| The IDEA library. |
| IDEA is a block cipher that operates on 64bit (8 byte) quantities. It |
| uses a 128bit (16 byte) key. It can be used in all the modes that DES can |
| be used. This library implements the ecb, cbc, cfb64 and ofb64 modes. |
| |
| For all calls that have an 'input' and 'output' variables, they can be the |
| same. |
| |
| This library requires the inclusion of 'idea.h'. |
| |
| All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an |
| argument. An IDEA_KEY_SCHEDULE is an expanded form of the idea key. |
| For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for |
| decryption is different to the one used for encryption. |
| |
| The define IDEA_ENCRYPT is passed to specify encryption for the functions |
| that require an encryption/decryption flag. IDEA_DECRYPT is passed to |
| specify decryption. For some mode there is no encryption/decryption |
| flag since this is determined by the IDEA_KEY_SCHEDULE. |
| |
| So to encrypt you would do the following |
| idea_set_encrypt_key(key,encrypt_ks); |
| idea_ecb_encrypt(...,encrypt_ks); |
| idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT); |
| |
| To Decrypt |
| idea_set_encrypt_key(key,encrypt_ks); |
| idea_set_decrypt_key(encrypt_ks,decrypt_ks); |
| idea_ecb_encrypt(...,decrypt_ks); |
| idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT); |
| |
| Please note that any of the encryption modes specified in my DES library |
| could be used with IDEA. I have only implemented ecb, cbc, cfb64 and |
| ofb64 for the following reasons. |
| - ecb is the basic IDEA encryption. |
| - cbc is the normal 'chaining' form for block ciphers. |
| - cfb64 can be used to encrypt single characters, therefore input and output |
| do not need to be a multiple of 8. |
| - ofb64 is similar to cfb64 but is more like a stream cipher, not as |
| secure (not cipher feedback) but it does not have an encrypt/decrypt mode. |
| - If you want triple IDEA, thats 384 bits of key and you must be totally |
| obsessed with security. Still, if you want it, it is simple enough to |
| copy the function from the DES library and change the des_encrypt to |
| idea_encrypt; an exercise left for the paranoid reader :-). |
| |
| The functions are as follows: |
| |
| void idea_set_encrypt_key( |
| unsigned char *key; |
| IDEA_KEY_SCHEDULE *ks); |
| idea_set_encrypt_key converts a 16 byte IDEA key into an |
| IDEA_KEY_SCHEDULE. The IDEA_KEY_SCHEDULE is an expanded form of |
| the key which can be used to perform IDEA encryption. |
| An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to |
| perform actual encryption. It can be regenerated from the IDEA key |
| so it only needs to be kept when encryption is about |
| to occur. Don't save or pass around IDEA_KEY_SCHEDULE's since they |
| are CPU architecture dependent, IDEA keys are not. |
| |
| void idea_set_decrypt_key( |
| IDEA_KEY_SCHEDULE *encrypt_ks, |
| IDEA_KEY_SCHEDULE *decrypt_ks); |
| This functions converts an encryption IDEA_KEY_SCHEDULE into a |
| decryption IDEA_KEY_SCHEDULE. For all decryption, this conversion |
| of the key must be done. In some modes of IDEA, an |
| encryption/decryption flag is also required, this is because these |
| functions involve block chaining and the way this is done changes |
| depending on which of encryption of decryption is being done. |
| Please note that there is no quick way to generate the decryption |
| key schedule other than generating the encryption key schedule and |
| then converting it. |
| |
| void idea_encrypt( |
| unsigned long *data, |
| IDEA_KEY_SCHEDULE *ks); |
| This is the IDEA encryption function that gets called by just about |
| every other IDEA routine in the library. You should not use this |
| function except to implement 'modes' of IDEA. I say this because the |
| functions that call this routine do the conversion from 'char *' to |
| long, and this needs to be done to make sure 'non-aligned' memory |
| access do not occur. |
| Data is a pointer to 2 unsigned long's and ks is the |
| IDEA_KEY_SCHEDULE to use. Encryption or decryption depends on the |
