1 /* 2 * An 32-bit implementation of the XTEA algorithm 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 * 7 * This file is provided under the Apache License 2.0, or the 8 * GNU General Public License v2.0 or later. 9 * 10 * ********** 11 * Apache License 2.0: 12 * 13 * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 * not use this file except in compliance with the License. 15 * You may obtain a copy of the License at 16 * 17 * http://www.apache.org/licenses/LICENSE-2.0 18 * 19 * Unless required by applicable law or agreed to in writing, software 20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 * See the License for the specific language governing permissions and 23 * limitations under the License. 24 * 25 * ********** 26 * 27 * ********** 28 * GNU General Public License v2.0 or later: 29 * 30 * This program is free software; you can redistribute it and/or modify 31 * it under the terms of the GNU General Public License as published by 32 * the Free Software Foundation; either version 2 of the License, or 33 * (at your option) any later version. 34 * 35 * This program is distributed in the hope that it will be useful, 36 * but WITHOUT ANY WARRANTY; without even the implied warranty of 37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 38 * GNU General Public License for more details. 39 * 40 * You should have received a copy of the GNU General Public License along 41 * with this program; if not, write to the Free Software Foundation, Inc., 42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 43 * 44 * ********** 45 */ 46 47 #if !defined(MBEDTLS_CONFIG_FILE) 48 #include "mbedtls/config.h" 49 #else 50 #include MBEDTLS_CONFIG_FILE 51 #endif 52 53 #if defined(MBEDTLS_XTEA_C) 54 55 #include "mbedtls/xtea.h" 56 #include "mbedtls/platform_util.h" 57 58 #include <string.h> 59 60 #if defined(MBEDTLS_SELF_TEST) 61 #if defined(MBEDTLS_PLATFORM_C) 62 #include "mbedtls/platform.h" 63 #else 64 #include <stdio.h> 65 #define mbedtls_printf printf 66 #endif /* MBEDTLS_PLATFORM_C */ 67 #endif /* MBEDTLS_SELF_TEST */ 68 69 #if !defined(MBEDTLS_XTEA_ALT) 70 71 /* 72 * 32-bit integer manipulation macros (big endian) 73 */ 74 #ifndef GET_UINT32_BE 75 #define GET_UINT32_BE(n,b,i) \ 76 { \ 77 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 78 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 79 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 80 | ( (uint32_t) (b)[(i) + 3] ); \ 81 } 82 #endif 83 84 #ifndef PUT_UINT32_BE 85 #define PUT_UINT32_BE(n,b,i) \ 86 { \ 87 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 88 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 89 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 90 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 91 } 92 #endif 93 94 void mbedtls_xtea_init( mbedtls_xtea_context *ctx ) 95 { 96 memset( ctx, 0, sizeof( mbedtls_xtea_context ) ); 97 } 98 99 void mbedtls_xtea_free( mbedtls_xtea_context *ctx ) 100 { 101 if( ctx == NULL ) 102 return; 103 104 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); 105 } 106 107 /* 108 * XTEA key schedule 109 */ 110 void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ) 111 { 112 int i; 113 114 memset( ctx, 0, sizeof(mbedtls_xtea_context) ); 115 116 for( i = 0; i < 4; i++ ) 117 { 118 GET_UINT32_BE( ctx->k[i], key, i << 2 ); 119 } 120 } 121 122 /* 123 * XTEA encrypt function 124 */ 125 int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode, 126 const unsigned char input[8], unsigned char output[8]) 127 { 128 uint32_t *k, v0, v1, i; 129 130 k = ctx->k; 131 132 GET_UINT32_BE( v0, input, 0 ); 133 GET_UINT32_BE( v1, input, 4 ); 134 135 if( mode == MBEDTLS_XTEA_ENCRYPT ) 136 { 137 uint32_t sum = 0, delta = 0x9E3779B9; 138 139 for( i = 0; i < 32; i++ ) 140 { 141 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); 142 sum += delta; 143 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); 144 } 145 } 146 else /* MBEDTLS_XTEA_DECRYPT */ 147 { 