IDEA cipher

doc/crypt.tex

@@ -600,6 +600,7 @@ As of this release the current cipher\_descriptors elements are the following:
 \index{Cipher descriptor table}
 \index{blowfish\_desc} \index{xtea\_desc} \index{rc2\_desc} \index{rc5\_desc} \index{rc6\_desc} \index{saferp\_desc} \index{aes\_desc} \index{twofish\_desc}
 \index{des\_desc} \index{des3\_desc} \index{noekeon\_desc} \index{skipjack\_desc} \index{anubis\_desc} \index{khazad\_desc} \index{kseed\_desc} \index{kasumi\_desc} \index{camellia\_desc} \index{aes\_enc\_desc}
+\index{idea\_desc}
 \begin{figure}[hpbt]
 \begin{small}
 \begin{center}
@@ -624,6 +625,7 @@ As of this release the current cipher\_descriptors elements are the following:
      \hline SEED   & kseed\_desc & 16 & 16 & 16 \\
      \hline KASUMI & kasumi\_desc & 8 & 16 & 8 \\
      \hline Camellia & camellia\_desc & 16 & 16, 24, 32 & 18, 24 \\
+     \hline IDEA & idea\_desc & 8 & 16 & 8 \\
      \hline
 \end{tabular}
 \end{center}

notes/cipher_tv.txt

@@ -2285,3 +2285,57 @@ Key Size: 32 bytes
 49: DA293A4CB96FE3608CFFD89B927C9ED6
 
 
+Cipher: idea
+Key Size: 16 bytes
+ 0: 864C9D7D208A0E65
+ 1: CDAFE32D1A8EBA33
+ 2: 3989CB9583F08C88
+ 3: 70973E563F1E2E07
+ 4: DA726569D30529F5
+ 5: 43D6D99BC0C233B5
+ 6: 088FFC262410DBBB
+ 7: 9CBC35AFFCB511C2
+ 8: 438C85399278C1CE
+ 9: 500DA9D21AE98636
+10: 150939AD3D9903D8
+11: 8A6875B4927E6C6E
+12: DAEAF890BBE85A9D
+13: 139E61F0275E7891
+14: 5E30A76838137E01
+15: 7F6332498B5F51CC
+16: AD445C6A3EBD574C
+17: 89E6E33284E53F09
+18: 521F71E00A913E99
+19: 667A20538C318C02
+20: BBA379F0086F0A4E
+21: 2EC884D978B4C24D
+22: 32C1107E18D55BB0
+23: BDF96F21BF9141F3
+24: 1A1F6D475CD51FC3
+25: 3EA0742C99C4D52E
+26: E56BBB14C208A256
+27: C71251372B8F60DC
+28: 4025E8BC529D0104
+29: DB36989E3F1B1D47
+30: 8052C8D71F181567
+31: E23C2EE53AC2E561
+32: CDE53F91E1BC6CC9
+33: A0729FCA7E8DA776
+34: 058B0E2DF2589B35
+35: 9E763832EE07F897
+36: CBDE6CBD2B8CBA67
+37: BEA90B26D75D96CC
+38: C7BCE6979C47764E
+39: 669C80474504B5F2
+40: 9A00E0D5C9CCC929
+41: 1B2EE3D38B8C2002
+42: 61909D16FE53D15A
+43: E7924A4A1CD58DC1
+44: 9310B2DE922C9C30
+45: 98B9D6043CAB599E
+46: 63AC5444D191BF98
+47: 5D62FF2B2220ADAA
+48: F72EEEC71279A541
+49: 132613157CA97A35
+
+

notes/eax_tv.txt

@@ -567,3 +567,22 @@ EAX-camellia (16 byte key)
  31: 1CFD6D8EF6F44265703544AFEB2BBA2A067BE8DAB412E071B66B70E357238A, 0A5BB055E00D42F4291CAB3813FC2946
  32: 8E6E6433E4FF879155E0612F17EFC00AA8D5236EFAB5D9D6A912898F3124B588, EDF81BB73FF9288F315B988413432823
 
