PolarSSL v1.1.4
xtea.c
Go to the documentation of this file.
00001 /*
00002  *  An 32-bit implementation of the XTEA algorithm
00003  *
00004  *  Copyright (C) 2006-2010, Brainspark B.V.
00005  *
00006  *  This file is part of PolarSSL (http://www.polarssl.org)
00007  *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
00008  *
00009  *  All rights reserved.
00010  *
00011  *  This program is free software; you can redistribute it and/or modify
00012  *  it under the terms of the GNU General Public License as published by
00013  *  the Free Software Foundation; either version 2 of the License, or
00014  *  (at your option) any later version.
00015  *
00016  *  This program is distributed in the hope that it will be useful,
00017  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00018  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00019  *  GNU General Public License for more details.
00020  *
00021  *  You should have received a copy of the GNU General Public License along
00022  *  with this program; if not, write to the Free Software Foundation, Inc.,
00023  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
00024  */
00025 
00026 #include "polarssl/config.h"
00027 
00028 #if defined(POLARSSL_XTEA_C)
00029 
00030 #include "polarssl/xtea.h"
00031 
00032 /*
00033  * 32-bit integer manipulation macros (big endian)
00034  */
00035 #ifndef GET_ULONG_BE
00036 #define GET_ULONG_BE(n,b,i)                             \
00037 {                                                       \
00038     (n) = ( (unsigned long) (b)[(i)    ] << 24 )        \
00039         | ( (unsigned long) (b)[(i) + 1] << 16 )        \
00040         | ( (unsigned long) (b)[(i) + 2] <<  8 )        \
00041         | ( (unsigned long) (b)[(i) + 3]       );       \
00042 }
00043 #endif
00044 
00045 #ifndef PUT_ULONG_BE
00046 #define PUT_ULONG_BE(n,b,i)                             \
00047 {                                                       \
00048     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
00049     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
00050     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
00051     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
00052 }
00053 #endif
00054 
00055 /*
00056  * XTEA key schedule
00057  */
00058 void xtea_setup( xtea_context *ctx, unsigned char key[16] )
00059 {
00060     int i;
00061 
00062     memset(ctx, 0, sizeof(xtea_context));
00063 
00064     for( i = 0; i < 4; i++ )
00065     {
00066         GET_ULONG_BE( ctx->k[i], key, i << 2 );
00067     }
00068 }
00069 
00070 /*
00071  * XTEA encrypt function
00072  */
00073 int xtea_crypt_ecb( xtea_context *ctx, int mode, unsigned char input[8],
00074                      unsigned char output[8])
00075 {
00076     uint32_t *k, v0, v1, i;
00077 
00078     k = ctx->k;
00079     
00080     GET_ULONG_BE( v0, input, 0 );
00081     GET_ULONG_BE( v1, input, 4 );
00082 
00083     if( mode == XTEA_ENCRYPT )
00084     {
00085         uint32_t sum = 0, delta = 0x9E3779B9;
00086 
00087         for( i = 0; i < 32; i++ )
00088         {
00089             v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
00090             sum += delta;
00091             v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
00092         }
00093     }
00094     else /* XTEA_DECRYPT */
00095     {
00096         uint32_t delta = 0x9E3779B9, sum = delta * 32;
00097 
00098         for( i = 0; i < 32; i++ )
00099         {
00100             v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
00101             sum -= delta;
00102             v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
00103         }
00104     }
00105 
00106     PUT_ULONG_BE( v0, output, 0 );
00107     PUT_ULONG_BE( v1, output, 4 );
00108 
00109     return( 0 );
00110 }
00111 
00112 /*
00113  * XTEA-CBC buffer encryption/decryption
00114  */
00115 int xtea_crypt_cbc( xtea_context *ctx,
00116                     int mode,
00117                     size_t length,
00118                     unsigned char iv[8],
00119                     unsigned char *input,
00120                     unsigned char *output)
00121 {
00122     int i;
00123     unsigned char temp[8];
00124 
00125     if(length % 8)
00126         return( POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH );
00127 
00128     if( mode == XTEA_DECRYPT ) 
00129     {
00130         while( length > 0 )
00131         {
00132             memcpy( temp, input, 8 );
00133             xtea_crypt_ecb( ctx, mode, input, output );
00134 
00135             for(i = 0; i < 8; i++) 
00136                 output[i] = (unsigned char)( output[i] ^ iv[i] );
00137 
00138             memcpy( iv, temp, 8 );
00139 
00140             input  += 8;
00141             output += 8;
00142             length -= 8;
00143         }
00144     } 
00145     else 
00146     {
00147         while( length > 0 )
00148         {
00149             for( i = 0; i < 8; i++ )
00150                 output[i] = (unsigned char)( input[i] ^ iv[i] );
00151 
00152             xtea_crypt_ecb( ctx, mode, output, output );
00153             memcpy( iv, output, 8 );
00154             
00155             input  += 8;
00156             output += 8;
00157             length -= 8;
00158         }
00159     }
00160 
00161     return( 0 );
00162 }
00163 
00164 #if defined(POLARSSL_SELF_TEST)
00165 
00166 #include <string.h>
00167 #include <stdio.h>
00168 
00169 /*
00170  * XTEA tests vectors (non-official)
00171  */
00172 
00173 static const unsigned char xtea_test_key[6][16] =
00174 {
00175    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
00176      0x0c, 0x0d, 0x0e, 0x0f },
00177    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
00178      0x0c, 0x0d, 0x0e, 0x0f },
00179    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
00180      0x0c, 0x0d, 0x0e, 0x0f },
00181    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00182      0x00, 0x00, 0x00, 0x00 },
00183    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00184      0x00, 0x00, 0x00, 0x00 },
00185    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
00186      0x00, 0x00, 0x00, 0x00 }
00187 };
00188 
00189 static const unsigned char xtea_test_pt[6][8] =
00190 {
00191     { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
00192     { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
00193     { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
00194     { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
00195     { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
00196     { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
00197 };
00198 
00199 static const unsigned char xtea_test_ct[6][8] =
00200 {
00201     { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
00202     { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
00203     { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
00204     { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
00205     { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
00206     { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
00207 };
00208 
00209 /*
00210  * Checkup routine
00211  */
00212 int xtea_self_test( int verbose )
00213 {
00214     int i;
00215     unsigned char buf[8];
00216     xtea_context ctx;
00217 
00218     for( i = 0; i < 6; i++ )
00219     {
00220         if( verbose != 0 )
00221             printf( "  XTEA test #%d: ", i + 1 );
00222 
00223         memcpy( buf, xtea_test_pt[i], 8 );
00224 
00225         xtea_setup( &ctx, (unsigned char *) xtea_test_key[i] );
00226         xtea_crypt_ecb( &ctx, XTEA_ENCRYPT, buf, buf );
00227 
00228         if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
00229         {
00230             if( verbose != 0 )
00231                 printf( "failed\n" );
00232 
00233             return( 1 );
00234         }
00235 
00236         if( verbose != 0 )
00237             printf( "passed\n" );
00238     }
00239 
00240     if( verbose != 0 )
00241         printf( "\n" );
00242 
00243     return( 0 );
00244 }
00245 
00246 #endif
00247 
00248 #endif