mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Support the not anymore patented IDEA cipher algorithm.
* cipher/idea.c: New. Take from Libgcrypt master and adjust for direct use in GnuPG. * cipher/idea-stub.c: Remove. * cipher/Makefile.am: Add idea.c and remove idea-stub.c rules. * configure.ac: Remove idea-stub code. * g10/gpg.c (check_permissions): Remove code path for ITEM==2. (main): Make --load-extension a dummy option. * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA. * g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA. * g10/status.h (STATUS_RSA_OR_IDEA): Remove. -- To keep the number of actually used algorithms low, we support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available.
This commit is contained in:
parent
c3a5448379
commit
b1eac93431
8
NEWS
8
NEWS
@ -1,3 +1,11 @@
|
||||
Noteworthy changes in version 1.4.13 (unreleased)
|
||||
-------------------------------------------------
|
||||
|
||||
* Add support for the old cipher algorithm IDEA.
|
||||
|
||||
* Minor bug fixes.
|
||||
|
||||
|
||||
Noteworthy changes in version 1.4.12 (2012-01-30)
|
||||
-------------------------------------------------
|
||||
|
||||
|
48
README
48
README
@ -1,11 +1,11 @@
|
||||
|
||||
GnuPG - The GNU Privacy Guard
|
||||
-------------------------------
|
||||
Version 1.4.12
|
||||
Version 1.4.13
|
||||
|
||||
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
|
||||
2004, 2005, 2006, 2007, 2008, 2009,
|
||||
2010, 2012 Free Software Foundation, Inc.
|
||||
2010, 2012, 2013 Free Software Foundation, Inc.
|
||||
|
||||
This file is free software; as a special exception the author
|
||||
gives unlimited permission to copy and/or distribute it, with or
|
||||
@ -31,13 +31,14 @@
|
||||
list of systems which are known to work.
|
||||
|
||||
GnuPG is distributed under the terms of the GNU General Public
|
||||
License. See the file COPYING for copyright and warranty
|
||||
information.
|
||||
License. See the files AUTHORS and COPYING for copyright and
|
||||
warranty information.
|
||||
|
||||
Because GnuPG does not use use any patented algorithms it is not
|
||||
by default fully compatible with PGP 2.x, which uses the patented
|
||||
IDEA algorithm. See http://www.gnupg.org/why-not-idea.html for
|
||||
more information on this subject.
|
||||
Because GnuPG does not use any patented algorithms it used not to
|
||||
be fully compatible with PGP 2. Now, that the patent on the IDEA
|
||||
cipher algorithm has expired, we support that algorithm and thus
|
||||
provide full compatibility with PGP 2. This allows the decryption
|
||||
of data once encrypted using PGP 2.
|
||||
|
||||
The default public key algorithm is RSA, but DSA and Elgamal are
|
||||
also supported. Symmetric algorithms available are AES (with 128,
|
||||
@ -57,7 +58,7 @@
|
||||
this. Don't skip it - this is an important step!
|
||||
|
||||
2) Unpack the tarball. With GNU tar you can do it this way:
|
||||
"tar xzvf gnupg-x.y.z.tar.gz". If got a bzip2 compressed
|
||||
"tar xzvf gnupg-x.y.z.tar.gz". If you got a bzip2 compressed
|
||||
tarball you need to use: "tar xjvf gnupg-x.y.z.tar.bz2".
|
||||
|
||||
3) "cd gnupg-x.y.z"
|
||||
@ -70,11 +71,11 @@
|
||||
|
||||
7) You end up with a "gpg" binary in /usr/local/bin.
|
||||
|
||||
8) To avoid swapping out of sensitive data, you can install "gpg"
|
||||
setuid root. If you don't do so, you may want to add the
|
||||
option "no-secmem-warning" to ~/.gnupg/gpg.conf. Note that on
|
||||
modern GNU/Linux systems swapping protection does not anymore
|
||||
require GPG to be installed setuid root.
|
||||
8) To avoid swapping out of sensitive data, you may need to
|
||||
install "gpg" setuid root. If you don't do so, you may want to
|
||||
add the option "no-secmem-warning" to ~/.gnupg/gpg.conf. Note
|
||||
that on modern GNU/Linux systems swapping protection does not
|
||||
anymore require GPG to be installed setuid root.
|
||||
|
||||
|
||||
How to Verify the Source
|
||||
@ -93,7 +94,8 @@
|
||||
is indeed a signature of gnupg-x.y.z.tar.gz. The key currently
|
||||
used to create this signature is:
|
||||
|
||||
"pub 1024R/1CE0C630 2006-01-01 Werner Koch (dist sig) <dd9jn@gnu.org>"
|
||||
"pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
|
||||
"uid Werner Koch (dist sig)
|
||||
|
||||
If you do not have this key, you can get it from the source in
|
||||
the file doc/samplekeys.asc (use "gpg --import doc/samplekeys.asc"
|
||||
@ -101,7 +103,7 @@
|
||||
make sure that this is really the key and not a faked one. You
|
||||
can do this by comparing the output of:
|
||||
|
||||
$ gpg --fingerprint 0x1CE0C630
|
||||
$ gpg --fingerprint 0x4F25E3B6
|
||||
|
||||
with the fingerprint published elsewhere.
|
||||
|
||||
@ -317,17 +319,20 @@
|
||||
claims to own it.
|
||||
|
||||
There are 2 steps to validate a key:
|
||||
|
||||
1. First check that there is a complete chain
|
||||
of signed keys from the public key you want to use
|
||||
and your key and verify each signature.
|
||||
2. Make sure that you have full trust in the certificates
|
||||
of all the introduces between the public key holder and
|
||||
you.
