mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
Support the not anymore patented IDEA cipher algorithm.
* cipher/idea.c: New. Take from Libgcrypt master and adjust for direct use in GnuPG. * cipher/idea-stub.c: Remove. * cipher/Makefile.am: Add idea.c and remove idea-stub.c rules. * configure.ac: Remove idea-stub code. * g10/gpg.c (check_permissions): Remove code path for ITEM==2. (main): Make --load-extension a dummy option. * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA. * g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA. * g10/status.h (STATUS_RSA_OR_IDEA): Remove. -- To keep the number of actually used algorithms low, we support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available.
This commit is contained in:
parent
c3a5448379
commit
b1eac93431
18 changed files with 575 additions and 452 deletions
|
@ -58,11 +58,6 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
|
|||
if( check_cipher_algo( sk->protect.algo ) ) {
|
||||
log_info(_("protection algorithm %d%s is not supported\n"),
|
||||
sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
|
||||
if (sk->protect.algo==CIPHER_ALGO_IDEA)
|
||||
{
|
||||
write_status (STATUS_RSA_OR_IDEA);
|
||||
idea_cipher_warn (0);
|
||||
}
|
||||
return G10ERR_CIPHER_ALGO;
|
||||
}
|
||||
if(check_digest_algo(sk->protect.s2k.hash_algo))
|
||||
|
@ -110,7 +105,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
|
|||
attack */
|
||||
sk->csum = 0;
|
||||
csum = 1;
|
||||
if( ndata < 20 )
|
||||
if( ndata < 20 )
|
||||
log_error("not enough bytes for SHA-1 checksum\n");
|
||||
else {
|
||||
MD_HANDLE h = md_open (DIGEST_ALGO_SHA1, 1);
|
||||
|
@ -359,10 +354,10 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
|
|||
p += narr[j];
|
||||
xfree(bufarr[j]);
|
||||
}
|
||||
|
||||
|
||||
if (opt.simple_sk_checksum) {
|
||||
log_info (_("generating the deprecated 16-bit checksum"
|
||||
" for secret key protection\n"));
|
||||
" for secret key protection\n"));
|
||||
csum = checksum( data, ndata-2);
|
||||
sk->csum = csum;
|
||||
*p++ = csum >> 8;
|
||||
|
@ -410,7 +405,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
|
|||
data[1] = nbits;
|
||||
cipher_encrypt (cipher_hd, data+2, buffer, nbytes);
|
||||
xfree( buffer );
|
||||
|
||||
|
||||
mpi_free (sk->skey[i]);
|
||||
sk->skey[i] = mpi_set_opaque (NULL, data, nbytes+2);
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue