Removed PGP mode from block ciphers

author: Legrandin <gooksankoo@hoiptorrow.mailexpire.com> 2012-05-14 19:52:30 +0200
committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com> 2012-05-14 19:52:30 +0200
commit: 67d8cd1aaf1863cd7510baebbef9b395015312e4 (patch)
tree: 6bbcdd98516460c033713599b40aa77e8d4eac31
parent: d946a0aa4ebcc82316a3e42fbb69305e4d44dcd1 (diff)
download: pycrypto-67d8cd1aaf1863cd7510baebbef9b395015312e4.tar.gz
4 files changed, 25 insertions, 142 deletions
diff --git a/Doc/pycrypt.rst b/Doc/pycrypt.rst
index 70051a5..7213bb1 100644
--- a/Doc/pycrypt.rst
+++ b/Doc/pycrypt.rst
@@ -304,9 +304,7 @@ byte-by-byte basis, and is much slower than either of the other two
 modes.  The chaining feedback modes require an initialization value to
 start off the encryption; this is a string of the same length as the
 ciphering algorithm's block size, and is passed to the ``new()``
-function.  There is also a special PGP mode, which is an oddball
-variant of CFB used by the PGP program.  While you can use it in
-non-PGP programs, it's quite non-standard.
+function. 
 
 The currently available block ciphers are listed in the following table,
 and are in the ``Crypto.Cipher`` package:
diff --git a/lib/Crypto/SelfTest/Cipher/common.py b/lib/Crypto/SelfTest/Cipher/common.py
index af34e97..c48cb7f 100644
--- a/lib/Crypto/SelfTest/Cipher/common.py
+++ b/lib/Crypto/SelfTest/Cipher/common.py
@@ -220,13 +220,26 @@ class RoundtripTest(unittest.TestCase):
         return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,)
 
     def runTest(self):
-        for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_PGP, self.module.MODE_OFB):
+        for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB):
             encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
             decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
             ciphertext = encryption_cipher.encrypt(self.plaintext)
             decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
             self.assertEqual(self.plaintext, decrypted_plaintext)
 
+class PGPTest(unittest.TestCase):
+    def __init__(self, module, params):
+        unittest.TestCase.__init__(self)
+        self.module = module
+        self.key = b(params['key'])
+
+    def shortDescription(self):
+        return "MODE_PGP was implemented incorrectly and insecurely. It's completely banished now."
+
+    def runTest(self):
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_PGP)
+
 def make_block_tests(module, module_name, test_data):
     tests = []
     extra_tests_added = 0
@@ -272,6 +285,7 @@ def make_block_tests(module, module_name, test_data):
                 CTRWraparoundTest(module, params),
                 CFBSegmentSizeTest(module, params),
                 RoundtripTest(module, params),
+                PGPTest(module, params),
             ]
             extra_tests_added = 1
 
diff --git a/pct-speedtest.py b/pct-speedtest.py
index 6b84ef0..835286c 100644
--- a/pct-speedtest.py
+++ b/pct-speedtest.py
@@ -203,7 +203,6 @@ class Benchmark:
             self.test_key_setup(cipher_name, module, key_bytes, module.MODE_CBC)
             self.test_encryption("%s-CBC" % (cipher_name,), module, key_bytes, module.MODE_CBC)
             self.test_encryption("%s-CFB" % (cipher_name,), module, key_bytes, module.MODE_CFB)
-            self.test_encryption("%s-PGP" % (cipher_name,), module, key_bytes, module.MODE_PGP)
             self.test_encryption("%s-OFB" % (cipher_name,), module, key_bytes, module.MODE_OFB)
             self.test_encryption("%s-ECB" % (cipher_name,), module, key_bytes, module.MODE_ECB)
 
diff --git a/src/block_template.c b/src/block_template.c
index 559e582..3526cd1 100644
--- a/src/block_template.c
+++ b/src/block_template.c
@@ -171,6 +171,11 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict)
 			     mode);
 		return NULL;
 	}
+	if (mode == MODE_PGP) {
+		PyErr_Format(PyExc_ValueError, 
+			     "MODE_PGP is not supported anymore");
+		return NULL;
+	}
 
