security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Support the not anymore patented IDEA cipher algorithm. 

* cipher/idea.c: New.  Take from Libgcrypt master and adjust for
direct use in GnuPG.
* cipher/idea-stub.c: Remove.
* cipher/Makefile.am: Add idea.c and remove idea-stub.c rules.
* configure.ac: Remove idea-stub code.
* g10/gpg.c (check_permissions): Remove code path for ITEM==2.
(main): Make --load-extension a dummy option.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove.  Also remove all callers.
* g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA.
* g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA.
* g10/status.h (STATUS_RSA_OR_IDEA): Remove.

--

To keep the number of actually used algorithms low, we support IDEA
only in a basically read-only way (unless --pgp2 is used during key
generation).  It does not make sense to suggest the use of this old 64
bit blocksize algorithm.  However, there is old data available where
it might be helpful to have IDEA available.
This commit is contained in:
Werner Koch 2012-11-08 13:25:02 +01:00
parent c3a5448379
commit b1eac93431
18 changed files with 575 additions and 452 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
NEWS
View File

@ -1,3 +1,11 @@
Noteworthy changes in version 1.4.13 (unreleased)
-------------------------------------------------
* Add support for the old cipher algorithm IDEA.
* Minor bug fixes.
Noteworthy changes in version 1.4.12 (2012-01-30)
-------------------------------------------------

48
README
View File

@ -1,11 +1,11 @@
GnuPG - The GNU Privacy Guard
-------------------------------
Version 1.4.12
Version 1.4.13
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
2004, 2005, 2006, 2007, 2008, 2009,
2010, 2012 Free Software Foundation, Inc.
2010, 2012, 2013 Free Software Foundation, Inc.
This file is free software; as a special exception the author
gives unlimited permission to copy and/or distribute it, with or
@ -31,13 +31,14 @@
list of systems which are known to work.
GnuPG is distributed under the terms of the GNU General Public
License. See the file COPYING for copyright and warranty
information.
License. See the files AUTHORS and COPYING for copyright and
warranty information.
Because GnuPG does not use use any patented algorithms it is not
by default fully compatible with PGP 2.x, which uses the patented
IDEA algorithm. See http://www.gnupg.org/why-not-idea.html for
more information on this subject.
Because GnuPG does not use any patented algorithms it used not to
be fully compatible with PGP 2. Now, that the patent on the IDEA
cipher algorithm has expired, we support that algorithm and thus
provide full compatibility with PGP 2. This allows the decryption
of data once encrypted using PGP 2.
The default public key algorithm is RSA, but DSA and Elgamal are
also supported. Symmetric algorithms available are AES (with 128,
@ -57,7 +58,7 @@
this. Don't skip it - this is an important step!
2) Unpack the tarball. With GNU tar you can do it this way:
"tar xzvf gnupg-x.y.z.tar.gz". If got a bzip2 compressed
"tar xzvf gnupg-x.y.z.tar.gz". If you got a bzip2 compressed
tarball you need to use: "tar xjvf gnupg-x.y.z.tar.bz2".
3) "cd gnupg-x.y.z"
@ -70,11 +71,11 @@
7) You end up with a "gpg" binary in /usr/local/bin.
8) To avoid swapping out of sensitive data, you can install "gpg"
setuid root. If you don't do so, you may want to add the
option "no-secmem-warning" to ~/.gnupg/gpg.conf. Note that on
modern GNU/Linux systems swapping protection does not anymore
require GPG to be installed setuid root.
8) To avoid swapping out of sensitive data, you may need to
install "gpg" setuid root. If you don't do so, you may want to
add the option "no-secmem-warning" to ~/.gnupg/gpg.conf. Note
that on modern GNU/Linux systems swapping protection does not
anymore require GPG to be installed setuid root.
How to Verify the Source
@ -93,7 +94,8 @@
is indeed a signature of gnupg-x.y.z.tar.gz. The key currently
used to create this signature is:
"pub 1024R/1CE0C630 2006-01-01 Werner Koch (dist sig) <dd9jn@gnu.org>"
"pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
"uid Werner Koch (dist sig)
If you do not have this key, you can get it from the source in
the file doc/samplekeys.asc (use "gpg --import doc/samplekeys.asc"
@ -101,7 +103,7 @@
make sure that this is really the key and not a faked one. You
can do this by comparing the output of:
$ gpg --fingerprint 0x1CE0C630
$ gpg --fingerprint 0x4F25E3B6
with the fingerprint published elsewhere.
@ -317,17 +319,20 @@
claims to own it.
There are 2 steps to validate a key:
1. First check that there is a complete chain
of signed keys from the public key you want to use
and your key and verify each signature.
2. Make sure that you have full trust in the certificates
of all the introduces between the public key holder and
you.
Step 2 is the more complicated part because there is no easy way
for a computer to decide who is trustworthy and who is not. GnuPG
leaves this decision to you and will ask you for a trust value
(here also referenced as the owner-trust of a key) for every key
needed to check the chain of certificates. You may choose from:
a) "I don't know" - then it is not possible to use any
of the chains of certificates, in which this key is used
as an introducer, to validate the target key. Use this if
@ -347,6 +352,7 @@
normally needs only one chain of signatures to validate
a target key okay. (But this may be adjusted with the help
of some options).
This information is confidential because it gives your personal
opinion on the trustworthiness of someone else. Therefore this data
is not stored in the keyring but in the "trustdb"
@ -429,14 +435,6 @@
"<heinrichh@uni-duesseldorf.de>"
* By word match
"+Heinrich Heine duesseldorf"
All words must match exactly (not case sensitive) and appear in
any order in the user ID. Words are any sequences of letters,
digits, the underscore and characters with bit 7 set.
* Or by the usual substring:
"Heine"
@ -822,7 +820,7 @@
Please direct questions about GnuPG to the users mailing list or
one of the pgp newsgroups; please do not direct questions to one
of the authors directly as we are busy working on improvements and
bug fixes. The English and German GnupG mailing lists are watched
bug fixes. The English and German GnuPG mailing lists are watched
by the authors and we try to answer questions when time allows us
to do so.