|
||||
|
||||
Step 2 is the more complicated part because there is no easy way
|
||||
for a computer to decide who is trustworthy and who is not. GnuPG
|
||||
leaves this decision to you and will ask you for a trust value
|
||||
(here also referenced as the owner-trust of a key) for every key
|
||||
needed to check the chain of certificates. You may choose from:
|
||||
|
||||
a) "I don't know" - then it is not possible to use any
|
||||
of the chains of certificates, in which this key is used
|
||||
as an introducer, to validate the target key. Use this if
|
||||
@ -347,6 +352,7 @@
|
||||
normally needs only one chain of signatures to validate
|
||||
a target key okay. (But this may be adjusted with the help
|
||||
of some options).
|
||||
|
||||
This information is confidential because it gives your personal
|
||||
opinion on the trustworthiness of someone else. Therefore this data
|
||||
is not stored in the keyring but in the "trustdb"
|
||||
@ -429,14 +435,6 @@
|
||||
|
||||
"<heinrichh@uni-duesseldorf.de>"
|
||||
|
||||
* By word match
|
||||
|
||||
"+Heinrich Heine duesseldorf"
|
||||
|
||||
All words must match exactly (not case sensitive) and appear in
|
||||
any order in the user ID. Words are any sequences of letters,
|
||||
digits, the underscore and characters with bit 7 set.
|
||||
|
||||
* Or by the usual substring:
|
||||
|
||||
"Heine"
|
||||
@ -822,7 +820,7 @@
|
||||
Please direct questions about GnuPG to the users mailing list or
|
||||
one of the pgp newsgroups; please do not direct questions to one
|
||||
of the authors directly as we are busy working on improvements and
|
||||
bug fixes. The English and German GnupG mailing lists are watched
|
||||
bug fixes. The English and German GnuPG mailing lists are watched
|
||||
by the authors and we try to answer questions when time allows us
|
||||
to do so.
|
||||
|
||||
|
@ -37,6 +37,7 @@ libcipher_a_SOURCES = cipher.c \
|
||||
cast5.c \
|
||||
rijndael.c \
|
||||
camellia.c camellia.h camellia-glue.c \
|
||||
idea.c \
|
||||
elgamal.c \
|
||||
elgamal.h \
|
||||
rsa.c rsa.h \
|
||||
@ -73,7 +74,3 @@ endif
|
||||
if USE_SHA512
|
||||
libcipher_a_SOURCES+=sha512.c
|
||||
endif
|
||||
|
||||
EXTRA_libcipher_a_SOURCES=idea-stub.c
|
||||
libcipher_a_DEPENDENCIES=@IDEA_O@
|
||||
libcipher_a_LIBADD=@IDEA_O@
|
||||
|
@ -1,182 +0,0 @@
|
||||
/* idea-stub.c - Dummy module for the deprecated IDEA cipher.
|
||||
* Copyright (C) 2002, 2003 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
* GnuPG is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* GnuPG is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/* IDEA is a patented algorithm and therefore the use of IDEA in
|
||||
countries where this patent is valid can not be allowed due to the
|
||||
terms of the GNU General Public License. Those restrictions are
|
||||
there to help protecting the freedom of software. For more
|
||||
information on the nonsense of software patents and the general
|
||||
problem with this, please see http://www.noepatents.org.
|
||||
|
||||
However for research purposes and in certain situations it might be
|
||||
useful to use this algorithm anyway.
|
||||
|
||||
We provide this stub which will dynload a idea module and is only
|
||||
used if the configure run did't found statically linked file.
|
||||
See http://www.gnupg.org/why-not-dea.html for details.
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#ifdef HAVE_DL_DLOPEN
|
||||
#include <dlfcn.h>
|
||||
#endif
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
#endif
|
||||
#include "util.h"
|
||||
#include "algorithms.h"
|
||||
|
||||
#ifndef RTLD_NOW
|
||||
#define RTLD_NOW 1
|
||||
#endif
|
||||
|
||||
#ifdef _WIN32
|
||||
#define HAVE_DL_DLOPEN 1
|
||||
#define USE_DYNAMIC_LINKING 1
|
||||
|
||||
static int last_error = 0;
|
||||
|
||||
void*
|
||||
dlopen (const char *pathname, int mode)
|
||||
{
|
||||
void *h = LoadLibrary (pathname);
|
||||
if (!h)
|
||||
{
|
||||
log_error ("LoadLibrary failed: %s\n", w32_strerror (errno));
|
||||
last_error = 1;
|
||||
return NULL;
|
||||
}
|
||||
return h;
|
||||
}
|
||||
|
||||
int
|
||||
dlclose ( void *handle )
|
||||
{
|
||||
last_error = 0;
|
||||
return FreeLibrary (handle);
|
||||
}
|
||||
|
||||
|
||||
const char*
|
||||
dlerror (void)
|
||||
{
|
||||
if (last_error)
|
||||
return w32_strerror (0);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void*
|
||||
dlsym (void *handle, const char *name)
|
||||
{
|
||||
void *h = GetProcAddress (handle, name);
|
||||
if (!h)
|
||||
{
|
||||
