mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
* agent/command.c (cmd_getinfo): New sub-commands. * agent/protect.c (get_standard_s2k_count): Factor some code out to ... (get_calibrated_s2k_count): new. (get_standard_s2k_time): New. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
f7212f1d11
commit
52d41c8b0f
@ -486,8 +486,10 @@ gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey,
|
|||||||
char **passphrase_addr);
|
char **passphrase_addr);
|
||||||
|
|
||||||
/*-- protect.c --*/
|
/*-- protect.c --*/
|
||||||
|
unsigned long get_calibrated_s2k_count (void);
|
||||||
unsigned long get_standard_s2k_count (void);
|
unsigned long get_standard_s2k_count (void);
|
||||||
unsigned char get_standard_s2k_count_rfc4880 (void);
|
unsigned char get_standard_s2k_count_rfc4880 (void);
|
||||||
|
unsigned long get_standard_s2k_time (void);
|
||||||
int agent_protect (const unsigned char *plainkey, const char *passphrase,
|
int agent_protect (const unsigned char *plainkey, const char *passphrase,
|
||||||
unsigned char **result, size_t *resultlen,
|
unsigned char **result, size_t *resultlen,
|
||||||
unsigned long s2k_count, int use_ocb);
|
unsigned long s2k_count, int use_ocb);
|
||||||
|
@ -2848,15 +2848,17 @@ static const char hlp_getinfo[] =
|
|||||||
" socket_name - Return the name of the socket.\n"
|
" socket_name - Return the name of the socket.\n"
|
||||||
" ssh_socket_name - Return the name of the ssh socket.\n"
|
" ssh_socket_name - Return the name of the ssh socket.\n"
|
||||||
" scd_running - Return OK if the SCdaemon is already running.\n"
|
" scd_running - Return OK if the SCdaemon is already running.\n"
|
||||||
" s2k_count - Return the calibrated S2K count.\n"
|
" s2k_time - Return the time in milliseconds required for S2K.\n"
|
||||||
|
" s2k_count - Return the standard S2K count.\n"
|
||||||
|
" s2k_count_cal - Return the calibrated S2K count.\n"
|
||||||
" std_env_names - List the names of the standard environment.\n"
|
" std_env_names - List the names of the standard environment.\n"
|
||||||
" std_session_env - List the standard session environment.\n"
|
" std_session_env - List the standard session environment.\n"
|
||||||
" std_startup_env - List the standard startup environment.\n"
|
" std_startup_env - List the standard startup environment.\n"
|
||||||
" cmd_has_option\n"
|
|
||||||
" - Returns OK if the command CMD implements the option OPT.\n"
|
|
||||||
" connections - Return number of active connections.\n"
|
" connections - Return number of active connections.\n"
|
||||||
" jent_active - Returns OK if Libgcrypt's JENT is active.\n"
|
" jent_active - Returns OK if Libgcrypt's JENT is active.\n"
|
||||||
" restricted - Returns OK if the connection is in restricted mode.\n";
|
" restricted - Returns OK if the connection is in restricted mode.\n"
|
||||||
|
" cmd_has_option CMD OPT\n"
|
||||||
|
" - Returns OK if command CMD has option OPT.\n";
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
cmd_getinfo (assuan_context_t ctx, char *line)
|
cmd_getinfo (assuan_context_t ctx, char *line)
|
||||||
{
|
{
|
||||||
@ -3014,6 +3016,20 @@ cmd_getinfo (assuan_context_t ctx, char *line)
|
|||||||
rc = gpg_error (GPG_ERR_FALSE);
|
rc = gpg_error (GPG_ERR_FALSE);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
else if (!strcmp (line, "s2k_count_cal"))
|
||||||
|
{
|
||||||
|
char numbuf[50];
|
||||||
|
|
||||||
|
snprintf (numbuf, sizeof numbuf, "%lu", get_calibrated_s2k_count ());
|
||||||
|
rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
|
||||||
|
}
|
||||||
|
else if (!strcmp (line, "s2k_time"))
|
||||||
|
{
|
||||||
|
char numbuf[50];
|
||||||
|
|
||||||
|
snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_time ());
|
||||||
|
rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
|
||||||
|
}
|
||||||
else
|
else
|
||||||
rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
|
rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
|
||||||
return rc;
|
return rc;
|
||||||
|
@ -191,16 +191,13 @@ calibrate_s2k_count (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Return the calibrated S2K count. This is only public for the use
|
||||||
/* Return the standard S2K count. */
|
* of the Assuan getinfo s2k_count_cal command. */
|
||||||
unsigned long
