NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commit188f359

committed

pgcrypto: support changing S2K iteration count

pgcrypto already supports key-stretching during symmetric encryption,including the salted-and-iterated method; but the number of iterationswas not configurable. This commit implements a new s2k-count parameterto pgp_sym_encrypt() which permits selecting a larger number ofiterations.Author: Jeff Janes

1 parentb6fb647 commit188f359Copy full SHA for 188f359

File tree

9 files changed

+98

-16

lines changed

contrib/pgcrypto
- expected
  - pgp-encrypt.out
- pgp-decrypt.c
- pgp-encrypt.c
- pgp-pgsql.c
- pgp-s2k.c
- pgp.c
- pgp.h
- sql
  - pgp-encrypt.sql
doc/src/sgml
- pgcrypto.sgml

9 files changed

+98

-16

lines changed

`‎contrib/pgcrypto/expected/pgp-encrypt.out`

Lines changed: 19 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,25 @@ select pgp_sym_decrypt(`
`103`	`103`	`Secret.`
`104`	`104`	`(1 row)`
`105`	`105`
	`106`	`+-- s2k count change`
	`107`	`+select pgp_sym_decrypt(`
	`108`	`+pgp_sym_encrypt('Secret.', 'key', 's2k-count=1024'),`
	`109`	`+'key', 'expect-s2k-count=1024');`
	`110`	`+ pgp_sym_decrypt`
	`111`	`+-----------------`
	`112`	`+ Secret.`
	`113`	`+(1 row)`
	`114`	`+`
	`115`	`+-- s2k_count rounds up`
	`116`	`+select pgp_sym_decrypt(`
	`117`	`+pgp_sym_encrypt('Secret.', 'key', 's2k-count=65000000'),`
	`118`	`+'key', 'expect-s2k-count=65000000');`
	`119`	`+NOTICE: pgp_decrypt: unexpected s2k_count: expected 65000000 got 65011712`
	`120`	`+ pgp_sym_decrypt`
	`121`	`+-----------------`
	`122`	`+ Secret.`
	`123`	`+(1 row)`
	`124`	`+`
`106`	`125`	`-- s2k digest change`
`107`	`126`	`select pgp_sym_decrypt(`
`108`	`127`	`pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'),`

`‎contrib/pgcrypto/pgp-decrypt.c`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -643,6 +643,7 @@ parse_symenc_sesskey(PGP_Context ctx, PullFilter src)`
`643`	`643`	`if (res<0)`
`644`	`644`	`returnres;`
`645`	`645`	`ctx->s2k_mode=ctx->s2k.mode;`
	`646`	`+ctx->s2k_count=s2k_decode_count(ctx->s2k.iter);`
`646`	`647`	`ctx->s2k_digest_algo=ctx->s2k.digest_algo;`
`647`	`648`
`648`	`649`	`/*`

`‎contrib/pgcrypto/pgp-encrypt.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -567,7 +567,7 @@ init_s2k_key(PGP_Context *ctx)`
`567`	`567`	`if (ctx->s2k_cipher_algo<0)`
`568`	`568`	`ctx->s2k_cipher_algo=ctx->cipher_algo;`
`569`	`569`
`570`		`-res=pgp_s2k_fill(&ctx->s2k,ctx->s2k_mode,ctx->s2k_digest_algo);`
	`570`	`+res=pgp_s2k_fill(&ctx->s2k,ctx->s2k_mode,ctx->s2k_digest_algo,ctx->s2k_count);`
`571`	`571`	`if (res<0)`
`572`	`572`	`returnres;`
`573`	`573`

