Blame - library/xtea.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 84dc0254b236fddaaae6aadabb25c90fc5f0032e [file] [log] [blame]

Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	1	/*
				2	* An 32-bit implementation of the XTEA algorithm
				3	*
Paul Bakker	530927b	2015-02-13 14:24:10 +0100	[diff] [blame]	4	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
Manuel Pégourié-Gonnard	e12abf9	2015-01-28 17:13:45 +0000	[diff] [blame]	6	* This file is part of mbed TLS (https://polarssl.org)
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	7	*
				8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU General Public License as published by
				10	* the Free Software Foundation; either version 2 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU General Public License along
				19	* with this program; if not, write to the Free Software Foundation, Inc.,
				20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				21	*/
				22
				23	#include "polarssl/config.h"
				24
				25	#if defined(POLARSSL_XTEA_C)
				26
				27	#include "polarssl/xtea.h"
				28
Paul Bakker	4087c47	2013-06-12 16:49:10 +0200	[diff] [blame]	29	#if !defined(POLARSSL_XTEA_ALT)
				30
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	31	/*
				32	* 32-bit integer manipulation macros (big endian)
				33	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	34	#ifndef GET_UINT32_BE
				35	#define GET_UINT32_BE(n,b,i) \
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	36	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	37	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				38	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				39	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				40	\| ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	41	}
				42	#endif
				43
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	44	#ifndef PUT_UINT32_BE
				45	#define PUT_UINT32_BE(n,b,i) \
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	46	{ \
				47	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				48	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				49	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				50	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				51	}
				52	#endif
				53
				54	/*
				55	* XTEA key schedule
				56	*/
				57	void xtea_setup( xtea_context *ctx, unsigned char key[16] )
				58	{
				59	int i;
				60
				61	memset(ctx, 0, sizeof(xtea_context));
				62
				63	for( i = 0; i < 4; i++ )
				64	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	65	GET_UINT32_BE( ctx->k[i], key, i << 2 );
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	66	}
				67	}
				68
				69	/*
				70	* XTEA encrypt function
				71	*/
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	72	int xtea_crypt_ecb( xtea_context *ctx, int mode, unsigned char input[8],
Paul Bakker	0fdf3ca	2009-05-03 12:54:07 +0000	[diff] [blame]	73	unsigned char output[8])
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	74	{
Paul Bakker	0fdf3ca	2009-05-03 12:54:07 +0000	[diff] [blame]	75	uint32_t *k, v0, v1, i;
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	76
				77	k = ctx->k;
				78
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	79	GET_UINT32_BE( v0, input, 0 );
				80	GET_UINT32_BE( v1, input, 4 );
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	81
				82	if( mode == XTEA_ENCRYPT )
				83	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	84	uint32_t sum = 0, delta = 0x9E3779B9;
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	85
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	86	for( i = 0; i < 32; i++ )
				87	{
				88	v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
				89	sum += delta;
				90	v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
				91	}
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	92	}
				93	else /* XTEA_DECRYPT */
				94	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	95	uint32_t delta = 0x9E3779B9, sum = delta * 32;
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	96
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	97	for( i = 0; i < 32; i++ )
				98	{
				99	v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
				100	sum -= delta;
				101	v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
				102	}
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	103	}
				104
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	105	PUT_UINT32_BE( v0, output, 0 );
				106	PUT_UINT32_BE( v1, output, 4 );