148 uint32_t delta = 0x9E3779B9, sum = delta * 32; 149 150 for( i = 0; i < 32; i++ ) 151 { 152 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); 153 sum -= delta; 154 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); 155 } 156 } 157 158 PUT_UINT32_BE( v0, output, 0 ); 159 PUT_UINT32_BE( v1, output, 4 ); 160 161 return( 0 ); 162 } 163 164 #if defined(MBEDTLS_CIPHER_MODE_CBC) 165 /* 166 * XTEA-CBC buffer encryption/decryption 167 */ 168 int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length, 169 unsigned char iv[8], const unsigned char *input, 170 unsigned char *output) 171 { 172 int i; 173 unsigned char temp[8]; 174 175 if( length % 8 ) 176 return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH ); 177 178 if( mode == MBEDTLS_XTEA_DECRYPT ) 179 { 180 while( length > 0 ) 181 { 182 memcpy( temp, input, 8 ); 183 mbedtls_xtea_crypt_ecb( ctx, mode, input, output ); 184 185 for( i = 0; i < 8; i++ ) 186 output[i] = (unsigned char)( output[i] ^ iv[i] ); 187 188 memcpy( iv, temp, 8 ); 189 190 input += 8; 191 output += 8; 192 length -= 8; 193 } 194 } 195 else 196 { 197 while( length > 0 ) 198 { 199 for( i = 0; i < 8; i++ ) 200 output[i] = (unsigned char)( input[i] ^ iv[i] ); 201 202 mbedtls_xtea_crypt_ecb( ctx, mode, output, output ); 203 memcpy( iv, output, 8 ); 204 205 input += 8; 206 output += 8; 207 length -= 8; 208 } 209 } 210 211 return( 0 ); 212 } 213 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 214 #endif /* !MBEDTLS_XTEA_ALT */ 215 216 #if defined(MBEDTLS_SELF_TEST) 217 218 /* 219 * XTEA tests vectors (non-official) 220 */ 221 222 static const unsigned char xtea_test_key[6][16] = 223 { 224 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 225 0x0c, 0x0d, 0x0e, 0x0f }, 226 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 227 0x0c, 0x0d, 0x0e, 0x0f }, 228 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 229 0x0c, 0x0d, 0x0e, 0x0f }, 230 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 231 0x00, 0x00, 0x00, 0x00 }, 232 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 233 0x00, 0x00, 0x00, 0x00 }, 234 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 235 0x00, 0x00, 0x00, 0x00 } 236 }; 237 238 static const unsigned char xtea_test_pt[6][8] = 239 { 240 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, 241 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, 242 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f }, 243 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, 244 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, 245 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 } 246 }; 247 248 static const unsigned char xtea_test_ct[6][8] = 249 { 250 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 }, 251 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 }, 252 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, 253 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 }, 254 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d }, 255 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 } 256 }; 257 258 /* 259 * Checkup routine 260 */ 261 int mbedtls_xtea_self_test( int verbose ) 262 { 263 int i, ret = 0; 264 unsigned char buf[8]; 265 mbedtls_xtea_context ctx; 266 267 mbedtls_xtea_init( &ctx ); 268 for( i = 0; i < 6; i++ ) 269 { 270 if( verbose != 0 ) 271 mbedtls_printf( " XTEA test #%d: ", i + 1 ); 272 273 memcpy( buf, xtea_test_pt[i], 8 ); 274 275 mbedtls_xtea_setup( &ctx, xtea_test_key[i] ); 276 mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf ); 277 278 if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 ) 279 { 280 if( verbose != 0 ) 281 mbedtls_printf( "failed\n" ); 282 283 ret = 1; 284 goto exit; 285 } 286 287 if( verbose != 0 ) 288 mbedtls_printf( "passed\n" ); 289 } 290 291 if( verbose != 0 ) 292 mbedtls_printf( "\n" ); 293 294 exit: 295 mbedtls_xtea_free( &ctx ); 296 297 return( ret ); 298 } 299 300 #endif /* MBEDTLS_SELF_TEST */ 301 302 #endif /* MBEDTLS_XTEA_C */ 303