+EAX-idea (16 byte key)
+  0: , 1EA089EEF0584537
+  1: 64, E2DAD93E481FF4CA
+  2: AF89, 1C59390B95864F2B
+  3: 967B36, 9B17DDF2DDE56ACF
+  4: 1466E27D, 3F4682ED320CCB0A
+  5: 2D36047872, 6A654C4B4D125951
+  6: C765097A4A83, 56C1A3EA50AD6EBF
+  7: 0D1D54E316B557, D400C71220491CD6
+  8: C0749FCDC4777FDB, 5A528132145ECBB4
+  9: 77FAF1DCA9F9D9743E, 9751D64F46B0E936
+ 10: B1620900348AF0A28327, 23965D98E04157A0
+ 11: 95DADF663B30F50719C15B, CD063ACF7A4E5AA0
+ 12: D9E5D2558521BA6482D3A1DC, D823D92F16306198
+ 13: 50AC1D9A7BB5C01F5795B569EB, 8EBE9364D8BA009F
+ 14: C86F400959559607A228D47F2312, A89392C46483F839
+ 15: 7F2F87C5A4DD93A73A1F83FE0D3066, 3B9CFCB7B4C90CAB
+ 16: 22A2BC3531E9FBCAAEB678B419227CE4, A38C34F31BAFA2EA
+

notes/ocb_tv.txt

@@ -567,3 +567,22 @@ OCB-camellia (16 byte key)
  31: 9C760ED6C10A80C52F092ED20AB1D03A52427B6235F3C7FE7541033AACDD74, 8AB98FCA89D1245B177E0AC06E083024
  32: C38F260587B3BA9919601BD0A56909FB36ABCEB8968D08DD6B74F1EF5ED7065C, E357D0D56124276790DACA38D95792BB
 
+OCB-idea (16 byte key)
+  0: , BDB7AEE81A437AD8
+  1: 20, 98EC8CAA4544B41E
+  2: CF69, 33A6414FBC482456
+  3: 25723A, DA6DE676482C6607
+  4: E4220FC6, F67538CEA28002AE
+  5: E440418489, A21E9F1D15F44038
+  6: 886944E0CF10, 2EF54D278B08DE7D
+  7: 5088BF9EFA7E6E, 8443C572C85AF187
+  8: 0D6765F689BF0BE5, 7E658DF3FA677FD0
+  9: D5D02EDEB67AC6E573, 1B1568BC59905994
+ 10: 0C6BDA63A6EF19AE4A3F, 6FA765B6906E5B8B
+ 11: C58013FE24604DCD40611D, 58A5351EA8CADBC4
+ 12: DB78CF844EA91A3F7CCF1478, F9B6EC2F22888C12
+ 13: 4329E9812856B9A80297CC95C7, 46A1DE8C53B6A1A4
+ 14: 6D1CD2DF838697CACCDB28376973, A587EE5CE2351348
+ 15: 21C3BCB256DBFC0B472F30A6D469CA, 3ADD0D84695C5B14
+ 16: BE073E735F86AFA6D3A4F56C914D5EB8, 07921F5BA6E9F250
+

notes/omac_tv.txt

@@ -567,3 +567,22 @@ OMAC-camellia (16 byte key)
  31: 7D611F8BFEF0491CED8815C0E3D4CAFF
  32: 31E04DE5F9D1403C660E39891DE0D8DE
 
+OMAC-idea (16 byte key)
+  0: B821849AF0FBE074
+  1: F686CE9F4D057023
+  2: A76370E35B3F4AF2
+  3: 77553E49EAA385F2
+  4: EC535FA524C96DEB
+  5: 2C0D343664AFFC4E
+  6: 42CD72FF061B53FF
+  7: 7FA04FA032DAAC2B
+  8: 9C9390E1F70D50BC
+  9: 30CAF924369C5249
+ 10: 9FBB0EFC020AAC6E
+ 11: 131B42C7B807BE1A
+ 12: D2B7B9B0C6DB4EEE
+ 13: AEC00D350FE9B72C
+ 14: 046985BB876162E8
+ 15: 2650AF8B3983AE0D
+ 16: 50F09209EB28179E
+

notes/pmac_tv.txt

@@ -567,3 +567,22 @@ PMAC-camellia (16 byte key)
  31: D5C0143E1BA233BA5F862EE6E11A8F58
  32: C8DAF08BD68F4AE401C6663393C257CB
 
