1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00

agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".

* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-11-06 14:20:03 +01:00
parent f7212f1d11
commit 52d41c8b0f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 69 additions and 24 deletions

View File

@ -486,8 +486,10 @@ gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey,
char **passphrase_addr); char **passphrase_addr);
/*-- protect.c --*/ /*-- protect.c --*/
unsigned long get_calibrated_s2k_count (void);
unsigned long get_standard_s2k_count (void); unsigned long get_standard_s2k_count (void);
unsigned char get_standard_s2k_count_rfc4880 (void); unsigned char get_standard_s2k_count_rfc4880 (void);
unsigned long get_standard_s2k_time (void);
int agent_protect (const unsigned char *plainkey, const char *passphrase, int agent_protect (const unsigned char *plainkey, const char *passphrase,
unsigned char **result, size_t *resultlen, unsigned char **result, size_t *resultlen,
unsigned long s2k_count, int use_ocb); unsigned long s2k_count, int use_ocb);

View File

@ -2848,15 +2848,17 @@ static const char hlp_getinfo[] =
" socket_name - Return the name of the socket.\n" " socket_name - Return the name of the socket.\n"
" ssh_socket_name - Return the name of the ssh socket.\n" " ssh_socket_name - Return the name of the ssh socket.\n"
" scd_running - Return OK if the SCdaemon is already running.\n" " scd_running - Return OK if the SCdaemon is already running.\n"
" s2k_count - Return the calibrated S2K count.\n" " s2k_time - Return the time in milliseconds required for S2K.\n"
" s2k_count - Return the standard S2K count.\n"
" s2k_count_cal - Return the calibrated S2K count.\n"
" std_env_names - List the names of the standard environment.\n" " std_env_names - List the names of the standard environment.\n"
" std_session_env - List the standard session environment.\n" " std_session_env - List the standard session environment.\n"
" std_startup_env - List the standard startup environment.\n" " std_startup_env - List the standard startup environment.\n"
" cmd_has_option\n"
" - Returns OK if the command CMD implements the option OPT.\n"
" connections - Return number of active connections.\n" " connections - Return number of active connections.\n"
" jent_active - Returns OK if Libgcrypt's JENT is active.\n" " jent_active - Returns OK if Libgcrypt's JENT is active.\n"
" restricted - Returns OK if the connection is in restricted mode.\n"; " restricted - Returns OK if the connection is in restricted mode.\n"
" cmd_has_option CMD OPT\n"
" - Returns OK if command CMD has option OPT.\n";
static gpg_error_t static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line) cmd_getinfo (assuan_context_t ctx, char *line)
{ {
@ -3014,6 +3016,20 @@ cmd_getinfo (assuan_context_t ctx, char *line)
rc = gpg_error (GPG_ERR_FALSE); rc = gpg_error (GPG_ERR_FALSE);
#endif #endif
} }
else if (!strcmp (line, "s2k_count_cal"))
{
char numbuf[50];
snprintf (numbuf, sizeof numbuf, "%lu", get_calibrated_s2k_count ());
rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
}
else if (!strcmp (line, "s2k_time"))
{
char numbuf[50];
snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_time ());
rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
}
else else
rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
return rc; return rc;

View File

@ -191,16 +191,13 @@ calibrate_s2k_count (void)
} }
/* Return the calibrated S2K count. This is only public for the use
/* Return the standard S2K count. */ * of the Assuan getinfo s2k_count_cal command. */
unsigned long unsigned long
get_standard_s2k_count (void) get_calibrated_s2k_count (void)
{ {
static unsigned long count; static unsigned long count;
if (opt.s2k_count)
return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
if (!count) if (!count)
count = calibrate_s2k_count (); count = calibrate_s2k_count ();
@ -209,6 +206,26 @@ get_standard_s2k_count (void)
} }
/* Return the standard S2K count. */
unsigned long
get_standard_s2k_count (void)
{
if (opt.s2k_count)
return opt.s2k_count < 65536 ? 65536 : opt.s2k_count;
return get_calibrated_s2k_count ();
}
/* Return the milliseconds required for the standard S2K
* operation. */
unsigned long
get_standard_s2k_time (void)
{
return calibrate_s2k_count_one (get_standard_s2k_count ());
}
/* Same as get_standard_s2k_count but return the count in the encoding /* Same as get_standard_s2k_count but return the count in the encoding
as described by rfc4880. */ as described by rfc4880. */
unsigned char unsigned char

View File

@ -186,6 +186,9 @@ this convention).
@node Agent Options @node Agent Options
@section Option Summary @section Option Summary
Options may either be used on the command line or, after stripping off
the two leading dashes, in the configuration file.
@table @gnupgtabopt @table @gnupgtabopt
@anchor{option --options} @anchor{option --options}
@ -193,8 +196,9 @@ this convention).
@opindex options @opindex options
Reads configuration from @var{file} instead of from the default Reads configuration from @var{file} instead of from the default
per-user configuration file. The default configuration file is named per-user configuration file. The default configuration file is named
@file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly @file{gpg-agent.conf} and expected in the @file{.gnupg} directory
below the home directory of the user. directly below the home directory of the user. This option is ignored
if used in an options file.
@anchor{option --homedir} @anchor{option --homedir}
@include opt-homedir.texi @include opt-homedir.texi
@ -652,20 +656,26 @@ transitioned from using MD5 to the more secure SHA256.
@opindex s2k-count @opindex s2k-count
Specify the iteration count used to protect the passphrase. This Specify the iteration count used to protect the passphrase. This
option can be used to override the auto-calibration done by default. option can be used to override the auto-calibration done by default.
This auto-calibration computes a count which requires 100ms to mangle The auto-calibration computes a count which requires 100ms to mangle
a given passphrase. To view the auto-calibrated count do not use this a given passphrase.
option (or use 0 for @var{n}) and run this command:
To view the actually used iteration count and the milliseconds
required for an S2K operation use:
@example @example
gpg-connect-agent 'GETINFO s2k_count' /bye gpg-connect-agent 'GETINFO s2k_count' /bye
gpg-connect-agent 'GETINFO s2k_time' /bye
@end example
To view the auto-calibrated count use:
@example
gpg-connect-agent 'GETINFO s2k_count_cal' /bye
@end example @end example
@end table @end table
All the long options may also be given in the configuration file after
stripping off the two leading dashes.
@mansect files @mansect files
@node Agent Configuration @node Agent Configuration