Paul Bakker	f3ccc68	2010-03-18 21:21:02 +0000	[diff] [blame]	107
				108	return( 0 );
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	109	}
				110
Paul Bakker	b6ecaf5	2011-04-19 14:29:23 +0000	[diff] [blame]	111	/*
				112	* XTEA-CBC buffer encryption/decryption
				113	*/
				114	int xtea_crypt_cbc( xtea_context *ctx,
				115	int mode,
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	116	size_t length,
Paul Bakker	b6ecaf5	2011-04-19 14:29:23 +0000	[diff] [blame]	117	unsigned char iv[8],
				118	unsigned char *input,
				119	unsigned char *output)
				120	{
				121	int i;
				122	unsigned char temp[8];
				123
				124	if(length % 8)
				125	return( POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH );
				126
				127	if( mode == XTEA_DECRYPT )
				128	{
				129	while( length > 0 )
				130	{
				131	memcpy( temp, input, 8 );
				132	xtea_crypt_ecb( ctx, mode, input, output );
				133
				134	for(i = 0; i < 8; i++)
				135	output[i] = (unsigned char)( output[i] ^ iv[i] );
				136
				137	memcpy( iv, temp, 8 );
				138
				139	input += 8;
				140	output += 8;
				141	length -= 8;
				142	}
				143	}
				144	else
				145	{
				146	while( length > 0 )
				147	{
				148	for( i = 0; i < 8; i++ )
				149	output[i] = (unsigned char)( input[i] ^ iv[i] );
				150
				151	xtea_crypt_ecb( ctx, mode, output, output );
				152	memcpy( iv, output, 8 );
				153
				154	input += 8;
				155	output += 8;
				156	length -= 8;
				157	}
				158	}
				159
				160	return( 0 );
				161	}
Paul Bakker	4087c47	2013-06-12 16:49:10 +0200	[diff] [blame]	162	#endif /* !POLARSSL_XTEA_ALT */
Paul Bakker	b6ecaf5	2011-04-19 14:29:23 +0000	[diff] [blame]	163
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	164	#if defined(POLARSSL_SELF_TEST)
				165
				166	#include <string.h>
				167	#include <stdio.h>
				168
				169	/*
				170	* XTEA tests vectors (non-official)
				171	*/
				172
				173	static const unsigned char xtea_test_key[6][16] =
				174	{
Paul Bakker	0fdf3ca	2009-05-03 12:54:07 +0000	[diff] [blame]	175	{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
				176	0x0c, 0x0d, 0x0e, 0x0f },
				177	{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
				178	0x0c, 0x0d, 0x0e, 0x0f },
				179	{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
				180	0x0c, 0x0d, 0x0e, 0x0f },
				181	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
				182	0x00, 0x00, 0x00, 0x00 },
				183	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
				184	0x00, 0x00, 0x00, 0x00 },
				185	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
				186	0x00, 0x00, 0x00, 0x00 }
Paul Bakker	7a7c78f	2009-01-04 18:15:48 +0000	[diff] [blame]	187	};
				188
				189	static const unsigned char xtea_test_pt[6][8] =
				190	{
				191	{ 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
				192	{ 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
				193	{ 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
				194	{ 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
				195	{ 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
				196	{ 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
				197	};
				198
				199	static const unsigned char xtea_test_ct[6][8] =
				200	{
				201	{ 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
				202	{ 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
				203	{ 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
				204	{ 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
				205	{ 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
				206	{ 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
				207	};
				208
				209	/*
				210	* Checkup routine
				211	*/
				212	int xtea_self_test( int verbose )
				213	{
				214	int i;
				215	unsigned char buf[8];
				216	xtea_context ctx;
				217
				218	for( i = 0; i < 6; i++ )
				219	{
				220	if( verbose != 0 )
				221	printf( " XTEA test #%d: ", i + 1 );
				222
				223	memcpy( buf, xtea_test_pt[i], 8 );
				224
				225	xtea_setup( &ctx, (unsigned char *) xtea_test_key[i] );
				226	xtea_crypt_ecb( &ctx, XTEA_ENCRYPT, buf, buf );
				227
				228	if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
				229	{
				230	if( verbose != 0 )
				231	printf( "failed\n" );
				232
				233	return( 1 );
				234	}
				235
				236	if( verbose != 0 )
				237	printf( "passed\n" );
				238	}
				239
				240	if( verbose != 0 )
				241	printf( "\n" );
				242
				243	return( 0 );
				244	}
				245
				246	#endif
				247
				248	#endif