+PMAC-idea (16 byte key)
+  0: 1B010822EBB2E3F0
+  1: 943AA2133BD2CAE7
+  2: 6AB636AFF380D7E1
+  3: 9F5CA3037C13D0A9
+  4: 8EBB7A3E8757A414
+  5: C01F7BF5986987D7
+  6: FA9C1B62100EF6C7
+  7: F69FC035FD89BDB9
+  8: FA5C607B2D97FD7D
+  9: A112CDFAFF150870
+ 10: ABBFD9DC6D530842
+ 11: 6FF72677F0A845D2
+ 12: A6803A517E9F1C34
+ 13: A5A45E3AD8300F30
+ 14: 3854B6FABF268B8A
+ 15: DD3E679D6387A082
+ 16: 872DDF68887A9606
+

src/ciphers/idea.c

@@ -0,0 +1,252 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* Based on idea.cpp - originally written and placed in the public domain by Wei Dai
+   https://github.com/weidai11/cryptopp/blob/master/idea.cpp
+
+   Patents should be expired. On 2017-10-16 wikipedia says:
+   https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+
+   A patent application for IDEA was first filed in Switzerland (CH A 1690/90) on May 18, 1990,
+   then an international patent application was filed under the Patent Cooperation Treaty on
+   May 16, 1991. Patents were eventually granted in Austria, France, Germany, Italy, the Netherlands,
+   Spain, Sweden, Switzerland, the United Kingdom, (European Patent Register entry for European
+   patent no. 0482154, filed May 16, 1991, issued June 22, 1994 and expired May 16, 2011),
+   the United States (U.S. Patent 5,214,703, issued May 25, 1993 and expired January 7, 2012)
+   and Japan (JP 3225440) (expired May 16, 2011).
+ */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_IDEA
+
+const struct ltc_cipher_descriptor idea_desc = {
+   "idea",
+   24,                  /* cipher_ID */
+   16, 16, 8, 8,        /* min_key_len, max_key_len, block_len, default_rounds */
+   &idea_setup,
+   &idea_ecb_encrypt,
+   &idea_ecb_decrypt,
+   &idea_test,
+   &idea_done,
+   &idea_keysize,
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+typedef unsigned short int ushort16;
+
+#define _LOW16(x)     ((x)&0xffff)  /* compiler should be able to optimize this away if x is 16 bits */
+#define _HIGH16(x)    ((x)>>16)
+#define _MUL(a,b)     {                                               \
+                         ulong32 p = (ulong32)_LOW16(a) * b;          \
+                         if (p) {                                     \
+                            p = _LOW16(p) - _HIGH16(p);               \
+                            a = (ushort16)p - (ushort16)_HIGH16(p);   \
+                         }                                            \
+                         else                                         \
+                            a = 1 - a - b;                            \
+                      }
+#define _STORE16(x,y) { (y)[0] = (unsigned char)(((x)>>8)&255); (y)[1] = (unsigned char)((x)&255); }
+#define _LOAD16(x,y)  { x = ((ushort16)((y)[0] & 255)<<8) | ((ushort16)((y)[1] & 255)); }
+
+static ushort16 _mul_inv(ushort16 x)
+{
+   ushort16 y = x;
+   unsigned i;
+
+   for (i = 0; i < 15; i++) {
+      _MUL(y, _LOW16(y));
+      _MUL(y, x);
+   }
+   return _LOW16(y);
+}
+
+static ushort16 _add_inv(ushort16 x)
+{
+   return _LOW16(0 - x);
+}
+
+static int _setup_key(const unsigned char *key, symmetric_key *skey)
+{
+   int i, j;
+   ushort16 *e_key = skey->idea.ek;
+   ushort16 *d_key = skey->idea.dk;
+
+   /* prepare enc key */
+   for (i = 0; i < 8; i++) {
+      _LOAD16(e_key[i], key + 2 * i);
+   }
+   for (; i < LTC_IDEA_KEYLEN; i++) {
+      j = (i - i % 8) - 8;
+      e_key[i] = _LOW16((e_key[j+(i+1)%8] << 9) | (e_key[j+(i+2)%8] >> 7));
+   }
+
+   /* prepare dec key */
+   for (i = 0; i < LTC_IDEA_ROUNDS; i++) {
+      d_key[i*6+0] = _mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+0]);
+      d_key[i*6+1] = _add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+1+(i>0 ? 1 : 0)]);
+      d_key[i*6+2] = _add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+2-(i>0 ? 1 : 0)]);
+      d_key[i*6+3] = _mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+3]);
+      d_key[i*6+4] =          e_key[(LTC_IDEA_ROUNDS-1-i)*6+4];
+      d_key[i*6+5] =          e_key[(LTC_IDEA_ROUNDS-1-i)*6+5];
+   }
+   d_key[i*6+0] = _mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+0]);