 	/* Mode-specific checks */
 	if (mode == MODE_CFB) {
@@ -236,14 +241,7 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict)
 	memset(new->oldCipher, 0, BLOCK_SIZE);
 	memcpy(new->IV, IV, IVlen);
 	new->mode = mode;
-	switch(mode) {
-	case MODE_PGP:
-	    new->count=8;
-	    break;
-	case MODE_CTR:
-	default:
-	    new->count=BLOCK_SIZE;   /* stores how many bytes in new->oldCipher have been used */
-	}
+	new->count=BLOCK_SIZE;   /* stores how many bytes in new->oldCipher have been used */
 	return new;
 }
 
@@ -265,7 +263,7 @@ ALG_Encrypt(ALGobject *self, PyObject *args)
 		return PyBytes_FromStringAndSize(NULL, 0);
 	}
 	if ( (len % BLOCK_SIZE) !=0 && 
-	     (self->mode!=MODE_CFB) && (self->mode!=MODE_PGP) &&
+	     (self->mode!=MODE_CFB) &&
 	     (self->mode!=MODE_CTR))
 	{
 		PyErr_Format(PyExc_ValueError, 
@@ -339,37 +337,6 @@ ALG_Encrypt(ALGobject *self, PyObject *args)
 		}
 		break;
 
-	case(MODE_PGP):
-		if (len<=BLOCK_SIZE-self->count) 
-		{			
-			/* If less than one block, XOR it in */
-			for(i=0; i<len; i++) 
-				buffer[i] = self->IV[self->count+i] ^= str[i];
-			self->count += len;
-		}
-		else 
-		{
-			int j;
-			for(i=0; i<BLOCK_SIZE-self->count; i++) 
-				buffer[i] = self->IV[self->count+i] ^= str[i];
-			self->count=0;
-			for(; i<len-BLOCK_SIZE; i+=BLOCK_SIZE) 
-			{
-				block_encrypt(&(self->st), self->oldCipher, 
-					      self->IV);
-				for(j=0; j<BLOCK_SIZE; j++)
-					buffer[i+j] = self->IV[j] ^= str[i+j];
-			}
-			/* Do the remaining 1 to BLOCK_SIZE bytes */
-			block_encrypt(&(self->st), self->oldCipher, self->IV);
-			self->count=len-i;
-			for(j=0; j<len-i; j++) 
-			{
-				buffer[i+j] = self->IV[j] ^= str[i+j];
-			}
-		}
-		break;
-
 	case(MODE_OFB):
 		for(i=0; i<len; i+=BLOCK_SIZE) 
 		{
@@ -531,8 +498,7 @@ ALG_Decrypt(ALGobject *self, PyObject *args)
 	{
 		return PyBytes_FromStringAndSize(NULL, 0);
 	}
-	if ( (len % BLOCK_SIZE) !=0 && 
-	     (self->mode!=MODE_CFB && self->mode!=MODE_PGP))
+	if ( (len % BLOCK_SIZE) !=0 && (self->mode!=MODE_CFB))
 	{
 		PyErr_Format(PyExc_ValueError, 
 			     "Input strings must be "
@@ -605,48 +571,6 @@ ALG_Decrypt(ALGobject *self, PyObject *args)
 		}
 		break;
 
-	case(MODE_PGP):
-		if (len<=BLOCK_SIZE-self->count) 
-		{			
-                        /* If less than one block, XOR it in */
-			unsigned char t;
-			for(i=0; i<len; i++)
-			{
-				t=self->IV[self->count+i];
-				buffer[i] = t ^ (self->IV[self->count+i] = str[i]);
-			}
-			self->count += len;
-		}
-		else 
-		{
-			int j;
-			unsigned char t;
-			for(i=0; i<BLOCK_SIZE-self->count; i++) 
-			{
-				t=self->IV[self->count+i];
-				buffer[i] = t ^ (self->IV[self->count+i] = str[i]);
-			}
-			self->count=0;
-			for(; i<len-BLOCK_SIZE; i+=BLOCK_SIZE) 
-			{
-				block_encrypt(&(self->st), self->oldCipher, self->IV);
-				for(j=0; j<BLOCK_SIZE; j++)
-				{
-					t=self->IV[j];
-					buffer[i+j] = t ^ (self->IV[j] = str[i+j]);
-				}
-			}
-			/* Do the remaining 1 to BLOCK_SIZE bytes */
-			block_encrypt(&(self->st), self->oldCipher, self->IV);
-			self->count=len-i;
-			for(j=0; j<len-i; j++) 
-			{
-				t=self->IV[j];
-				buffer[i+j] = t ^ (self->IV[j] = str[i+j]);
-			}
-		}
-		break;
-
 	case (MODE_OFB):
 		for(i=0; i<len; i+=BLOCK_SIZE) 
 		{
@@ -674,57 +598,6 @@ ALG_Decrypt(ALGobject *self, PyObject *args)
 	return(result);
 }
 