5
cipher/Makefile.am
View File

@ -37,6 +37,7 @@ libcipher_a_SOURCES = cipher.c \
cast5.c \
rijndael.c \
camellia.c camellia.h camellia-glue.c \
idea.c \
elgamal.c \
elgamal.h \
rsa.c rsa.h \
@ -73,7 +74,3 @@ endif
if USE_SHA512
libcipher_a_SOURCES+=sha512.c
endif
EXTRA_libcipher_a_SOURCES=idea-stub.c
libcipher_a_DEPENDENCIES=@IDEA_O@
libcipher_a_LIBADD=@IDEA_O@

182
cipher/idea-stub.c
View File

@ -1,182 +0,0 @@
/* idea-stub.c - Dummy module for the deprecated IDEA cipher.
* Copyright (C) 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/* IDEA is a patented algorithm and therefore the use of IDEA in
countries where this patent is valid can not be allowed due to the
terms of the GNU General Public License. Those restrictions are
there to help protecting the freedom of software. For more
information on the nonsense of software patents and the general
problem with this, please see http://www.noepatents.org.
However for research purposes and in certain situations it might be
useful to use this algorithm anyway.
We provide this stub which will dynload a idea module and is only
used if the configure run did't found statically linked file.
See http://www.gnupg.org/why-not-dea.html for details.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef HAVE_DL_DLOPEN
#include <dlfcn.h>
#endif
#ifdef _WIN32
#include <windows.h>
#endif
#include "util.h"
#include "algorithms.h"
#ifndef RTLD_NOW
#define RTLD_NOW 1
#endif
#ifdef _WIN32
#define HAVE_DL_DLOPEN 1
#define USE_DYNAMIC_LINKING 1
static int last_error = 0;
void*
dlopen (const char *pathname, int mode)
{
void *h = LoadLibrary (pathname);
if (!h)
{
log_error ("LoadLibrary failed: %s\n", w32_strerror (errno));
last_error = 1;
return NULL;
}
return h;
}
int
dlclose ( void *handle )
{
last_error = 0;
return FreeLibrary (handle);
}
const char*
dlerror (void)
{
if (last_error)
return w32_strerror (0);
return NULL;
}
void*
dlsym (void *handle, const char *name)
{
void *h = GetProcAddress (handle, name);
if (!h)
{
log_error ("GetProcAddress failed: %s\n", w32_strerror (errno));
last_error = 1;
}
return h;
}
#endif /*_WIN32*/
/* We do only support dlopen and the Windows emulation of it. */
#ifndef HAVE_DL_DLOPEN
#undef USE_DYNAMIC_LINKING
#endif
typedef
const char *(*INFO_FNC)(int, size_t*, size_t*, size_t*,
int (**)( void *, const byte *, unsigned),
void (**)( void *, byte *, const byte *),
void (**)( void *, byte *, const byte *));
static INFO_FNC
load_module (const char *name)
{
#ifdef USE_DYNAMIC_LINKING
const char *err;
void *handle;
void *sym;
#ifndef _WIN32
/* Make sure we are not setuid. */
if (getuid () != geteuid ())
log_bug("trying to load an extension while still setuid\n");
#endif
handle = dlopen (name, RTLD_NOW);
if (!handle)
{
err=dlerror();
goto failure;
}
dlerror (); /* Clear old errors or initialize dlerror. */
sym = dlsym (handle, "idea_get_info");
if (dlerror ())
sym = dlsym (handle, "_idea_get_info");
if ((err=dlerror()))
goto failure;
return (INFO_FNC)sym;
failure:
log_info ("invalid module `%s': %s\n", name?name:"???", err?err:"???");
if (handle)
dlclose (handle);
#endif /*USE_DYNAMIC_LINKING*/
return NULL;
}
const char *
idea_get_info( int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
int (**r_setkey)( void *c, const byte *key, unsigned keylen ),
void (**r_encrypt)( void *c, byte *outbuf, const byte *inbuf ),
void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf )
)
{
static int initialized;
static INFO_FNC info_fnc;
const char *rstr;
int i;
if (!initialized)
{
initialized = 1;
for (i=0; (rstr = dynload_enum_module_names (i)); i++)
{
info_fnc = load_module (rstr);
if (info_fnc)
break;
}
}
if (!info_fnc)
return NULL; /* dynloadable module not found. */
rstr = info_fnc (algo, keylen, blocksize, contextsize,
r_setkey, r_encrypt, r_decrypt);
if (rstr && *keylen == 128 && *blocksize == 8
&& *r_setkey && *r_encrypt && r_decrypt)
return rstr;
return NULL;
}

