprintf(stderr, Salt file not found, attempting to
create one\n);
+ fprintf(stderr, Salt file not found, attempting to
+ create one\n);
fd = open(saltfile, O_RDWR|O_CREAT|O_EXCL, 0600);
if (fd == -1)
err(1, Unable to create salt file: '%s',
@@ -222,18 +224,24 @@ get_pkcs_key(char *arg, char *saltopt)
*s = arc4random();
if (write(fd, saltbuf, sizeof(saltbuf))
!= sizeof(saltbuf))
- err(1, Unable to write salt file: '%s',
saltfile);
- fprintf(stderr, Salt file created as '%s'\n,
saltfile);
+ err(1, Unable to write salt file: '%s',
+ saltfile);
+ fprintf(stderr, Salt file created as '%s'\n,
+ saltfile);
} else {
if (read(fd, saltbuf, sizeof(saltbuf))
!= sizeof(saltbuf))
- err(1, Unable to read salt file: '%s',
saltfile);
+ err(1, Unable to read salt file: '%s',
+ saltfile);
}
close(fd);
}
- if (pkcs5_pbkdf2((u_int8_t**)key, BLF_MAXUTILIZED, keybuf,
- sizeof(keybuf), saltbuf, sizeof(saltbuf), rounds, 0))
+ if ((key = calloc(1, BLF_MAXUTILIZED)) == NULL)
+ err(1, NULL);
+ if (pkcs5_pbkdf2(passphrase, sizeof(passphrase), saltbuf,
+ sizeof (saltbuf), key, BLF_MAXUTILIZED, rounds))
errx(1, pkcs5_pbkdf2 failed);
+ memset(passphrase, 0, sizeof(passphrase));
return (key);
}
Index: pkcs5_pbkdf2.c
===
RCS file: /cvs/src/sbin/mount_vnd/pkcs5_pbkdf2.c,v
retrieving revision 1.5
diff -N -u -p pkcs5_pbkdf2.c
---