gpg: Move S2K encoding function to a shared file.

* g10/passphrase.c (encode_s2k_iterations): Move function to ... * common/openpgp-s2k.c: new file. Remove default intialization code. * common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy. * g10/call-agent.c (agent_get_s2k_count): Change to return the count and print an error. * agent/protect.c: Include openpgpdefs.h * g10/card-util.c (gen_kdf_data): Adjust for changes * g10/gpgcompose.c: Include call-agent.h. (sk_esk): Adjust for changes. * g10/passphrase (passphrase_to_dek): Adjust for changes. * g10/main.h (S2K_DECODE_COUNT): Remove macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2019-01-26 23:10:38 +01:00 · 2019-01-26 23:10:38 +01:00 · ec13b1c562
commit ec13b1c562
parent 0415b80227
12 changed files with 111 additions and 71 deletions
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@ -1461,19 +1461,19 @@ gpg_agent_get_confirmation (const char *desc)
 }


-/* Return the S2K iteration count as computed by gpg-agent.  */
-gpg_error_t
-agent_get_s2k_count (unsigned long *r_count)
+/* Return the S2K iteration count as computed by gpg-agent.  On error
+ * print a warning and return a default value. */
+unsigned long
+agent_get_s2k_count (void)
 {
  gpg_error_t err;
  membuf_t data;
  char *buf;
-
-  *r_count = 0;
+  unsigned long count = 0;

  err = start_agent (NULL, 0);
  if (err)
-    return err;
+    goto leave;

  init_membuf (&data, 32);
  err = assuan_transact (agent_ctx, "GETINFO s2k_count",
@ -1489,10 +1489,22 @@ agent_get_s2k_count (unsigned long *r_count)
        err = gpg_error_from_syserror ();
      else
        {
-          *r_count = strtoul (buf, NULL, 10);
+          count = strtoul (buf, NULL, 10);
          xfree (buf);
        }
    }
+
+ leave:
+  if (err || count < 65536)
+    {
+      /* Don't print an error if an older agent is used.  */
+      if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
+        log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
+
+      /* Default to 65536 which was used up to 2.0.13.  */
+      return 65536;
+    }
+
  return err;
 }

--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@ -146,7 +146,7 @@ gpg_error_t agent_clear_passphrase (const char *cache_id);
 gpg_error_t gpg_agent_get_confirmation (const char *desc);

 /* Return the S2K iteration count as computed by gpg-agent.  */
-gpg_error_t agent_get_s2k_count (unsigned long *r_count);
+unsigned long agent_get_s2k_count (void);

 /* Check whether a secret key for public key PK is available.  Returns
   0 if the secret key is available. */
--- a/g10/card-util.c
+++ b/g10/card-util.c
@ -2039,7 +2039,7 @@ gen_kdf_data (unsigned char *data, int single_salt)

  p = data;

-  s2k_char = encode_s2k_iterations (0);
+  s2k_char = encode_s2k_iterations (agent_get_s2k_count ());
  iterations = S2K_DECODE_COUNT (s2k_char);
  count_4byte[0] = (iterations >> 24) & 0xff;
  count_4byte[1] = (iterations >> 16) & 0xff;
--- a/g10/gpgcompose.c
+++ b/g10/gpgcompose.c
@ -25,6 +25,7 @@
 #include "keydb.h"
 #include "main.h"
 #include "options.h"
+#include "call-agent.h"

 static int do_debug;
 #define debug(fmt, ...) \
@ -2248,9 +2249,12 @@ sk_esk (const char *option, int argc, char *argv[], void *cookie)
  log_assert (sizeof (si.salt) == sizeof (ske->s2k.salt));
  memcpy (ske->s2k.salt, si.salt, sizeof (ske->s2k.salt));
  if (! si.s2k_is_session_key)
-    /* 0 means get the default.  */
-    ske->s2k.count = encode_s2k_iterations (si.iterations);
-
+    {
+      if (!si.iterations)
+        ske->s2k.count = encode_s2k_iterations (agent_get_s2k_count ());
+      else
+        ske->s2k.count = encode_s2k_iterations (si.iterations);
+    }

  /* Derive the symmetric key that is either the session key or the
     key used to encrypt the session key.  */
--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -276,7 +276,6 @@ gpg_error_t build_sk_list (ctrl_t ctrl, strlist_t locusr,
                           SK_LIST *ret_sk_list, unsigned use);

 /*-- passphrase.h --*/
-unsigned char encode_s2k_iterations (int iterations);
 int  have_static_passphrase(void);
 const char *get_static_passphrase (void);
 void set_passphrase_from_string(const char *pass);
--- a/g10/main.h
+++ b/g10/main.h
@ -507,8 +507,6 @@ gpg_error_t  card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock);
 int  card_store_subkey (KBNODE node, int use);
 #endif

-#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
-
 /*-- migrate.c --*/
 void migrate_secring (ctrl_t ctrl);

--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@ -48,57 +48,6 @@ static char *next_pw = NULL;
 static char *last_pw = NULL;


-
-/* Pack an s2k iteration count into the form specified in 2440.  If
-   we're in between valid values, round up.  With value 0 return the
-   old default.  */
-unsigned char
-encode_s2k_iterations (int iterations)
-{
-  gpg_error_t err;
-  unsigned char c=0;
-  unsigned char result;
-  unsigned int count;
-
-  if (!iterations)
-    {
-      unsigned long mycnt;
-
-      /* Ask the gpg-agent for a useful iteration count.  */
-      err = agent_get_s2k_count (&mycnt);
-      if (err || mycnt < 65536)
-        {
-          /* Don't print an error if an older agent is used.  */
-          if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
-            log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
-          /* Default to 65536 which we used up to 2.0.13.  */
-          return 96;
-        }
-      else if (mycnt >= 65011712)
-        return 255; /* Largest possible value.  */
-      else
-        return encode_s2k_iterations ((int)mycnt);
-    }
-
-  if (iterations <= 1024)
-    return 0;  /* Command line arg compatibility.  */
-
-  if (iterations >= 65011712)
-    return 255;
-
-  /* Need count to be in the range 16-31 */
-  for (count=iterations>>6; count>=32; count>>=1)
-    c++;
-
-  result = (c<<4)|(count-16);
-
-  if (S2K_DECODE_COUNT(result) < iterations)
-    result++;
-
-  return result;
-}
-
-
 int
 have_static_passphrase()
 {
@ -106,6 +55,7 @@ have_static_passphrase()
          && (opt.batch || opt.pinentry_mode == PINENTRY_MODE_LOOPBACK));
 }

+
 /* Return a static passphrase.  The returned value is only valid as
   long as no other passphrase related function is called.  NULL may
   be returned if no passphrase has been set; better use
@ -342,7 +292,7 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
             call out to gpg-agent and that should not be done during
             option processing in main().  */
          if (!opt.s2k_count)
-            opt.s2k_count = encode_s2k_iterations (0);
+            opt.s2k_count = encode_s2k_iterations (agent_get_s2k_count ());
          s2k->count = opt.s2k_count;
        }
    }