411
cipher/idea.c Normal file
View File

@ -0,0 +1,411 @@
/* idea.c - IDEA function
* Copyright (c) 1997, 1998, 1999, 2001 by Werner Koch (dd9jn)
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* WERNER KOCH BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* Except as contained in this notice, the name of Werner Koch shall not be
* used in advertising or otherwise to promote the sale, use or other dealings
* in this Software without prior written authorization from Werner Koch.
*
* Patents on IDEA have expired:
* Europe: EP0482154 on 2011-05-16,
* Japan: JP3225440 on 2011-05-16,
* U.S.: 5,214,703 on 2012-01-07.
*/
/*
* Please see http://www.noepatents.org/ to learn why software patents
* are bad for society and what you can do to fight them.
*
* The code herein is based on the one from:
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
* ISBN 0-471-11709-9.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "types.h" /* for byte and u32 typedefs */
#include "util.h"
#include "errors.h"
#include "algorithms.h"
#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned int))(f))
#define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f))
#define CIPHER_ALGO_IDEA 1
#define IDEA_KEYSIZE 16
#define IDEA_BLOCKSIZE 8
#define IDEA_ROUNDS 8
#define IDEA_KEYLEN (6*IDEA_ROUNDS+4)
typedef struct {
u16 ek[IDEA_KEYLEN];
u16 dk[IDEA_KEYLEN];
int have_dk;
} IDEA_context;
static const char *selftest(void);
static void
burn_stack (int bytes)
{
char buf[64];
wipememory(buf,sizeof buf);
bytes -= sizeof buf;
if (bytes > 0)
burn_stack (bytes);
}
static u16
mul_inv( u16 x )
{
u16 t0, t1;
u16 q, y;
if( x < 2 )
return x;
t1 = 0x10001L / x;
y = 0x10001L % x;
if( y == 1 )
return (1-t1) & 0xffff;
t0 = 1;
do {
q = x / y;
x = x % y;
t0 += q * t1;
if( x == 1 )
return t0;
q = y / x;
y = y % x;
t1 += q * t0;
} while( y != 1 );
return (1-t1) & 0xffff;
}
static void
expand_key( const byte *userkey, u16 *ek )
{
int i,j;
for(j=0; j < 8; j++ ) {
ek[j] = (*userkey << 8) + userkey[1];
userkey += 2;
}
for(i=0; j < IDEA_KEYLEN; j++ ) {
i++;
ek[i+7] = ek[i&7] << 9 | ek[(i+1)&7] >> 7;
ek += i & 8;
i &= 7;
}
}
static void
invert_key( u16 *ek, u16 dk[IDEA_KEYLEN] )
{
int i;
u16 t1, t2, t3;
u16 temp[IDEA_KEYLEN];
u16 *p = temp + IDEA_KEYLEN;
t1 = mul_inv( *ek++ );
t2 = -*ek++;
t3 = -*ek++;
*--p = mul_inv( *ek++ );
*--p = t3;
*--p = t2;
*--p = t1;
for(i=0; i < IDEA_ROUNDS-1; i++ ) {
t1 = *ek++;
*--p = *ek++;
*--p = t1;
t1 = mul_inv( *ek++ );
t2 = -*ek++;
t3 = -*ek++;
*--p = mul_inv( *ek++ );
*--p = t2;
*--p = t3;
*--p = t1;
}
t1 = *ek++;
*--p = *ek++;
*--p = t1;
t1 = mul_inv( *ek++ );
t2 = -*ek++;
t3 = -*ek++;
*--p = mul_inv( *ek++ );
*--p = t3;
*--p = t2;
*--p = t1;
memcpy(dk, temp, sizeof(temp) );
