diff options
| author | David Shaw <dshaw@jabberwocky.com> | 2006-10-13 06:06:24 +0200 |
|---|---|---|
| committer | David Shaw <dshaw@jabberwocky.com> | 2006-10-13 06:06:24 +0200 |
| commit | c6465b0654ed67602cdd465b4a945280877c40ae (patch) | |
| tree | 059ed0d8bf110c4d1378403cbe0b925a01590810 /g10 | |
| parent | Allow pkcs#10 creation directkly from a smart card (diff) | |
| download | gnupg2-c6465b0654ed67602cdd465b4a945280877c40ae.tar.xz gnupg2-c6465b0654ed67602cdd465b4a945280877c40ae.zip | |
* parse-packet.c (parse_symkeyenc): Show the unpacked as well as the
packed s2k iteration count.
* main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c
(hash_passphrase): Add --s2k-count option to specify the number of s2k
hash iterations.
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 9 | ||||
| -rw-r--r-- | g10/gpg.c | 31 | ||||
| -rw-r--r-- | g10/main.h | 2 | ||||
| -rw-r--r-- | g10/options.h | 6 | ||||
| -rw-r--r-- | g10/parse-packet.c | 4 | ||||
| -rw-r--r-- | g10/passphrase.c | 4 |
6 files changed, 51 insertions, 5 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index e5b900607..a23e5842e 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +2006-10-12 David Shaw <dshaw@jabberwocky.com> + + * parse-packet.c (parse_symkeyenc): Show the unpacked as well as + the packed s2k iteration count. + + * main.h, options.h, gpg.c (encode_s2k_iterations, main), + passphrase.c (hash_passphrase): Add --s2k-count option to specify + the number of s2k hash iterations. + 2006-10-08 Werner Koch <wk@g10code.com> * gpgv.c: Remove the tty stubs as we are now required to link to @@ -265,6 +265,7 @@ enum cmd_and_opt_values oS2KMode, oS2KDigest, oS2KCipher, + oS2KCount, oSimpleSKChecksum, oDisplayCharset, oNotDashEscaped, @@ -523,6 +524,7 @@ static ARGPARSE_OPTS opts[] = { { oS2KMode, "s2k-mode", 1, "@"}, { oS2KDigest, "s2k-digest-algo", 2, "@"}, { oS2KCipher, "s2k-cipher-algo", 2, "@"}, + { oS2KCount, "s2k-count", 1, "@"}, { oSimpleSKChecksum, "simple-sk-checksum", 0, "@"}, { oCipherAlgo, "cipher-algo", 2, "@"}, { oDigestAlgo, "digest-algo", 2, "@"}, @@ -1708,6 +1710,31 @@ reopen_std(void) #endif /* HAVE_STAT && !HAVE_W32_SYSTEM */ } +/* Pack an s2k iteration count into the form specified in 2440. If + we're in between valid values, round up. */ +static unsigned char +encode_s2k_iterations(int iterations) +{ + unsigned char c=0,result; + unsigned int count; + + if(iterations<=1024) + return 0; + + if(iterations>=65011712) + return 255; + + /* Need count to be in the range 16-31 */ + for(count=iterations>>6;count>=32;count>>=1) + c++; + + result=(c<<4)|(count-16); + + if(S2K_DECODE_COUNT(result)<iterations) + result++; + + return result; +} int main (int argc, char **argv ) @@ -1800,6 +1827,7 @@ main (int argc, char **argv ) opt.cert_digest_algo = 0; opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */ opt.s2k_mode = 3; /* iterated+salted */ + opt.s2k_count = 96; /* 65536 iterations */ #ifdef USE_CAST5 opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; #else @@ -2315,6 +2343,9 @@ main (int argc, char **argv ) case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break; case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break; + case oS2KCount: + opt.s2k_count=encode_s2k_iterations(pargs.r.ret_int); + break; case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break; case oNoEncryptTo: opt.no_encrypt_to = 1; break; case oEncryptTo: /* store the recipient in the second list */ diff --git a/g10/main.h b/g10/main.h index 4e82a525c..5303aa3a9 100644 --- a/g10/main.h +++ b/g10/main.h @@ -304,4 +304,6 @@ int card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock); int card_store_subkey (KBNODE node, int use); #endif +#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6)) + #endif /*G10_MAIN_H*/ diff --git a/g10/options.h b/g10/options.h index d36db1a79..6fd8202fb 100644 --- a/g10/options.h +++ b/g10/options.h @@ -120,8 +120,10 @@ struct int s2k_mode; int s2k_digest_algo; int s2k_cipher_algo; - int simple_sk_checksum; /* create the deprecated rfc2440 secret - key protection*/ + unsigned char s2k_count; /* This is the encoded form, not the raw + count */ + int simple_sk_checksum; /* create the deprecated rfc2440 secret key + protection */ int not_dash_escaped; int escape_from; int lock_once; diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 691f6696c..5b8f2de64 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -775,7 +775,9 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) for(i=0; i < 8; i++ ) fprintf (listfp, "%02x", k->s2k.salt[i]); if( s2kmode == 3 ) - fprintf (listfp, ", count %lu", (ulong)k->s2k.count ); + fprintf (listfp, ", count %lu (%lu)", + S2K_DECODE_COUNT((ulong)k->s2k.count), + (ulong)k->s2k.count ); fprintf (listfp, "\n"); } } diff --git a/g10/passphrase.c b/g10/passphrase.c index b156d8f27..744da06ba 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -88,12 +88,12 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k, int create ) { gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM); if ( s2k->mode == 3 ) - s2k->count = 96; /* 65536 iterations. */ + s2k->count = opt.s2k_count; } if ( s2k->mode == 3 ) { - count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6); + count = S2K_DECODE_COUNT(s2k->count); if ( count < len2 ) count = len2; } |