void idea_set_encrypt_key(key, ks)
unsigned char *key;
IDEA_KEY_SCHEDULE *ks;
void idea_set_decrypt_key(encrypt_ks, decrypt_ks)
IDEA_KEY_SCHEDULE *encrypt_ks, *decrypt_ks;
void idea_encrypt(data, ks)
unsigned long *data,
IDEA_KEY_SCHEDULE *ks;
void idea_ecb_encrypt(in, out, ks)
unsigned char *input, *output;
IDEA_KEY_SCHEDULE *ks;
void idea_cbc_encrypt(in, out, length, ks, ivec, enc)
unsigned char *input, *output, *ivec;
long length,
IDEA_KEY_SCHEDULE *ks,
int enc;
void idea_cfb64_encrypt(in, out, length, ks, ivec, num, enc)
unsigned char *in, *out;
long length,
des_key_schedule ks,
des_cblock *ivec,
int *num, enc;
void idea_ofb64_encrypt(in, out, length, ks, ivec, num)
unsigned char *in, *out;
long length,
des_key_schedule ks,
des_cblock *ivec,
int *num);
typedef struct idea_key_st
{
IDEA_INT data[9][6];
} IDEA_KEY_SCHEDULE;
which is an expanded form of the key.
IDEA is a symmetric block cipher that operates on 64-bit (8 byte) quantities. It uses a 128 bit (16 byte) key. It can be used in all the modes that DES can be used. This library implements the ecb, cbc, cfb64 and ofb64 modes. For more information on these, see the DES encryption modes overview. For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for decryption is different from the one used for encryption.
All functions that have input and output for arguments may be passed the same argument for both.
The value IDEA_ENCRYPT is passed to specify encryption for the functions that require an encryption/decryption flag. IDEA_DECRYPT is passed to specify decryption. For some modes there is no encryption/decryption flag since this is determined by the IDEA_KEY_SCHEDULE.
To use these functions for encryption, call them in this fashion:
idea_set_encrypt_key(key,encrypt_ks); idea_ecb_encrypt(...,encrypt_ks); idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT);
Analogously, to decrypt:
idea_set_encrypt_key(key,encrypt_ks); idea_set_decrypt_key(encrypt_ks,decrypt_ks); idea_ecb_encrypt(...,decrypt_ks); idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT);
Note that triple-IDEA has not been implemented, but if you really feel that you need the security that a 384-bit key provides, you can follow the template of des_ecb3_encrypt and replace the des_encrypt() calls to IDEA_encrypt. The same goes for triple-IDEA in the other modes.
idea_set_encrypt_key() converts a 16 byte IDEA key into an IDEA_KEY_SCHEDULE. The IDEA_KEY_SCHEDULE is an expanded form of the key which can be used to perform IDEA encryption. It can be regenerated from the IDEA key so it only needs to be kept when encryption is about to occur. Don't save or pass around IDEA_KEY_SCHEDULEs since they are CPU architecture dependent, keys are not.
void idea_set_decrypt_key() converts an encryption IDEA_KEY_SCHEDULE into a decryption IDEA_KEY_SCHEDULE. In some modes of IDEA, an encryption/decryption flag is also required, so that a different form of the algorithm is used. Please note that there is no quick way to generate the decryption key schedule other than generating the encryption key schedule and then converting it.
To generate a password from a text string, you might use MD5 (or the first 16 bytes of SHA-1 output) to produce a 16 byte message digest that can then be passed directly to IDEA_set_key().
For reading passwords, you can use des_read_pw_string().
idea_encrypt() is the IDEA encryption function that gets called by just about every other IDEA routine in the library. You should not use this function except to implement modes of IDEA. If you do use it you need to do char-to-long conversion beforehand and the reverse after, to make sure 'non-aligned' memory accesses do not occur. See the c2l and l2c routines in idea_locl.h, for example of such routines. See the des_encrypt() man page for use of these routines in implementing various encryption modes from the underlying function.
data is a pointer to 2 unsigned longs and ks is the IDEA_KEY_SCHEDULE to use.
Encryption or decryption is performed depending on the IDEA_KEY_SCHEDULE.
idea_ecb_encrypt() (Electronic Code Book) encrypts/decrypts input into output using the key schedule given by ks. Encryption or decryption is performed depending on the key schedule. input and output must be pointers to 8-byte character arrays.
idea_cbc_encrypt() (Cipher Block Chaining mode) encrypts/decrypts input into output using the key given by ks. Encryption or decryption is indicated by enc, which can have the values IDEA_ENCRYPT or IDEA_DECRYPT. input and output must be pointers to character arrays that are a multiple of 8 bytes in length, same length for both, given by the argument length. ivec is the initialization vector. This function updates ivec after each call so that it can be passed to the next call to IDEA_cbc_encrypt().
idea_cfb64_encrypt() (Cipher Feedback mode with 64-bit feedback) encrypts/decrypts input into output using the key given by ks. Encryption or decryption is indicated by enc, which can have the values IDEA_ENCRYPT or IDEA_DECRYPT. input and output must be pointers to character arrays which can be of arbitrary length, given by the argument length. ivec is the initialisation vector. This function updates ivec after each call so that it can be passed to the next call to idea_cfb64_encrypt(). num is also updated to indicate how many bytes of the initialization vector we have used.
One very important thing to remember when using this mode is that when decrypting, you must use the encryption form of the key. Here's why: CFB64 mode operates by using the cipher to generate a stream of bytes which is used to encrypt the plain text. The cipher text is then encrypted to generate the next 64 bits to be xored (incrementally) with the next 64 bits of plain text. As can be seen from this, to encrypt or decrypt, the same 'cipher stream' needs to be generated but the way the next block of data is gathered for encryption is different for encryption and decryption. What this means is that to encrypt, you do
idea_set_encrypt_key(key,ks) ... idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT)
but to decrypt you do
idea_set_encrypt_key(key,ks) ... idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT)
You use the same IDEA_KEY_SCHEDULE but different encryption flags. For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be used to generate the IDEA_KEY_SCHEDULE for decryption. [Eric's note from the original docs: The reason I'm stressing this point is that I just wasted 3 hours today trying to decrypt using this mode and the decryption form of the key :-(.]
idea_ofb64_encrypt() (Output Feedback Mode with 64-bit feedback) encrypts/decrypts input into output using the key given by schedule. input and output must be pointers to character arrays which can be of arbitrary length, given by the argument length. ivec is the initialization vector. This function updates ivec after each call so that it can be passed to the next call to IDEA_cfb64_encrypt(). num is also updated to indicate how many bytes of the initialization vector we have used.
In this mode, the same IDEA_KEY_SCHEDULE and ivec should be used for both encryption and decryption.
For more information about the specific IDEA modes in this library (ecb, cbc, cfb and ofb), read the section entitled DES encryption modes overview. What is said about DES is directly applicable for IDEA.