Commit | Line | Data |
---|---|---|
2ba45a60 DM |
1 | /* |
2 | * A 32-bit implementation of the XTEA algorithm | |
3 | * Copyright (c) 2012 Samuel Pitoiset | |
4 | * | |
5 | * loosely based on the implementation of David Wheeler and Roger Needham | |
6 | * | |
7 | * This file is part of FFmpeg. | |
8 | * | |
9 | * FFmpeg is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * FFmpeg is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with FFmpeg; if not, write to the Free Software | |
21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
22 | */ | |
23 | ||
24 | /** | |
25 | * @file | |
26 | * @brief XTEA 32-bit implementation | |
27 | * @author Samuel Pitoiset | |
28 | * @ingroup lavu_xtea | |
29 | */ | |
30 | ||
31 | #include "avutil.h" | |
32 | #include "common.h" | |
33 | #include "intreadwrite.h" | |
34 | #include "xtea.h" | |
35 | ||
36 | void av_xtea_init(AVXTEA *ctx, const uint8_t key[16]) | |
37 | { | |
38 | int i; | |
39 | ||
40 | for (i = 0; i < 4; i++) | |
41 | ctx->key[i] = AV_RB32(key + (i << 2)); | |
42 | } | |
43 | ||
44 | static void xtea_crypt_ecb(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, | |
45 | int decrypt, uint8_t *iv) | |
46 | { | |
47 | uint32_t v0, v1; | |
48 | #if !CONFIG_SMALL | |
49 | uint32_t k0 = ctx->key[0]; | |
50 | uint32_t k1 = ctx->key[1]; | |
51 | uint32_t k2 = ctx->key[2]; | |
52 | uint32_t k3 = ctx->key[3]; | |
53 | #endif | |
54 | ||
55 | v0 = AV_RB32(src); | |
56 | v1 = AV_RB32(src + 4); | |
57 | ||
58 | if (decrypt) { | |
59 | #if CONFIG_SMALL | |
60 | int i; | |
61 | uint32_t delta = 0x9E3779B9U, sum = delta * 32; | |
62 | ||
63 | for (i = 0; i < 32; i++) { | |
64 | v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + ctx->key[(sum >> 11) & 3]); | |
65 | sum -= delta; | |
66 | v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + ctx->key[sum & 3]); | |
67 | } | |
68 | #else | |
69 | #define DSTEP(SUM, K0, K1) \ | |
70 | v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + K0); \ | |
71 | v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM - 0x9E3779B9U + K1) | |
72 | ||
73 | DSTEP(0xC6EF3720U, k2, k3); | |
74 | DSTEP(0x28B7BD67U, k3, k2); | |
75 | DSTEP(0x8A8043AEU, k0, k1); | |
76 | DSTEP(0xEC48C9F5U, k1, k0); | |
77 | DSTEP(0x4E11503CU, k2, k3); | |
78 | DSTEP(0xAFD9D683U, k2, k2); | |
79 | DSTEP(0x11A25CCAU, k3, k1); | |
80 | DSTEP(0x736AE311U, k0, k0); | |
81 | DSTEP(0xD5336958U, k1, k3); | |
82 | DSTEP(0x36FBEF9FU, k1, k2); | |
83 | DSTEP(0x98C475E6U, k2, k1); | |
84 | DSTEP(0xFA8CFC2DU, k3, k0); | |
85 | DSTEP(0x5C558274U, k0, k3); | |
86 | DSTEP(0xBE1E08BBU, k1, k2); | |
87 | DSTEP(0x1FE68F02U, k1, k1); | |
88 | DSTEP(0x81AF1549U, k2, k0); | |
89 | DSTEP(0xE3779B90U, k3, k3); | |
90 | DSTEP(0x454021D7U, k0, k2); | |
91 | DSTEP(0xA708A81EU, k1, k1); | |
92 | DSTEP(0x08D12E65U, k1, k0); | |
93 | DSTEP(0x6A99B4ACU, k2, k3); | |
94 | DSTEP(0xCC623AF3U, k3, k2); | |
95 | DSTEP(0x2E2AC13AU, k0, k1); | |
96 | DSTEP(0x8FF34781U, k0, k0); | |
97 | DSTEP(0xF1BBCDC8U, k1, k3); | |
98 | DSTEP(0x5384540FU, k2, k2); | |
99 | DSTEP(0xB54CDA56U, k3, k1); | |
100 | DSTEP(0x1715609DU, k0, k0); | |
101 | DSTEP(0x78DDE6E4U, k0, k3); | |
102 | DSTEP(0xDAA66D2BU, k1, k2); | |
