GNU extensions to read_s2k for 2.5.x [was: Re: more on read_s2k() for GnuTLS ...]

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Fri Aug 22 07:14:11 CEST 2008 

On Tue 2008-08-19 06:02:04 -0400, Nikos Mavrogiannopoulos wrote:

> It looks nice. Expect me to apply it soon (later today or tomorrow).

I see that it's applied in git already.  Thank you very much, Nikos!

But ack!  i've got a frustrating request (but one that i figure is
better done now than later): I've done a bit more reading, and found a
reference to one other GNU S2K extension used by GPG.  In DETAILS from
the GnuPG sources [0], it says:

   GNU extensions to the S2K algorithm
   ===================================
   S2K mode 101 is used to identify these extensions.
   After the hash algorithm the 3 bytes "GNU" are used to make
   clear that these are extensions for GNU, the next bytes gives the
   GNU protection mode - 1000.  Defined modes are:
     1001 - do not store the secret part at all
     1002 - a stub to access smartcards (not used in 1.2.x)

I'm not proposing that we handle mode 1002 yet (i haven't encountered
it and don't know how we'd talk to the smartcard anyway), but
semantically, the code i asked you to commit now seems slightly wrong.
In particular, it treats S2K mode 101 as GNU-Dummy, when in fact it
should be "GNU Extensions", and it should just test the data after the
hash to find out whether it's the gnu-dummy extension or not.

The attached patch (against the current git head) doesn't change any
functionality in the code, but it makes the semantics more congruent
with the extension strategy outlined by GPG.  It should also make it
easier for any of us to implement/adopt other GNU S2K extensions in
the future.  Sorry for the confusion.  Please let me know if there's
any trouble with the patch.

Regards,

        --dkg

[0] http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 24_clarify_GNU_S2K_extensions_2.5.x.diff
Type: text/x-diff
Size: 2659 bytes
Desc: Clarify semantics of GNU S2K extensions against GnuTLS 2.5.x (git head)
URL: </pipermail/attachments/20080822/e3e03d7c/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20080822/e3e03d7c/attachment.pgp>

More information about the Gnutls-devel mailing list