Added OpenPGP mode

7 files changed, 190 insertions, 20 deletions

diff --git a/lib/Crypto/Cipher/AES.py b/lib/Crypto/Cipher/AES.py
index 6b870ac..14f68d8 100644
--- a/lib/Crypto/Cipher/AES.py
+++ b/lib/Crypto/Cipher/AES.py
@@ -71,8 +71,16 @@ def new(key, *args, **kwargs):
         Default is `MODE_ECB`.
       IV : byte string
         The initialization vector to use for encryption or decryption.
-        It must be `block_size` bytes longs. Ignored for `MODE_ECB`
-        and `MODE_CTR`. The default value is all zeroes.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
       counter : callable
         (*Only* `MODE_CTR`). A stateful function that returns the next
         *counter block*, which is a byte string of `block_size` bytes.
@@ -98,6 +106,8 @@ MODE_PGP = 4
 MODE_OFB = 5
 #: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
 MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
 #: Size of a data block (in bytes)
 block_size = 16
 #: Size of a key (in bytes)
diff --git a/lib/Crypto/Cipher/ARC2.py b/lib/Crypto/Cipher/ARC2.py
index e9284a1..7b5f43a 100644
--- a/lib/Crypto/Cipher/ARC2.py
+++ b/lib/Crypto/Cipher/ARC2.py
@@ -83,8 +83,16 @@ def new(key, *args, **kwargs):
         Default is `MODE_ECB`.
       IV : byte string
         The initialization vector to use for encryption or decryption.
-        It must be `block_size` bytes longs. Ignored for `MODE_ECB`
-        and `MODE_CTR`. The default value is all zeroes.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
       counter : callable
         (*Only* `MODE_CTR`). A stateful function that returns the next
         *counter block*, which is a byte string of `block_size` bytes.
@@ -113,6 +121,8 @@ MODE_PGP = 4
 MODE_OFB = 5
 #: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
 MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
 #: Size of a data block (in bytes)
 block_size = 8
 #: Size of a key (in bytes)
diff --git a/lib/Crypto/Cipher/Blowfish.py b/lib/Crypto/Cipher/Blowfish.py
index f060689..3f12bea 100644
--- a/lib/Crypto/Cipher/Blowfish.py
+++ b/lib/Crypto/Cipher/Blowfish.py
@@ -77,8 +77,16 @@ def new(key, *args, **kwargs):
         Default is `MODE_ECB`.
       IV : byte string
         The initialization vector to use for encryption or decryption.
-        It must be `block_size` bytes longs. Ignored for `MODE_ECB`
-        and `MODE_CTR`. The default value is all zeroes.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
       counter : callable
         (*Only* `MODE_CTR`). A stateful function that returns the next
         *counter block*, which is a byte string of `block_size` bytes.
@@ -104,6 +112,8 @@ MODE_PGP = 4
 MODE_OFB = 5
 #: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
 MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
 #: Size of a data block (in bytes)
 block_size = 8
 #: Size of a key (in bytes)
diff --git a/lib/Crypto/Cipher/CAST.py b/lib/Crypto/Cipher/CAST.py
index f47e65b..1734b53 100644
--- a/lib/Crypto/Cipher/CAST.py
+++ b/lib/Crypto/Cipher/CAST.py
@@ -74,8 +74,16 @@ def new(key, *args, **kwargs):
         Default is `MODE_ECB`.
       IV : byte string
         The initialization vector to use for encryption or decryption.
-        It must be `block_size` bytes longs. Ignored for `MODE_ECB`
-        and `MODE_CTR`. The default value is all zeroes.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
       counter : callable
         (*Only* `MODE_CTR`). A stateful function that returns the next
         *counter block*, which is a byte string of `block_size` bytes.
@@ -101,6 +109,8 @@ MODE_PGP = 4
 MODE_OFB = 5
 #: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
 MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
 #: Size of a data block (in bytes)
 block_size = 8
 #: Size of a key (in bytes)
diff --git a/lib/Crypto/Cipher/DES.py b/lib/Crypto/Cipher/DES.py
index d4300c6..2fae42f 100644
--- a/lib/Crypto/Cipher/DES.py
+++ b/lib/Crypto/Cipher/DES.py
@@ -75,8 +75,16 @@ def new(key, *args, **kwargs):
         Default is `MODE_ECB`.
       IV : byte string
         The initialization vector to use for encryption or decryption.
-        It must be `block_size` bytes longs. Ignored for `MODE_ECB`
-        and `MODE_CTR`. The default value is all zeroes.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
       counter : callable
         (*Only* `MODE_CTR`). A stateful function that returns the next
         *counter block*, which is a byte string of `block_size` bytes.
@@ -102,6 +110,8 @@ MODE_PGP = 4
 MODE_OFB = 5
 #: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
 MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
 #: Size of a data block (in bytes)
 block_size = 8
 #: Size of a key (in bytes)
diff --git a/lib/Crypto/Cipher/DES3.py b/lib/Crypto/Cipher/DES3.py
index 39e726c..7fedac8 100644
--- a/lib/Crypto/Cipher/DES3.py
+++ b/lib/Crypto/Cipher/DES3.py
@@ -88,8 +88,16 @@ def new(key, *args, **kwargs):
         Default is `MODE_ECB`.
       IV : byte string
         The initialization vector to use for encryption or decryption.
-        It must be `block_size` bytes longs. Ignored for `MODE_ECB`
-        and `MODE_CTR`. The default value is all zeroes.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
       counter : callable
         (*Only* `MODE_CTR`). A stateful function that returns the next
         *counter block*, which is a byte string of `block_size` bytes.
@@ -117,6 +125,8 @@ MODE_PGP = 4
 MODE_OFB = 5
 #: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
 MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
 #: Size of a data block (in bytes)
 block_size = 8
 #: Size of a key (in bytes)
diff --git a/lib/Crypto/Cipher/blockalgo.py b/lib/Crypto/Cipher/blockalgo.py
index d8b1a8c..8863a7d 100644
--- a/lib/Crypto/Cipher/blockalgo.py
+++ b/lib/Crypto/Cipher/blockalgo.py
@@ -21,6 +21,9 @@
 # ===================================================================
 """Module with definitions common to all block ciphers."""
 