103 | DSTEP(0x3C6EF372U, k2, k1); | |
104 | DSTEP(0x9E3779B9U, k3, k0); | |
105 | #endif | |
106 | if (iv) { | |
107 | v0 ^= AV_RB32(iv); | |
108 | v1 ^= AV_RB32(iv + 4); | |
109 | memcpy(iv, src, 8); | |
110 | } | |
111 | } else { | |
112 | #if CONFIG_SMALL | |
113 | int i; | |
114 | uint32_t sum = 0, delta = 0x9E3779B9U; | |
115 | ||
116 | for (i = 0; i < 32; i++) { | |
117 | v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + ctx->key[sum & 3]); | |
118 | sum += delta; | |
119 | v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + ctx->key[(sum >> 11) & 3]); | |
120 | } | |
121 | #else | |
122 | #define ESTEP(SUM, K0, K1) \ | |
123 | v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM + K0);\ | |
124 | v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + 0x9E3779B9U + K1) | |
125 | ESTEP(0x00000000U, k0, k3); | |
126 | ESTEP(0x9E3779B9U, k1, k2); | |
127 | ESTEP(0x3C6EF372U, k2, k1); | |
128 | ESTEP(0xDAA66D2BU, k3, k0); | |
129 | ESTEP(0x78DDE6E4U, k0, k0); | |
130 | ESTEP(0x1715609DU, k1, k3); | |
131 | ESTEP(0xB54CDA56U, k2, k2); | |
132 | ESTEP(0x5384540FU, k3, k1); | |
133 | ESTEP(0xF1BBCDC8U, k0, k0); | |
134 | ESTEP(0x8FF34781U, k1, k0); | |
135 | ESTEP(0x2E2AC13AU, k2, k3); | |
136 | ESTEP(0xCC623AF3U, k3, k2); | |
137 | ESTEP(0x6A99B4ACU, k0, k1); | |
138 | ESTEP(0x08D12E65U, k1, k1); | |
139 | ESTEP(0xA708A81EU, k2, k0); | |
140 | ESTEP(0x454021D7U, k3, k3); | |
141 | ESTEP(0xE3779B90U, k0, k2); | |
142 | ESTEP(0x81AF1549U, k1, k1); | |
143 | ESTEP(0x1FE68F02U, k2, k1); | |
144 | ESTEP(0xBE1E08BBU, k3, k0); | |
145 | ESTEP(0x5C558274U, k0, k3); | |
146 | ESTEP(0xFA8CFC2DU, k1, k2); | |
147 | ESTEP(0x98C475E6U, k2, k1); | |
148 | ESTEP(0x36FBEF9FU, k3, k1); | |
149 | ESTEP(0xD5336958U, k0, k0); | |
150 | ESTEP(0x736AE311U, k1, k3); | |
151 | ESTEP(0x11A25CCAU, k2, k2); | |
152 | ESTEP(0xAFD9D683U, k3, k2); | |
153 | ESTEP(0x4E11503CU, k0, k1); | |
154 | ESTEP(0xEC48C9F5U, k1, k0); | |
155 | ESTEP(0x8A8043AEU, k2, k3); | |
156 | ESTEP(0x28B7BD67U, k3, k2); | |
157 | #endif | |
158 | } | |
159 | ||
160 | AV_WB32(dst, v0); | |
161 | AV_WB32(dst + 4, v1); | |
162 | } | |
163 | ||
164 | void av_xtea_crypt(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, int count, | |
165 | uint8_t *iv, int decrypt) | |
166 | { | |
167 | int i; | |
168 | ||
169 | if (decrypt) { | |
170 | while (count--) { | |
171 | xtea_crypt_ecb(ctx, dst, src, decrypt, iv); | |
172 | ||
173 | src += 8; | |
174 | dst += 8; | |
175 | } | |
176 | } else { | |
177 | while (count--) { | |
178 | if (iv) { | |
179 | for (i = 0; i < 8; i++) | |
180 | dst[i] = src[i] ^ iv[i]; | |
181 | xtea_crypt_ecb(ctx, dst, dst, decrypt, NULL); | |
182 | memcpy(iv, dst, 8); | |
183 | } else { | |
184 | xtea_crypt_ecb(ctx, dst, src, decrypt, NULL); | |
185 | } | |
186 | src += 8; | |
187 | dst += 8; | |
188 | } | |
189 | } | |
190 | } | |
191 | ||
192 | #ifdef TEST | |
193 | #include <stdio.h> | |
194 | ||
195 | #define XTEA_NUM_TESTS 6 | |
196 | ||
197 | static const uint8_t xtea_test_key[XTEA_NUM_TESTS][16] = { | |
198 | { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
199 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, | |
200 | { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