wipememory(temp, sizeof(temp) ); /* burn temp */
}
static void
cipher( byte *outbuf, const byte *inbuf, u16 *key )
{
u16 x1, x2, x3,x4, s2, s3;
u16 *in, *out;
int r = IDEA_ROUNDS;
#define MUL(x,y) \
do {u16 _t16; u32 _t32; \
if( (_t16 = (y)) ) { \
if( (x = (x)&0xffff) ) { \
_t32 = (u32)x * _t16; \
x = _t32 & 0xffff; \
_t16 = _t32 >> 16; \
x = ((x)-_t16) + (x<_t16?1:0); \
} \
else { \
x = 1 - _t16; \
} \
} \
else { \
x = 1 - x; \
} \
} while(0)
in = (u16*)inbuf;
x1 = *in++;
x2 = *in++;
x3 = *in++;
x4 = *in;
#ifndef WORDS_BIGENDIAN
x1 = (x1>>8) | (x1<<8);
x2 = (x2>>8) | (x2<<8);
x3 = (x3>>8) | (x3<<8);
x4 = (x4>>8) | (x4<<8);
#endif
do {
MUL(x1, *key++);
x2 += *key++;
x3 += *key++;
MUL(x4, *key++ );
s3 = x3;
x3 ^= x1;
MUL(x3, *key++);
s2 = x2;
x2 ^=x4;
x2 += x3;
MUL(x2, *key++);
x3 += x2;
x1 ^= x2;
x4 ^= x3;
x2 ^= s3;
x3 ^= s2;
} while( --r );
MUL(x1, *key++);
x3 += *key++;
x2 += *key++;
MUL(x4, *key);
out = (u16*)outbuf;
#ifndef WORDS_BIGENDIAN
*out++ = (x1>>8) | (x1<<8);
*out++ = (x3>>8) | (x3<<8);
*out++ = (x2>>8) | (x2<<8);
*out = (x4>>8) | (x4<<8);
#else
*out++ = x1;
*out++ = x3;
*out++ = x2;
*out = x4;
#endif
#undef MUL
}
static int
do_setkey( IDEA_context *c, const byte *key, unsigned int keylen )
{
static int initialized = 0;
static const char *selftest_failed = 0;
if( !initialized ) {
initialized = 1;
selftest_failed = selftest();
if( selftest_failed )
log_error( "%s\n", selftest_failed );
}
if( selftest_failed )
return G10ERR_SELFTEST_FAILED;
assert(keylen == 16);
c->have_dk = 0;
expand_key( key, c->ek );
invert_key( c->ek, c->dk );
return 0;
}
static int
idea_setkey (void *context, const byte *key, unsigned int keylen)
{
IDEA_context *ctx = context;
int rc = do_setkey (ctx, key, keylen);
burn_stack (23+6*sizeof(void*));
return rc;
}
static void
encrypt_block( IDEA_context *c, byte *outbuf, const byte *inbuf )
{
cipher( outbuf, inbuf, c->ek );
}
static void
idea_encrypt (void *context, byte *out, const byte *in)
{
IDEA_context *ctx = context;
encrypt_block (ctx, out, in);
burn_stack (24+3*sizeof (void*));
}
static void
decrypt_block( IDEA_context *c, byte *outbuf, const byte *inbuf )
{
if( !c->have_dk ) {
c->have_dk = 1;
invert_key( c->ek, c->dk );
}
cipher( outbuf, inbuf, c->dk );
}
static void
idea_decrypt (void *context, byte *out, const byte *in)
{
IDEA_context *ctx = context;
decrypt_block (ctx, out, in);
burn_stack (24+3*sizeof (void*));
}
static const char *
selftest( void )
{
static struct {
byte key[16];
byte plain[8];
byte cipher[8];
} test_vectors[] = {
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 },
{ 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 },
{ 0x54, 0x0E, 0x5F, 0xEA, 0x18, 0xC2, 0xF8, 0xB1 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x00, 0x19, 0x32, 0x4B, 0x64, 0x7D, 0x96, 0xAF },
