[svn] GnuPG - r4299 - trunk/g10

Fri Oct 13 06:06:25 CEST 2006

Author: dshaw
Date: 2006-10-13 06:06:24 +0200 (Fri, 13 Oct 2006)
New Revision: 4299

Modified:
   trunk/g10/ChangeLog
   trunk/g10/gpg.c
   trunk/g10/main.h
   trunk/g10/options.h
   trunk/g10/parse-packet.c
   trunk/g10/passphrase.c
Log:
* parse-packet.c (parse_symkeyenc): Show the unpacked as well as the
packed s2k iteration count.

* main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c
(hash_passphrase): Add --s2k-count option to specify the number of s2k
hash iterations.


Modified: trunk/g10/ChangeLog
===================================================================

--- trunk/g10/ChangeLog	2006-10-13 03:44:34 UTC (rev 4298)
+++ trunk/g10/ChangeLog	2006-10-13 04:06:24 UTC (rev 4299)
@@ -1,3 +1,12 @@
+2006-10-12  David Shaw  <dshaw at jabberwocky.com>
+
+	* parse-packet.c (parse_symkeyenc): Show the unpacked as well as
+	the packed s2k iteration count.
+
+	* main.h, options.h, gpg.c (encode_s2k_iterations, main),
+	passphrase.c (hash_passphrase): Add --s2k-count option to specify
+	the number of s2k hash iterations.
+
 2006-10-08  Werner Koch  <wk at g10code.com>
 
 	* gpgv.c: Remove the tty stubs as we are now required to link to

Modified: trunk/g10/gpg.c
===================================================================
--- trunk/g10/gpg.c	2006-10-13 03:44:34 UTC (rev 4298)
+++ trunk/g10/gpg.c	2006-10-13 04:06:24 UTC (rev 4299)
@@ -265,6 +265,7 @@
     oS2KMode,
     oS2KDigest,
     oS2KCipher,
+    oS2KCount,
     oSimpleSKChecksum,                          
     oDisplayCharset,
     oNotDashEscaped,
@@ -523,6 +524,7 @@
     { oS2KMode, "s2k-mode", 1, "@"},
     { oS2KDigest, "s2k-digest-algo", 2, "@"},
     { oS2KCipher, "s2k-cipher-algo", 2, "@"},
+    { oS2KCount, "s2k-count", 1, "@"},
     { oSimpleSKChecksum, "simple-sk-checksum", 0, "@"},
     { oCipherAlgo, "cipher-algo", 2, "@"},
     { oDigestAlgo, "digest-algo", 2, "@"},
@@ -1708,7 +1710,32 @@
 #endif /* HAVE_STAT && !HAVE_W32_SYSTEM */
 }
 
+/* Pack an s2k iteration count into the form specified in 2440.  If
+   we're in between valid values, round up. */
+static unsigned char
+encode_s2k_iterations(int iterations)
+{
+  unsigned char c=0,result;
+  unsigned int count;
 
+  if(iterations<=1024)
+    return 0;
+
+  if(iterations>=65011712)
+    return 255;
+
+  /* Need count to be in the range 16-31 */
+  for(count=iterations>>6;count>=32;count>>=1)
+    c++;
+
+  result=(c<<4)|(count-16);
+
+  if(S2K_DECODE_COUNT(result)<iterations)
+    result++;
+
+  return result;
+}
+
 int
 main (int argc, char **argv )
 {
@@ -1800,6 +1827,7 @@
     opt.cert_digest_algo = 0;
     opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
     opt.s2k_mode = 3; /* iterated+salted */
+    opt.s2k_count = 96; /* 65536 iterations */
 #ifdef USE_CAST5
     opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
 #else
@@ -2315,6 +2343,9 @@
 	  case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
 	  case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
 	  case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
+	  case oS2KCount:
+	    opt.s2k_count=encode_s2k_iterations(pargs.r.ret_int);
+	    break;
           case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break;
 	  case oNoEncryptTo: opt.no_encrypt_to = 1; break;
 	  case oEncryptTo: /* store the recipient in the second list */

Modified: trunk/g10/main.h
===================================================================
--- trunk/g10/main.h	2006-10-13 03:44:34 UTC (rev 4298)
+++ trunk/g10/main.h	2006-10-13 04:06:24 UTC (rev 4299)
@@ -304,4 +304,6 @@
 int  card_store_subkey (KBNODE node, int use);
 #endif
 
+#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
+
 #endif /*G10_MAIN_H*/

Modified: trunk/g10/options.h
===================================================================
--- trunk/g10/options.h	2006-10-13 03:44:34 UTC (rev 4298)
+++ trunk/g10/options.h	2006-10-13 04:06:24 UTC (rev 4299)
@@ -120,8 +120,10 @@
   int s2k_mode;
   int s2k_digest_algo;
   int s2k_cipher_algo;
-  int simple_sk_checksum; /* create the deprecated rfc2440 secret
-			     key protection*/
+  unsigned char s2k_count; /* This is the encoded form, not the raw
+			      count */
+  int simple_sk_checksum; /* create the deprecated rfc2440 secret key
+			     protection */
   int not_dash_escaped;
   int escape_from;
   int lock_once;

Modified: trunk/g10/parse-packet.c
===================================================================
--- trunk/g10/parse-packet.c	2006-10-13 03:44:34 UTC (rev 4298)
+++ trunk/g10/parse-packet.c	2006-10-13 04:06:24 UTC (rev 4299)
@@ -775,7 +775,9 @@
 	    for(i=0; i < 8; i++ )
 		fprintf (listfp, "%02x", k->s2k.salt[i]);
 	    if( s2kmode == 3 )
-		fprintf (listfp, ", count %lu", (ulong)k->s2k.count );
+		fprintf (listfp, ", count %lu (%lu)",
+			 S2K_DECODE_COUNT((ulong)k->s2k.count),
+			 (ulong)k->s2k.count );
 	    fprintf (listfp, "\n");
 	}
     }

Modified: trunk/g10/passphrase.c
===================================================================
--- trunk/g10/passphrase.c	2006-10-13 03:44:34 UTC (rev 4298)
+++ trunk/g10/passphrase.c	2006-10-13 04:06:24 UTC (rev 4299)
@@ -88,12 +88,12 @@
             {
               gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
               if ( s2k->mode == 3 )
-                s2k->count = 96; /* 65536 iterations. */
+                s2k->count = opt.s2k_count;
 	    }
 
           if ( s2k->mode == 3 )
             {
-              count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6);
+              count = S2K_DECODE_COUNT(s2k->count);
               if ( count < len2 )
                 count = len2;
 	    }


