| 1 | /* |
| 2 | * A 32-bit implementation of the XTEA algorithm |
| 3 | * Copyright (c) 2012 Samuel Pitoiset |
| 4 | * |
| 5 | * loosely based on the implementation of David Wheeler and Roger Needham |
| 6 | * |
| 7 | * This file is part of FFmpeg. |
| 8 | * |
| 9 | * FFmpeg is free software; you can redistribute it and/or |
| 10 | * modify it under the terms of the GNU Lesser General Public |
| 11 | * License as published by the Free Software Foundation; either |
| 12 | * version 2.1 of the License, or (at your option) any later version. |
| 13 | * |
| 14 | * FFmpeg is distributed in the hope that it will be useful, |
| 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 17 | * Lesser General Public License for more details. |
| 18 | * |
| 19 | * You should have received a copy of the GNU Lesser General Public |
| 20 | * License along with FFmpeg; if not, write to the Free Software |
| 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| 22 | */ |
| 23 | |
| 24 | /** |
| 25 | * @file |
| 26 | * @brief XTEA 32-bit implementation |
| 27 | * @author Samuel Pitoiset |
| 28 | * @ingroup lavu_xtea |
| 29 | */ |
| 30 | |
| 31 | #include "avutil.h" |
| 32 | #include "common.h" |
| 33 | #include "intreadwrite.h" |
| 34 | #include "xtea.h" |
| 35 | |
| 36 | void av_xtea_init(AVXTEA *ctx, const uint8_t key[16]) |
| 37 | { |
| 38 | int i; |
| 39 | |
| 40 | for (i = 0; i < 4; i++) |
| 41 | ctx->key[i] = AV_RB32(key + (i << 2)); |
| 42 | } |
| 43 | |
| 44 | static void xtea_crypt_ecb(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, |
| 45 | int decrypt, uint8_t *iv) |
| 46 | { |
| 47 | uint32_t v0, v1; |
| 48 | #if !CONFIG_SMALL |
| 49 | uint32_t k0 = ctx->key[0]; |
| 50 | uint32_t k1 = ctx->key[1]; |
| 51 | uint32_t k2 = ctx->key[2]; |
| 52 | uint32_t k3 = ctx->key[3]; |
| 53 | #endif |
| 54 | |
| 55 | v0 = AV_RB32(src); |
| 56 | v1 = AV_RB32(src + 4); |
| 57 | |
| 58 | if (decrypt) { |
| 59 | #if CONFIG_SMALL |
| 60 | int i; |
| 61 | uint32_t delta = 0x9E3779B9U, sum = delta * 32; |
| 62 | |
| 63 | for (i = 0; i < 32; i++) { |
| 64 | v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + ctx->key[(sum >> 11) & 3]); |
| 65 | sum -= delta; |
| 66 | v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + ctx->key[sum & 3]); |
| 67 | } |
| 68 | #else |
| 69 | #define DSTEP(SUM, K0, K1) \ |
| 70 | v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + K0); \ |
| 71 | v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM - 0x9E3779B9U + K1) |
| 72 | |
| 73 | DSTEP(0xC6EF3720U, k2, k3); |
| 74 | DSTEP(0x28B7BD67U, k3, k2); |
| 75 | DSTEP(0x8A8043AEU, k0, k1); |
| 76 | DSTEP(0xEC48C9F5U, k1, k0); |
| 77 | DSTEP(0x4E11503CU, k2, k3); |
| 78 | DSTEP(0xAFD9D683U, k2, k2); |
| 79 | DSTEP(0x11A25CCAU, k3, k1); |
| 80 | DSTEP(0x736AE311U, k0, k0); |
| 81 | DSTEP(0xD5336958U, k1, k3); |
| 82 | DSTEP(0x36FBEF9FU, k1, k2); |
| 83 | DSTEP(0x98C475E6U, k2, k1); |
| 84 | DSTEP(0xFA8CFC2DU, k3, k0); |
| 85 | DSTEP(0x5C558274U, k0, k3); |
| 86 | DSTEP(0xBE1E08BBU, k1, k2); |
| 87 | DSTEP(0x1FE68F02U, k1, k1); |
| 88 | DSTEP(0x81AF1549U, k2, k0); |
| 89 | DSTEP(0xE3779B90U, k3, k3); |
| 90 | DSTEP(0x454021D7U, k0, k2); |
| 91 | DSTEP(0xA708A81EU, k1, k1); |
| 92 | DSTEP(0x08D12E65U, k1, k0); |
| 93 | DSTEP(0x6A99B4ACU, k2, k3); |
| 94 | DSTEP(0xCC623AF3U, k3, k2); |
| 95 | DSTEP(0x2E2AC13AU, k0, k1); |