+from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
 #: *Electronic Code Book (ECB)*.
 #: This is the simplest encryption mode. Each of the plaintext blocks
 #: is directly encrypted into a ciphertext block, independently of
@@ -105,14 +108,79 @@ MODE_OFB = 5
 #: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
 MODE_CTR = 6
 
+#: OpenPGP. This mode is a variant of CFB, and it is only used in PGP and OpenPGP_ applications.
+#: A Initialization Vector (*IV*) is required.
+#: 
+#: Unlike CFB, the IV is not transmitted to the receiver. Instead, the *encrypted* IV is.
+#: The IV is a random data block. Two of its bytes are duplicated to act as a checksum
+#: for the correctness of the key. The encrypted IV is therefore 2 bytes longer than
+#: the clean IV.
+#:
+#: .. _OpenPGP: http://tools.ietf.org/html/rfc4880
+MODE_OPENPGP = 7
+
+def _getParameter(name, index, args, kwargs, default=None):
+    """Find a parameter in tuple and dictionary arguments a function receives"""
+    param = kwargs.get(name)
+    if len(args)>index:
+        if param:
+            raise ValueError("Parameter '%s' is specified twice" % name)
+        param = args[index]
+    return param or default
+    
 class BlockAlgo:
     """Class modelling an abstract block cipher."""
 