log_error ("GetProcAddress failed: %s\n", w32_strerror (errno));
|
||||
last_error = 1;
|
||||
}
|
||||
return h;
|
||||
}
|
||||
#endif /*_WIN32*/
|
||||
|
||||
/* We do only support dlopen and the Windows emulation of it. */
|
||||
#ifndef HAVE_DL_DLOPEN
|
||||
#undef USE_DYNAMIC_LINKING
|
||||
#endif
|
||||
|
||||
typedef
|
||||
const char *(*INFO_FNC)(int, size_t*, size_t*, size_t*,
|
||||
int (**)( void *, const byte *, unsigned),
|
||||
void (**)( void *, byte *, const byte *),
|
||||
void (**)( void *, byte *, const byte *));
|
||||
|
||||
static INFO_FNC
|
||||
load_module (const char *name)
|
||||
{
|
||||
#ifdef USE_DYNAMIC_LINKING
|
||||
const char *err;
|
||||
void *handle;
|
||||
void *sym;
|
||||
|
||||
#ifndef _WIN32
|
||||
/* Make sure we are not setuid. */
|
||||
if (getuid () != geteuid ())
|
||||
log_bug("trying to load an extension while still setuid\n");
|
||||
#endif
|
||||
|
||||
handle = dlopen (name, RTLD_NOW);
|
||||
if (!handle)
|
||||
{
|
||||
err=dlerror();
|
||||
goto failure;
|
||||
}
|
||||
|
||||
dlerror (); /* Clear old errors or initialize dlerror. */
|
||||
|
||||
sym = dlsym (handle, "idea_get_info");
|
||||
if (dlerror ())
|
||||
sym = dlsym (handle, "_idea_get_info");
|
||||
if ((err=dlerror()))
|
||||
goto failure;
|
||||
|
||||
return (INFO_FNC)sym;
|
||||
|
||||
failure:
|
||||
log_info ("invalid module `%s': %s\n", name?name:"???", err?err:"???");
|
||||
if (handle)
|
||||
dlclose (handle);
|
||||
#endif /*USE_DYNAMIC_LINKING*/
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *
|
||||
idea_get_info( int algo, size_t *keylen,
|
||||
size_t *blocksize, size_t *contextsize,
|
||||
int (**r_setkey)( void *c, const byte *key, unsigned keylen ),
|
||||
void (**r_encrypt)( void *c, byte *outbuf, const byte *inbuf ),
|
||||
void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf )
|
||||
)
|
||||
{
|
||||
static int initialized;
|
||||
static INFO_FNC info_fnc;
|
||||
const char *rstr;
|
||||
int i;
|
||||
|
||||
if (!initialized)
|
||||
{
|
||||
initialized = 1;
|
||||
for (i=0; (rstr = dynload_enum_module_names (i)); i++)
|
||||
{
|
||||
info_fnc = load_module (rstr);
|
||||
if (info_fnc)
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!info_fnc)
|
||||
return NULL; /* dynloadable module not found. */
|
||||
rstr = info_fnc (algo, keylen, blocksize, contextsize,
|
||||
r_setkey, r_encrypt, r_decrypt);
|
||||
if (rstr && *keylen == 128 && *blocksize == 8
|
||||
&& *r_setkey && *r_encrypt && r_decrypt)
|
||||
return rstr;
|
||||
return NULL;
|
||||
}
|
411
cipher/idea.c
Normal file
411
cipher/idea.c
Normal file
@ -0,0 +1,411 @@
|
||||
/* idea.c - IDEA function
|
||||
* Copyright (c) 1997, 1998, 1999, 2001 by Werner Koch (dd9jn)
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a
|
||||
* copy of this software and associated documentation files (the "Software"),
|
||||
* to deal in the Software without restriction, including without limitation
|
||||
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
|
||||
* and/or sell copies of the Software, and to permit persons to whom the
|
||||
* Software is furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
||||
* WERNER KOCH BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
*
|
||||
* Except as contained in this notice, the name of Werner Koch shall not be
|
||||
* used in advertising or otherwise to promote the sale, use or other dealings
|
||||
* in this Software without prior written authorization from Werner Koch.
|
||||
*
|
||||
* Patents on IDEA have expired:
|
||||
* Europe: EP0482154 on 2011-05-16,
|
||||
* Japan: JP3225440 on 2011-05-16,
|
||||
* U.S.: 5,214,703 on 2012-01-07.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Please see http://www.noepatents.org/ to learn why software patents
|
||||
* are bad for society and what you can do to fight them.
|
||||
*
|
||||
* The code herein is based on the one from:
|
||||
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
|
||||
* ISBN 0-471-11709-9.
|
||||
*/
|
||||
|
||||
|
||||
#include <config.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
|
||||
#include "types.h" /* for byte and u32 typedefs */
|
||||
#include "util.h"
|
||||
#include "errors.h"
|
||||
#include "algorithms.h"
|
||||
|
||||
|
||||
#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned int))(f))
|
||||
#define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f))
|
||||
|
||||
#define CIPHER_ALGO_IDEA 1
|
||||
|
||||
#define IDEA_KEYSIZE 16
|
||||
#define IDEA_BLOCKSIZE 8
|
||||
#define IDEA_ROUNDS 8
|
||||
#define IDEA_KEYLEN (6*IDEA_ROUNDS+4)
|
||||
|