-static char ALG_Sync__doc__[] =
-"sync(): For objects using the PGP feedback mode, this method modifies "
-"the IV, synchronizing it with the preceding ciphertext.";
-
-static PyObject *
-ALG_Sync(ALGobject *self, PyObject *args)
-{
-	if (!PyArg_ParseTuple(args, "")) {
-		return NULL;
-	}
-
-	if (self->mode!=MODE_PGP) 
-	{
-		PyErr_SetString(PyExc_SystemError, "sync() operation not defined for "
-				"this feedback mode");
-		return NULL;
-	}
-	
-	if (self->count!=8) 
-	{
-		memmove(self->IV+BLOCK_SIZE-self->count, self->IV, 
-			self->count);
-		memcpy(self->IV, self->oldCipher+self->count, 
-		       BLOCK_SIZE-self->count);
-		self->count=8;
-	}
-	Py_INCREF(Py_None);
-	return Py_None;
-}
-
-#if 0
-void PrintState(self, msg)
-     ALGobject *self;
-     char * msg;
-{
-  int count;
-  
-  printf("%sing: %i IV ", msg, (int)self->count);
-  for(count=0; count<8; count++) printf("%i ", self->IV[count]);
-  printf("\noldCipher:");
-  for(count=0; count<8; count++) printf("%i ", self->oldCipher[count]);
-  printf("\n");
-}
-#endif
-
-
-
-
-
-
-
 /* ALG object methods */
 static PyMethodDef ALGmethods[] =
 {
@@ -735,7 +608,6 @@ static PyMethodDef ALGmethods[] =
  {"encrypt", (PyCFunction) ALG_Encrypt, 0, ALG_Encrypt__doc__},
  {"decrypt", (PyCFunction) ALG_Decrypt, 0, ALG_Decrypt__doc__},
 #endif
- {"sync", (PyCFunction) ALG_Sync, METH_VARARGS, ALG_Sync__doc__},
  {NULL, NULL}			/* sentinel */
 };
 
@@ -932,7 +804,7 @@ _MODULE_NAME (void)
 	PyModule_AddIntConstant(m, "MODE_ECB", MODE_ECB);
 	PyModule_AddIntConstant(m, "MODE_CBC", MODE_CBC);
 	PyModule_AddIntConstant(m, "MODE_CFB", MODE_CFB);
-	PyModule_AddIntConstant(m, "MODE_PGP", MODE_PGP);
+	PyModule_AddIntConstant(m, "MODE_PGP", MODE_PGP); /** Vestigial **/
 	PyModule_AddIntConstant(m, "MODE_OFB", MODE_OFB);
 	PyModule_AddIntConstant(m, "MODE_CTR", MODE_CTR);
 	PyModule_AddIntConstant(m, "block_size", BLOCK_SIZE);
author	Legrandin <gooksankoo@hoiptorrow.mailexpire.com>	2012-05-14 19:52:30 +0200
committer	Legrandin <gooksankoo@hoiptorrow.mailexpire.com>	2012-05-14 19:52:30 +0200
commit	67d8cd1aaf1863cd7510baebbef9b395015312e4 (patch)
tree	6bbcdd98516460c033713599b40aa77e8d4eac31
parent	d946a0aa4ebcc82316a3e42fbb69305e4d44dcd1 (diff)
download	pycrypto-67d8cd1aaf1863cd7510baebbef9b395015312e4.tar.gz