{ 0x9F, 0x0A, 0x0A, 0xB6, 0xE1, 0x0C, 0xED, 0x78 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0xF5, 0x20, 0x2D, 0x5B, 0x9C, 0x67, 0x1B, 0x08 },
{ 0xCF, 0x18, 0xFD, 0x73, 0x55, 0xE2, 0xC5, 0xC5 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0xFA, 0xE6, 0xD2, 0xBE, 0xAA, 0x96, 0x82, 0x6E },
{ 0x85, 0xDF, 0x52, 0x00, 0x56, 0x08, 0x19, 0x3D } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x0A, 0x14, 0x1E, 0x28, 0x32, 0x3C, 0x46, 0x50 },
{ 0x2F, 0x7D, 0xE7, 0x50, 0x21, 0x2F, 0xB7, 0x34 } },
{ { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 },
{ 0x05, 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x23, 0x28 },
{ 0x7B, 0x73, 0x14, 0x92, 0x5D, 0xE5, 0x9C, 0x09 } },
{ { 0x00, 0x05, 0x00, 0x0A, 0x00, 0x0F, 0x00, 0x14,
0x00, 0x19, 0x00, 0x1E, 0x00, 0x23, 0x00, 0x28 },
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 },
{ 0x3E, 0xC0, 0x47, 0x80, 0xBE, 0xFF, 0x6E, 0x20 } },
{ { 0x3A, 0x98, 0x4E, 0x20, 0x00, 0x19, 0x5D, 0xB3,
0x2E, 0xE5, 0x01, 0xC8, 0xC4, 0x7C, 0xEA, 0x60 },
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 },
{ 0x97, 0xBC, 0xD8, 0x20, 0x07, 0x80, 0xDA, 0x86 } },
{ { 0x00, 0x64, 0x00, 0xC8, 0x01, 0x2C, 0x01, 0x90,
0x01, 0xF4, 0x02, 0x58, 0x02, 0xBC, 0x03, 0x20 },
{ 0x05, 0x32, 0x0A, 0x64, 0x14, 0xC8, 0x19, 0xFA },
{ 0x65, 0xBE, 0x87, 0xE7, 0xA2, 0x53, 0x8A, 0xED } },
{ { 0x9D, 0x40, 0x75, 0xC1, 0x03, 0xBC, 0x32, 0x2A,
0xFB, 0x03, 0xE7, 0xBE, 0x6A, 0xB3, 0x00, 0x06 },
{ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08 },
{ 0xF5, 0xDB, 0x1A, 0xC4, 0x5E, 0x5E, 0xF9, 0xF9 } }
};
IDEA_context c;
byte buffer[8];
int i;
for(i=0; i < DIM(test_vectors); i++ ) {
do_setkey( &c, test_vectors[i].key, 16 );
encrypt_block( &c, buffer, test_vectors[i].plain );
if( memcmp( buffer, test_vectors[i].cipher, 8 ) )
return "IDEA test encryption failed.";
decrypt_block( &c, buffer, test_vectors[i].cipher );
if( memcmp( buffer, test_vectors[i].plain, 8 ) )
return "IDEA test decryption failed.";
}
return NULL;
}
/****************
* Return some information about the algorithm. We need algo here to
* distinguish different flavors of the algorithm.
* Returns: A pointer to string describing the algorithm or NULL if
* the ALGO is invalid.
*/
const char *
idea_get_info( int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
int (**r_setkey)( void *c, const byte *key, unsigned keylen ),
void (**r_encrypt)( void *c, byte *outbuf, const byte *inbuf ),
void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf )
)
{
*keylen = 128;
*blocksize = IDEA_BLOCKSIZE;
*contextsize = sizeof(IDEA_context);
*r_setkey = idea_setkey;
*r_encrypt = idea_encrypt;
*r_decrypt = idea_decrypt;
if( algo == CIPHER_ALGO_IDEA )
return "IDEA";
return NULL;
}

