1 /*
2 * An 32-bit implementation of the XTEA algorithm
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #include "common.h"
21
22 #if defined(MBEDTLS_XTEA_C)
23
24 #include "mbedtls/xtea.h"
25 #include "mbedtls/platform_util.h"
26
27 #include <string.h>
28
29 #if defined(MBEDTLS_SELF_TEST)
30 #if defined(MBEDTLS_PLATFORM_C)
31 #include "mbedtls/platform.h"
32 #else
33 #include <stdio.h>
34 #define mbedtls_printf printf
35 #endif /* MBEDTLS_PLATFORM_C */
36 #endif /* MBEDTLS_SELF_TEST */
37
38 #if !defined(MBEDTLS_XTEA_ALT)
39
40 /*
41 * 32-bit integer manipulation macros (big endian)
42 */
43 #ifndef GET_UINT32_BE
44 #define GET_UINT32_BE(n,b,i) \
45 { \
46 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
47 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
48 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
49 | ( (uint32_t) (b)[(i) + 3] ); \
50 }
51 #endif
52
53 #ifndef PUT_UINT32_BE
54 #define PUT_UINT32_BE(n,b,i) \
55 { \
56 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59 (b)[(i) + 3] = (unsigned char) ( (n) ); \
60 }
61 #endif
62
mbedtls_xtea_init(mbedtls_xtea_context * ctx)63 void mbedtls_xtea_init( mbedtls_xtea_context *ctx )
64 {
65 memset( ctx, 0, sizeof( mbedtls_xtea_context ) );
66 }
67
mbedtls_xtea_free(mbedtls_xtea_context * ctx)68 void mbedtls_xtea_free( mbedtls_xtea_context *ctx )
69 {
70 if( ctx == NULL )
71 return;
72
73 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
74 }
75
76 /*
77 * XTEA key schedule
78 */
mbedtls_xtea_setup(mbedtls_xtea_context * ctx,const unsigned char key[16])79 void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] )
80 {
81 int i;
82
83 memset( ctx, 0, sizeof(mbedtls_xtea_context) );
84
85 for( i = 0; i < 4; i++ )
86 {
87 GET_UINT32_BE( ctx->k[i], key, i << 2 );
88 }
89 }
90
91 /*
92 * XTEA encrypt function
93 */
mbedtls_xtea_crypt_ecb(mbedtls_xtea_context * ctx,int mode,const unsigned char input[8],unsigned char output[8])94 int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode,
95 const unsigned char input[8], unsigned char output[8])
96 {
97 uint32_t *k, v0, v1, i;
98
99 k = ctx->k;
100
101 GET_UINT32_BE( v0, input, 0 );
102 GET_UINT32_BE( v1, input, 4 );
103
104 if( mode == MBEDTLS_XTEA_ENCRYPT )
105 {
106 uint32_t sum = 0, delta = 0x9E3779B9;
107
108 for( i = 0; i < 32; i++ )
109 {
110 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
111 sum += delta;
112 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
113 }
114 }
115 else /* MBEDTLS_XTEA_DECRYPT */
116 {
117 uint32_t delta = 0x9E3779B9, sum = delta * 32;
118
119 for( i = 0; i < 32; i++ )
120 {
121 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
122 sum -= delta;
123 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
124 }
125 }
126
127 PUT_UINT32_BE( v0, output, 0 );
128 PUT_UINT32_BE( v1, output, 4 );
129
130 return( 0 );
131 }
132
133 #if defined(MBEDTLS_CIPHER_MODE_CBC)
134 /*
135 * XTEA-CBC buffer encryption/decryption
136 */
mbedtls_xtea_crypt_cbc(mbedtls_xtea_context * ctx,int mode,size_t length,unsigned char iv[8],const unsigned char * input,unsigned char * output)137 int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length,
138 unsigned char iv[8], const unsigned char *input,
139 unsigned char *output)
140 {
141 int i;
142 unsigned char temp[8];
143
144 if( length % 8 )
145 return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH );
146
147 if( mode == MBEDTLS_XTEA_DECRYPT )
148 {
149 while( length > 0 )
150 {
151 memcpy( temp, input, 8 );
152 mbedtls_xtea_crypt_ecb( ctx, mode, input, output );
153
154 for( i = 0; i < 8; i++ )
155 output[i] = (unsigned char)( output[i] ^ iv[i] );
156
157 memcpy( iv, temp, 8 );
158
159 input += 8;
160 output += 8;
161 length -= 8;
162 }
163 }
164 else
165 {
166 while( length > 0 )
167 {
168 for( i = 0; i < 8; i++ )
169 output[i] = (unsigned char)( input[i] ^ iv[i] );
170
171 mbedtls_xtea_crypt_ecb( ctx, mode, output, output );
172 memcpy( iv, output, 8 );
173
174 input += 8;
175 output += 8;
176 length -= 8;
177 }
178 }
179
180 return( 0 );
181 }
182 #endif /* MBEDTLS_CIPHER_MODE_CBC */
183 #endif /* !MBEDTLS_XTEA_ALT */
184
185 #if defined(MBEDTLS_SELF_TEST)
186
187 /*
188 * XTEA tests vectors (non-official)
189 */
190
191 static const unsigned char xtea_test_key[6][16] =
192 {
193 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
194 0x0c, 0x0d, 0x0e, 0x0f },
195 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
196 0x0c, 0x0d, 0x0e, 0x0f },
197 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
198 0x0c, 0x0d, 0x0e, 0x0f },
199 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
200 0x00, 0x00, 0x00, 0x00 },
201 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
202 0x00, 0x00, 0x00, 0x00 },
203 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
204 0x00, 0x00, 0x00, 0x00 }
205 };
206
207 static const unsigned char xtea_test_pt[6][8] =
208 {
209 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
210 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
211 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
212 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
213 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
214 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
215 };
216
217 static const unsigned char xtea_test_ct[6][8] =
218 {
219 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
220 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
221 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
222 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
223 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
224 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
225 };
226
227 /*
228 * Checkup routine
229 */
mbedtls_xtea_self_test(int verbose)230 int mbedtls_xtea_self_test( int verbose )
231 {
232 int i, ret = 0;
233 unsigned char buf[8];
234 mbedtls_xtea_context ctx;
235
236 mbedtls_xtea_init( &ctx );
237 for( i = 0; i < 6; i++ )
238 {
239 if( verbose != 0 )
240 mbedtls_printf( " XTEA test #%d: ", i + 1 );
241
242 memcpy( buf, xtea_test_pt[i], 8 );
243
244 mbedtls_xtea_setup( &ctx, xtea_test_key[i] );
245 mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf );
246
247 if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
248 {
249 if( verbose != 0 )
250 mbedtls_printf( "failed\n" );
251
252 ret = 1;
253 goto exit;
254 }
255
256 if( verbose != 0 )
257 mbedtls_printf( "passed\n" );
258 }
259
260 if( verbose != 0 )
261 mbedtls_printf( "\n" );
262
263 exit:
264 mbedtls_xtea_free( &ctx );
265
266 return( ret );
267 }
268
269 #endif /* MBEDTLS_SELF_TEST */
270
271 #endif /* MBEDTLS_XTEA_C */
272