`‎contrib/pgcrypto/pgp-pgsql.c`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -181,6 +181,7 @@ struct debug_expect`
`181`	`181`	`intexpect;`
`182`	`182`	`intcipher_algo;`
`183`	`183`	`ints2k_mode;`
	`184`	`+ints2k_count;`
`184`	`185`	`ints2k_cipher_algo;`
`185`	`186`	`ints2k_digest_algo;`
`186`	`187`	`intcompress_algo;`
`@@ -196,6 +197,7 @@ fill_expect(struct debug_expect * ex, int text_mode)`
`196`	`197`	`ex->expect=0;`
`197`	`198`	`ex->cipher_algo=-1;`
`198`	`199`	`ex->s2k_mode=-1;`
	`200`	`+ex->s2k_count=-1;`
`199`	`201`	`ex->s2k_cipher_algo=-1;`
`200`	`202`	`ex->s2k_digest_algo=-1;`
`201`	`203`	`ex->compress_algo=-1;`
`@@ -218,6 +220,7 @@ check_expect(PGP_Context ctx, struct debug_expect ex)`
`218`	`220`	`{`
`219`	`221`	`EX_CHECK(cipher_algo);`
`220`	`222`	`EX_CHECK(s2k_mode);`
	`223`	`+EX_CHECK(s2k_count);`
`221`	`224`	`EX_CHECK(s2k_digest_algo);`
`222`	`225`	`EX_CHECK(use_sess_key);`
`223`	`226`	`if (ctx->use_sess_key)`
`@@ -247,6 +250,8 @@ set_arg(PGP_Context ctx, char key, char *val,`
`247`	`250`	`res=pgp_set_sess_key(ctx,atoi(val));`
`248`	`251`	`elseif (strcmp(key,"s2k-mode")==0)`
`249`	`252`	`res=pgp_set_s2k_mode(ctx,atoi(val));`
	`253`	`+elseif (strcmp(key,"s2k-count")==0)`
	`254`	`+res=pgp_set_s2k_count(ctx,atoi(val));`
`250`	`255`	`elseif (strcmp(key,"s2k-digest-algo")==0)`
`251`	`256`	`res=pgp_set_s2k_digest_algo(ctx,val);`
`252`	`257`	`elseif (strcmp(key,"s2k-cipher-algo")==0)`
`@@ -286,6 +291,11 @@ set_arg(PGP_Context ctx, char key, char *val,`
`286`	`291`	`ex->expect=1;`
`287`	`292`	`ex->s2k_mode=atoi(val);`
`288`	`293`	`}`
	`294`	`+elseif (ex!=NULL&&strcmp(key,"expect-s2k-count")==0)`
	`295`	`+{`
	`296`	`+ex->expect=1;`
	`297`	`+ex->s2k_count=atoi(val);`
	`298`	`+}`
`289`	`299`	`elseif (ex!=NULL&&strcmp(key,"expect-s2k-digest-algo")==0)`
`290`	`300`	`{`
`291`	`301`	`ex->expect=1;`

`‎contrib/pgcrypto/pgp-s2k.c`

Lines changed: 24 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -132,12 +132,10 @@ calc_s2k_iter_salted(PGP_S2K s2k, PX_MD md, const uint8 *key,`
`132`	`132`	`unsignedpreload=0;`
`133`	`133`	`unsignedremain,`
`134`	`134`	`c,`
`135`		`-cval,`
`136`	`135`	`curcnt,`
`137`	`136`	`count;`
`138`	`137`
`139`		`-cval=s2k->iter;`
`140`		`-count= ((unsigned)16+ (cval&15)) << ((cval >>4)+6);`
	`138`	`+count=s2k_decode_count(s2k->iter);`
`141`	`139`
`142`	`140`	`md_rlen=px_md_result_size(md);`
`143`	`141`
`@@ -195,21 +193,34 @@ calc_s2k_iter_salted(PGP_S2K s2k, PX_MD md, const uint8 *key,`
`195`	`193`	`}`
`196`	`194`
`197`	`195`	`/*`
`198`		`- * DecideS2K_ISALTED iteration count`
	`196`	`+ * DecidePGP_S2K_ISALTED iteration count (in OpenPGP one-byte representation)`
`199`	`197`	`*`
`200`	`198`	`* Too small: weak`
`201`	`199`	`* Too big: slow`
`202`	`200`	`* gpg defaults to 96 => 65536 iters`
`203`		`- * let it float a bit: 96 + 32 => 262144 iters`
	`201`	`+ *`
	`202`	`+ * For our default (count=-1) we let it float a bit: 96 + 32 => between 65536`
	`203`	`+ * and 262144 iterations.`
	`204`	`+ *`
	`205`	`+ * Otherwise, find the smallest number which provides at least the specified`
	`206`	`+ * iteration count.`
`204`	`207`	`*/`
`205`		`-staticint`
`206`		`-decide_count(unsignedrand_byte)`
	`208`	`+staticuint8`
	`209`	`+decide_s2k_iter(unsignedrand_byte,intcount)`
`207`	`210`	`{`
`208`		`-return96+ (rand_byte&0x1F);`
	`211`	`+intiter;`
	`212`	`+`
	`213`	`+if (count==-1)`
	`214`	`+return96+ (rand_byte&0x1F);`
	`215`	`+/* this is a bit brute-force, but should be quick enough */`
	`216`	`+for (iter=0;iter <=255;iter++)`
	`217`	`+if (s2k_decode_count(iter) >=count)`
	`218`	`+returniter;`
	`219`	`+return255;`
`209`	`220`	`}`
`210`	`221`
`211`	`222`	`int`
`212`		`-pgp_s2k_fill(PGP_S2K*s2k,intmode,intdigest_algo)`
	`223`	`+pgp_s2k_fill(PGP_S2K*s2k,intmode,intdigest_algo,intcount)`
`213`	`224`	`{`
`214`	`225`	`intres=0;`
`215`	`226`	`uint8tmp;`
`@@ -219,19 +230,19 @@ pgp_s2k_fill(PGP_S2K *s2k, int mode, int digest_algo)`
`219`	`230`
`220`	`231`	`switch (s2k->mode)`
`221`	`232`	`{`
`222`		`-case0:`
	`233`	`+casePGP_S2K_SIMPLE:`
`223`	`234`	`break;`
`224`		`-case1:`
	`235`	`+casePGP_S2K_SALTED:`
`225`	`236`	`res=px_get_pseudo_random_bytes(s2k->salt,PGP_S2K_SALT);`
`226`	`237`	`break;`
`227`		`-case3:`
	`238`	`+casePGP_S2K_ISALTED:`
`228`	`239`	`res=px_get_pseudo_random_bytes(s2k->salt,PGP_S2K_SALT);`
`229`	`240`	`if (res<0)`
`230`	`241`	`break;`
`231`	`242`	`res=px_get_pseudo_random_bytes(&tmp,1);`
`232`	`243`	`if (res<0)`
`233`	`244`	`break;`
`234`		`-s2k->iter=decide_count(tmp);`
	`245`	`+s2k->iter=decide_s2k_iter(tmp,count);`
`235`	`246`	`break;`
`236`	`247`	`default:`
`237`	`248`	`res=PXE_PGP_BAD_S2K_MODE;`

