Rivoreo Source Code Repositories
src.rivoreo.one / security / mbedtls / a77edade0cee6822379461f3038f12dd87df344b / . / library / xtea.c
blob: 8fac8c13989961857765813ba2a24825cef7f08d [file] [log] [blame] [raw]
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]1/*
2 * An 32-bit implementation of the XTEA algorithm
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]7 *
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]23#if !defined(POLARSSL_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]24#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]25#else
26#include POLARSSL_CONFIG_FILE
27#endif
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]28
29#if defined(POLARSSL_XTEA_C)
30
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]31#include "mbedtls/xtea.h"
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]32
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]33#include <string.h>
34
35#if defined(POLARSSL_SELF_TEST)
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]36#if defined(POLARSSL_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]37#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]38#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]39#include <stdio.h>
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]40#define polarssl_printf printf
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]41#endif /* POLARSSL_PLATFORM_C */
42#endif /* POLARSSL_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]43
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]44#if !defined(POLARSSL_XTEA_ALT)
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]45
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]46/* Implementation that should never be optimized out by the compiler */
47static void polarssl_zeroize( void *v, size_t n ) {
48 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
49}
50
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]51/*
52 * 32-bit integer manipulation macros (big endian)
53 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]54#ifndef GET_UINT32_BE
55#define GET_UINT32_BE(n,b,i) \
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]56{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]57 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
58 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
59 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
60 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]61}
62#endif
63
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]64#ifndef PUT_UINT32_BE
65#define PUT_UINT32_BE(n,b,i) \
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]66{ \
67 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
68 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
69 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
70 (b)[(i) + 3] = (unsigned char) ( (n) ); \
71}
72#endif
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]73
74void xtea_init( xtea_context *ctx )
75{
76 memset( ctx, 0, sizeof( xtea_context ) );
77}
78
79void xtea_free( xtea_context *ctx )
80{
81 if( ctx == NULL )
82 return;
83
84 polarssl_zeroize( ctx, sizeof( xtea_context ) );
85}
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]86
87/*
88 * XTEA key schedule
89 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]90void xtea_setup( xtea_context *ctx, const unsigned char key[16] )
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]91{
92 int i;
93
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]94 memset( ctx, 0, sizeof(xtea_context) );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]95
96 for( i = 0; i < 4; i++ )
97 {
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]98 GET_UINT32_BE( ctx->k[i], key, i << 2 );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]99 }
100}
101
102/*
103 * XTEA encrypt function
104 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]105int xtea_crypt_ecb( xtea_context *ctx, int mode,
106 const unsigned char input[8], unsigned char output[8])
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]107{
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]108 uint32_t *k, v0, v1, i;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]109
110 k = ctx->k;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]111
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]112 GET_UINT32_BE( v0, input, 0 );
113 GET_UINT32_BE( v1, input, 4 );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]114
115 if( mode == XTEA_ENCRYPT )
116 {
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]117 uint32_t sum = 0, delta = 0x9E3779B9;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]118
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]119 for( i = 0; i < 32; i++ )
120 {
121 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
122 sum += delta;
123 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
124 }
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]125 }
126 else /* XTEA_DECRYPT */
127 {
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]128 uint32_t delta = 0x9E3779B9, sum = delta * 32;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]129
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]130 for( i = 0; i < 32; i++ )
131 {
132 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
133 sum -= delta;
134 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
135 }
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]136 }
137
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]138 PUT_UINT32_BE( v0, output, 0 );
139 PUT_UINT32_BE( v1, output, 4 );
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]140
141 return( 0 );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]142}
143
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]144#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]145/*
146 * XTEA-CBC buffer encryption/decryption
147 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]148int xtea_crypt_cbc( xtea_context *ctx, int mode, size_t length,
149 unsigned char iv[8], const unsigned char *input,
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]150 unsigned char *output)
151{
152 int i;
153 unsigned char temp[8];
154
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]155 if( length % 8 )
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]156 return( POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH );
157
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]158 if( mode == XTEA_DECRYPT )
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]159 {
160 while( length > 0 )
161 {
162 memcpy( temp, input, 8 );
163 xtea_crypt_ecb( ctx, mode, input, output );
164
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]165 for( i = 0; i < 8; i++ )
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]166 output[i] = (unsigned char)( output[i] ^ iv[i] );
167
168 memcpy( iv, temp, 8 );
169
170 input += 8;
171 output += 8;
172 length -= 8;
173 }
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]174 }
175 else
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]176 {
177 while( length > 0 )
178 {
179 for( i = 0; i < 8; i++ )
180 output[i] = (unsigned char)( input[i] ^ iv[i] );
181
182 xtea_crypt_ecb( ctx, mode, output, output );
183 memcpy( iv, output, 8 );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]184
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]185 input += 8;
186 output += 8;
187 length -= 8;
188 }
189 }
190
191 return( 0 );
192}
Manuel Pégourié-Gonnard92cb1d32013-09-13 16:24:20 +0200[diff] [blame]193#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]194#endif /* !POLARSSL_XTEA_ALT */
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000[diff] [blame]195
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]196#if defined(POLARSSL_SELF_TEST)
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]197
198/*
199 * XTEA tests vectors (non-official)
200 */
201
202static const unsigned char xtea_test_key[6][16] =
203{
Paul Bakker0fdf3ca2009-05-03 12:54:07 +0000[diff] [blame]204 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
205 0x0c, 0x0d, 0x0e, 0x0f },
206 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
207 0x0c, 0x0d, 0x0e, 0x0f },
208 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
209 0x0c, 0x0d, 0x0e, 0x0f },
210 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
211 0x00, 0x00, 0x00, 0x00 },
212 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
213 0x00, 0x00, 0x00, 0x00 },
214 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
215 0x00, 0x00, 0x00, 0x00 }
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]216};
217
218static const unsigned char xtea_test_pt[6][8] =
219{
220 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
221 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
222 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
223 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
224 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
225 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
226};
227
228static const unsigned char xtea_test_ct[6][8] =
229{
230 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
231 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
232 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
233 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
234 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
235 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
236};
237
238/*
239 * Checkup routine
240 */
241int xtea_self_test( int verbose )
242{
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]243 int i, ret = 0;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]244 unsigned char buf[8];
245 xtea_context ctx;
246
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]247 xtea_init( &ctx );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]248 for( i = 0; i < 6; i++ )
249 {
250 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]251 polarssl_printf( " XTEA test #%d: ", i + 1 );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]252
253 memcpy( buf, xtea_test_pt[i], 8 );
254
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]255 xtea_setup( &ctx, xtea_test_key[i] );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]256 xtea_crypt_ecb( &ctx, XTEA_ENCRYPT, buf, buf );
257
258 if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
259 {
260 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]261 polarssl_printf( "failed\n" );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]262
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]263 ret = 1;
264 goto exit;
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]265 }
266
267 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]268 polarssl_printf( "passed\n" );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]269 }
270
271 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]272 polarssl_printf( "\n" );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]273
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]274exit:
275 xtea_free( &ctx );
276
277 return( ret );
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]278}
279
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]280#endif /* POLARSSL_SELF_TEST */
Paul Bakker7a7c78f2009-01-04 18:15:48 +0000[diff] [blame]281
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]282#endif /* POLARSSL_XTEA_C */