2 * A 32-bit implementation of the XTEA algorithm
3 * Copyright (c) 2012 Samuel Pitoiset
5 * loosely based on the implementation of David Wheeler and Roger Needham
7 * This file is part of FFmpeg.
9 * FFmpeg is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * FFmpeg is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with FFmpeg; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
26 * @brief XTEA 32-bit implementation
27 * @author Samuel Pitoiset
33 #include "intreadwrite.h"
37 #if !FF_API_CRYPTO_CONTEXT
43 AVXTEA *av_xtea_alloc(void)
45 return av_mallocz(sizeof(struct AVXTEA));
48 void av_xtea_init(AVXTEA *ctx, const uint8_t key[16])
52 for (i = 0; i < 4; i++)
53 ctx->key[i] = AV_RB32(key + (i << 2));
56 static void xtea_crypt_ecb(AVXTEA *ctx, uint8_t *dst, const uint8_t *src,
57 int decrypt, uint8_t *iv)
61 uint32_t k0 = ctx->key[0];
62 uint32_t k1 = ctx->key[1];
63 uint32_t k2 = ctx->key[2];
64 uint32_t k3 = ctx->key[3];
68 v1 = AV_RB32(src + 4);
73 uint32_t delta = 0x9E3779B9U, sum = delta * 32;
75 for (i = 0; i < 32; i++) {
76 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + ctx->key[(sum >> 11) & 3]);
78 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + ctx->key[sum & 3]);
81 #define DSTEP(SUM, K0, K1) \
82 v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + K0); \
83 v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM - 0x9E3779B9U + K1)
85 DSTEP(0xC6EF3720U, k2, k3);
86 DSTEP(0x28B7BD67U, k3, k2);
87 DSTEP(0x8A8043AEU, k0, k1);
88 DSTEP(0xEC48C9F5U, k1, k0);
89 DSTEP(0x4E11503CU, k2, k3);
90 DSTEP(0xAFD9D683U, k2, k2);
91 DSTEP(0x11A25CCAU, k3, k1);
92 DSTEP(0x736AE311U, k0, k0);
93 DSTEP(0xD5336958U, k1, k3);
94 DSTEP(0x36FBEF9FU, k1, k2);
95 DSTEP(0x98C475E6U, k2, k1);
96 DSTEP(0xFA8CFC2DU, k3, k0);
97 DSTEP(0x5C558274U, k0, k3);
98 DSTEP(0xBE1E08BBU, k1, k2);
99 DSTEP(0x1FE68F02U, k1, k1);
100 DSTEP(0x81AF1549U, k2, k0);
101 DSTEP(0xE3779B90U, k3, k3);
102 DSTEP(0x454021D7U, k0, k2);
103 DSTEP(0xA708A81EU, k1, k1);
104 DSTEP(0x08D12E65U, k1, k0);
105 DSTEP(0x6A99B4ACU, k2, k3);
106 DSTEP(0xCC623AF3U, k3, k2);
107 DSTEP(0x2E2AC13AU, k0, k1);
108 DSTEP(0x8FF34781U, k0, k0);
109 DSTEP(0xF1BBCDC8U, k1, k3);
110 DSTEP(0x5384540FU, k2, k2);
111 DSTEP(0xB54CDA56U, k3, k1);
112 DSTEP(0x1715609DU, k0, k0);
113 DSTEP(0x78DDE6E4U, k0, k3);
114 DSTEP(0xDAA66D2BU, k1, k2);
115 DSTEP(0x3C6EF372U, k2, k1);
116 DSTEP(0x9E3779B9U, k3, k0);
120 v1 ^= AV_RB32(iv + 4);
126 uint32_t sum = 0, delta = 0x9E3779B9U;
128 for (i = 0; i < 32; i++) {
129 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + ctx->key[sum & 3]);
131 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + ctx->key[(sum >> 11) & 3]);
134 #define ESTEP(SUM, K0, K1) \
135 v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (SUM + K0);\
136 v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (SUM + 0x9E3779B9U + K1)
137 ESTEP(0x00000000U, k0, k3);
138 ESTEP(0x9E3779B9U, k1, k2);
139 ESTEP(0x3C6EF372U, k2, k1);
140 ESTEP(0xDAA66D2BU, k3, k0);
141 ESTEP(0x78DDE6E4U, k0, k0);
142 ESTEP(0x1715609DU, k1, k3);
143 ESTEP(0xB54CDA56U, k2, k2);
144 ESTEP(0x5384540FU, k3, k1);
145 ESTEP(0xF1BBCDC8U, k0, k0);
146 ESTEP(0x8FF34781U, k1, k0);
147 ESTEP(0x2E2AC13AU, k2, k3);
148 ESTEP(0xCC623AF3U, k3, k2);
149 ESTEP(0x6A99B4ACU, k0, k1);
150 ESTEP(0x08D12E65U, k1, k1);
151 ESTEP(0xA708A81EU, k2, k0);
152 ESTEP(0x454021D7U, k3, k3);
153 ESTEP(0xE3779B90U, k0, k2);
154 ESTEP(0x81AF1549U, k1, k1);
155 ESTEP(0x1FE68F02U, k2, k1);