||||
typedef struct {
|
||||
u16 ek[IDEA_KEYLEN];
|
||||
u16 dk[IDEA_KEYLEN];
|
||||
int have_dk;
|
||||
} IDEA_context;
|
||||
|
||||
static const char *selftest(void);
|
||||
|
||||
static void
|
||||
burn_stack (int bytes)
|
||||
{
|
||||
char buf[64];
|
||||
|
||||
wipememory(buf,sizeof buf);
|
||||
bytes -= sizeof buf;
|
||||
if (bytes > 0)
|
||||
burn_stack (bytes);
|
||||
}
|
||||
|
||||
|
||||
static u16
|
||||
mul_inv( u16 x )
|
||||
{
|
||||
u16 t0, t1;
|
||||
u16 q, y;
|
||||
|
||||
if( x < 2 )
|
||||
return x;
|
||||
t1 = 0x10001L / x;
|
||||
y = 0x10001L % x;
|
||||
if( y == 1 )
|
||||
return (1-t1) & 0xffff;
|
||||
|
||||
t0 = 1;
|
||||
do {
|
||||
q = x / y;
|
||||
x = x % y;
|
||||
t0 += q * t1;
|
||||
if( x == 1 )
|
||||
return t0;
|
||||
q = y / x;
|
||||
y = y % x;
|
||||
t1 += q * t0;
|
||||
} while( y != 1 );
|
||||
return (1-t1) & 0xffff;
|
||||
}
|
||||
|
||||
|
||||
|
||||
static void
|
||||
expand_key( const byte *userkey, u16 *ek )
|
||||
{
|
||||
int i,j;
|
||||
|
||||
for(j=0; j < 8; j++ ) {
|
||||
ek[j] = (*userkey << 8) + userkey[1];
|
||||
userkey += 2;
|
||||
}
|
||||
for(i=0; j < IDEA_KEYLEN; j++ ) {
|
||||
i++;
|
||||
ek[i+7] = ek[i&7] << 9 | ek[(i+1)&7] >> 7;
|
||||
ek += i & 8;
|
||||
i &= 7;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
invert_key( u16 *ek, u16 dk[IDEA_KEYLEN] )
|
||||
{
|
||||
int i;
|
||||
u16 t1, t2, t3;
|
||||
u16 temp[IDEA_KEYLEN];
|
||||
u16 *p = temp + IDEA_KEYLEN;
|
||||
|
||||
t1 = mul_inv( *ek++ );
|
||||
t2 = -*ek++;
|
||||
t3 = -*ek++;
|
||||
*--p = mul_inv( *ek++ );
|
||||
*--p = t3;
|
||||
*--p = t2;
|
||||
*--p = t1;
|
||||
|
||||
for(i=0; i < IDEA_ROUNDS-1; i++ ) {
|
||||
t1 = *ek++;
|
||||
*--p = *ek++;
|
||||
*--p = t1;
|
||||
|
||||
t1 = mul_inv( *ek++ );
|
||||
t2 = -*ek++;
|
||||
t3 = -*ek++;
|
||||
*--p = mul_inv( *ek++ );
|
||||
*--p = t2;
|
||||
*--p = t3;
|
||||
*--p = t1;
|
||||
}
|
||||
t1 = *ek++;
|
||||
*--p = *ek++;
|
||||
*--p = t1;
|
||||
|
||||
t1 = mul_inv( *ek++ );
|
||||
t2 = -*ek++;
|
||||
t3 = -*ek++;
|
||||
*--p = mul_inv( *ek++ );
|
||||
*--p = t3;
|
||||
*--p = t2;
|
||||
*--p = t1;
|
||||
memcpy(dk, temp, sizeof(temp) );
|
||||
wipememory(temp, sizeof(temp) ); /* burn temp */
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
cipher( byte *outbuf, const byte *inbuf, u16 *key )
|
||||
{
|
||||
u16 x1, x2, x3,x4, s2, s3;
|
||||
u16 *in, *out;
|
||||
int r = IDEA_ROUNDS;
|
||||
#define MUL(x,y) \
|
||||
do {u16 _t16; u32 _t32; \
|
||||
if( (_t16 = (y)) ) { \
|
||||
if( (x = (x)&0xffff) ) { \
|
||||
_t32 = (u32)x * _t16; \
|
||||
x = _t32 & 0xffff; \
|
||||
_t16 = _t32 >> 16; \
|
||||
x = ((x)-_t16) + (x<_t16?1:0); \
|
||||
} \
|
||||
else { \
|
||||
x = 1 - _t16; \
|
||||
} \
|
||||
} \
|
||||
else { \
|
||||
x = 1 - x; \
|
||||
} \
|
||||
} while(0)
|
||||
|
||||
in = (u16*)inbuf;
|
||||
x1 = *in++;
|
||||
x2 = *in++;
|
||||
x3 = *in++;
|
||||
x4 = *in;
|
||||
#ifndef WORDS_BIGENDIAN
|
||||
x1 = (x1>>8) | (x1<<8);
|
||||
x2 = (x2>>8) | (x2<<8);
|
||||
x3 = (x3>>8) | (x3<<8);
|
||||
x4 = (x4>>8) | (x4<<8);
|
||||
#endif
|
||||
do {
|
||||
MUL(x1, *key++);
|
||||
x2 += *key++;
|
||||
x3 += *key++;
|
||||
MUL(x4, *key++ );
|
||||
|
||||
s3 = x3;
|
||||
x3 ^= x1;
|
||||
MUL(x3, *key++);
|
||||
s2 = x2;
|
||||
x2 ^=x4;
|
||||
x2 += x3;
|
||||
MUL(x2, *key++);
|
||||
x3 += x2;
|
||||
|
||||
x1 ^= x2;
|
||||
x4 ^= x3;
|
||||
|
||||
x2 ^= s3;
|
||||
x3 ^= s2;
|
||||
} while( --r );
|
||||
MUL(x1, *key++);
|
||||
x3 += *key++;
|
||||
x2 += *key++;
|
||||
MUL(x4, *key);
|
||||
|
||||
out = (u16*)outbuf;
|
||||
#ifndef WORDS_BIGENDIAN
|
||||
*out++ = (x1>>8) | (x1<<8);
|
||||
*out++ = (x3>>8) | (x3<<8);
|
||||
*out++ = (x2>>8) | (x2<<8);
|
||||
*out = (x4>>8) | (x4<<8);
|
||||
#else
|
||||
*out++ = x1;
|
||||
*out++ = x3;
|
||||
*out++ = x2;
|
||||
*out = x4;
|
||||
#endif
|
||||
#undef MUL
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
do_setkey( IDEA_context *c, const byte *key, unsigned int keylen )
|
||||
{
|
||||
static int initialized = 0;
|
||||
static const char *selftest_failed = 0;
|
||||
|
||||
if( !initialized ) {
|
||||
initialized = 1;
|
||||
selftest_failed = selftest();
|
||||
if( selftest_failed )
|
||||
log_error( "%s\n", selftest_failed );
|
||||
}
|
||||
if( selftest_failed )
|
||||
return G10ERR_SELFTEST_FAILED;
|
||||
|
||||
assert(keylen == 16);
|
||||
c->have_dk = 0;
|
||||
expand_key( key, c->ek );
|
||||
invert_key( c->ek, c->dk );
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
idea_setkey (void *context, const byte *key, unsigned int keylen)
|
