1/* 2 * A 32-bit implementation of the XTEA algorithm 3 * Copyright (c) 2012 Samuel Pitoiset 4 * 5 * loosely based on the implementation of David Wheeler and Roger Needham 6 * 7 * This file is part of FFmpeg. 8 * 9 * FFmpeg is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU Lesser General Public 11 * License as published by the Free Software Foundation; either 12 * version 2.1 of the License, or (at your option) any later version. 13 * 14 * FFmpeg is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public 20 * License along with FFmpeg; if not, write to the Free Software 21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 22 */ 23 24/** 25 * @file 26 * @brief XTEA 32-bit implementation 27 * @author Samuel Pitoiset 28 * @ingroup lavu_xtea 29 */ 30 31#include "avutil.h" 32#include "common.h" 33#include "intreadwrite.h" 34#include "xtea.h" 35 36void av_xtea_init(AVXTEA *ctx, const uint8_t key[16]) 37{ 38 int i; 39 40 for (i = 0; i < 4; i++) 41 ctx->key[i] = AV_RB32(key + (i << 2)); 42} 43 44static void xtea_crypt_ecb(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, 45 int decrypt, uint8_t *iv) 46{ 47 uint32_t v0, v1; 48#if !CONFIG_SMALL 49 uint32_t k0 = ctx->key[0]; 50 uint32_t k1 = ctx->key[1]; 51 uint32_t k2 = ctx->key[2]; 52 uint32_t k3 = ctx->key[3]; 53#endif 54 55 v0 = AV_RB32(src); 56 v1 = AV_RB32(src + 4); 57 58 if (decrypt) { 59#if CONFIG_SMALL 60 int i; 61 uint32_t delta = 0x9E3779B9U, sum = delta * 32; 62 63 for (i = 0; i < 32; i++) { 64 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + ctx->key[(sum >> 11) & 3]); 65 sum -= delta; 66 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + ctx->key[sum & 3]); 67 } 68#else 69#define DSTEP(SUM, K0, K1) \ 70 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + K0); \ 71 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM - 0x9E3779B9U + K1) 72 73 DSTEP(0xC6EF3720U, k2, k3); 74 DSTEP(0x28B7BD67U, k3, k2); 75 DSTEP(0x8A8043AEU, k0, k1); 76 DSTEP(0xEC48C9F5U, k1, k0); 77 DSTEP(0x4E11503CU, k2, k3); 78 DSTEP(0xAFD9D683U, k2, k2); 79 DSTEP(0x11A25CCAU, k3, k1); 80 DSTEP(0x736AE311U, k0, k0); 81 DSTEP(0xD5336958U, k1, k3); 82 DSTEP(0x36FBEF9FU, k1, k2); 83 DSTEP(0x98C475E6U, k2, k1); 84 DSTEP(0xFA8CFC2DU, k3, k0); 85 DSTEP(0x5C558274U, k0, k3); 86 DSTEP(0xBE1E08BBU, k1, k2); 87 DSTEP(0x1FE68F02U, k1, k1); 88 DSTEP(0x81AF1549U, k2, k0); 89 DSTEP(0xE3779B90U, k3, k3); 90 DSTEP(0x454021D7U, k0, k2); 91 DSTEP(0xA708A81EU, k1, k1); 92 DSTEP(0x08D12E65U, k1, k0); 93 DSTEP(0x6A99B4ACU, k2, k3); 94 DSTEP(0xCC623AF3U, k3, k2); 95 DSTEP(0x2E2AC13AU, k0, k1); 96 DSTEP(0x8FF34781U, k0, k0); 97 DSTEP(0xF1BBCDC8U, k1, k3); 98 DSTEP(0x5384540FU, k2, k2); 99 DSTEP(0xB54CDA56U, k3, k1); 100 DSTEP(0x1715609DU, k0, k0); 101 DSTEP(0x78DDE6E4U, k0, k3); 102 DSTEP(0xDAA66D2BU, k1, k2); 103 DSTEP(0x3C6EF372U, k2, k1); 104 DSTEP(0x9E3779B9U, k3, k0); 105#endif 106 if (iv) { 107 v0 ^= AV_RB32(iv); 108 v1 ^= AV_RB32(iv + 4); 109 memcpy(iv, src, 8); 110 } 111 } else { 112#if CONFIG_SMALL 113 int i; 114 uint32_t sum = 0, delta = 0x9E3779B9U; 115 116 for (i = 0; i < 32; i++) { 117 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + ctx->key[sum & 3]); 118 sum += delta; 119 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + ctx->key[(sum >> 11) & 3]); 120 } 121#else 122#define ESTEP(SUM, K0, K1) \ 123 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM + K0);\ 124 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + 0x9E3779B9U + K1) 125 ESTEP(0x00000000U, k0, k3); 126 ESTEP(0x9E3779B9U, k1, k2); 127 ESTEP(0x3C6EF372U, k2, k1); 128 ESTEP(0xDAA66D2BU, k3, k0); 129 ESTEP(0x78DDE6E4U, k0, k0); 130 ESTEP(0x1715609DU, k1, k3); 131 ESTEP(0xB54CDA56U, k2, k2); 132 ESTEP(0x5384540FU, k3, k1); 133 ESTEP(0xF1BBCDC8U, k0, k0); 134 ESTEP(0x8FF34781U, k1, k0); 135 ESTEP(0x2E2AC13AU, k2, k3); 136 ESTEP(0xCC623AF3U, k3, k2); 137 ESTEP(0x6A99B4ACU, k0, k1); 138 ESTEP(0x08D12E65U, k1, k1); 139 ESTEP(0xA708A81EU, k2, k0); 140 ESTEP(0x454021D7U, k3, k3); 141 ESTEP(0xE3779B90U, k0, k2); 142 ESTEP(0x81AF1549U, k1, k1); 143 ESTEP(0x1FE68F02U, k2, k1); 144 ESTEP(0xBE1E08BBU, k3, k0); 