* parse-packet.c (parse_symkeyenc): Show the unpacked as well as the

packed s2k iteration count.
	
* main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c
(hash_passphrase): Add --s2k-count option to specify the number of s2k
hash iterations.

g10/gpg.c

@@ -274,6 +274,7 @@ enum cmd_and_opt_values
     oS2KMode,
     oS2KDigest,
     oS2KCipher,
+    oS2KCount,
     oSimpleSKChecksum,                          
     oDisplayCharset,
     oNotDashEscaped,
@@ -534,6 +535,7 @@ static ARGPARSE_OPTS opts[] = {
     { oS2KMode, "s2k-mode", 1, "@"},
     { oS2KDigest, "s2k-digest-algo", 2, "@"},
     { oS2KCipher, "s2k-cipher-algo", 2, "@"},
+    { oS2KCount, "s2k-count", 1, "@"},
     { oSimpleSKChecksum, "simple-sk-checksum", 0, "@"},
     { oCipherAlgo, "cipher-algo", 2, "@"},
     { oDigestAlgo, "digest-algo", 2, "@"},
@@ -1688,6 +1690,32 @@ reopen_std(void)
 #endif /* HAVE_STAT && !HAVE_W32_SYSTEM */
 }
 
+/* Pack an s2k iteration count into the form specified in 2440.  If
+   we're in between valid values, round up. */
+static unsigned char
+encode_s2k_iterations(int iterations)
+{
+  unsigned char c=0,result;
+  unsigned int count;
+
+  if(iterations<=1024)
+    return 0;
+
+  if(iterations>=65011712)
+    return 255;
+
+  /* Need count to be in the range 16-31 */
+  for(count=iterations>>6;count>=32;count>>=1)
+    c++;
+
+  result=(c<<4)|(count-16);
+
+  if(S2K_DECODE_COUNT(result)<iterations)
+    result++;
+
+  return result;
+}
+
 int
 main (int argc, char **argv )
 {
@@ -1760,6 +1788,7 @@ main (int argc, char **argv )
     opt.cert_digest_algo = 0;
     opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
     opt.s2k_mode = 3; /* iterated+salted */
+    opt.s2k_count = 96; /* 65536 iterations */
 #ifdef USE_CAST5
     opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
 #else
@@ -2333,6 +2362,9 @@ main (int argc, char **argv )
 	  case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
 	  case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
 	  case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
+	  case oS2KCount:
+	    opt.s2k_count=encode_s2k_iterations(pargs.r.ret_int);
+	    break;
           case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break;
 	  case oNoEncryptTo: opt.no_encrypt_to = 1; break;
 	  case oEncryptTo: /* store the recipient in the second list */

g10/main.h

@@ -295,4 +295,6 @@ int  card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock);
 int  card_store_subkey (KBNODE node, int use);
 #endif
 
+#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
+
 #endif /*G10_MAIN_H*/

g10/options.h

@@ -120,8 +120,10 @@ struct
   int s2k_mode;
   int s2k_digest_algo;
   int s2k_cipher_algo;
-  int simple_sk_checksum; /* create the deprecated rfc2440 secret
-			     key protection*/
+  unsigned char s2k_count; /* This is the encoded form, not the raw
+			      count */
+  int simple_sk_checksum; /* create the deprecated rfc2440 secret key
+			     protection */
   int not_dash_escaped;
   int escape_from;
   int lock_once;

g10/parse-packet.c

@@ -721,7 +721,9 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
 	    for(i=0; i < 8; i++ )
 		fprintf (listfp, "%02x", k->s2k.salt[i]);
 	    if( s2kmode == 3 )
-		fprintf (listfp, ", count %lu", (ulong)k->s2k.count );
+		fprintf (listfp, ", count %lu (%lu)",
+			 S2K_DECODE_COUNT((ulong)k->s2k.count),
+			 (ulong)k->s2k.count );
 	    fprintf (listfp, "\n");
 	}
     }

g10/passphrase.c

@@ -1036,11 +1036,11 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
 	    if( create && !pass ) {
 		randomize_buffer(s2k->salt, 8, 1);
 		if( s2k->mode == 3 )
-		    s2k->count = 96; /* 65536 iterations */
+		    s2k->count = opt.s2k_count;
 	    }
 
 	    if( s2k->mode == 3 ) {
-		count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6);
+		count = S2K_DECODE_COUNT(s2k->count);
 		if( count < len2 )
 		    count = len2;
 	    }