||||
{
|
||||
IDEA_context *ctx = context;
|
||||
int rc = do_setkey (ctx, key, keylen);
|
||||
burn_stack (23+6*sizeof(void*));
|
||||
return rc;
|
||||
}
|
||||
|
||||
static void
|
||||
encrypt_block( IDEA_context *c, byte *outbuf, const byte *inbuf )
|
||||
{
|
||||
cipher( outbuf, inbuf, c->ek );
|
||||
}
|
||||
|
||||
static void
|
||||
idea_encrypt (void *context, byte *out, const byte *in)
|
||||
{
|
||||
IDEA_context *ctx = context;
|
||||
encrypt_block (ctx, out, in);
|
||||
burn_stack (24+3*sizeof (void*));
|
||||
}
|
||||
|
||||
static void
|
||||
decrypt_block( IDEA_context *c, byte *outbuf, const byte *inbuf )
|
||||
{
|
||||
if( !c->have_dk ) {
|
||||
c->have_dk = 1;
|
||||
invert_key( c->ek, c->dk );
|
||||
}
|
||||
cipher( outbuf, inbuf, c->dk );
|
||||
}
|
||||
|
||||
static void
|
||||
idea_decrypt (void *context, byte *out, const byte *in)
|
||||
{
|
||||
IDEA_context *ctx = context;
|
||||
decrypt_block (ctx, out, in);
|
||||
burn_stack (24+3*sizeof (void*));
|
||||
}
|
||||
|
||||
|
||||
static const char *
|
||||
selftest( void )
|
||||
{
|
||||
static struct {
|
||||
byte key[16];
|
||||
byte plain[8];
|
||||
byte cipher[8];
|
||||
} test_vectors[] = {
|
||||
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
|
||||
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
|
||||
{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 },
|
||||
{ 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 } },
|
||||
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
|
||||
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
|
||||
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 },
|
||||
{ 0x54, 0x0E, 0x5F, 0xEA, 0x18, 0xC2, 0xF8, 0xB1 } },
|
||||
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
|
||||
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
|
||||
{ 0x00, 0x19, 0x32, 0x4B, 0x64, 0x7D, 0x96, 0xAF },
|
||||
{ 0x9F, 0x0A, 0x0A, 0xB6, 0xE1, 0x0C, 0xED, 0x78 } },
|
||||
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
|
||||
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
|
||||
{ 0xF5, 0x20, 0x2D, 0x5B, 0x9C, 0x67, 0x1B, 0x08 },
|
||||
{ 0xCF, 0x18, 0xFD, 0x73, 0x55, 0xE2, 0xC5, 0xC5 } },
|
||||
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
|
||||
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
|
||||
{ 0xFA, 0xE6, 0xD2, 0xBE, 0xAA, 0x96, 0x82, 0x6E },
|
||||
{ 0x85, 0xDF, 0x52, 0x00, 0x56, 0x08, 0x19, 0x3D } },
|
||||
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
|
||||
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
|
||||
{ 0x0A, 0x14, 0x1E, 0x28, 0x32, 0x3C, 0x46, 0x50 },
|
||||
{ 0x2F, 0x7D, 0xE7, 0x50, 0x21, 0x2F, 0xB7, 0x34 } },
|
||||
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
|
||||
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
|
||||
{ 0x05, 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x23, 0x28 },
|
||||
{ 0x7B, 0x73, 0x14, 0x92, 0x5D, 0xE5, 0x9C, 0x09 } },
|
||||
{ { 0x00, 0x05, 0x00, 0x0A, 0x00, 0x0F, 0x00, 0x14,
|
||||
0x00, 0x19, 0x00, 0x1E, 0x00, 0x23, 0x00, 0x28 },
|
||||
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 },
|
||||
{ 0x3E, 0xC0, 0x47, 0x80, 0xBE, 0xFF, 0x6E, 0x20 } },
|
||||
{ { 0x3A, 0x98, 0x4E, 0x20, 0x00, 0x19, 0x5D, 0xB3,
|
||||
0x2E, 0xE5, 0x01, 0xC8, 0xC4, 0x7C, 0xEA, 0x60 },
|
||||
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 },
|
||||
{ 0x97, 0xBC, 0xD8, 0x20, 0x07, 0x80, 0xDA, 0x86 } },
|
||||
{ { 0x00, 0x64, 0x00, 0xC8, 0x01, 0x2C, 0x01, 0x90,
|
||||
0x01, 0xF4, 0x02, 0x58, 0x02, 0xBC, 0x03, 0x20 },
|
||||
{ 0x05, 0x32, 0x0A, 0x64, 0x14, 0xC8, 0x19, 0xFA },
|
||||
{ 0x65, 0xBE, 0x87, 0xE7, 0xA2, 0x53, 0x8A, 0xED } },
|
||||
{ { 0x9D, 0x40, 0x75, 0xC1, 0x03, 0xBC, 0x32, 0x2A,
|
||||
0xFB, 0x03, 0xE7, 0xBE, 0x6A, 0xB3, 0x00, 0x06 },
|
||||
{ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08 },
|
||||
{ 0xF5, 0xDB, 0x1A, 0xC4, 0x5E, 0x5E, 0xF9, 0xF9 } }
|
||||
};
|
||||
IDEA_context c;
|
||||
byte buffer[8];
|
||||
int i;
|
||||
|
||||
for(i=0; i < DIM(test_vectors); i++ ) {
|
||||
do_setkey( &c, test_vectors[i].key, 16 );
|
||||
encrypt_block( &c, buffer, test_vectors[i].plain );
|
||||
if( memcmp( buffer, test_vectors[i].cipher, 8 ) )
|
||||
return "IDEA test encryption failed.";
|
||||
decrypt_block( &c, buffer, test_vectors[i].cipher );
|
||||
if( memcmp( buffer, test_vectors[i].plain, 8 ) )
|
||||
return "IDEA test decryption failed.";
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Return some information about the algorithm. We need algo here to
|
||||
* distinguish different flavors of the algorithm.