145 ESTEP(0x5C558274U, k0, k3); 146 ESTEP(0xFA8CFC2DU, k1, k2); 147 ESTEP(0x98C475E6U, k2, k1); 148 ESTEP(0x36FBEF9FU, k3, k1); 149 ESTEP(0xD5336958U, k0, k0); 150 ESTEP(0x736AE311U, k1, k3); 151 ESTEP(0x11A25CCAU, k2, k2); 152 ESTEP(0xAFD9D683U, k3, k2); 153 ESTEP(0x4E11503CU, k0, k1); 154 ESTEP(0xEC48C9F5U, k1, k0); 155 ESTEP(0x8A8043AEU, k2, k3); 156 ESTEP(0x28B7BD67U, k3, k2); 157#endif 158 } 159 160 AV_WB32(dst, v0); 161 AV_WB32(dst + 4, v1); 162} 163 164void av_xtea_crypt(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, int count, 165 uint8_t *iv, int decrypt) 166{ 167 int i; 168 169 if (decrypt) { 170 while (count--) { 171 xtea_crypt_ecb(ctx, dst, src, decrypt, iv); 172 173 src += 8; 174 dst += 8; 175 } 176 } else { 177 while (count--) { 178 if (iv) { 179 for (i = 0; i < 8; i++) 180 dst[i] = src[i] ^ iv[i]; 181 xtea_crypt_ecb(ctx, dst, dst, decrypt, NULL); 182 memcpy(iv, dst, 8); 183 } else { 184 xtea_crypt_ecb(ctx, dst, src, decrypt, NULL); 185 } 186 src += 8; 187 dst += 8; 188 } 189 } 190} 191 192#ifdef TEST 193#include <stdio.h> 194 195#define XTEA_NUM_TESTS 6 196 197static const uint8_t xtea_test_key[XTEA_NUM_TESTS][16] = { 198 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 199 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 200 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 201 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 202 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 203 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 204 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 205 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 206 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 207 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 208 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 209 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 210}; 211 212static const uint8_t xtea_test_pt[XTEA_NUM_TESTS][8] = { 213 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, 214 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, 215 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f }, 216 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, 217 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, 218 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 } 219}; 220 221static const uint8_t xtea_test_ct[XTEA_NUM_TESTS][8] = { 222 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 }, 223 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 }, 224 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, 225 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 }, 226 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d }, 227 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 } 228}; 229 230static void test_xtea(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, 231 const uint8_t *ref, int len, uint8_t *iv, int dir, 232 const char *test) 233{ 234 av_xtea_crypt(ctx, dst, src, len, iv, dir); 235 if (memcmp(dst, ref, 8*len)) { 236 int i; 237 printf("%s failed\ngot ", test); 238 for (i = 0; i < 8*len; i++) 239 printf("%02x ", dst[i]); 240 printf("\nexpected "); 241 for (i = 0; i < 8*len; i++) 242 printf("%02x ", ref[i]); 243 printf("\n"); 244 exit(1); 245 } 246} 247 248int main(void) 249{ 250 AVXTEA ctx; 251 uint8_t buf[8], iv[8]; 252 int i; 253 static const uint8_t src[32] = "HelloWorldHelloWorldHelloWorld"; 254 uint8_t ct[32]; 255 uint8_t pl[32]; 256 257 for (i = 0; i < XTEA_NUM_TESTS; i++) { 258 av_xtea_init(&ctx, xtea_test_key[i]); 259 260 test_xtea(&ctx, buf, xtea_test_pt[i], xtea_test_ct[i], 1, NULL, 0, "encryption"); 261 test_xtea(&ctx, buf, xtea_test_ct[i], xtea_test_pt[i], 1, NULL, 1, "decryption"); 262 263 /* encrypt */ 264 memcpy(iv, "HALLO123", 8); 265 av_xtea_crypt(&ctx, ct, src, 4, iv, 0); 266 267 /* decrypt into pl */ 268 memcpy(iv, "HALLO123", 8); 269 test_xtea(&ctx, pl, ct, src, 4, iv, 1, "CBC decryption"); 270 271 memcpy(iv, "HALLO123", 8); 272 test_xtea(&ctx, ct, ct, src, 4, iv, 1, "CBC inplace decryption"); 273 } 274 275 printf("Test encryption/decryption success.\n"); 276 277 return 0; 278} 279 280#endif 281