18
configure.ac
View File

@ -203,24 +203,6 @@ AC_ARG_ENABLE(idea,
AC_MSG_RESULT($use_idea)
if test x"$use_idea" = xyes ; then
AC_DEFINE(USE_IDEA,1,[Define to include the IDEA cipher])
# We don't need idea but some people claim that they need it for
# research etc., so we allow to place an idea source code into the
# cipher directory and statically link it if available, otherwise we
# link to a stub. We don't use AC_CHECK_FILE to avoid caching.
AC_MSG_CHECKING([for idea cipher module])
tmp=""
if test -f $srcdir/cipher/idea.c; then
IDEA_O=idea.o
tmp=idea
else
IDEA_O=idea-stub.o
tmp=no
try_extensions=yes
fi
AC_SUBST(IDEA_O)
AC_MSG_RESULT($tmp)
fi
AC_MSG_CHECKING([whether to enable the CAST5 cipher])

8
doc/DETAILS
View File

@ -316,11 +316,9 @@ more arguments in future versions.
The ASCII armor is corrupted. No arguments yet.
RSA_OR_IDEA
The IDEA algorithms has been used in the data. A
program might want to fallback to another program to handle
the data if GnuPG failed. This status message used to be emitted
also for RSA but this has been dropped after the RSA patent expired.
However we can't change the name of the message.
Obsolete. This status message used to be emitted for requests
to use the IDEA or RSA algorithms. It has been dropped from
GnuPG 1.4 after the respective patents expired.
SHM_INFO
SHM_GET

