Botan  2.8.0
Crypto and TLS for C++11
xtea.cpp
Go to the documentation of this file.
1 /*
2 * XTEA
3 * (C) 1999-2009,2016 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/xtea.h>
9 #include <botan/loadstor.h>
10 
11 namespace Botan {
12 
13 /*
14 * XTEA Encryption
15 */
16 void XTEA::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
17  {
18  verify_key_set(m_EK.empty() == false);
19 
20  const uint32_t* EK = &m_EK[0];
21 
22  const size_t blocks4 = blocks / 4;
23  const size_t blocks_left = blocks % 4;
24 
25  BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks4; i++)
26  {
27  uint32_t L0, R0, L1, R1, L2, R2, L3, R3;
28  load_be(in + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
29 
30  for(size_t r = 0; r != 32; ++r)
31  {
32  L0 += (((R0 << 4) ^ (R0 >> 5)) + R0) ^ EK[2*r];
33  L1 += (((R1 << 4) ^ (R1 >> 5)) + R1) ^ EK[2*r];
34  L2 += (((R2 << 4) ^ (R2 >> 5)) + R2) ^ EK[2*r];
35  L3 += (((R3 << 4) ^ (R3 >> 5)) + R3) ^ EK[2*r];
36 
37  R0 += (((L0 << 4) ^ (L0 >> 5)) + L0) ^ EK[2*r+1];
38  R1 += (((L1 << 4) ^ (L1 >> 5)) + L1) ^ EK[2*r+1];
39  R2 += (((L2 << 4) ^ (L2 >> 5)) + L2) ^ EK[2*r+1];
40  R3 += (((L3 << 4) ^ (L3 >> 5)) + L3) ^ EK[2*r+1];
41  }
42 
43  store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
44  }
45 
46  BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i)
47  {
48  uint32_t L, R;
49  load_be(in + BLOCK_SIZE*(4*blocks4+i), L, R);
50 
51  for(size_t r = 0; r != 32; ++r)
52  {
53  L += (((R << 4) ^ (R >> 5)) + R) ^ EK[2*r];
54  R += (((L << 4) ^ (L >> 5)) + L) ^ EK[2*r+1];
55  }
56 
57  store_be(out + BLOCK_SIZE*(4*blocks4+i), L, R);
58  }
59  }
60 
61 /*
62 * XTEA Decryption
63 */
64 void XTEA::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
65  {
66  verify_key_set(m_EK.empty() == false);
67 
68  const uint32_t* EK = &m_EK[0];
69 
70  const size_t blocks4 = blocks / 4;
71  const size_t blocks_left = blocks % 4;
72 
73  BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks4; i++)
74  {
75  uint32_t L0, R0, L1, R1, L2, R2, L3, R3;
76  load_be(in + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
77 
78  for(size_t r = 0; r != 32; ++r)
79  {
80  R0 -= (((L0 << 4) ^ (L0 >> 5)) + L0) ^ EK[63 - 2*r];
81  R1 -= (((L1 << 4) ^ (L1 >> 5)) + L1) ^ EK[63 - 2*r];
82  R2 -= (((L2 << 4) ^ (L2 >> 5)) + L2) ^ EK[63 - 2*r];
83  R3 -= (((L3 << 4) ^ (L3 >> 5)) + L3) ^ EK[63 - 2*r];
84 
85  L0 -= (((R0 << 4) ^ (R0 >> 5)) + R0) ^ EK[62 - 2*r];
86  L1 -= (((R1 << 4) ^ (R1 >> 5)) + R1) ^ EK[62 - 2*r];
87  L2 -= (((R2 << 4) ^ (R2 >> 5)) + R2) ^ EK[62 - 2*r];
88  L3 -= (((R3 << 4) ^ (R3 >> 5)) + R3) ^ EK[62 - 2*r];
89  }
90 
91  store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
92  }
93 
94  BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i)
95  {
96  uint32_t L, R;
97  load_be(in + BLOCK_SIZE*(4*blocks4+i), L, R);
98 
99  for(size_t r = 0; r != 32; ++r)
100  {
101  R -= (((L << 4) ^ (L >> 5)) + L) ^ m_EK[63 - 2*r];
102  L -= (((R << 4) ^ (R >> 5)) + R) ^ m_EK[62 - 2*r];
103  }
104 
105  store_be(out + BLOCK_SIZE*(4*blocks4+i), L, R);
106  }
107  }
108 
109 /*
110 * XTEA Key Schedule
111 */
112 void XTEA::key_schedule(const uint8_t key[], size_t)
113  {
114  m_EK.resize(64);
115 
117  for(size_t i = 0; i != 4; ++i)
118  UK[i] = load_be<uint32_t>(key, i);
119 
120  uint32_t D = 0;
121  for(size_t i = 0; i != 64; i += 2)
122  {
123  m_EK[i ] = D + UK[D % 4];
124  D += 0x9E3779B9;
125  m_EK[i+1] = D + UK[(D >> 11) % 4];
126  }
127  }
128 
130  {
131  zap(m_EK);
132  }
133 
134 }
void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override
Definition: xtea.cpp:64
void clear() override
Definition: xtea.cpp:129
void verify_key_set(bool cond) const
Definition: sym_algo.h:89
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:193
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:434
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:177
#define BOTAN_PARALLEL_FOR
Definition: compiler.h:183
void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override
Definition: xtea.cpp:16
T load_be(const uint8_t in[], size_t off)
Definition: loadstor.h:105
Definition: alg_id.cpp:13
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88