|
||||
* Returns: A pointer to string describing the algorithm or NULL if
|
||||
* the ALGO is invalid.
|
||||
*/
|
||||
const char *
|
||||
idea_get_info( int algo, size_t *keylen,
|
||||
size_t *blocksize, size_t *contextsize,
|
||||
int (**r_setkey)( void *c, const byte *key, unsigned keylen ),
|
||||
void (**r_encrypt)( void *c, byte *outbuf, const byte *inbuf ),
|
||||
void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf )
|
||||
)
|
||||
{
|
||||
*keylen = 128;
|
||||
*blocksize = IDEA_BLOCKSIZE;
|
||||
*contextsize = sizeof(IDEA_context);
|
||||
*r_setkey = idea_setkey;
|
||||
*r_encrypt = idea_encrypt;
|
||||
*r_decrypt = idea_decrypt;
|
||||
|
||||
if( algo == CIPHER_ALGO_IDEA )
|
||||
return "IDEA";
|
||||
return NULL;
|
||||
}
|
18
configure.ac
18
configure.ac
@ -203,24 +203,6 @@ AC_ARG_ENABLE(idea,
|
||||
AC_MSG_RESULT($use_idea)
|
||||
if test x"$use_idea" = xyes ; then
|
||||
AC_DEFINE(USE_IDEA,1,[Define to include the IDEA cipher])
|
||||
|
||||
# We don't need idea but some people claim that they need it for
|
||||
# research etc., so we allow to place an idea source code into the
|
||||
# cipher directory and statically link it if available, otherwise we
|
||||
# link to a stub. We don't use AC_CHECK_FILE to avoid caching.
|
||||
|
||||
AC_MSG_CHECKING([for idea cipher module])
|
||||
tmp=""
|
||||
if test -f $srcdir/cipher/idea.c; then
|
||||
IDEA_O=idea.o
|
||||
tmp=idea
|
||||
else
|
||||
IDEA_O=idea-stub.o
|
||||
tmp=no
|
||||
try_extensions=yes
|
||||
fi
|
||||
AC_SUBST(IDEA_O)
|
||||
AC_MSG_RESULT($tmp)
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING([whether to enable the CAST5 cipher])
|
||||
|
@ -316,11 +316,9 @@ more arguments in future versions.
|
||||
The ASCII armor is corrupted. No arguments yet.
|
||||
|
||||
RSA_OR_IDEA
|
||||
The IDEA algorithms has been used in the data. A
|
||||
program might want to fallback to another program to handle
|
||||
the data if GnuPG failed. This status message used to be emitted
|
||||
also for RSA but this has been dropped after the RSA patent expired.
|
||||
However we can't change the name of the message.
|
||||
Obsolete. This status message used to be emitted for requests
|
||||
to use the IDEA or RSA algorithms. It has been dropped from
|
||||
GnuPG 1.4 after the respective patents expired.
|
||||
|
||||
SHM_INFO
|
||||
SHM_GET
|
||||
|
58
g10/gpg.c
58
g10/gpg.c
@ -1134,8 +1134,6 @@ rm_group(char *name)
|
||||
directory is group or other writable or not owned by us. Disable
|
||||
exec in this case.
|
||||
|
||||
2) Extensions. Same as #1.
|
||||
|
||||
Returns true if the item is unsafe. */
|
||||
static int
|
||||
check_permissions(const char *path,int item)
|
||||
@ -1152,16 +1150,7 @@ check_permissions(const char *path,int item)
|
||||
|
||||
assert(item==0 || item==1 || item==2);
|
||||
|
||||
/* extensions may attach a path */
|
||||
if(item==2 && path[0]!=DIRSEP_C)
|
||||
{
|
||||
if(strchr(path,DIRSEP_C))
|
||||
tmppath=make_filename(path,NULL);
|
||||
else
|
||||
tmppath=make_filename(GNUPG_LIBDIR,path,NULL);
|
||||
}
|
||||
else
|
||||
tmppath=xstrdup(path);
|
||||
tmppath=xstrdup(path);
|
||||
|
||||
/* If the item is located in the homedir, but isn't the homedir,
|
||||
don't continue if we already checked the homedir itself. This is
|
||||
@ -1218,9 +1207,9 @@ check_permissions(const char *path,int item)
|
||||
homedir_cache=ret;
|
||||
}
|
||||
}
|
||||
else if(item==1 || item==2)
|
||||
else if(item==1)
|
||||
{
|
||||
/* The options or extension file. Okay unless it or its
|
||||
/* The options file. Okay unless it or its
|
||||
containing directory is group or other writable or not owned
|
||||
by us or root. */
|
||||
|
||||
@ -1271,48 +1260,36 @@ check_permissions(const char *path,int item)