58
g10/gpg.c
View File

@ -1134,8 +1134,6 @@ rm_group(char *name)
directory is group or other writable or not owned by us. Disable
exec in this case.
2) Extensions. Same as #1.
Returns true if the item is unsafe. */
static int
check_permissions(const char *path,int item)
@ -1152,16 +1150,7 @@ check_permissions(const char *path,int item)
assert(item==0 || item==1 || item==2);
/* extensions may attach a path */
if(item==2 && path[0]!=DIRSEP_C)
{
if(strchr(path,DIRSEP_C))
tmppath=make_filename(path,NULL);
else
tmppath=make_filename(GNUPG_LIBDIR,path,NULL);
}
else
tmppath=xstrdup(path);
tmppath=xstrdup(path);
/* If the item is located in the homedir, but isn't the homedir,
don't continue if we already checked the homedir itself. This is
@ -1218,9 +1207,9 @@ check_permissions(const char *path,int item)
homedir_cache=ret;
}
}
else if(item==1 || item==2)
else if(item==1)
{
/* The options or extension file. Okay unless it or its
/* The options file. Okay unless it or its
containing directory is group or other writable or not owned
by us or root. */
@ -1271,48 +1260,36 @@ check_permissions(const char *path,int item)
if(item==0)
log_info(_("WARNING: unsafe ownership on"
" homedir `%s'\n"),tmppath);
else if(item==1)
log_info(_("WARNING: unsafe ownership on"
" configuration file `%s'\n"),tmppath);
else
log_info(_("WARNING: unsafe ownership on"
" extension `%s'\n"),tmppath);
" configuration file `%s'\n"),tmppath);
}
if(perm)
{
if(item==0)
log_info(_("WARNING: unsafe permissions on"
" homedir `%s'\n"),tmppath);
else if(item==1)
log_info(_("WARNING: unsafe permissions on"
" configuration file `%s'\n"),tmppath);
else
log_info(_("WARNING: unsafe permissions on"
" extension `%s'\n"),tmppath);
" configuration file `%s'\n"),tmppath);
}
if(enc_dir_own)
{
if(item==0)
log_info(_("WARNING: unsafe enclosing directory ownership on"
" homedir `%s'\n"),tmppath);
else if(item==1)
log_info(_("WARNING: unsafe enclosing directory ownership on"
" configuration file `%s'\n"),tmppath);
else
log_info(_("WARNING: unsafe enclosing directory ownership on"
" extension `%s'\n"),tmppath);
" configuration file `%s'\n"),tmppath);
}
if(enc_dir_perm)
{
if(item==0)
log_info(_("WARNING: unsafe enclosing directory permissions on"
" homedir `%s'\n"),tmppath);
else if(item==1)
log_info(_("WARNING: unsafe enclosing directory permissions on"
" configuration file `%s'\n"),tmppath);
else
log_info(_("WARNING: unsafe enclosing directory permissions on"
" extension `%s'\n"),tmppath);
" configuration file `%s'\n"),tmppath);
}
}
@ -2318,19 +2295,7 @@ main (int argc, char **argv )
}
break;
case oLoadExtension:
#ifndef __riscos__
#if defined(USE_DYNAMIC_LINKING) || defined(_WIN32)
if(check_permissions(pargs.r.ret_str,2))
log_info(_("cipher extension `%s' not loaded due to"
" unsafe permissions\n"),pargs.r.ret_str);
else
register_cipher_extension(orig_argc? *orig_argv:NULL,
pargs.r.ret_str);
#endif
#else /* __riscos__ */
riscos_not_implemented("load-extension");
#endif /* __riscos__ */
break;
break; /* This is a dummy option since 1.4.13. */
case oRFC1991:
opt.compliance = CO_RFC1991;
opt.force_v4_certs = 0;
@ -3037,7 +3002,6 @@ main (int argc, char **argv )
{
log_info(_("encrypting a message in --pgp2 mode requires "
"the IDEA cipher\n"));
idea_cipher_warn(1);
unusable=1;
}
else if(cmd==aSym)
@ -3097,12 +3061,6 @@ main (int argc, char **argv )
* may try to load an module */
if( def_cipher_string ) {
opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
if(opt.def_cipher_algo==0 &&
(ascii_strcasecmp(def_cipher_string,"idea")==0
|| ascii_strcasecmp(def_cipher_string,"s1")==0))
{
idea_cipher_warn(1);
}
xfree(def_cipher_string); def_cipher_string = NULL;
if( check_cipher_algo(opt.def_cipher_algo) )
log_error(_("selected cipher algorithm is invalid\n"));

11
g10/keygen.c
View File

@ -332,14 +332,15 @@ keygen_set_std_prefs (const char *string,int personal)
if(!check_cipher_algo(CIPHER_ALGO_CAST5))
strcat(dummy_string,"S3 ");
strcat(dummy_string,"S2 "); /* 3DES */
/* If we have it, IDEA goes *after* 3DES so it won't be
/* If we have it and we are in PGP2 mode,
IDEA goes *after* 3DES so it won't be
used unless we're encrypting along with a V3 key.
Ideally, we would only put the S1 preference in if the
key was RSA and <=2048 bits, as that is what won't
break PGP2, but that is difficult with the current
code, and not really worth checking as a non-RSA <=2048
bit key wouldn't be usable by PGP2 anyway. -dms */
if(!check_cipher_algo(CIPHER_ALGO_IDEA))
if(PGP2 && !check_cipher_algo(CIPHER_ALGO_IDEA))
strcat(dummy_string,"S1 ");
@ -415,12 +416,6 @@ keygen_set_std_prefs (const char *string,int personal)
else
{
log_info (_("invalid item `%s' in preference string\n"),tok);
/* Complain if IDEA is not available. */
if(ascii_strcasecmp(tok,"s1")==0
|| ascii_strcasecmp(tok,"idea")==0)
idea_cipher_warn(1);
rc=-1;
}
}

6
g10/main.h
View File

@ -85,12 +85,6 @@ int openpgp_pk_test_algo( int algo, unsigned int usage_flags );
int openpgp_pk_algo_usage ( int algo );
int openpgp_md_test_algo( int algo );
#ifdef USE_IDEA
void idea_cipher_warn( int show );
#else
#define idea_cipher_warn(a)
#endif
void md5_digest_warn (int show);
void not_in_gpg1_notice (void);

