2 * A 32-bit implementation of the XTEA algorithm
3 * Copyright (c) 2012 Samuel Pitoiset
5 * loosely based on the implementation of David Wheeler and Roger Needham
7 * This file is part of FFmpeg.
9 * FFmpeg is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * FFmpeg is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with FFmpeg; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
26 * @brief XTEA 32-bit implementation
27 * @author Samuel Pitoiset
33 #include "intreadwrite.h"
36 void av_xtea_init(AVXTEA
*ctx
, const uint8_t key
[16])
40 for (i
= 0; i
< 4; i
++)
41 ctx
->key
[i
] = AV_RB32(key
+ (i
<< 2));
44 static void xtea_crypt_ecb(AVXTEA
*ctx
, uint8_t *dst
, const uint8_t *src
,
45 int decrypt
, uint8_t *iv
)
49 uint32_t k0
= ctx
->key
[0];
50 uint32_t k1
= ctx
->key
[1];
51 uint32_t k2
= ctx
->key
[2];
52 uint32_t k3
= ctx
->key
[3];
56 v1
= AV_RB32(src
+ 4);
61 uint32_t delta
= 0x9E3779B9U
, sum
= delta
* 32;
63 for (i
= 0; i
< 32; i
++) {
64 v1
-= (((v0
<< 4) ^ (v0
>> 5)) + v0
) ^ (sum
+ ctx
->key
[(sum
>> 11) & 3]);
66 v0
-= (((v1
<< 4) ^ (v1
>> 5)) + v1
) ^ (sum
+ ctx
->key
[sum
& 3]);
69 #define DSTEP(SUM, K0, K1) \
70 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + K0); \
71 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM - 0x9E3779B9U + K1)
73 DSTEP(0xC6EF3720U
, k2
, k3
);
74 DSTEP(0x28B7BD67U
, k3
, k2
);
75 DSTEP(0x8A8043AEU
, k0
, k1
);
76 DSTEP(0xEC48C9F5U
, k1
, k0
);
77 DSTEP(0x4E11503CU
, k2
, k3
);
78 DSTEP(0xAFD9D683U
, k2
, k2
);
79 DSTEP(0x11A25CCAU
, k3
, k1
);
80 DSTEP(0x736AE311U
, k0
, k0
);
81 DSTEP(0xD5336958U
, k1
, k3
);
82 DSTEP(0x36FBEF9FU
, k1
, k2
);
83 DSTEP(0x98C475E6U
, k2
, k1
);
84 DSTEP(0xFA8CFC2DU
, k3
, k0
);
85 DSTEP(0x5C558274U
, k0
, k3
);
86 DSTEP(0xBE1E08BBU
, k1
, k2
);
87 DSTEP(0x1FE68F02U
, k1
, k1
);
88 DSTEP(0x81AF1549U
, k2
, k0
);
89 DSTEP(0xE3779B90U
, k3
, k3
);
90 DSTEP(0x454021D7U
, k0
, k2
);
91 DSTEP(0xA708A81EU
, k1
, k1
);
92 DSTEP(0x08D12E65U
, k1
, k0
);
93 DSTEP(0x6A99B4ACU
, k2
, k3
);
94 DSTEP(0xCC623AF3U
, k3
, k2
);
95 DSTEP(0x2E2AC13AU
, k0
, k1
);
96 DSTEP(0x8FF34781U
, k0
, k0
);
97 DSTEP(0xF1BBCDC8U
, k1
, k3
);
98 DSTEP(0x5384540FU
, k2
, k2
);
99 DSTEP(0xB54CDA56U
, k3
, k1
);
100 DSTEP(0x1715609DU
, k0
, k0
);
101 DSTEP(0x78DDE6E4U
, k0
, k3
);
102 DSTEP(0xDAA66D2BU
, k1
, k2
);
103 DSTEP(0x3C6EF372U
, k2
, k1
);
104 DSTEP(0x9E3779B9U
, k3
, k0
);
108 v1
^= AV_RB32(iv
+ 4);
114 uint32_t sum
= 0, delta
= 0x9E3779B9U
;
116 for (i
= 0; i
< 32; i
++) {
117 v0
+= (((v1
<< 4) ^ (v1
>> 5)) + v1
) ^ (sum
+ ctx
->key
[sum
& 3]);
119 v1
+= (((v0
<< 4) ^ (v0
>> 5)) + v0
) ^ (sum
+ ctx
->key
[(sum
>> 11) & 3]);
122 #define ESTEP(SUM, K0, K1) \
123 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM + K0);\
124 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + 0x9E3779B9U + K1)
125 ESTEP(0x00000000U
, k0
, k3
);
126 ESTEP(0x9E3779B9U
, k1
, k2
);
127 ESTEP(0x3C6EF372U
, k2
, k1
);
128 ESTEP(0xDAA66D2BU
, k3
, k0
);
129 ESTEP(0x78DDE6E4U
, k0
, k0
);
130 ESTEP(0x1715609DU
, k1
, k3
);
131 ESTEP(0xB54CDA56U
, k2
, k2
);
132 ESTEP(0x5384540FU
, k3
, k1
);
133 ESTEP(0xF1BBCDC8U
, k0
, k0
);
134 ESTEP(0x8FF34781U
, k1
, k0
);
135 ESTEP(0x2E2AC13AU
, k2
, k3
);
136 ESTEP(0xCC623AF3U
, k3
, k2
);
137 ESTEP(0x6A99B4ACU
, k0
, k1
);
138 ESTEP(0x08D12E65U
, k1
, k1
);
139 ESTEP(0xA708A81EU
, k2
, k0
);
140 ESTEP(0x454021D7U
, k3
, k3
);
141 ESTEP(0xE3779B90U
, k0
, k2
);
142 ESTEP(0x81AF1549U
, k1
, k1
);
143 ESTEP(0x1FE68F02U
, k2
, k1
);
144 ESTEP(0xBE1E08BBU
, k3
, k0
);
145 ESTEP(0x5C558274U