`‎contrib/pgcrypto/pgp.c`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@`
`40`	`40`	`staticintdef_cipher_algo=PGP_SYM_AES_128;`
`41`	`41`	`staticintdef_s2k_cipher_algo=-1;`
`42`	`42`	`staticintdef_s2k_mode=PGP_S2K_ISALTED;`
	`43`	`+staticintdef_s2k_count=-1;`
`43`	`44`	`staticintdef_s2k_digest_algo=PGP_DIGEST_SHA1;`
`44`	`45`	`staticintdef_compress_algo=PGP_COMPR_NONE;`
`45`	`46`	`staticintdef_compress_level=6;`
`@@ -206,6 +207,7 @@ pgp_init(PGP_Context **ctx_p)`
`206`	`207`	`ctx->cipher_algo=def_cipher_algo;`
`207`	`208`	`ctx->s2k_cipher_algo=def_s2k_cipher_algo;`
`208`	`209`	`ctx->s2k_mode=def_s2k_mode;`
	`210`	`+ctx->s2k_count=def_s2k_count;`
`209`	`211`	`ctx->s2k_digest_algo=def_s2k_digest_algo;`
`210`	`212`	`ctx->compress_algo=def_compress_algo;`
`211`	`213`	`ctx->compress_level=def_compress_level;`
`@@ -269,6 +271,17 @@ pgp_set_s2k_mode(PGP_Context *ctx, int mode)`
`269`	`271`	`returnerr;`
`270`	`272`	`}`
`271`	`273`
	`274`	`+int`
	`275`	`+pgp_set_s2k_count(PGP_Context*ctx,intcount)`
	`276`	`+{`
	`277`	`+if (ctx->s2k_mode==PGP_S2K_ISALTED&&count >=1024&&count <=65011712)`
	`278`	`+{`
	`279`	`+ctx->s2k_count=count;`
	`280`	`+returnPXE_OK;`
	`281`	`+}`
	`282`	`+returnPXE_ARGUMENT_ERROR;`
	`283`	`+}`
	`284`	`+`
`272`	`285`	`int`
`273`	`286`	`pgp_set_compress_algo(PGP_Context*ctx,intalgo)`
`274`	`287`	`{`

