diff options
-rw-r--r-- | Doc/pycrypt.rst | 4 | ||||
-rw-r--r-- | lib/Crypto/SelfTest/Cipher/common.py | 16 | ||||
-rw-r--r-- | pct-speedtest.py | 1 | ||||
-rw-r--r-- | src/block_template.c | 146 |
4 files changed, 25 insertions, 142 deletions
diff --git a/Doc/pycrypt.rst b/Doc/pycrypt.rst index 70051a5..7213bb1 100644 --- a/Doc/pycrypt.rst +++ b/Doc/pycrypt.rst @@ -304,9 +304,7 @@ byte-by-byte basis, and is much slower than either of the other two modes. The chaining feedback modes require an initialization value to start off the encryption; this is a string of the same length as the ciphering algorithm's block size, and is passed to the ``new()`` -function. There is also a special PGP mode, which is an oddball -variant of CFB used by the PGP program. While you can use it in -non-PGP programs, it's quite non-standard. +function. The currently available block ciphers are listed in the following table, and are in the ``Crypto.Cipher`` package: diff --git a/lib/Crypto/SelfTest/Cipher/common.py b/lib/Crypto/SelfTest/Cipher/common.py index af34e97..c48cb7f 100644 --- a/lib/Crypto/SelfTest/Cipher/common.py +++ b/lib/Crypto/SelfTest/Cipher/common.py @@ -220,13 +220,26 @@ class RoundtripTest(unittest.TestCase): return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,) def runTest(self): - for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_PGP, self.module.MODE_OFB): + for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB): encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) ciphertext = encryption_cipher.encrypt(self.plaintext) decrypted_plaintext = decryption_cipher.decrypt(ciphertext) self.assertEqual(self.plaintext, decrypted_plaintext) +class PGPTest(unittest.TestCase): + def __init__(self, module, params): + unittest.TestCase.__init__(self) + self.module = module + self.key = b(params['key']) + + def shortDescription(self): + return "MODE_PGP was implemented incorrectly and insecurely. It's completely banished now." + + def runTest(self): + self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), + self.module.MODE_PGP) + def make_block_tests(module, module_name, test_data): tests = [] extra_tests_added = 0 @@ -272,6 +285,7 @@ def make_block_tests(module, module_name, test_data): CTRWraparoundTest(module, params), CFBSegmentSizeTest(module, params), RoundtripTest(module, params), + PGPTest(module, params), ] extra_tests_added = 1 diff --git a/pct-speedtest.py b/pct-speedtest.py index 6b84ef0..835286c 100644 --- a/pct-speedtest.py +++ b/pct-speedtest.py @@ -203,7 +203,6 @@ class Benchmark: self.test_key_setup(cipher_name, module, key_bytes, module.MODE_CBC) self.test_encryption("%s-CBC" % (cipher_name,), module, key_bytes, module.MODE_CBC) self.test_encryption("%s-CFB" % (cipher_name,), module, key_bytes, module.MODE_CFB) - self.test_encryption("%s-PGP" % (cipher_name,), module, key_bytes, module.MODE_PGP) self.test_encryption("%s-OFB" % (cipher_name,), module, key_bytes, module.MODE_OFB) self.test_encryption("%s-ECB" % (cipher_name,), module, key_bytes, module.MODE_ECB) diff --git a/src/block_template.c b/src/block_template.c index 559e582..3526cd1 100644 --- a/src/block_template.c +++ b/src/block_template.c @@ -171,6 +171,11 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict) mode); return NULL; } + if (mode == MODE_PGP) { + PyErr_Format(PyExc_ValueError, + "MODE_PGP is not supported anymore"); + return NULL; + } /* Mode-specific checks */ if (mode == MODE_CFB) { @@ -236,14 +241,7 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict) memset(new->oldCipher, 0, BLOCK_SIZE); memcpy(new->IV, IV, IVlen); new->mode = mode; - switch(mode) { - case MODE_PGP: - new->count=8; - break; - case MODE_CTR: - default: - new->count=BLOCK_SIZE; /* stores how many bytes in new->oldCipher have been used */ - } + new->count=BLOCK_SIZE; /* stores how many bytes in new->oldCipher have been used */ return new; } @@ -265,7 +263,7 @@ ALG_Encrypt(ALGobject *self, PyObject *args) return PyBytes_FromStringAndSize(NULL, 0); } if ( (len % BLOCK_SIZE) !=0 && - (self->mode!=MODE_CFB) && (self->mode!=MODE_PGP) && + (self->mode!=MODE_CFB) && (self->mode!