, k0
, k3
);
146 ESTEP(0xFA8CFC2DU
, k1
, k2
);
147 ESTEP(0x98C475E6U
, k2
, k1
);
148 ESTEP(0x36FBEF9FU
, k3
, k1
);
149 ESTEP(0xD5336958U
, k0
, k0
);
150 ESTEP(0x736AE311U
, k1
, k3
);
151 ESTEP(0x11A25CCAU
, k2
, k2
);
152 ESTEP(0xAFD9D683U
, k3
, k2
);
153 ESTEP(0x4E11503CU
, k0
, k1
);
154 ESTEP(0xEC48C9F5U
, k1
, k0
);
155 ESTEP(0x8A8043AEU
, k2
, k3
);
156 ESTEP(0x28B7BD67U
, k3
, k2
);
161 AV_WB32(dst
+ 4, v1
);
164 void av_xtea_crypt(AVXTEA
*ctx
, uint8_t *dst
, const uint8_t *src
, int count
,
165 uint8_t *iv
, int decrypt
)
171 xtea_crypt_ecb(ctx
, dst
, src
, decrypt
, iv
);
179 for (i
= 0; i
< 8; i
++)
180 dst
[i
] = src
[i
] ^ iv
[i
];
181 xtea_crypt_ecb(ctx
, dst
, dst
, decrypt
, NULL
);
184 xtea_crypt_ecb(ctx
, dst
, src
, decrypt
, NULL
);
195 #define XTEA_NUM_TESTS 6
197 static const uint8_t xtea_test_key
[XTEA_NUM_TESTS
][16] = {
198 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
199 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
200 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
201 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
202 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
203 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
204 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
205 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
206 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
207 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
208 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
209 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
212 static const uint8_t xtea_test_pt
[XTEA_NUM_TESTS
][8] = {
213 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
214 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
215 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
216 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
217 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
218 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
221 static const uint8_t xtea_test_ct
[XTEA_NUM_TESTS
][8] = {
222 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
223 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
224 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
225 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
226 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
227 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
230 static void test_xtea(AVXTEA
*ctx
, uint8_t *dst
, const uint8_t *src
,
231 const uint8_t *ref
, int len
, uint8_t *iv
, int dir
,
234 av_xtea_crypt(ctx
, dst
, src
, len
, iv
, dir
);
235 if (memcmp(dst
, ref
, 8*len
)) {
237 printf("%s failed\ngot ", test
);
238 for (i
= 0; i
< 8*len
; i
++)
239 printf("%02x ", dst
[i
]);
240 printf("\nexpected ");
241 for (i
= 0; i
< 8*len
; i
++)
242 printf("%02x ", ref
[i
]);
251 uint8_t buf
[8], iv
[8];
253 static const uint8_t src
[32] = "HelloWorldHelloWorldHelloWorld";
257 for (i
= 0; i
< XTEA_NUM_TESTS
; i
++) {
258 av_xtea_init(&ctx
, xtea_test_key
[i
]);
260 test_xtea(&ctx
, buf
, xtea_test_pt
[i
], xtea_test_ct
[i
], 1, NULL
, 0, "encryption");
261 test_xtea(&ctx
, buf
, xtea_test_ct
[i
], xtea_test_pt
[i
], 1, NULL
, 1, "decryption");
264 memcpy(iv
, "HALLO123", 8);
265 av_xtea_crypt(&ctx
, ct
, src
, 4, iv
, 0);
267 /* decrypt into pl */
268 memcpy(iv
, "HALLO123", 8);
269 test_xtea(&ctx
, pl
, ct
, src
, 4, iv
, 1, "CBC decryption");
271 memcpy(iv
, "HALLO123", 8);
272 test_xtea(&ctx
, ct
, ct
, src
, 4, iv
, 1, "CBC inplace decryption");
275 printf("Test encryption/decryption success.\n");