+   d_key[i*6+1] = _add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+1]);
+   d_key[i*6+2] = _add_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+2]);
+   d_key[i*6+3] = _mul_inv(e_key[(LTC_IDEA_ROUNDS-i)*6+3]);
+
+   return CRYPT_OK;
+}
+
+static int _process_block(const unsigned char *in, unsigned char *out, ushort16 *m_key)
+{
+   int i;
+   ushort16 x0, x1, x2, x3, t0, t1;
+
+   _LOAD16(x0, in + 0);
+   _LOAD16(x1, in + 2);
+   _LOAD16(x2, in + 4);
+   _LOAD16(x3, in + 6);
+
+   for (i = 0; i < LTC_IDEA_ROUNDS; i++) {
+      _MUL(x0, m_key[i*6+0]);
+      x1 += m_key[i*6+1];
+      x2 += m_key[i*6+2];
+      _MUL(x3, m_key[i*6+3]);
+      t0 = x0^x2;
+      _MUL(t0, m_key[i*6+4]);
+      t1 = t0 + (x1^x3);
+      _MUL(t1, m_key[i*6+5]);
+      t0 += t1;
+      x0 ^= t1;
+      x3 ^= t0;
+      t0 ^= x1;
+      x1 = x2^t1;
+      x2 = t0;
+   }
+
+   _MUL(x0, m_key[LTC_IDEA_ROUNDS*6+0]);
+   x2 += m_key[LTC_IDEA_ROUNDS*6+1];
+   x1 += m_key[LTC_IDEA_ROUNDS*6+2];
+   _MUL(x3, m_key[LTC_IDEA_ROUNDS*6+3]);
+
+   _STORE16(x0, out + 0);
+   _STORE16(x2, out + 2);
+   _STORE16(x1, out + 4);
+   _STORE16(x3, out + 6);
+
+   return CRYPT_OK;
+}
+
+int idea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+{
+   LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(skey != NULL);
+
+   if (num_rounds != 0 && num_rounds != 8) return CRYPT_INVALID_ROUNDS;
+   if (keylen != 16) return CRYPT_INVALID_KEYSIZE;
+
+   return _setup_key(key, skey);
+}
+
+int idea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+{
+   return _process_block(pt, ct, skey->idea.ek);
+}
+
+int idea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+{
+   return _process_block(ct, pt, skey->idea.dk);
+}
+
+void idea_done(symmetric_key *skey)
+{
+   LTC_UNUSED_PARAM(skey);
+}
+
+int idea_keysize(int *keysize)
+{
+   LTC_ARGCHK(keysize != NULL);
+   if (*keysize < 16) {
+      return CRYPT_INVALID_KEYSIZE;
+   }
+   *keysize = 16;
+   return CRYPT_OK;
+}
+
+int idea_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   static const struct {
+      unsigned char key[16], pt[8], ct[8];
+   } tests[] = {
+      {
+         /* key */ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* pt  */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* ct  */ { 0xB1, 0xF5, 0xF7, 0xF8, 0x79, 0x01, 0x37, 0x0F }
+      },
+      {
+         /* key */ { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* pt  */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* ct  */ { 0xB3, 0x92, 0x7D, 0xFF, 0xB6, 0x35, 0x86, 0x26 }
+      },
+      {
+         /* key */ { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* pt  */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* ct  */ { 0xE9, 0x87, 0xE0, 0x02, 0x9F, 0xB9, 0x97, 0x85 }
+      },
+      {
+         /* key */ { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* pt  */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* ct  */ { 0x75, 0x4A, 0x03, 0xCE, 0x08, 0xDB, 0x7D, 0xAA }
+      },
+      {
+         /* key */ { 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* pt  */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+         /* ct  */ { 0xF0, 0x15, 0xF9, 0xFB, 0x0C, 0xFC, 0x7E, 0x1C }
+      },
+   };
+
+   unsigned char buf[2][8];
+   symmetric_key key;
+   int err, x;
+
+   if (sizeof(ushort16) != 2) {
+      return CRYPT_FAIL_TESTVECTOR;
+   }
+
+   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+      if ((err = idea_setup(tests[x].key, 16, 8, &key)) != CRYPT_OK) {
+         return err;
+      }
+      if ((err = idea_ecb_encrypt(tests[x].pt, buf[0], &key)) != CRYPT_OK) {
+         return err;
+      }
+      if (compare_testvector(buf[0], 8, tests[x].ct, 8, "IDEA Encrypt", x)) {
+         return CRYPT_FAIL_TESTVECTOR;
+      }
+      if ((err = idea_ecb_decrypt(tests[x].ct, buf[1], &key)) != CRYPT_OK) {
+         return err;
+      }
+      if (compare_testvector(buf[1], 8, tests[x].pt, 8, "IDEA Decrypt", x)) {
+         return CRYPT_FAIL_TESTVECTOR;
+      }
+   }
+
+   return CRYPT_OK;
+#endif
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