|
||||
if(item==0)
|
||||
log_info(_("WARNING: unsafe ownership on"
|
||||
" homedir `%s'\n"),tmppath);
|
||||
else if(item==1)
|
||||
log_info(_("WARNING: unsafe ownership on"
|
||||
" configuration file `%s'\n"),tmppath);
|
||||
else
|
||||
log_info(_("WARNING: unsafe ownership on"
|
||||
" extension `%s'\n"),tmppath);
|
||||
" configuration file `%s'\n"),tmppath);
|
||||
}
|
||||
if(perm)
|
||||
{
|
||||
if(item==0)
|
||||
log_info(_("WARNING: unsafe permissions on"
|
||||
" homedir `%s'\n"),tmppath);
|
||||
else if(item==1)
|
||||
log_info(_("WARNING: unsafe permissions on"
|
||||
" configuration file `%s'\n"),tmppath);
|
||||
else
|
||||
log_info(_("WARNING: unsafe permissions on"
|
||||
" extension `%s'\n"),tmppath);
|
||||
" configuration file `%s'\n"),tmppath);
|
||||
}
|
||||
if(enc_dir_own)
|
||||
{
|
||||
if(item==0)
|
||||
log_info(_("WARNING: unsafe enclosing directory ownership on"
|
||||
" homedir `%s'\n"),tmppath);
|
||||
else if(item==1)
|
||||
log_info(_("WARNING: unsafe enclosing directory ownership on"
|
||||
" configuration file `%s'\n"),tmppath);
|
||||
else
|
||||
log_info(_("WARNING: unsafe enclosing directory ownership on"
|
||||
" extension `%s'\n"),tmppath);
|
||||
" configuration file `%s'\n"),tmppath);
|
||||
}
|
||||
if(enc_dir_perm)
|
||||
{
|
||||
if(item==0)
|
||||
log_info(_("WARNING: unsafe enclosing directory permissions on"
|
||||
" homedir `%s'\n"),tmppath);
|
||||
else if(item==1)
|
||||
log_info(_("WARNING: unsafe enclosing directory permissions on"
|
||||
" configuration file `%s'\n"),tmppath);
|
||||
else
|
||||
log_info(_("WARNING: unsafe enclosing directory permissions on"
|
||||
" extension `%s'\n"),tmppath);
|
||||
" configuration file `%s'\n"),tmppath);
|
||||
}
|
||||
}
|
||||
|
||||
@ -2318,19 +2295,7 @@ main (int argc, char **argv )
|
||||
}
|
||||
break;
|
||||
case oLoadExtension:
|
||||
#ifndef __riscos__
|
||||
#if defined(USE_DYNAMIC_LINKING) || defined(_WIN32)
|
||||
if(check_permissions(pargs.r.ret_str,2))
|
||||
log_info(_("cipher extension `%s' not loaded due to"
|
||||
" unsafe permissions\n"),pargs.r.ret_str);
|
||||
else
|
||||
register_cipher_extension(orig_argc? *orig_argv:NULL,
|
||||
pargs.r.ret_str);
|
||||
#endif
|
||||
#else /* __riscos__ */
|
||||
riscos_not_implemented("load-extension");
|
||||
#endif /* __riscos__ */
|
||||
break;
|
||||
break; /* This is a dummy option since 1.4.13. */
|
||||
case oRFC1991:
|
||||
opt.compliance = CO_RFC1991;
|
||||
opt.force_v4_certs = 0;
|
||||
@ -3037,7 +3002,6 @@ main (int argc, char **argv )
|
||||
{
|
||||
log_info(_("encrypting a message in --pgp2 mode requires "
|
||||
"the IDEA cipher\n"));
|
||||
idea_cipher_warn(1);
|
||||
unusable=1;
|
||||
}
|
||||
else if(cmd==aSym)
|
||||
@ -3097,12 +3061,6 @@ main (int argc, char **argv )
|
||||
* may try to load an module */
|
||||
if( def_cipher_string ) {
|
||||
opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
|
||||
if(opt.def_cipher_algo==0 &&
|
||||
(ascii_strcasecmp(def_cipher_string,"idea")==0
|
||||
|| ascii_strcasecmp(def_cipher_string,"s1")==0))
|
||||
{
|
||||
idea_cipher_warn(1);
|
||||
}
|
||||
xfree(def_cipher_string); def_cipher_string = NULL;
|
||||
if( check_cipher_algo(opt.def_cipher_algo) )
|
||||
log_error(_("selected cipher algorithm is invalid\n"));
|
||||
|
11
g10/keygen.c
11
g10/keygen.c
@ -332,14 +332,15 @@ keygen_set_std_prefs (const char *string,int personal)
|
||||
if(!check_cipher_algo(CIPHER_ALGO_CAST5))
|
||||
strcat(dummy_string,"S3 ");
|
||||
strcat(dummy_string,"S2 "); /* 3DES */
|
||||
/* If we have it, IDEA goes *after* 3DES so it won't be
|
||||
/* If we have it and we are in PGP2 mode,
|
||||
IDEA goes *after* 3DES so it won't be
|
||||
used unless we're encrypting along with a V3 key.