`‎contrib/pgcrypto/pgp.h`

Lines changed: 8 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ struct PGP_S2K`
`124`	`124`	`uint8mode;`
`125`	`125`	`uint8digest_algo;`
`126`	`126`	`uint8salt[8];`
`127`		`-uint8iter;`
	`127`	`+uint8iter;/* encoded (one-octet) count */`
`128`	`128`	`/* calculated: */`
`129`	`129`	`uint8key[PGP_MAX_KEY];`
`130`	`130`	`uint8key_len;`
`@@ -138,6 +138,7 @@ struct PGP_Context`
`138`	`138`	`*/`
`139`	`139`	`PGP_S2Ks2k;`
`140`	`140`	`ints2k_mode;`
	`141`	`+ints2k_count;/* 4-byte decoded count */`
`141`	`142`	`ints2k_digest_algo;`
`142`	`143`	`ints2k_cipher_algo;`
`143`	`144`	`intcipher_algo;`
`@@ -171,6 +172,10 @@ struct PGP_Context`
`171`	`172`	`unsignedsess_key_len;`
`172`	`173`	`};`
`173`	`174`
	`175`	`+/* from RFC 4880 3.7.1.3 */`
	`176`	`+#defines2k_decode_count(cval) \`
	`177`	`+(((unsigned) 16 + (cval & 15)) << ((cval >> 4) + 6))`
	`178`	`+`
`174`	`179`	`structPGP_MPI`
`175`	`180`	`{`
`176`	`181`	`uint8*data;`
`@@ -243,6 +248,7 @@ const char *pgp_get_cipher_name(int code);`
`243`	`248`
`244`	`249`	`intpgp_set_cipher_algo(PGP_Contextctx,constcharname);`
`245`	`250`	`intpgp_set_s2k_mode(PGP_Context*ctx,inttype);`
	`251`	`+intpgp_set_s2k_count(PGP_Context*ctx,intcount);`
`246`	`252`	`intpgp_set_s2k_cipher_algo(PGP_Contextctx,constcharname);`
`247`	`253`	`intpgp_set_s2k_digest_algo(PGP_Contextctx,constcharname);`
`248`	`254`	`intpgp_set_convert_crlf(PGP_Context*ctx,intdoit);`
`@@ -267,7 +273,7 @@ intpgp_load_cipher(int c, PX_Cipher **res);`
`267`	`273`	`intpgp_get_cipher_key_size(intc);`
`268`	`274`	`intpgp_get_cipher_block_size(intc);`
`269`	`275`
`270`		`-intpgp_s2k_fill(PGP_S2K*s2k,intmode,intdigest_algo);`
	`276`	`+intpgp_s2k_fill(PGP_S2K*s2k,intmode,intdigest_algo,intcount);`
`271`	`277`	`intpgp_s2k_read(PullFiltersrc,PGP_S2Ks2k);`
`272`	`278`	`intpgp_s2k_process(PGP_S2Ks2k,intcipher,constuint8key,intklen);`
`273`	`279`

`‎contrib/pgcrypto/sql/pgp-encrypt.sql`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,15 @@ select pgp_sym_decrypt(`
`55`	`55`	`pgp_sym_encrypt('Secret.','key','s2k-mode=3'),`
`56`	`56`	`'key','expect-s2k-mode=3');`
`57`	`57`
	`58`	`+-- s2k count change`
	`59`	`+select pgp_sym_decrypt(`
	`60`	`+pgp_sym_encrypt('Secret.','key','s2k-count=1024'),`
	`61`	`+'key','expect-s2k-count=1024');`
	`62`	`+-- s2k_count rounds up`
	`63`	`+select pgp_sym_decrypt(`
	`64`	`+pgp_sym_encrypt('Secret.','key','s2k-count=65000000'),`
	`65`	`+'key','expect-s2k-count=65000000');`
	`66`	`+`
`58`	`67`	`-- s2k digest change`
`59`	`68`	`select pgp_sym_decrypt(`
`60`	`69`	`pgp_sym_encrypt('Secret.','key','s2k-digest-algo=md5'),`

`‎doc/src/sgml/pgcrypto.sgml`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -858,6 +858,19 @@ Applies to: pgp_sym_encrypt`
`858`	`858`	`</literallayout>`
`859`	`859`	`</sect4>`
`860`	`860`
	`861`	`+ <sect4>`
	`862`	`+ <title>s2k-count</title>`
	`863`	`+`
	`864`	`+ <para>`
	`865`	`+ The number of iterations of the S2K algorithm to use. It must`
	`866`	`+ be a value between 1024 and 65011712, inclusive.`
	`867`	`+ </para>`
	`868`	`+<literallayout>`
	`869`	`+Default: A random value bewteen 65536 and 253952`
	`870`	`+Applies to: pgp_sym_encrypt, only with s2k-mode=3`
	`871`	`+</literallayout>`
	`872`	`+ </sect4>`
	`873`	`+`
`861`	`874`	`<sect4>`
`862`	`875`	`<title>s2k-digest-algo</title>`
`863`	`876`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit188f359

File tree

9 files changed

9 files changed

`‎contrib/pgcrypto/expected/pgp-encrypt.out`

`‎contrib/pgcrypto/pgp-decrypt.c`

`‎contrib/pgcrypto/pgp-encrypt.c`

`‎contrib/pgcrypto/pgp-pgsql.c`

`‎contrib/pgcrypto/pgp-s2k.c`

`‎contrib/pgcrypto/pgp.c`

`‎contrib/pgcrypto/pgp.h`

`‎contrib/pgcrypto/sql/pgp-encrypt.sql`

`‎doc/src/sgml/pgcrypto.sgml`

0 commit comments