=MODE_CTR)) { PyErr_Format(PyExc_ValueError, @@ -339,37 +337,6 @@ ALG_Encrypt(ALGobject *self, PyObject *args) } break; - case(MODE_PGP): - if (len<=BLOCK_SIZE-self->count) - { - /* If less than one block, XOR it in */ - for(i=0; i<len; i++) - buffer[i] = self->IV[self->count+i] ^= str[i]; - self->count += len; - } - else - { - int j; - for(i=0; i<BLOCK_SIZE-self->count; i++) - buffer[i] = self->IV[self->count+i] ^= str[i]; - self->count=0; - for(; i<len-BLOCK_SIZE; i+=BLOCK_SIZE) - { - block_encrypt(&(self->st), self->oldCipher, - self->IV); - for(j=0; j<BLOCK_SIZE; j++) - buffer[i+j] = self->IV[j] ^= str[i+j]; - } - /* Do the remaining 1 to BLOCK_SIZE bytes */ - block_encrypt(&(self->st), self->oldCipher, self->IV); - self->count=len-i; - for(j=0; j<len-i; j++) - { - buffer[i+j] = self->IV[j] ^= str[i+j]; - } - } - break; - case(MODE_OFB): for(i=0; i<len; i+=BLOCK_SIZE) { @@ -531,8 +498,7 @@ ALG_Decrypt(ALGobject *self, PyObject *args) { return PyBytes_FromStringAndSize(NULL, 0); } - if ( (len % BLOCK_SIZE) !=0 && - (self->mode!=MODE_CFB && self->mode!=MODE_PGP)) + if ( (len % BLOCK_SIZE) !=0 && (self->mode!=MODE_CFB)) { PyErr_Format(PyExc_ValueError, "Input strings must be " @@ -605,48 +571,6 @@ ALG_Decrypt(ALGobject *self, PyObject *args) } break; - case(MODE_PGP): - if (len<=BLOCK_SIZE-self->count) - { - /* If less than one block, XOR it in */ - unsigned char t; - for(i=0; i<len; i++) - { - t=self->IV[self->count+i]; - buffer[i] = t ^ (self->IV[self->count+i] = str[i]); - } - self->count += len; - } - else - { - int j; - unsigned char t; - for(i=0; i<BLOCK_SIZE-self->count; i++) - { - t=self->IV[self->count+i]; - buffer[i] = t ^ (self->IV[self->count+i] = str[i]); - } - self->count=0; - for(; i<len-BLOCK_SIZE; i+=BLOCK_SIZE) - { - block_encrypt(&(self->st), self->oldCipher, self->IV); - for(j=0; j<BLOCK_SIZE; j++) - { - t=self->IV[j]; - buffer[i+j] = t ^ (self->IV[j] = str[i+j]); - } - } - /* Do the remaining 1 to BLOCK_SIZE bytes */ - block_encrypt(&(self->st), self->oldCipher, self->IV); - self->count=len-i; - for(j=0; j<len-i; j++) - { - t=self->IV[j]; - buffer[i+j] = t ^ (self->IV[j] = str[i+j]); - } - } - break; - case (MODE_OFB): for(i=0; i<len; i+=BLOCK_SIZE) { @@ -674,57 +598,6 @@ ALG_Decrypt(ALGobject *self, PyObject *args) return(result); } -static char ALG_Sync__doc__[] = -"sync(): For objects using the PGP feedback mode, this method modifies " -"the IV, synchronizing it with the preceding ciphertext."; - -static PyObject * -ALG_Sync(ALGobject *self, PyObject *args) -{ - if (!PyArg_ParseTuple(args, "")) { - return NULL; - } - - if (self->mode!=MODE_PGP) - { - PyErr_SetString(PyExc_SystemError, "sync() operation not defined for " - "this feedback mode"); - return NULL; - } - - if (self->count!=8) - { - memmove(self->IV+BLOCK_SIZE-self->count, self->IV, - self->count); - memcpy(self->IV, self->oldCipher+self->count, - BLOCK_SIZE-self->count); - self->count=8; - } - Py_INCREF(Py_None); - return Py_None; -} - -#if 0 -void PrintState(self, msg) - ALGobject *self; - char * msg; -{ - int count; - - printf("%sing: %i IV ", msg, (int)self->count); - for(count=0; count<8; count++) printf("%i ", self->IV[count]); - printf("\noldCipher:"); - for(count=0; count<8; count++) printf("%i ", self->oldCipher[count]); - printf("\n"); -} -#endif - - - - - - - /* ALG object methods */ static PyMethodDef ALGmethods[] = { @@ -735,7 +608,6 @@ static PyMethodDef ALGmethods[] = {"encrypt", (PyCFunction) ALG_Encrypt, 0, ALG_Encrypt__doc__}, {"decrypt", (PyCFunction) ALG_Decrypt, 0, ALG_Decrypt__doc__}, #endif - {"sync", (PyCFunction) ALG_Sync, METH_VARARGS, ALG_Sync__doc__}, {NULL, NULL} /* sentinel */ }; @@ -932,7 +804,7 @@ _MODULE_NAME (void) PyModule_AddIntConstant(m, "MODE_ECB", MODE_ECB); PyModule_AddIntConstant(m, "MODE_CBC", MODE_CBC); PyModule_AddIntConstant(m, "MODE_CFB", MODE_CFB); - PyModule_AddIntConstant(m, "MODE_PGP", MODE_PGP); + PyModule_AddIntConstant(m, "MODE_PGP", MODE_PGP); /** Vestigial **/ PyModule_AddIntConstant(m, "MODE_OFB", MODE_OFB); PyModule_AddIntConstant(m, "MODE_CTR", MODE_CTR); PyModule_AddIntConstant(m, "block_size", BLOCK_SIZE); |