|
||||
Ideally, we would only put the S1 preference in if the
|
||||
key was RSA and <=2048 bits, as that is what won't
|
||||
break PGP2, but that is difficult with the current
|
||||
code, and not really worth checking as a non-RSA <=2048
|
||||
bit key wouldn't be usable by PGP2 anyway. -dms */
|
||||
if(!check_cipher_algo(CIPHER_ALGO_IDEA))
|
||||
if(PGP2 && !check_cipher_algo(CIPHER_ALGO_IDEA))
|
||||
strcat(dummy_string,"S1 ");
|
||||
|
||||
|
||||
@ -415,12 +416,6 @@ keygen_set_std_prefs (const char *string,int personal)
|
||||
else
|
||||
{
|
||||
log_info (_("invalid item `%s' in preference string\n"),tok);
|
||||
|
||||
/* Complain if IDEA is not available. */
|
||||
if(ascii_strcasecmp(tok,"s1")==0
|
||||
|| ascii_strcasecmp(tok,"idea")==0)
|
||||
idea_cipher_warn(1);
|
||||
|
||||
rc=-1;
|
||||
}
|
||||
}
|
||||
|
@ -85,12 +85,6 @@ int openpgp_pk_test_algo( int algo, unsigned int usage_flags );
|
||||
int openpgp_pk_algo_usage ( int algo );
|
||||
int openpgp_md_test_algo( int algo );
|
||||
|
||||
#ifdef USE_IDEA
|
||||
void idea_cipher_warn( int show );
|
||||
#else
|
||||
#define idea_cipher_warn(a)
|
||||
#endif
|
||||
|
||||
void md5_digest_warn (int show);
|
||||
|
||||
void not_in_gpg1_notice (void);
|
||||
|
@ -260,14 +260,6 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
|
||||
if(dek->keylen > DIM(dek->key))
|
||||
BUG ();
|
||||
|
||||
/* This is not completely accurate, since a bad passphrase may have
|
||||
resulted in a garbage algorithm byte, but it's close enough since
|
||||
a bogus byte here will fail later. */
|
||||
if(dek->algo==CIPHER_ALGO_IDEA)
|
||||
{
|
||||
idea_cipher_warn(0);
|
||||
}
|
||||
|
||||
memcpy(dek->key, seskey + 1, dek->keylen);
|
||||
|
||||
/*log_hexdump( "thekey", dek->key, dek->keylen );*/
|
||||
@ -565,7 +557,6 @@ proc_encrypted( CTX c, PACKET *pkt )
|
||||
algo = opt.def_cipher_algo;
|
||||
if (!algo)
|
||||
algo = opt.s2k_cipher_algo;
|
||||
idea_cipher_warn(1);
|
||||
log_info (_("IDEA cipher unavailable, "
|
||||
"optimistically attempting to use %s instead\n"),
|
||||
cipher_algo_to_string(algo));
|
||||
|
17
g10/misc.c
17
g10/misc.c
@ -450,23 +450,6 @@ openpgp_md_test_algo( int algo )
|
||||
return check_digest_algo(algo);
|
||||
}
|
||||
|
||||
#ifdef USE_IDEA
|
||||
/* Special warning for the IDEA cipher */
|
||||
void
|
||||
idea_cipher_warn(int show)
|
||||
{
|
||||
static int warned=0;
|
||||
|
||||
if(!warned || show)
|
||||
{
|
||||
log_info(_("the IDEA cipher plugin is not present\n"));
|
||||
log_info(_("please see %s for more information\n"),
|
||||
"http://www.gnupg.org/faq/why-not-idea.html");
|
||||
warned=1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Print a warning if the md5 digest algorithm has been used. This
|
||||
warning is printed only once unless SHOW is used. */
|
||||
void
|
||||
|
@ -1287,8 +1287,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
|
||||
/* IDEA is implicitly there for v3 keys with v3 selfsigs if
|
||||
--pgp2 mode is on. This was a 2440 thing that was
|
||||
dropped from 4880 but is still relevant to GPG's 1991
|
||||
support. All this doesn't mean IDEA is actually
|
||||
available, of course. */
|
||||
support. */
|
||||
if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4)
|
||||
implicit=CIPHER_ALGO_IDEA;
|
||||
else
|
||||
|
@ -234,15 +234,11 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
|
||||
|
||||
dek->keylen = nframe - (n+1) - 2;
|
||||
dek->algo = frame[n++];
|
||||
if( dek->algo == CIPHER_ALGO_IDEA )
|
||||
write_status(STATUS_RSA_OR_IDEA);
|
||||
rc = check_cipher_algo( dek->algo );
|
||||
if( rc ) {
|
||||
if( !opt.quiet && rc == G10ERR_CIPHER_ALGO ) {
|
||||
log_info(_("cipher algorithm %d%s is unknown or disabled\n"),
|
||||
dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":"");
|
||||
if(dek->algo==CIPHER_ALGO_IDEA)
|
||||
idea_cipher_warn(0);
|
||||
}
|
||||
dek->algo = 0;
|
||||
goto leave;
|
||||
|
@ -58,11 +58,6 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
|
||||
if( check_cipher_algo( sk->protect.algo ) ) {
|
||||
log_info(_("protection algorithm %d%s is not supported\n"),
|
||||
sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
|
||||
if (sk->protect.algo==CIPHER_ALGO_IDEA)
|
||||
{
|
||||
write_status (STATUS_RSA_OR_IDEA);
|
||||
idea_cipher_warn (0);
|
||||
}
|
||||
return G10ERR_CIPHER_ALGO;
|
||||
}
|
||||
if(check_digest_algo(sk->protect.s2k.hash_algo))
|
||||
|
@ -91,7 +91,6 @@ get_status_string ( int no )
|
||||
case STATUS_BADSIG : s = "BADSIG"; break;
|
||||
case STATUS_ERRSIG : s = "ERRSIG"; break;
|
||||
case STATUS_BADARMOR : s = "BADARMOR"; break;
|
||||
case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA"; break;
|
||||
case STATUS_TRUST_UNDEFINED: s = "TRUST_UNDEFINED"; break;
|
||||
case STATUS_TRUST_NEVER : s = "TRUST_NEVER"; break;
|
||||
case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL"; break;
|
||||
|
@ -30,7 +30,8 @@
|
||||
|
||||
#define STATUS_BADARMOR 7
|
||||
|
||||
#define STATUS_RSA_OR_IDEA 8
|
||||
/* Not anymore used: STATUS_RSA_OR_IDEA 8 */
|
||||
|
||||
#define STATUS_KEYEXPIRED 9
|
||||
#define STATUS_KEYREVOKED 10
|
||||
|
||||
|
@ -14,10 +14,10 @@ Texts. A copy of the license is included in the file COPYING.
|
||||
%%full-description: A complete and free replacement for PGP. The
|
||||
program does not use any patented algorithms, and can be used as a
|
||||
filter program. Can handle all OpenPGP messages and messages generated
|
||||
by PGP 5.0 and newer unless they use the IDEA algorithm.
|
||||
by PGP 5.0 and later.
|
||||
|
||||
Supports ElGamal (signature and encrytion), DSA, AES, 3DES, Blowfish,
|
||||
Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER, and has language
|
||||
Twofish, CAST5, IDEA, MD5, SHA-1, RIPE-MD-160, and has language
|
||||
support for sixteen different languages.
|
||||
|
||||
It is believed to be fully OpenPGP (as defined in RFC2440) conform,
|
||||
|
Loading…
x
Reference in New Issue
Block a user