     def __init__(self, factory, key, *args, **kwargs):
-        self._cipher = factory.new(key, *args, **kwargs)
-        self.block_size = self._cipher.block_size
-        self.mode = self._cipher.mode
-        self.IV = self._cipher.IV
+        self.mode = _getParameter('mode', 0, args, kwargs, default=MODE_ECB)
+        self.block_size = factory.block_size
+        
+        if self.mode != MODE_OPENPGP:
+            self._cipher = factory.new(key, *args, **kwargs)
+            self.IV = self._cipher.IV
+        else:
+            # OPENPGP mode. For details, see 13.9 in RCC4880.
+            #
+            # A few members are specifically created for this mode:
+            #  - _encrypted_iv, set in this constructor
+            #  - _done_first_block, set to True after the first encryption
+            #  - _done_last_block, set to True after a partial block is processed
+            
+            self._done_first_block = False
+            self._done_last_block = False
+            self.IV = _getParameter('iv', 1, args, kwargs)
+            if not self.IV:
+                raise ValueError("MODE_OPENPGP requires an IV")
+            
+            # Instantiate a temporary cipher to process the IV
+            IV_cipher = factory.new(key, MODE_CFB,
+                    b('\x00')*self.block_size,      # IV for CFB
+                    segment_size=self.block_size*8)
+           
+            # The cipher will be used for...
+            if len(self.IV) == self.block_size:
+                # ... encryption
+                self._encrypted_IV = IV_cipher.encrypt(
+                    self.IV + self.IV[-2:] +        # Plaintext
+                    b('\x00')*(self.block_size-2)   # Padding
+                    )[:self.block_size+2]
+            elif len(self.IV) == self.block_size+2:
+                # ... decryption
+                self._encrypted_IV = self.IV
+                self.IV = IV_cipher.decrypt(self.IV +   # Ciphertext
+                    b('\x00')*(self.block_size-2)       # Padding
+                    )[:self.block_size+2]
+                if self.IV[-2:] != self.IV[-4:-2]:
+                    raise ValueError("Failed integrity check for OPENPGP IV")
+                self.IV = self.IV[:-2]
+            else:
+                raise ValueError("Length of IV must be %d or %d bytes for MODE_OPENPGP"
+                    % (self.block_size, self.block_size+2))
+
+            # Instantiate the cipher for the real PGP data
+            self._cipher = factory.new(key, MODE_CFB,
+                self._encrypted_IV[-self.block_size:],
+                segment_size=self.block_size*8)
 
     def encrypt(self, plaintext):
         """Encrypt data with the key and the parameters set at initialization.
@@ -140,12 +208,37 @@ class BlockAlgo:
 
          - For `MODE_CTR`, *plaintext* can be of any length.
 
+         - For `MODE_OPENPGP`, *plaintext* must be a multiple of *block_size*,
+           unless it is the last chunk of the message.
+
         :Parameters:
           plaintext : byte string
             The piece of data to encrypt.
-        :Return: the encrypted data (as a byte string, as long as the
-          plaintext)
+        :Return:
+            the encrypted data, as a byte string. It is as long as
+            *plaintext* with one exception: when encrypting the first message
+            chunk with `MODE_OPENPGP`, the encypted IV is prepended to the
+            returned ciphertext.
         """
+
+        if self.mode == MODE_OPENPGP:
+            padding_length = (self.block_size - len(plaintext) % self.block_size) % self.block_size
+            if padding_length>0:
+                # CFB mode requires ciphertext to have length multiple of block size,
+                # but PGP mode allows the last block to be shorter
+                if self._done_last_block:
+                    raise ValueError("Only the last chunk is allowed to have length not multiple of %d bytes",
+                        self.block_size)
+                self._done_last_block = True
+                padded = plaintext + b('\x00')*padding_length
+                res = self._cipher.encrypt(padded)[:len(plaintext)]
+            else:
+                res = self._cipher.encrypt(plaintext)
+            if not self._done_first_block:
+                res = self._encrypted_IV + res
+                self._done_first_block = True
+            return res
+
         return self._cipher.encrypt(plaintext)
 
     def decrypt(self, ciphertext):
@@ -174,11 +267,28 @@ class BlockAlgo:
 
          - For `MODE_CTR`, *ciphertext* can be of any length.
 
+         - For `MODE_OPENPGP`, *plaintext* must be a multiple of *block_size*,
+           unless it is the last chunk of the message.
+
         :Parameters:
           ciphertext : byte string
             The piece of data to decrypt.
-        :Return: the decrypted data (as a byte string, as long as the
-          ciphertext)
+        :Return: the decrypted data (byte string, as long as *ciphertext*).
         """
+        if self.mode == MODE_OPENPGP:
+            padding_length = (self.block_size - len(ciphertext) % self.block_size) % self.block_size
+            if padding_length>0:
+                # CFB mode requires ciphertext to have length multiple of block size,
+                # but PGP mode allows the last block to be shorter
+                if self._done_last_block:
+                    raise ValueError("Only the last chunk is allowed to have length not multiple of %d bytes",
+                        self.block_size)
+                self._done_last_block = True
+                padded = ciphertext + b('\x00')*padding_length
+                res = self._cipher.decrypt(padded)[:len(ciphertext)]
+            else:
+                res = self._cipher.decrypt(ciphertext)
+            return res
+
         return self._cipher.decrypt(ciphertext)