src/headers/tomcrypt_cipher.h

@@ -154,6 +154,17 @@ struct camellia_key {
 };
 #endif
 
+#ifdef LTC_IDEA
+/* rounds */
+#define LTC_IDEA_ROUNDS 8
+/* key schedule length in # of unsigned shorts */
+#define LTC_IDEA_KEYLEN 6*LTC_IDEA_ROUNDS+4
+struct idea_key {
+   unsigned short int ek[LTC_IDEA_KEYLEN]; /* enc key */
+   unsigned short int dk[LTC_IDEA_KEYLEN]; /* dec key */
+};
+#endif
+
 typedef union Symmetric_key {
 #ifdef LTC_DES
    struct des_key des;
@@ -212,6 +223,9 @@ typedef union Symmetric_key {
 #endif
 #ifdef LTC_CAMELLIA
    struct camellia_key camellia;
+#endif
+#ifdef LTC_IDEA
+   struct idea_key     idea;
 #endif
    void   *data;
 } symmetric_key;
@@ -816,6 +830,16 @@ int camellia_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor camellia_desc;
 #endif
 
+#ifdef LTC_IDEA
+int idea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
+int idea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int idea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int idea_test(void);
+void idea_done(symmetric_key *skey);
+int idea_keysize(int *keysize);
+extern const struct ltc_cipher_descriptor idea_desc;
+#endif
+
 #ifdef LTC_ECB_MODE
 int ecb_start(int cipher, const unsigned char *key,
               int keylen, int num_rounds, symmetric_ECB *ecb);

src/headers/tomcrypt_custom.h

@@ -202,6 +202,7 @@
 #define LTC_KASUMI
 #define LTC_MULTI2
 #define LTC_CAMELLIA
+#define LTC_IDEA
 
 /* stream ciphers */
 #define LTC_CHACHA

src/misc/crypt/crypt.c

@@ -121,6 +121,9 @@ const char *crypt_build_settings =
 #endif
 #if defined(LTC_CAMELLIA)
    "   Camellia\n"
+#endif
+#if defined(LTC_IDEA)
+   "   IDEA\n"
 #endif
    "Stream ciphers built-in:\n"
 #if defined(LTC_CHACHA)

src/misc/crypt/crypt_register_all_ciphers.c

@@ -93,6 +93,9 @@ int register_all_ciphers(void)
 #endif
 #ifdef LTC_CAMELLIA
    REGISTER_CIPHER(&camellia_desc);
+#endif
+#ifdef LTC_IDEA
+   REGISTER_CIPHER(&idea_desc);
 #endif
    return err;
 }

src/misc/crypt/crypt_sizes.c

@@ -98,6 +98,9 @@ static const crypt_size _crypt_sizes[] = {
     _SZ_STRINGIFY_S(des_key),
     _SZ_STRINGIFY_S(des3_key),
 #endif
+#ifdef LTC_IDEA
+    _SZ_STRINGIFY_S(idea_key),
+#endif
 #ifdef LTC_KASUMI
     _SZ_STRINGIFY_S(kasumi_key),
 #endif

tests/test.c

@@ -177,6 +177,9 @@ static void _unregister_all(void)
 #ifdef LTC_CAMELLIA
   unregister_cipher(&camellia_desc);
 #endif
+#ifdef LTC_IDEA
+  unregister_cipher(&idea_desc);
+#endif
 
 #ifdef LTC_TIGER
   unregister_hash(&tiger_desc);