156 ESTEP(0xBE1E08BBU, k3, k0);
157 ESTEP(0x5C558274U, k0, k3);
158 ESTEP(0xFA8CFC2DU, k1, k2);
159 ESTEP(0x98C475E6U, k2, k1);
160 ESTEP(0x36FBEF9FU, k3, k1);
161 ESTEP(0xD5336958U, k0, k0);
162 ESTEP(0x736AE311U, k1, k3);
163 ESTEP(0x11A25CCAU, k2, k2);
164 ESTEP(0xAFD9D683U, k3, k2);
165 ESTEP(0x4E11503CU, k0, k1);
166 ESTEP(0xEC48C9F5U, k1, k0);
167 ESTEP(0x8A8043AEU, k2, k3);
168 ESTEP(0x28B7BD67U, k3, k2);
173 AV_WB32(dst + 4, v1);
176 void av_xtea_crypt(AVXTEA *ctx, uint8_t *dst, const uint8_t *src, int count,
177 uint8_t *iv, int decrypt)
183 xtea_crypt_ecb(ctx, dst, src, decrypt, iv);
191 for (i = 0; i < 8; i++)
192 dst[i] = src[i] ^ iv[i];
193 xtea_crypt_ecb(ctx, dst, dst, decrypt, NULL);
196 xtea_crypt_ecb(ctx, dst, src, decrypt, NULL);
207 #define XTEA_NUM_TESTS 6
209 static const uint8_t xtea_test_key[XTEA_NUM_TESTS][16] = {
210 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
211 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
212 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
213 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
214 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
215 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
216 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
217 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
218 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
219 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
220 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
221 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
224 static const uint8_t xtea_test_pt[XTEA_NUM_TESTS][8] = {
225 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
226 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
227 { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
228 { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
229 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
230 { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
233 static const uint8_t xtea_test_ct[XTEA_NUM_TESTS][8] = {
234 { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
235 { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
236 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
237 { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
238 { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
239 { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
242 static void test_xtea(AVXTEA *ctx, uint8_t *dst, const uint8_t *src,
243 const uint8_t *ref, int len, uint8_t *iv, int dir,
246 av_xtea_crypt(ctx, dst, src, len, iv, dir);
247 if (memcmp(dst, ref, 8*len)) {
249 printf("%s failed\ngot ", test);
250 for (i = 0; i < 8*len; i++)
251 printf("%02x ", dst[i]);
252 printf("\nexpected ");
253 for (i = 0; i < 8*len; i++)
254 printf("%02x ", ref[i]);
263 uint8_t buf[8], iv[8];
265 static const uint8_t src[32] = "HelloWorldHelloWorldHelloWorld";
269 for (i = 0; i < XTEA_NUM_TESTS; i++) {
270 av_xtea_init(&ctx, xtea_test_key[i]);
272 test_xtea(&ctx, buf, xtea_test_pt[i], xtea_test_ct[i], 1, NULL, 0, "encryption");
273 test_xtea(&ctx, buf, xtea_test_ct[i], xtea_test_pt[i], 1, NULL, 1, "decryption");
276 memcpy(iv, "HALLO123", 8);
277 av_xtea_crypt(&ctx, ct, src, 4, iv, 0);
279 /* decrypt into pl */
280 memcpy(iv, "HALLO123", 8);
281 test_xtea(&ctx, pl, ct, src, 4, iv, 1, "CBC decryption");
283 memcpy(iv, "HALLO123", 8);
284 test_xtea(&ctx, ct, ct, src, 4, iv, 1, "CBC inplace decryption");
287 printf("Test encryption/decryption success.\n");
projects / ffmpeg / blob