TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 61da752077fa8ebfb1aff199bb18b697364ee27c / . / library / xtea.c
blob: bc473e527e6a4442db0fefd655860def71dc0ae9 [file] [log] [blame]
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]1/*
2 * An 32-bit implementation of the XTEA algorithm
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
28#if defined(POLARSSL_XTEA_C)
29
30#include "polarssl/xtea.h"
31
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]32/*
33 * 32-bit integer manipulation macros (big endian)
34 */
35#ifndef GET_ULONG_BE
36#define GET_ULONG_BE(n,b,i) \
37{ \
38 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]39 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
40 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
41 | ( (unsigned long) (b)[(i) + 3] ); \
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]42}
43#endif
44
45#ifndef PUT_ULONG_BE
46#define PUT_ULONG_BE(n,b,i) \
47{ \
48 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
49 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
50 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
51 (b)[(i) + 3] = (unsigned char) ( (n) ); \
52}
53#endif
54
55/*
56 * XTEA key schedule
57 */
58void xtea_setup( xtea_context *ctx, unsigned char key[16] )
59{
60 int i;
61
62 memset(ctx, 0, sizeof(xtea_context));
63
64 for( i = 0; i < 4; i++ )
65 {
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]66 GET_ULONG_BE( ctx->k[i], key, i << 2 );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]67 }
68}
69
70/*
71 * XTEA encrypt function
72 */
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]73int xtea_crypt_ecb( xtea_context *ctx, int mode, unsigned char input[8],
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]74 unsigned char output[8])
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]75{
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]76 uint32_t *k, v0, v1, i;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]77
78 k = ctx->k;
79
80 GET_ULONG_BE( v0, input, 0 );
81 GET_ULONG_BE( v1, input, 4 );
82
83 if( mode == XTEA_ENCRYPT )
84 {
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]85 uint32_t sum = 0, delta = 0x9E3779B9;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]86
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]87 for( i = 0; i < 32; i++ )
88 {
89 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
90 sum += delta;
91 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
92 }
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]93 }
94 else /* XTEA_DECRYPT */
95 {
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]96 uint32_t delta = 0x9E3779B9, sum = delta * 32;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]97
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]98 for( i = 0; i < 32; i++ )
99 {
100 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
101 sum -= delta;
102 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
103 }
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]104 }
105
106 PUT_ULONG_BE( v0, output, 0 );
107 PUT_ULONG_BE( v1, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]108
109 return( 0 );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]110}
111
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]112/*
113 * XTEA-CBC buffer encryption/decryption
114 */
115int xtea_crypt_cbc( xtea_context *ctx,
116 int mode,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]117 size_t length,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]118 unsigned char iv[8],
119 unsigned char *input,
120 unsigned char *output)
121{
122 int i;
123 unsigned char temp[8];
124
125 if(length % 8)
126 return( POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH );
127
128 if( mode == XTEA_DECRYPT )
129 {
130 while( length > 0 )
131 {
132 memcpy( temp, input, 8 );
133 xtea_crypt_ecb( ctx, mode, input, output );
134
135 for(i = 0; i < 8; i++)
136 output[i] = (unsigned char)( output[i] ^ iv[i] );
137
138 memcpy( iv, temp, 8 );
139
140 input += 8;
141 output += 8;
142 length -= 8;
143 }
144 }
145 else
146 {
147 while( length > 0 )
148 {
149 for( i = 0; i < 8; i++ )
150 output[i] = (unsigned char)( input[i] ^ iv[i] );
151
152 xtea_crypt_ecb( ctx, mode, output, output );
153 memcpy( iv, output, 8 );
154
155 input += 8;
156 output += 8;
157 length -= 8;
158 }
159 }
160
161 return( 0 );
162}
163
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]164#if defined(POLARSSL_SELF_TEST)
165
166#include <string.h>
167#include <stdio.h>
168
169/*
170 * XTEA tests vectors (non-official)
171 */
172
173static const unsigned char xtea_test_key[6][16] =
174{
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]175 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
176 0x0c, 0x0d, 0x0e, 0x0f },
177 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
178 0x0c, 0x0d, 0x0e, 0x0f },
179 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
180 0x0c, 0x0d, 0x0e, 0x0f },
181 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
182 0x00, 0x00, 0x00, 0x00 },
183 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
184 0x00, 0x00, 0x00, 0x00 },
185 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
186 0x00, 0x00, 0x00, 0x00 }
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]187};
188
189static const unsigned char xtea_test_pt[6][8] =
190{
191 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
192 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
193 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
194 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
195 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
196 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
197};
198
199static const unsigned char xtea_test_ct[6][8] =
200{
201 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
202 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
203 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
204 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
205 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
206 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
207};
208
209/*
210 * Checkup routine
211 */
212int xtea_self_test( int verbose )
213{
214 int i;
215 unsigned char buf[8];
216 xtea_context ctx;
217
218 for( i = 0; i < 6; i++ )
219 {
220 if( verbose != 0 )
221 printf( " XTEA test #%d: ", i + 1 );
222
223 memcpy( buf, xtea_test_pt[i], 8 );
224
225 xtea_setup( &ctx, (unsigned char *) xtea_test_key[i] );
226 xtea_crypt_ecb( &ctx, XTEA_ENCRYPT, buf, buf );
227
228 if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
229 {
230 if( verbose != 0 )
231 printf( "failed\n" );
232
233 return( 1 );
234 }
235
236 if( verbose != 0 )
237 printf( "passed\n" );
238 }
239
240 if( verbose != 0 )
241 printf( "\n" );
242
243 return( 0 );
244}
245
246#endif
247
248#endif