| 96 | DSTEP(0x8FF34781U, k0, k0); |
| 97 | DSTEP(0xF1BBCDC8U, k1, k3); |
| 98 | DSTEP(0x5384540FU, k2, k2); |
| 99 | DSTEP(0xB54CDA56U, k3, k1); |
| 100 | DSTEP(0x1715609DU, k0, k0); |
| 101 | DSTEP(0x78DDE6E4U, k0, k3); |
| 102 | DSTEP(0xDAA66D2BU, k1, k2); |
| 103 | DSTEP(0x3C6EF372U, k2, k1); |
| 104 | DSTEP(0x9E3779B9U, k3, k0); |
| 105 | #endif |
| 106 | if (iv) { |
| 107 | v0 ^= AV_RB32(iv); |
| 108 | v1 ^= AV_RB32(iv + 4); |
| 109 | memcpy(iv, src, 8); |
| 110 | } |
| 111 | } else { |
| 112 | #if CONFIG_SMALL |
| 113 | int i; |
| 114 | uint32_t sum = 0, delta = 0x9E3779B9U; |
| 115 | |
| 116 | for (i = 0; i < 32; i++) { |
| 117 | v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + ctx->key[sum & 3]); |
| 118 | sum += delta; |
| 119 | v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + ctx->key[(sum >> 11) & 3]); |
| 120 | } |
| 121 | #else |
| 122 | #define ESTEP(SUM, K0, K1) \ |
| 123 | v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM + K0);\ |
| 124 | v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + 0x9E3779B9U + K1) |
| 125 | ESTEP(0x00000000U, k0, k3); |
| 126 | ESTEP(0x9E3779B9U, k1, k2); |
| 127 | ESTEP(0x3C6EF372U, k2, k1); |
| 128 | ESTEP(0xDAA66D2BU, k3, k0); |
| 129 | ESTEP(0x78DDE6E4U, k0, k0); |
| 130 | ESTEP(0x1715609DU, k1, k3); |
| 131 | ESTEP(0xB54CDA56U, k2, k2); |
| 132 | ESTEP(0x5384540FU, k3, k1); |
| 133 | ESTEP(0xF1BBCDC8U, k0, k0); |
| 134 | ESTEP(0x8FF34781U, k1, k0); |
| 135 | ESTEP(0x2E2AC13AU, k2, k3); |
| 136 | ESTEP(0xCC623AF3U, k3, k2); |
| 137 | ESTEP(0x6A99B4ACU, k0, k1); |
| 138 | ESTEP(0x08D12E65U, k1, k1); |
| 139 | ESTEP(0xA708A81EU, k2, k0); |
| 140 | ESTEP(0x454021D7U, k3, k3); |
| 141 | ESTEP(0xE3779B90U, k0, k2); |
| 142 | ESTEP(0x81AF1549U, k1, k1); |
| 143 | ESTEP(0x1FE68F02U, k2, k1); |
| 144 | ESTEP(0xBE1E08BBU, k3, k0); |
| 145 | ESTEP(0x5C558274U, k0, k3); |
| 146 | ESTEP(0xFA8CFC2DU, k1, k2); |
| 147 | ESTEP(0x98C475E6U, k2, k1); |
| 148 | ESTEP(0x36FBEF9FU, k3, k1); |
| 149 | ESTEP(0xD5336958U, k0, k0); |
| 150 | ESTEP(0x736AE311U, k1, k3); |
| 151 | ESTEP(0x11A25CCAU, k2, k2); |
| 152 | ESTEP(0xAFD9D683U, k3, k2); |
| 153 | ESTEP(0x4E11503CU, k0, k1); |
| 154 | ESTEP(0xEC48C9F5U, k1, k0); |
| 155 | ESTEP(0x8A8043AEU, k2, k3); |
| 156 | ESTEP(0x28B7BD67U, k3, k2); |
| 157 | #endif |
| 158 | } |
| 159 | |
| 160 | AV_WB32(dst, v0); |
| 161 | AV_WB32(dst + 4, v1); |
| 162 | } |
| 163 | |
| 164 | void av_xtea_crypt(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, int count, |
| 165 | uint8_t *iv, int decrypt) |
| 166 | { |
| 167 | int i; |
| 168 | |
| 169 | if (decrypt) { |
| 170 | while (count--) { |
| 171 | xtea_crypt_ecb(ctx, dst, src, decrypt, iv); |
| 172 | |
| 173 | src += 8; |
| 174 | dst += 8; |
| 175 | } |
| 176 | } else { |
| 177 | while (count--) { |
| 178 | if (iv) { |
| 179 | for (i = 0; i < 8; i++) |
| 180 | dst[i] = src[i] ^ iv[i]; |
| 181 | xtea_crypt_ecb(ctx, dst, dst, decrypt, NULL); |
| 182 | memcpy(iv, dst, 8); |
| 183 | } else { |
| 184 | xtea_crypt_ecb(ctx, dst, src, decrypt, NULL); |
| 185 | } |
| 186 | src += 8; |
| 187 | dst += 8; |
| 188 | } |
| 189 | } |
| 190 | } |
| 191 | |
| 192 | #ifdef TEST |
| 193 | #include <stdio.h> |
| 194 | |
| 195 | #define XTEA_NUM_TESTS 6 |
| 196 | |
| 197 | static const uint8_t xtea_test_key[XTEA_NUM_TESTS][16] = { |
| 198 | { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
