1/*
2 * A 32-bit implementation of the XTEA algorithm
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20#include "common.h"
21
22#if defined(MBEDTLS_XTEA_C)
23
24#include "mbedtls/xtea.h"
25#include "mbedtls/platform_util.h"
26
27#include <string.h>
28
29#include "mbedtls/platform.h"
30
31#if !defined(MBEDTLS_XTEA_ALT)
32
33void mbedtls_xtea_init(mbedtls_xtea_context *ctx)
34{
35 memset(ctx, 0, sizeof(mbedtls_xtea_context));
36}
37
38void mbedtls_xtea_free(mbedtls_xtea_context *ctx)
39{
40 if (ctx == NULL) {
41 return;
42 }
43
44 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_xtea_context));
45}
46
47/*
48 * XTEA key schedule
49 */
50void mbedtls_xtea_setup(mbedtls_xtea_context *ctx, const unsigned char key[16])
51{
52 int i;
53
54 memset(ctx, 0, sizeof(mbedtls_xtea_context));
55
56 for (i = 0; i < 4; i++) {
57 ctx->k[i] = MBEDTLS_GET_UINT32_BE(key, i << 2);
58 }
59}
60
61/*
62 * XTEA encrypt function
63 */
64int mbedtls_xtea_crypt_ecb(mbedtls_xtea_context *ctx, int mode,
65 const unsigned char input[8], unsigned char output[8])
66{
67 uint32_t *k, v0, v1, i;
68
69 k = ctx->k;
70
71 v0 = MBEDTLS_GET_UINT32_BE(input, 0);
72 v1 = MBEDTLS_GET_UINT32_BE(input, 4);
73
74 if (mode == MBEDTLS_XTEA_ENCRYPT) {
75 uint32_t sum = 0, delta = 0x9E3779B9;
76
77 for (i = 0; i < 32; i++) {
78 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
79 sum += delta;
80 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
81 }
82 } else { /* MBEDTLS_XTEA_DECRYPT */
83 uint32_t delta = 0x9E3779B9, sum = delta * 32;
84
85 for (i = 0; i < 32; i++) {
86 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
87 sum -= delta;
88 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
89 }
90 }
91
92 MBEDTLS_PUT_UINT32_BE(v0, output, 0);
93 MBEDTLS_PUT_UINT32_BE(v1, output, 4);
94
95 return 0;
96}
97
98#if defined(MBEDTLS_CIPHER_MODE_CBC)
99/*
100 * XTEA-CBC buffer encryption/decryption
101 */
102int mbedtls_xtea_crypt_cbc(mbedtls_xtea_context *ctx, int mode, size_t length,
103 unsigned char iv[8], const unsigned char *input,
104 unsigned char *output)
105{
106 int i;
107 unsigned char temp[8];
108
109 if (length % 8) {
110 return MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH;
111 }
112
113 if (mode == MBEDTLS_XTEA_DECRYPT) {
114 while (length > 0) {
115 memcpy(temp, input, 8);
116 mbedtls_xtea_crypt_ecb(ctx, mode, input, output);
117
118 for (i = 0; i < 8; i++) {
119 output[i] = (unsigned char) (output[i] ^ iv[i]);
120 }
121
122 memcpy(iv, temp, 8);
123
124 input += 8;
125 output += 8;
126 length -= 8;
127 }
128 } else {
129 while (length > 0) {
130 for (i = 0; i < 8; i++) {
131 output[i] = (unsigned char) (input[i] ^ iv[i]);
132 }
133
134 mbedtls_xtea_crypt_ecb(ctx, mode, output, output);
135 memcpy(iv, output, 8);
136
137 input += 8;
138 output += 8;
139 length -= 8;
140 }
141 }
142
143 return 0;
144}
145#endif /* MBEDTLS_CIPHER_MODE_CBC */
146#endif /* !MBEDTLS_XTEA_ALT */
147
148#if defined(MBEDTLS_SELF_TEST)
149
150/*
151 * XTEA tests vectors (non-official)
152 */
153
154static const unsigned char xtea_test_key[6][16] =
155{
156 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
157 0x0c, 0x0d, 0x0e, 0x0f },
158 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
159 0x0c, 0x0d, 0x0e, 0x0f },
160 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
161 0x0c, 0x0d, 0x0e, 0x0f },
162 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
163 0x00, 0x00, 0x00, 0x00 },
164 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
165 0x00, 0x00, 0x00, 0x00 },
166 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
167 0x00, 0x00, 0x00, 0x00 }
168};
169
170static const unsigned char xtea_test_pt[6][8] =
171{
172 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
173 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
174 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
175 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
176 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
177 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
178};
179
180static const unsigned char xtea_test_ct[6][8] =
181{
182 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
183 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
184 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
185 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
186 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
187 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
188};
189
190/*
191 * Checkup routine
192 */
193int mbedtls_xtea_self_test(int verbose)
194{
195 int i, ret = 0;
196 unsigned char buf[8];
197 mbedtls_xtea_context ctx;
198
199 mbedtls_xtea_init(&ctx);
200 for (i = 0; i < 6; i++) {
201 if (verbose != 0) {
202 mbedtls_printf(" XTEA test #%d: ", i + 1);
203 }
204
205 memcpy(buf, xtea_test_pt[i], 8);
206
207 mbedtls_xtea_setup(&ctx, xtea_test_key[i]);
208 mbedtls_xtea_crypt_ecb(&ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf);
209
210 if (memcmp(buf, xtea_test_ct[i], 8) != 0) {
211 if (verbose != 0) {
212 mbedtls_printf("failed\n");
213 }
214
215 ret = 1;
216 goto exit;
217 }
218
219 if (verbose != 0) {
220 mbedtls_printf("passed\n");
221 }
222 }
223
224 if (verbose != 0) {
225 mbedtls_printf("\n");
226 }
227
228exit:
229 mbedtls_xtea_free(&ctx);
230
231 return ret;
232}
233
234#endif /* MBEDTLS_SELF_TEST */
235
236#endif /* MBEDTLS_XTEA_C */
237