| IDEA_KEY_SCHEDULE. |
| |
| void idea_ecb_encrypt( |
| unsigned char *input, |
| unsigned char *output, |
| IDEA_KEY_SCHEDULE *ks); |
| This is the basic Electronic Code Book form of IDEA (in DES this |
| mode is called Electronic Code Book so I'm going to use the term |
| for idea as well :-). |
| Input is encrypted into output using the key represented by |
| ks. Depending on the IDEA_KEY_SCHEDULE, encryption or |
| decryption occurs. Input is 8 bytes long and output is 8 bytes. |
| |
| void idea_cbc_encrypt( |
| unsigned char *input, |
| unsigned char *output, |
| long length, |
| IDEA_KEY_SCHEDULE *ks, |
| unsigned char *ivec, |
| int enc); |
| This routine implements IDEA in Cipher Block Chaining mode. |
| Input, which should be a multiple of 8 bytes is encrypted |
| (or decrypted) to output which will also be a multiple of 8 bytes. |
| The number of bytes is in length (and from what I've said above, |
| should be a multiple of 8). If length is not a multiple of 8, bad |
| things will probably happen. ivec is the initialisation vector. |
| This function updates iv after each call so that it can be passed to |
| the next call to idea_cbc_encrypt(). |
| |
| void idea_cfb64_encrypt( |
| unsigned char *in, |
| unsigned char *out, |
| long length, |
| des_key_schedule ks, |
| des_cblock *ivec, |
| int *num, |
| int enc); |
| This is one of the more useful functions in this IDEA library, it |
| implements CFB mode of IDEA with 64bit feedback. |
| This allows you to encrypt an arbitrary number of bytes, |
| you do not require 8 byte padding. Each call to this |
| routine will encrypt the input bytes to output and then update ivec |
| and num. Num contains 'how far' we are though ivec. |
| Enc is used to indicate encryption or decryption. |
| One very important thing to remember is that when decrypting, use |
| the encryption form of the key. |
| CFB64 mode operates by using the cipher to |
| generate a stream of bytes which is used to encrypt the plain text. |
| The cipher text is then encrypted to generate the next 64 bits to |
| be xored (incrementally) with the next 64 bits of plain |
| text. As can be seen from this, to encrypt or decrypt, |
| the same 'cipher stream' needs to be generated but the way the next |
| block of data is gathered for encryption is different for |
| encryption and decryption. What this means is that to encrypt |
| idea_set_encrypt_key(key,ks); |
| idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT) |
| do decrypt |
| idea_set_encrypt_key(key,ks) |
| idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT) |
| Note: The same IDEA_KEY_SCHEDULE but different encryption flags. |
| For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be |
| used to generate the IDEA_KEY_SCHEDULE for decryption. |
| The reason I'm stressing this point is that I just wasted 3 hours |
| today trying to decrypt using this mode and the decryption form of |
| the key :-(. |
| |
| void idea_ofb64_encrypt( |
| unsigned char *in, |
| unsigned char *out, |
| long length, |
| des_key_schedule ks, |
| des_cblock *ivec, |
| int *num); |
| This functions implements OFB mode of IDEA with 64bit feedback. |
| This allows you to encrypt an arbitrary number of bytes, |
| you do not require 8 byte padding. Each call to this |
| routine will encrypt the input bytes to output and then update ivec |
| and num. Num contains 'how far' we are though ivec. |
| This is in effect a stream cipher, there is no encryption or |
| decryption mode. The same key and iv should be used to |
| encrypt and decrypt. |
| |
| For reading passwords, I suggest using des_read_pw_string() from my DES library. |
| To generate a password from a text string, I suggest using MD5 (or MD2) to |
| produce a 16 byte message digest that can then be passed directly to |
| idea_set_encrypt_key(). |
| |
| ===== |
| For more information about the specific IDEA modes in this library |
| (ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the |
| documentation on my DES library. What is said about DES is directly |
| applicable for IDEA. |
| |
