security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-07 17:33:02 +01:00
Code Activity

* parse-packet.c (parse_symkeyenc): Show the unpacked as well as the

Browse Source 
packed s2k iteration count.

* main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c
(hash_passphrase): Add --s2k-count option to specify the number of s2k
hash iterations.
This commit is contained in:
David Shaw 2006-10-13 04:06:24 +00:00
parent 43825e9dae
commit c6465b0654
6 changed files with 51 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
g10/ChangeLog
View File

@ -1,3 +1,12 @@
2006-10-12 David Shaw <dshaw@jabberwocky.com>
* parse-packet.c (parse_symkeyenc): Show the unpacked as well as
the packed s2k iteration count.
* main.h, options.h, gpg.c (encode_s2k_iterations, main),
passphrase.c (hash_passphrase): Add --s2k-count option to specify
the number of s2k hash iterations.
2006-10-08 Werner Koch <wk@g10code.com> 2006-10-08 Werner Koch <wk@g10code.com>
* gpgv.c: Remove the tty stubs as we are now required to link to * gpgv.c: Remove the tty stubs as we are now required to link to

31
g10/gpg.c
View File

@ -265,6 +265,7 @@ enum cmd_and_opt_values
oS2KMode, oS2KMode,
oS2KDigest, oS2KDigest,
oS2KCipher, oS2KCipher,
oS2KCount,
oSimpleSKChecksum, oSimpleSKChecksum,
oDisplayCharset, oDisplayCharset,
oNotDashEscaped, oNotDashEscaped,
@ -523,6 +524,7 @@ static ARGPARSE_OPTS opts[] = {
{ oS2KMode, "s2k-mode", 1, "@"}, { oS2KMode, "s2k-mode", 1, "@"},
{ oS2KDigest, "s2k-digest-algo", 2, "@"}, { oS2KDigest, "s2k-digest-algo", 2, "@"},
{ oS2KCipher, "s2k-cipher-algo", 2, "@"}, { oS2KCipher, "s2k-cipher-algo", 2, "@"},
{ oS2KCount, "s2k-count", 1, "@"},
{ oSimpleSKChecksum, "simple-sk-checksum", 0, "@"}, { oSimpleSKChecksum, "simple-sk-checksum", 0, "@"},
{ oCipherAlgo, "cipher-algo", 2, "@"}, { oCipherAlgo, "cipher-algo", 2, "@"},
{ oDigestAlgo, "digest-algo", 2, "@"}, { oDigestAlgo, "digest-algo", 2, "@"},
@ -1708,6 +1710,31 @@ reopen_std(void)
#endif /* HAVE_STAT && !HAVE_W32_SYSTEM */ #endif /* HAVE_STAT && !HAVE_W32_SYSTEM */
} }
/* Pack an s2k iteration count into the form specified in 2440. If
we're in between valid values, round up. */
static unsigned char
encode_s2k_iterations(int iterations)
{
unsigned char c=0,result;
unsigned int count;
if(iterations<=1024)
return 0;
if(iterations>=65011712)
return 255;
/* Need count to be in the range 16-31 */
for(count=iterations>>6;count>=32;count>>=1)
c++;
result=(c<<4)|(count-16);
if(S2K_DECODE_COUNT(result)<iterations)
result++;
return result;
}
int int
main (int argc, char **argv ) main (int argc, char **argv )
@ -1800,6 +1827,7 @@ main (int argc, char **argv )
opt.cert_digest_algo = 0; opt.cert_digest_algo = 0;
opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */ opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
opt.s2k_mode = 3; /* iterated+salted */ opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_count = 96; /* 65536 iterations */
#ifdef USE_CAST5 #ifdef USE_CAST5
opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
#else #else
@ -2315,6 +2343,9 @@ main (int argc, char **argv )
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break; case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break; case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
case oS2KCount:
opt.s2k_count=encode_s2k_iterations(pargs.r.ret_int);
break;
case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break; case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break;
case oNoEncryptTo: opt.no_encrypt_to = 1; break; case oNoEncryptTo: opt.no_encrypt_to = 1; break;
case oEncryptTo: /* store the recipient in the second list */ case oEncryptTo: /* store the recipient in the second list */

2
g10/main.h
View File

@ -304,4 +304,6 @@ int card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock);
int card_store_subkey (KBNODE node, int use); int card_store_subkey (KBNODE node, int use);
#endif #endif
#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
#endif /*G10_MAIN_H*/ #endif /*G10_MAIN_H*/

6
g10/options.h
View File

@ -120,8 +120,10 @@ struct
int s2k_mode; int s2k_mode;
int s2k_digest_algo; int s2k_digest_algo;
int s2k_cipher_algo; int s2k_cipher_algo;
int simple_sk_checksum; /* create the deprecated rfc2440 secret unsigned char s2k_count; /* This is the encoded form, not the raw
key protection*/ count */
int simple_sk_checksum; /* create the deprecated rfc2440 secret key
protection */
int not_dash_escaped; int not_dash_escaped;
int escape_from; int escape_from;
int lock_once; int lock_once;

4
g10/parse-packet.c
View File

@ -775,7 +775,9 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
for(i=0; i < 8; i++ ) for(i=0; i < 8; i++ )
fprintf (listfp, "%02x", k->s2k.salt[i]); fprintf (listfp, "%02x", k->s2k.salt[i]);
if( s2kmode == 3 ) if( s2kmode == 3 )
fprintf (listfp, ", count %lu", (ulong)k->s2k.count ); fprintf (listfp, ", count %lu (%lu)",
S2K_DECODE_COUNT((ulong)k->s2k.count),
(ulong)k->s2k.count );
fprintf (listfp, "\n"); fprintf (listfp, "\n");
} }
} }

4
g10/passphrase.c
View File

@ -88,12 +88,12 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k, int create )
{ {
gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM); gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
if ( s2k->mode == 3 ) if ( s2k->mode == 3 )
s2k->count = 96; /* 65536 iterations. */ s2k->count = opt.s2k_count;
} }
if ( s2k->mode == 3 ) if ( s2k->mode == 3 )
{ {
count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6); count = S2K_DECODE_COUNT(s2k->count);
if ( count < len2 ) if ( count < len2 )
count = len2; count = len2;
} }