summaryrefslogtreecommitdiff
path: root/doc/idea.doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc/idea.doc')
-rw-r--r--doc/idea.doc176
1 files changed, 176 insertions, 0 deletions
diff --git a/doc/idea.doc b/doc/idea.doc
new file mode 100644
index 0000000000..68a22a6cae
--- /dev/null
+++ b/doc/idea.doc
@@ -0,0 +1,176 @@
+The IDEA library.
+IDEA is a block cipher that operates on 64bit (8 byte) quantities. It
+uses a 128bit (16 byte) key. It can be used in all the modes that DES can
+be used. This library implements the ecb, cbc, cfb64 and ofb64 modes.
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'idea.h'.
+
+All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an
+argument. An IDEA_KEY_SCHEDULE is an expanded form of the idea key.
+For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for
+decryption is different to the one used for encryption.
+
+The define IDEA_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. IDEA_DECRYPT is passed to
+specify decryption. For some mode there is no encryption/decryption
+flag since this is determined by the IDEA_KEY_SCHEDULE.
+
+So to encrypt you would do the following
+idea_set_encrypt_key(key,encrypt_ks);
+idea_ecb_encrypt(...,encrypt_ks);
+idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT);
+
+To Decrypt
+idea_set_encrypt_key(key,encrypt_ks);
+idea_set_decrypt_key(encrypt_ks,decrypt_ks);
+idea_ecb_encrypt(...,decrypt_ks);
+idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT);
+
+Please note that any of the encryption modes specified in my DES library
+could be used with IDEA. I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic IDEA encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+ do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+ secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple IDEA, thats 384 bits of key and you must be totally
+ obsessed with security. Still, if you want it, it is simple enough to
+ copy the function from the DES library and change the des_encrypt to
+ idea_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void idea_set_encrypt_key(
+unsigned char *key;
+IDEA_KEY_SCHEDULE *ks);
+ idea_set_encrypt_key converts a 16 byte IDEA key into an
+ IDEA_KEY_SCHEDULE. The IDEA_KEY_SCHEDULE is an expanded form of
+ the key which can be used to perform IDEA encryption.
+ An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to
+ perform actual encryption. It can be regenerated from the IDEA key
+ so it only needs to be kept when encryption is about
+ to occur. Don't save or pass around IDEA_KEY_SCHEDULE's since they
+ are CPU architecture dependent, IDEA keys are not.
+
+void idea_set_decrypt_key(
+IDEA_KEY_SCHEDULE *encrypt_ks,
+IDEA_KEY_SCHEDULE *decrypt_ks);
+ This functions converts an encryption IDEA_KEY_SCHEDULE into a
+ decryption IDEA_KEY_SCHEDULE. For all decryption, this conversion
+ of the key must be done. In some modes of IDEA, an
+ encryption/decryption flag is also required, this is because these
+ functions involve block chaining and the way this is done changes
+ depending on which of encryption of decryption is being done.
+ Please note that there is no quick way to generate the decryption
+ key schedule other than generating the encryption key schedule and
+ then converting it.
+
+void idea_encrypt(
+unsigned long *data,
+IDEA_KEY_SCHEDULE *ks);
+ This is the IDEA encryption function that gets called by just about
+ every other IDEA routine in the library. You should not use this
+ function except to implement 'modes' of IDEA. I say this because the
+ functions that call this routine do the conversion from 'char *' to
+ long, and this needs to be done to make sure 'non-aligned' memory
+ access do not occur.
+ Data is a pointer to 2 unsigned long's and ks is the
+ IDEA_KEY_SCHEDULE to use. Encryption or decryption depends on the
+ IDEA_KEY_SCHEDULE.
+
+void idea_ecb_encrypt(
+unsigned char *input,
+unsigned char *output,
+IDEA_KEY_SCHEDULE *ks);
+ This is the basic Electronic Code Book form of IDEA (in DES this
+ mode is called Electronic Code Book so I'm going to use the term
+ for idea as well :-).
+ Input is encrypted into output using the key represented by
+ ks. Depending on the IDEA_KEY_SCHEDULE, encryption or
+ decryption occurs. Input is 8 bytes long and output is 8 bytes.
+
+void idea_cbc_encrypt(
+unsigned char *input,
+unsigned char *output,
+long length,
+IDEA_KEY_SCHEDULE *ks,
+unsigned char *ivec,
+int enc);
+ This routine implements IDEA in Cipher Block Chaining mode.
+ Input, which should be a multiple of 8 bytes is encrypted
+ (or decrypted) to output which will also be a multiple of 8 bytes.
+ The number of bytes is in length (and from what I've said above,
+ should be a multiple of 8). If length is not a multiple of 8, bad
+ things will probably happen. ivec is the initialisation vector.
+ This function updates iv after each call so that it can be passed to
+ the next call to idea_cbc_encrypt().
+
+void idea_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num,
+int enc);
+ This is one of the more useful functions in this IDEA library, it
+ implements CFB mode of IDEA with 64bit feedback.
+ This allows you to encrypt an arbitrary number of bytes,
+ you do not require 8 byte padding. Each call to this
+ routine will encrypt the input bytes to output and then update ivec
+ and num. Num contains 'how far' we are though ivec.
+ Enc is used to indicate encryption or decryption.
+ One very important thing to remember is that when decrypting, use
+ the encryption form of the key.
+ CFB64 mode operates by using the cipher to
+ generate a stream of bytes which is used to encrypt the plain text.
+ The cipher text is then encrypted to generate the next 64 bits to
+ be xored (incrementally) with the next 64 bits of plain
+ text. As can be seen from this, to encrypt or decrypt,
+ the same 'cipher stream' needs to be generated but the way the next
+ block of data is gathered for encryption is different for
+ encryption and decryption. What this means is that to encrypt
+ idea_set_encrypt_key(key,ks);
+ idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT)
+ do decrypt
+ idea_set_encrypt_key(key,ks)
+ idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT)
+ Note: The same IDEA_KEY_SCHEDULE but different encryption flags.
+ For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be
+ used to generate the IDEA_KEY_SCHEDULE for decryption.
+ The reason I'm stressing this point is that I just wasted 3 hours
+ today trying to decrypt using this mode and the decryption form of
+ the key :-(.
+
+void idea_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num);
+ This functions implements OFB mode of IDEA with 64bit feedback.
+ This allows you to encrypt an arbitrary number of bytes,
+ you do not require 8 byte padding. Each call to this
+ routine will encrypt the input bytes to output and then update ivec
+ and num. Num contains 'how far' we are though ivec.
+ This is in effect a stream cipher, there is no encryption or
+ decryption mode. The same key and iv should be used to
+ encrypt and decrypt.
+
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+idea_set_encrypt_key().
+
+=====
+For more information about the specific IDEA modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library. What is said about DES is directly
+applicable for IDEA.
+
View Lorry Controller Status