|
unsigned long
|
||||||
get_standard_s2k_count (void)
|
get_calibrated_s2k_count (void)
|
||||||
{
|
{
|
||||||
static unsigned long count;
|
static unsigned long count;
|
||||||
|
|
||||||
if (opt.s2k_count)
|
|
||||||
return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
|
|
||||||
|
|
||||||
if (!count)
|
if (!count)
|
||||||
count = calibrate_s2k_count ();
|
count = calibrate_s2k_count ();
|
||||||
|
|
||||||
@ -209,6 +206,26 @@ get_standard_s2k_count (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Return the standard S2K count. */
|
||||||
|
unsigned long
|
||||||
|
get_standard_s2k_count (void)
|
||||||
|
{
|
||||||
|
if (opt.s2k_count)
|
||||||
|
return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
|
||||||
|
|
||||||
|
return get_calibrated_s2k_count ();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Return the milliseconds required for the standard S2K
|
||||||
|
* operation. */
|
||||||
|
unsigned long
|
||||||
|
get_standard_s2k_time (void)
|
||||||
|
{
|
||||||
|
return calibrate_s2k_count_one (get_standard_s2k_count ());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Same as get_standard_s2k_count but return the count in the encoding
|
/* Same as get_standard_s2k_count but return the count in the encoding
|
||||||
as described by rfc4880. */
|
as described by rfc4880. */
|
||||||
unsigned char
|
unsigned char
|
||||||
|
@ -186,6 +186,9 @@ this convention).
|
|||||||
@node Agent Options
|
@node Agent Options
|
||||||
@section Option Summary
|
@section Option Summary
|
||||||
|
|
||||||
|
Options may either be used on the command line or, after stripping off
|
||||||
|
the two leading dashes, in the configuration file.
|
||||||
|
|
||||||
@table @gnupgtabopt
|
@table @gnupgtabopt
|
||||||
|
|
||||||
@anchor{option --options}
|
@anchor{option --options}
|
||||||
@ -193,8 +196,9 @@ this convention).
|
|||||||
@opindex options
|
@opindex options
|
||||||
Reads configuration from @var{file} instead of from the default
|
Reads configuration from @var{file} instead of from the default
|
||||||
per-user configuration file. The default configuration file is named
|
per-user configuration file. The default configuration file is named
|
||||||
@file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly
|
@file{gpg-agent.conf} and expected in the @file{.gnupg} directory
|
||||||
below the home directory of the user.
|
directly below the home directory of the user. This option is ignored
|
||||||
|
if used in an options file.
|
||||||
|
|
||||||
@anchor{option --homedir}
|
@anchor{option --homedir}
|
||||||
@include opt-homedir.texi
|
@include opt-homedir.texi
|
||||||
@ -652,20 +656,26 @@ transitioned from using MD5 to the more secure SHA256.
|
|||||||
@opindex s2k-count
|
@opindex s2k-count
|
||||||
Specify the iteration count used to protect the passphrase. This
|
Specify the iteration count used to protect the passphrase. This
|
||||||
option can be used to override the auto-calibration done by default.
|
option can be used to override the auto-calibration done by default.
|
||||||
This auto-calibration computes a count which requires 100ms to mangle
|
The auto-calibration computes a count which requires 100ms to mangle
|
||||||
a given passphrase. To view the auto-calibrated count do not use this
|
a given passphrase.
|
||||||
option (or use 0 for @var{n}) and run this command:
|
|
||||||
|
To view the actually used iteration count and the milliseconds
|
||||||
|
required for an S2K operation use:
|
||||||
|
|
||||||
@example
|
@example
|
||||||
gpg-connect-agent 'GETINFO s2k_count' /bye
|
gpg-connect-agent 'GETINFO s2k_count' /bye
|
||||||
|
gpg-connect-agent 'GETINFO s2k_time' /bye
|
||||||
|
@end example
|
||||||
|
|
||||||
|
To view the auto-calibrated count use:
|
||||||
|
|
||||||
|
@example
|
||||||
|
gpg-connect-agent 'GETINFO s2k_count_cal' /bye
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
|
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
All the long options may also be given in the configuration file after
|
|
||||||
stripping off the two leading dashes.
|
|
||||||
|
|
||||||
|
|
||||||
@mansect files
|
@mansect files
|
||||||
@node Agent Configuration
|
@node Agent Configuration
|
||||||
|
Loading…
x
Reference in New Issue
Block a user