Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / b6ecaf5276a2ef08aadc517c3c0f1c5d65df7f4e / . / library / xtea.c
blob: 036948d04f5bcb13b8494652b8afabeeca0038d5 [file] [log] [blame]
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]1/*
2 * An 32-bit implementation of the XTEA algorithm
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
28#if defined(POLARSSL_XTEA_C)
29
30#include "polarssl/xtea.h"
31
32#include <string.h>
33
34/*
35 * 32-bit integer manipulation macros (big endian)
36 */
37#ifndef GET_ULONG_BE
38#define GET_ULONG_BE(n,b,i) \
39{ \
40 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]41 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
42 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
43 | ( (unsigned long) (b)[(i) + 3] ); \
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]44}
45#endif
46
47#ifndef PUT_ULONG_BE
48#define PUT_ULONG_BE(n,b,i) \
49{ \
50 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
51 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
52 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
53 (b)[(i) + 3] = (unsigned char) ( (n) ); \
54}
55#endif
56
57/*
58 * XTEA key schedule
59 */
60void xtea_setup( xtea_context *ctx, unsigned char key[16] )
61{
62 int i;
63
64 memset(ctx, 0, sizeof(xtea_context));
65
66 for( i = 0; i < 4; i++ )
67 {
68 GET_ULONG_BE( ctx->k[i], key, i << 2 );
69 }
70}
71
72/*
73 * XTEA encrypt function
74 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]75int xtea_crypt_ecb( xtea_context *ctx, int mode, unsigned char input[8],
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]76 unsigned char output[8])
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]77{
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]78 uint32_t *k, v0, v1, i;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]79
80 k = ctx->k;
81
82 GET_ULONG_BE( v0, input, 0 );
83 GET_ULONG_BE( v1, input, 4 );
84
85 if( mode == XTEA_ENCRYPT )
86 {
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]87 uint32_t sum = 0, delta = 0x9E3779B9;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]88
89 for( i = 0; i < 32; i++ )
90 {
91 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
92 sum += delta;
93 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
94 }
95 }
96 else /* XTEA_DECRYPT */
97 {
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]98 uint32_t delta = 0x9E3779B9, sum = delta * 32;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]99
100 for( i = 0; i < 32; i++ )
101 {
102 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
103 sum -= delta;
104 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
105 }
106 }
107
108 PUT_ULONG_BE( v0, output, 0 );
109 PUT_ULONG_BE( v1, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]110
111 return( 0 );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]112}
113
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame^]114/*
115 * XTEA-CBC buffer encryption/decryption
116 */
117int xtea_crypt_cbc( xtea_context *ctx,
118 int mode,
119 int length,
120 unsigned char iv[8],
121 unsigned char *input,
122 unsigned char *output)
123{
124 int i;
125 unsigned char temp[8];
126
127 if(length % 8)
128 return( POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH );
129
130 if( mode == XTEA_DECRYPT )
131 {
132 while( length > 0 )
133 {
134 memcpy( temp, input, 8 );
135 xtea_crypt_ecb( ctx, mode, input, output );
136
137 for(i = 0; i < 8; i++)
138 output[i] = (unsigned char)( output[i] ^ iv[i] );
139
140 memcpy( iv, temp, 8 );
141
142 input += 8;
143 output += 8;
144 length -= 8;
145 }
146 }
147 else
148 {
149 while( length > 0 )
150 {
151 for( i = 0; i < 8; i++ )
152 output[i] = (unsigned char)( input[i] ^ iv[i] );
153
154 xtea_crypt_ecb( ctx, mode, output, output );
155 memcpy( iv, output, 8 );
156
157 input += 8;
158 output += 8;
159 length -= 8;
160 }
161 }
162
163 return( 0 );
164}
165
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]166#if defined(POLARSSL_SELF_TEST)
167
168#include <string.h>
169#include <stdio.h>
170
171/*
172 * XTEA tests vectors (non-official)
173 */
174
175static const unsigned char xtea_test_key[6][16] =
176{
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]177 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
178 0x0c, 0x0d, 0x0e, 0x0f },
179 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
180 0x0c, 0x0d, 0x0e, 0x0f },
181 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
182 0x0c, 0x0d, 0x0e, 0x0f },
183 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
184 0x00, 0x00, 0x00, 0x00 },
185 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
186 0x00, 0x00, 0x00, 0x00 },
187 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
188 0x00, 0x00, 0x00, 0x00 }
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]189};
190
191static const unsigned char xtea_test_pt[6][8] =
192{
193 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
194 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
195 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
196 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
197 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
198 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
199};
200
201static const unsigned char xtea_test_ct[6][8] =
202{
203 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
204 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
205 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
206 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
207 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
208 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
209};
210
211/*
212 * Checkup routine
213 */
214int xtea_self_test( int verbose )
215{
216 int i;
217 unsigned char buf[8];
218 xtea_context ctx;
219
220 for( i = 0; i < 6; i++ )
221 {
222 if( verbose != 0 )
223 printf( " XTEA test #%d: ", i + 1 );
224
225 memcpy( buf, xtea_test_pt[i], 8 );
226
227 xtea_setup( &ctx, (unsigned char *) xtea_test_key[i] );
228 xtea_crypt_ecb( &ctx, XTEA_ENCRYPT, buf, buf );
229
230 if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
231 {
232 if( verbose != 0 )
233 printf( "failed\n" );
234
235 return( 1 );
236 }
237
238 if( verbose != 0 )
239 printf( "passed\n" );
240 }
241
242 if( verbose != 0 )
243 printf( "\n" );
244
245 return( 0 );
246}
247
248#endif
249
250#endif