| 199 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, |
| 200 | { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
| 201 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, |
| 202 | { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
| 203 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, |
| 204 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 205 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, |
| 206 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 207 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, |
| 208 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 209 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } |
| 210 | }; |
| 211 | |
| 212 | static const uint8_t xtea_test_pt[XTEA_NUM_TESTS][8] = { |
| 213 | { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, |
| 214 | { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, |
| 215 | { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f }, |
| 216 | { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, |
| 217 | { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, |
| 218 | { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 } |
| 219 | }; |
| 220 | |
| 221 | static const uint8_t xtea_test_ct[XTEA_NUM_TESTS][8] = { |
| 222 | { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 }, |
| 223 | { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 }, |
| 224 | { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, |
| 225 | { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 }, |
| 226 | { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d }, |
| 227 | { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 } |
| 228 | }; |
| 229 | |
| 230 | static void test_xtea(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, |
| 231 | const uint8_t *ref, int len, uint8_t *iv, int dir, |
| 232 | const char *test) |
| 233 | { |
| 234 | av_xtea_crypt(ctx, dst, src, len, iv, dir); |
| 235 | if (memcmp(dst, ref, 8*len)) { |
| 236 | int i; |
| 237 | printf("%s failed\ngot ", test); |
| 238 | for (i = 0; i < 8*len; i++) |
| 239 | printf("%02x ", dst[i]); |
| 240 | printf("\nexpected "); |
| 241 | for (i = 0; i < 8*len; i++) |
| 242 | printf("%02x ", ref[i]); |
| 243 | printf("\n"); |
| 244 | exit(1); |
| 245 | } |
| 246 | } |
| 247 | |
| 248 | int main(void) |
| 249 | { |
| 250 | AVXTEA ctx; |
| 251 | uint8_t buf[8], iv[8]; |
| 252 | int i; |
| 253 | static const uint8_t src[32] = "HelloWorldHelloWorldHelloWorld"; |
| 254 | uint8_t ct[32]; |
| 255 | uint8_t pl[32]; |
| 256 | |
| 257 | for (i = 0; i < XTEA_NUM_TESTS; i++) { |
| 258 | av_xtea_init(&ctx, xtea_test_key[i]); |
| 259 | |
| 260 | test_xtea(&ctx, buf, xtea_test_pt[i], xtea_test_ct[i], 1, NULL, 0, "encryption"); |
| 261 | test_xtea(&ctx, buf, xtea_test_ct[i], xtea_test_pt[i], 1, NULL, 1, "decryption"); |
| 262 | |
| 263 | /* encrypt */ |
| 264 | memcpy(iv, "HALLO123", 8); |
| 265 | av_xtea_crypt(&ctx, ct, src, 4, iv, 0); |
| 266 | |
| 267 | /* decrypt into pl */ |
| 268 | memcpy(iv, "HALLO123", 8); |
| 269 | test_xtea(&ctx, pl, ct, src, 4, iv, 1, "CBC decryption"); |
| 270 | |
| 271 | memcpy(iv, "HALLO123", 8); |
| 272 | test_xtea(&ctx, ct, ct, src, 4, iv, 1, "CBC inplace decryption"); |
| 273 | } |
| 274 | |
| 275 | printf("Test encryption/decryption success.\n"); |
| 276 | |
| 277 | return 0; |
| 278 | } |
| 279 | |
| 280 | #endif |