1 /* 2 * An 32-bit implementation of the XTEA algorithm 3 * 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 5 * SPDX-License-Identifier: GPL-2.0 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License along 18 * with this program; if not, write to the Free Software Foundation, Inc., 19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * This file is part of mbed TLS (https://tls.mbed.org) 22 */ 23 24 #if !defined(MBEDTLS_CONFIG_FILE) 25 #include "mbedtls/config.h" 26 #else 27 #include MBEDTLS_CONFIG_FILE 28 #endif 29 30 #if defined(MBEDTLS_XTEA_C) 31 32 #include "mbedtls/xtea.h" 33 34 #include <string.h> 35 36 #if defined(MBEDTLS_SELF_TEST) 37 #if defined(MBEDTLS_PLATFORM_C) 38 #include "mbedtls/platform.h" 39 #else 40 #include <stdio.h> 41 #define mbedtls_printf printf 42 #endif /* MBEDTLS_PLATFORM_C */ 43 #endif /* MBEDTLS_SELF_TEST */ 44 45 #if !defined(MBEDTLS_XTEA_ALT) 46 47 /* Implementation that should never be optimized out by the compiler */ 48 static void mbedtls_zeroize( void *v, size_t n ) { 49 volatile unsigned char *p = v; while( n-- ) *p++ = 0; 50 } 51 52 /* 53 * 32-bit integer manipulation macros (big endian) 54 */ 55 #ifndef GET_UINT32_BE 56 #define GET_UINT32_BE(n,b,i) \ 57 { \ 58 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 59 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 60 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 61 | ( (uint32_t) (b)[(i) + 3] ); \ 62 } 63 #endif 64 65 #ifndef PUT_UINT32_BE 66 #define PUT_UINT32_BE(n,b,i) \ 67 { \ 68 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 69 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 70 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 71 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 72 } 73 #endif 74 75 void mbedtls_xtea_init( mbedtls_xtea_context *ctx ) 76 { 77 memset( ctx, 0, sizeof( mbedtls_xtea_context ) ); 78 } 79 80 void mbedtls_xtea_free( mbedtls_xtea_context *ctx ) 81 { 82 if( ctx == NULL ) 83 return; 84 85 mbedtls_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); 86 } 87 88 /* 89 * XTEA key schedule 90 */ 91 void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ) 92 { 93 int i; 94 95 memset( ctx, 0, sizeof(mbedtls_xtea_context) ); 96 97 for( i = 0; i < 4; i++ ) 98 { 99 GET_UINT32_BE( ctx->k[i], key, i << 2 ); 100 } 101 } 102 103 /* 104 * XTEA encrypt function 105 */ 106 int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode, 107 const unsigned char input[8], unsigned char output[8]) 108 { 109 uint32_t *k, v0, v1, i; 110 111 k = ctx->k; 112 113 GET_UINT32_BE( v0, input, 0 ); 114 GET_UINT32_BE( v1, input, 4 ); 115 116 if( mode == MBEDTLS_XTEA_ENCRYPT ) 117 { 118 uint32_t sum = 0, delta = 0x9E3779B9; 119 120 for( i = 0; i < 32; i++ ) 121 { 122 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); 123 sum += delta; 124 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); 125 } 126 } 127 else /* MBEDTLS_XTEA_DECRYPT */ 128 { 129 uint32_t delta = 0x9E3779B9, sum = delta * 32; 130 131 for( i = 0; i < 32; i++ ) 132 { 133 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); 134 sum -= delta; 135 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); 136 } 137 } 138 139 PUT_UINT32_BE( v0, output, 0 ); 140 PUT_UINT32_BE( v1, output, 4 ); 141 142 return( 0 ); 143 } 144 145 #if defined(MBEDTLS_CIPHER_MODE_CBC) 146 /* 147 * XTEA-CBC buffer encryption/decryption 148 */ 149 int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length, 150 unsigned char iv[8], const unsigned char *input, 151 unsigned char *output) 152 { 153 int i; 154 unsigned char temp[8]; 155 156 if( length % 8 ) 157 return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH ); 158 159 if( mode == MBEDTLS_XTEA_DECRYPT ) 160 { 161 while( length > 0 ) 162 { 163 memcpy( temp, input, 8 ); 164 mbedtls_xtea_crypt_ecb( ctx, mode, input, output ); 165 166 for( i = 0; i < 8; i++ ) 167 output[i] = (unsigned char)( output[i] ^ iv[i] ); 168 169 memcpy( iv, temp, 8 ); 170 171 input += 8; 172 output += 8; 173 length -= 8; 174 } 175 } 176 else 177 { 178 while( length > 0 ) 179 { 180 for( i = 0; i < 8; i++ ) 181 output[i] = (unsigned char)( input[i] ^ iv[i] ); 182 183 mbedtls_xtea_crypt_ecb( ctx, mode, output, output ); 184 memcpy( iv, output, 8 ); 185 186 input += 8; 187 output += 8; 188 length -= 8; 189 } 190 } 191 192 return( 0 ); 193 } 194 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 195 #endif /* !MBEDTLS_XTEA_ALT */ 196 197 #if defined(MBEDTLS_SELF_TEST) 198 199 /* 200 * XTEA tests vectors (non-official) 201 */ 202 203 static const unsigned char xtea_test_key[6][16] = 204 { 205 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 206 0x0c, 0x0d, 0x0e, 0x0f }, 207 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 208 0x0c, 0x0d, 0x0e, 0x0f }, 209 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 210 0x0c, 0x0d, 0x0e, 0x0f }, 211 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 212 0x00, 0x00, 0x00, 0x00 }, 213 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 214 0x00, 0x00, 0x00, 0x00 }, 215 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 216 0x00, 0x00, 0x00, 0x00 } 217 }; 218 219 static const unsigned char xtea_test_pt[6][8] = 220 { 221 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, 222 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, 223 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f }, 224 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, 225 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, 226 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 } 227 }; 228 229 static const unsigned char xtea_test_ct[6][8] = 230 { 231 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 }, 232 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 }, 233 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, 234 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 }, 235 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d }, 236 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 } 237 }; 238 239 /* 240 * Checkup routine 241 */ 242 int mbedtls_xtea_self_test( int verbose ) 243 { 244 int i, ret = 0; 245 unsigned char buf[8]; 246 mbedtls_xtea_context ctx; 247 248 mbedtls_xtea_init( &ctx ); 249 for( i = 0; i < 6; i++ ) 250 { 251 if( verbose != 0 ) 252 mbedtls_printf( " XTEA test #%d: ", i + 1 ); 253 254 memcpy( buf, xtea_test_pt[i], 8 ); 255 256 mbedtls_xtea_setup( &ctx, xtea_test_key[i] ); 257 mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf ); 258 259 if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 ) 260 { 261 if( verbose != 0 ) 262 mbedtls_printf( "failed\n" ); 263 264 ret = 1; 265 goto exit; 266 } 267 268 if( verbose != 0 ) 269 mbedtls_printf( "passed\n" ); 270 } 271 272 if( verbose != 0 ) 273 mbedtls_printf( "\n" ); 274 275 exit: 276 mbedtls_xtea_free( &ctx ); 277 278 return( ret ); 279 } 280 281 #endif /* MBEDTLS_SELF_TEST */ 282 283 #endif /* MBEDTLS_XTEA_C */ 284