9
g10/mainproc.c
View File

@ -260,14 +260,6 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
if(dek->keylen > DIM(dek->key))
BUG ();
/* This is not completely accurate, since a bad passphrase may have
resulted in a garbage algorithm byte, but it's close enough since
a bogus byte here will fail later. */
if(dek->algo==CIPHER_ALGO_IDEA)
{
idea_cipher_warn(0);
}
memcpy(dek->key, seskey + 1, dek->keylen);
/*log_hexdump( "thekey", dek->key, dek->keylen );*/
@ -565,7 +557,6 @@ proc_encrypted( CTX c, PACKET *pkt )
algo = opt.def_cipher_algo;
if (!algo)
algo = opt.s2k_cipher_algo;
idea_cipher_warn(1);
log_info (_("IDEA cipher unavailable, "
"optimistically attempting to use %s instead\n"),
cipher_algo_to_string(algo));

17
g10/misc.c
View File

@ -450,23 +450,6 @@ openpgp_md_test_algo( int algo )
return check_digest_algo(algo);
}
#ifdef USE_IDEA
/* Special warning for the IDEA cipher */
void
idea_cipher_warn(int show)
{
static int warned=0;
if(!warned || show)
{
log_info(_("the IDEA cipher plugin is not present\n"));
log_info(_("please see %s for more information\n"),
"http://www.gnupg.org/faq/why-not-idea.html");
warned=1;
}
}
#endif
/* Print a warning if the md5 digest algorithm has been used. This
warning is printed only once unless SHOW is used. */
void

3
g10/pkclist.c
View File

@ -1287,8 +1287,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
/* IDEA is implicitly there for v3 keys with v3 selfsigs if
--pgp2 mode is on. This was a 2440 thing that was
dropped from 4880 but is still relevant to GPG's 1991
support. All this doesn't mean IDEA is actually
available, of course. */
support. */
if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4)
implicit=CIPHER_ALGO_IDEA;
else

4
g10/pubkey-enc.c
View File

@ -234,15 +234,11 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
dek->keylen = nframe - (n+1) - 2;
dek->algo = frame[n++];
if( dek->algo == CIPHER_ALGO_IDEA )
write_status(STATUS_RSA_OR_IDEA);
rc = check_cipher_algo( dek->algo );
if( rc ) {
if( !opt.quiet && rc == G10ERR_CIPHER_ALGO ) {
log_info(_("cipher algorithm %d%s is unknown or disabled\n"),
dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":"");
if(dek->algo==CIPHER_ALGO_IDEA)
idea_cipher_warn(0);
}
dek->algo = 0;
goto leave;

5
g10/seckey-cert.c
View File

@ -58,11 +58,6 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
if( check_cipher_algo( sk->protect.algo ) ) {
log_info(_("protection algorithm %d%s is not supported\n"),
sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
if (sk->protect.algo==CIPHER_ALGO_IDEA)
{
write_status (STATUS_RSA_OR_IDEA);
idea_cipher_warn (0);
}
return G10ERR_CIPHER_ALGO;
}
if(check_digest_algo(sk->protect.s2k.hash_algo))

1
g10/status.c
View File

@ -91,7 +91,6 @@ get_status_string ( int no )
case STATUS_BADSIG : s = "BADSIG"; break;
case STATUS_ERRSIG : s = "ERRSIG"; break;
case STATUS_BADARMOR : s = "BADARMOR"; break;
case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA"; break;
case STATUS_TRUST_UNDEFINED: s = "TRUST_UNDEFINED"; break;
case STATUS_TRUST_NEVER : s = "TRUST_NEVER"; break;
case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL"; break;

3
g10/status.h
View File

@ -30,7 +30,8 @@
#define STATUS_BADARMOR 7
#define STATUS_RSA_OR_IDEA 8
/* Not anymore used: STATUS_RSA_OR_IDEA 8 */
#define STATUS_KEYEXPIRED 9
#define STATUS_KEYREVOKED 10

4
gnupg.txt
View File

@ -14,10 +14,10 @@ Texts. A copy of the license is included in the file COPYING.
%%full-description: A complete and free replacement for PGP. The
program does not use any patented algorithms, and can be used as a
filter program. Can handle all OpenPGP messages and messages generated
by PGP 5.0 and newer unless they use the IDEA algorithm.
by PGP 5.0 and later.
Supports ElGamal (signature and encrytion), DSA, AES, 3DES, Blowfish,
Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER, and has language
Twofish, CAST5, IDEA, MD5, SHA-1, RIPE-MD-160, and has language
support for sixteen different languages.
It is believed to be fully OpenPGP (as defined in RFC2440) conform,