1 /*
2  *  An 32-bit implementation of the XTEA algorithm
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #include "common.h"
21 
22 #if defined(MBEDTLS_XTEA_C)
23 
24 #include "mbedtls/xtea.h"
25 #include "mbedtls/platform_util.h"
26 
27 #include <string.h>
28 
29 #if defined(MBEDTLS_SELF_TEST)
30 #if defined(MBEDTLS_PLATFORM_C)
31 #include "mbedtls/platform.h"
32 #else
33 #include <stdio.h>
34 #define mbedtls_printf printf
35 #endif /* MBEDTLS_PLATFORM_C */
36 #endif /* MBEDTLS_SELF_TEST */
37 
38 #if !defined(MBEDTLS_XTEA_ALT)
39 
mbedtls_xtea_init(mbedtls_xtea_context * ctx)40 void mbedtls_xtea_init( mbedtls_xtea_context *ctx )
41 {
42     memset( ctx, 0, sizeof( mbedtls_xtea_context ) );
43 }
44 
mbedtls_xtea_free(mbedtls_xtea_context * ctx)45 void mbedtls_xtea_free( mbedtls_xtea_context *ctx )
46 {
47     if( ctx == NULL )
48         return;
49 
50     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
51 }
52 
53 /*
54  * XTEA key schedule
55  */
mbedtls_xtea_setup(mbedtls_xtea_context * ctx,const unsigned char key[16])56 void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] )
57 {
58     int i;
59 
60     memset( ctx, 0, sizeof(mbedtls_xtea_context) );
61 
62     for( i = 0; i < 4; i++ )
63     {
64         ctx->k[i] = MBEDTLS_GET_UINT32_BE( key, i << 2 );
65     }
66 }
67 
68 /*
69  * XTEA encrypt function
70  */
mbedtls_xtea_crypt_ecb(mbedtls_xtea_context * ctx,int mode,const unsigned char input[8],unsigned char output[8])71 int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode,
72                     const unsigned char input[8], unsigned char output[8])
73 {
74     uint32_t *k, v0, v1, i;
75 
76     k = ctx->k;
77 
78     v0 = MBEDTLS_GET_UINT32_BE( input, 0 );
79     v1 = MBEDTLS_GET_UINT32_BE( input, 4 );
80 
81     if( mode == MBEDTLS_XTEA_ENCRYPT )
82     {
83         uint32_t sum = 0, delta = 0x9E3779B9;
84 
85         for( i = 0; i < 32; i++ )
86         {
87             v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
88             sum += delta;
89             v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
90         }
91     }
92     else /* MBEDTLS_XTEA_DECRYPT */
93     {
94         uint32_t delta = 0x9E3779B9, sum = delta * 32;
95 
96         for( i = 0; i < 32; i++ )
97         {
98             v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
99             sum -= delta;
100             v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
101         }
102     }
103 
104     MBEDTLS_PUT_UINT32_BE( v0, output, 0 );
105     MBEDTLS_PUT_UINT32_BE( v1, output, 4 );
106 
107     return( 0 );
108 }
109 
110 #if defined(MBEDTLS_CIPHER_MODE_CBC)
111 /*
112  * XTEA-CBC buffer encryption/decryption
113  */
mbedtls_xtea_crypt_cbc(mbedtls_xtea_context * ctx,int mode,size_t length,unsigned char iv[8],const unsigned char * input,unsigned char * output)114 int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length,
115                     unsigned char iv[8], const unsigned char *input,
116                     unsigned char *output)
117 {
118     int i;
119     unsigned char temp[8];
120 
121     if( length % 8 )
122         return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH );
123 
124     if( mode == MBEDTLS_XTEA_DECRYPT )
125     {
126         while( length > 0 )
127         {
128             memcpy( temp, input, 8 );
129             mbedtls_xtea_crypt_ecb( ctx, mode, input, output );
130 
131             for( i = 0; i < 8; i++ )
132                 output[i] = (unsigned char)( output[i] ^ iv[i] );
133 
134             memcpy( iv, temp, 8 );
135 
136             input  += 8;
137             output += 8;
138             length -= 8;
139         }
140     }
141     else
142     {
143         while( length > 0 )
144         {
145             for( i = 0; i < 8; i++ )
146                 output[i] = (unsigned char)( input[i] ^ iv[i] );
147 
148             mbedtls_xtea_crypt_ecb( ctx, mode, output, output );
149             memcpy( iv, output, 8 );
150 
151             input  += 8;
152             output += 8;
153             length -= 8;
154         }
155     }
156 
157     return( 0 );
158 }
159 #endif /* MBEDTLS_CIPHER_MODE_CBC */
160 #endif /* !MBEDTLS_XTEA_ALT */
161 
162 #if defined(MBEDTLS_SELF_TEST)
163 
164 /*
165  * XTEA tests vectors (non-official)
166  */
167 
168 static const unsigned char xtea_test_key[6][16] =
169 {
170    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
171      0x0c, 0x0d, 0x0e, 0x0f },
172    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
173      0x0c, 0x0d, 0x0e, 0x0f },
174    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
175      0x0c, 0x0d, 0x0e, 0x0f },
176    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
177      0x00, 0x00, 0x00, 0x00 },
178    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
179      0x00, 0x00, 0x00, 0x00 },
180    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
181      0x00, 0x00, 0x00, 0x00 }
182 };
183 
184 static const unsigned char xtea_test_pt[6][8] =
185 {
186     { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
187     { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
188     { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
189     { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
190     { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
191     { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
192 };
193 
194 static const unsigned char xtea_test_ct[6][8] =
195 {
196     { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
197     { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
198     { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
199     { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
200     { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
201     { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
202 };
203 
204 /*
205  * Checkup routine
206  */
mbedtls_xtea_self_test(int verbose)207 int mbedtls_xtea_self_test( int verbose )
208 {
209     int i, ret = 0;
210     unsigned char buf[8];
211     mbedtls_xtea_context ctx;
212 
213     mbedtls_xtea_init( &ctx );
214     for( i = 0; i < 6; i++ )
215     {
216         if( verbose != 0 )
217             mbedtls_printf( "  XTEA test #%d: ", i + 1 );
218 
219         memcpy( buf, xtea_test_pt[i], 8 );
220 
221         mbedtls_xtea_setup( &ctx, xtea_test_key[i] );
222         mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf );
223 
224         if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
225         {
226             if( verbose != 0 )
227                 mbedtls_printf( "failed\n" );
228 
229             ret = 1;
230             goto exit;
231         }
232 
233         if( verbose != 0 )
234             mbedtls_printf( "passed\n" );
235     }
236 
237     if( verbose != 0 )
238         mbedtls_printf( "\n" );
239 
240 exit:
241     mbedtls_xtea_free( &ctx );
242 
243     return( ret );
244 }
245 
246 #endif /* MBEDTLS_SELF_TEST */
247 
248 #endif /* MBEDTLS_XTEA_C */
249