201 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, | |
202 | { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
203 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, | |
204 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
205 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
206 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
207 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
208 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
209 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } | |
210 | }; | |
211 | ||
212 | static const uint8_t xtea_test_pt[XTEA_NUM_TESTS][8] = { | |
213 | { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, | |
214 | { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, | |
215 | { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f }, | |
216 | { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, | |
217 | { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, | |
218 | { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 } | |
219 | }; | |
220 | ||
221 | static const uint8_t xtea_test_ct[XTEA_NUM_TESTS][8] = { | |
222 | { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 }, | |
223 | { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 }, | |
224 | { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, | |
225 | { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 }, | |
226 | { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d }, | |
227 | { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 } | |
228 | }; | |
229 | ||
230 | static void test_xtea(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, | |
231 | const uint8_t *ref, int len, uint8_t *iv, int dir, | |
232 | const char *test) | |
233 | { | |
234 | av_xtea_crypt(ctx, dst, src, len, iv, dir); | |
235 | if (memcmp(dst, ref, 8*len)) { | |
236 | int i; | |
237 | printf("%s failed\ngot ", test); | |
238 | for (i = 0; i < 8*len; i++) | |
239 | printf("%02x ", dst[i]); | |
240 | printf("\nexpected "); | |
241 | for (i = 0; i < 8*len; i++) | |
242 | printf("%02x ", ref[i]); | |
243 | printf("\n"); | |
244 | exit(1); | |
245 | } | |
246 | } | |
247 | ||
248 | int main(void) | |
249 | { | |
250 | AVXTEA ctx; | |
251 | uint8_t buf[8], iv[8]; | |
252 | int i; | |
253 | static const uint8_t src[32] = "HelloWorldHelloWorldHelloWorld"; | |
254 | uint8_t ct[32]; | |
255 | uint8_t pl[32]; | |
256 | ||
257 | for (i = 0; i < XTEA_NUM_TESTS; i++) { | |
258 | av_xtea_init(&ctx, xtea_test_key[i]); | |
259 | ||
260 | test_xtea(&ctx, buf, xtea_test_pt[i], xtea_test_ct[i], 1, NULL, 0, "encryption"); | |
261 | test_xtea(&ctx, buf, xtea_test_ct[i], xtea_test_pt[i], 1, NULL, 1, "decryption"); | |
262 | ||
263 | /* encrypt */ | |
264 | memcpy(iv, "HALLO123", 8); | |
265 | av_xtea_crypt(&ctx, ct, src, 4, iv, 0); | |
266 | ||
267 | /* decrypt into pl */ | |
268 | memcpy(iv, "HALLO123", 8); | |
269 | test_xtea(&ctx, pl, ct, src, 4, iv, 1, "CBC decryption"); | |
270 | ||
271 | memcpy(iv, "HALLO123", 8); | |
272 | test_xtea(&ctx, ct, ct, src, 4, iv, 1, "CBC inplace decryption"); | |
273 | } | |
274 | ||
275 | printf("Test encryption/decryption success.\n"); | |
276 | ||
277 | return 0; | |
278 | } | |
279 | ||
280 | #endif |