idea c语言 pgp 实现

/* * idea.c - C source code for IDEA block cipher. * IDEA (International Data Encryption Algorithm), formerly known as * IPES (Improved Proposed Encryption Standard). * Algorithm developed by Xuejia Lai and James L. Massey, of ETH Zurich. * This implementation modified and derived from original C code * developed by Xuejia Lai. * Zero-based indexing added, names changed from IPES to IDEA. * CFB functions added. Random number routines added. * * Extensively optimized and restructured by Colin Plumb. * * There are two adjustments that can be made to this code to * speed it up. Defaults may be used for PCs. Only the -DIDEA32 * pays off significantly if selectively set or not set. * Experiment to see what works best for your machine. * * Multiplication: default is inline, -DAVOID_JUMPS uses a * different version that does not do any conditional * jumps (a few percent worse on a SPARC), while * -DSMALL_CACHE takes it out of line to stay * within a small on-chip code cache. * Variables: normally, 16-bit variables are used, but some * machines (notably RISCs) do not have 16-bit registers, * so they do a great deal of masking. -DIDEA32 uses "int" * register variables and masks explicitly only where * necessary. On a SPARC, for example, this boosts * performace by 30%. * * The IDEA(tm) block cipher is covered by patents held by ETH and a * Swiss company called Ascom-Tech AG. The Swiss patent number is * PCT/CH91/00117, the European patent number is EP 0 482 154 B1, and * the U.S. patent number is US005214703. IDEA(tm) is a trademark of * Ascom-Tech AG. There is no license fee required for noncommercial * use. Commercial users may obtain licensing details from Dieter * Profos, Ascom Tech AG, Solothurn Lab, Postfach 151, 4502 Solothurn, * Switzerland, Tel +41 65 242885, Fax +41 65 235761. * * The IDEA block cipher uses a 64-bit block size, and a 128-bit key * size. It breaks the 64-bit cipher block into four 16-bit words * because all of the primitive inner operations are done with 16-bit * arithmetic. It likewise breaks the 128-bit cipher key into eight * 16-bit words. * * For further information on the IDEA cipher, see the book: * Xuejia Lai, "On the Design and Security of Block Ciphers", * ETH Series on Information Processing (ed. J.L. Massey) Vol 1, * Hartung-Gorre Verlag, Konstanz, Switzerland, 1992. ISBN * 3-89191-573-X. * * This code runs on arrays of bytes by taking pairs in big-endian * order to make the 16-bit words that IDEA uses internally. This * produces the same result regardless of the byte order of the * native CPU. */ #include <string.h> #include "idea.h" //#include "randpool.h" #ifdef MACTC5 #include <string.h> #define IDEA32 #define SMALL_CACHE #define USE68ASM void ideaCipher(byte const inbuf[8], byte outbuf[8], word16 const *key); #endif #ifdef IDEA32 /* Use >16-bit temporaries */ #define low16(x) ((x) & 0xFFFF) typedef unsigned int uint16; /* at LEAST 16 bits, maybe more */ #else #define low16(x) (x) /* this is only ever applied to uint16's */ typedef word16 uint16; #endif #ifdef _GNUC_ /* __const__ simply means there are no side effects for this function, * which is useful info for the gcc optimizer */ #define CONST __const__ #else #define CONST #endif /* * Multiplication, modulo (2**16)+1 * Note that this code is structured on the assumption that * untaken branches are cheaper than taken branches, and the * compiler doesn't schedule branches. */ #ifdef SMALL_CACHE #ifdef MACTC5 CONST static uint16 mul(uint16 a, uint16 b) { asm { move.w a,d1 beq.s @aeq0 move.w b,d0 beq.s @beq0 mulu.w d0,d1 ; a = a * b move.w d1,d0 ; b = a swap d1 ; a = a >> 16 sub.w d1,d0 ; b = b - a bcc.s @endit ; b >= a? addq.w #1,d0 ; b < a : (b - a) + 1 bra.s @endit @aeq0: moveq #1,d0 move.w b,d1 sub.w d1,d0 ; 1 - b bra.s @endit @beq0: moveq #1,d0 sub.w d1,d0 ; 1 - a } endit: return; } #else CONST static uint16 mul(register uint16 a, register uint16 b) { register word32 p; p = (word32) a *b; if (p) { b = low16(p); a = p >> 16; return (b - a) + (b < a); } else if (a) { return 1 - a; } else { return 1 - b; } } /* mul */ #endif /* MACTC5 */ #endif /* SMALL_CACHE */ /* * Compute the multiplicative inverse of x, modulo 65537, using Euclid's * algorithm. It is unrolled twice to avoid swapping the registers each * iteration, and some subtracts of t have been changed to adds. */ CONST static uint16 mulInv(uint16 x) { uint16 t0, t1; uint16 q, y; if (x <= 1) return x; /* 0 and 1 are self-inverse */ t1 = 0x10001L / x; /* Since x >= 2, this fits into 16 bits */ y = 0x10001L % x; if (y == 1) return low16(1 - t1); t0 = 1; do { q = x / y; x = x % y; t0 += q * t1; if (x == 1) return t0; q = y / x; y = y % x; t1 += q * t0; } while (y != 1); return low16(1 - t1); } /* mukInv */ /* * Expand a 128-bit user key to a working encryption key EK */ static void ideaExpandKey(byte const *userkey, word16 * EK) { int i, j; for (j = 0; j < 8; j++) { EK[j] = (userkey[0] << 8) + userkey[1]; userkey += 2; } for (i = 0; j < IDEAKEYLEN; j++) { i++; EK[i + 7] = EK[i & 7] << 9 | EK[i + 1 & 7] >> 7; EK += i & 8; i &= 7; } } /* ideaExpandKey */ /* * Compute IDEA decryption key DK from an expanded IDEA encryption key EK * Note that the input and output may be the same. Thus, the key is * inverted into an internal buffer, and then copied to the output. */ static void ideaInvertKey(word16 const *EK, word16 DK[IDEAKEYLEN]) { int i; uint16 t1, t2, t3; word16 temp[IDEAKEYLEN]; word16 *p = temp + IDEAKEYLEN; t1 = mulInv(*EK++); t2 = -*EK++; t3 = -*EK++; *--p = mulInv(*EK++); *--p = t3; *--p = t2; *--p = t1; for (i = 0; i < IDEAROUNDS - 1; i++) { t1 = *EK++; *--p = *EK++; *--p = t1; t1 = mulInv(*EK++); t2 = -*EK++; t3 = -*EK++; *--p = mulInv(*EK++); *--p = t2; *--p = t3; *--p = t1; } t1 = *EK++; *--p = *EK++; *--p = t1; t1 = mulInv(*EK++); t2 = -*EK++; t3 = -*EK++; *--p = mulInv(*EK++); *--p = t3; *--p = t2; *--p = t1; /* Copy and destroy temp copy */ memcpy(DK, temp, sizeof(temp)); burn(temp); } /* ideaInvertKey */ /* * MUL(x,y) computes x = x*y, modulo 0x10001. Requires two temps, * t16 and t32. x is modified, and must be a side-effect-free lvalue. * y may be anything, but unlike x, must be strictly less than 65536 * even if low16() is #defined. * All of these are equivalent - see which is faster on your machine */ #ifdef SMALL_CACHE #define MUL(x,y) (x = mul(low16(x),y)) #else /* !SMALL_CACHE */ #ifdef AVOID_JUMPS #define MUL(x,y) (x = low16(x-1), t16 = low16((y)-1), \ t32 = (word32)x*t16 + x + t16, x = low16(t32), \ t16 = t32>>16, x = (x-t16) + (x<t16) + 1) #else /* !AVOID_JUMPS (default) */ #define MUL(x,y) \ ((t16 = (y)) ? \ (x=low16(x)) ? \ t32 = (word32)x*t16, \ x = low16(t32), \ t16 = t32>>16, \ x = (x-t16)+(x<t16) \ : \ (x = 1-t16) \ : \ (x = 1-x)) #endif #endif /* IDEA encryption/decryption algorithm */ /* Note that in and out can be the same buffer */ #ifndef USE68ASM static void ideaCipher(byte const inbuf[8], byte outbuf[8], word16 const *key) { register uint16 x1, x2, x3, x4, s2, s3; word16 *in, *out; #ifndef SMALL_CACHE register uint16 t16; /* Temporaries needed by MUL macro */ register word32 t32; #endif int r = IDEAROUNDS; in = (word16 *) inbuf; x1 = *in++; x2 = *in++; x3 = *in++; x4 = *in; #ifndef HIGHFIRS