Botan  1.10.9
xtea.cpp
Go to the documentation of this file.
1 /*
2 * XTEA
3 * (C) 1999-2009 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/xtea.h>
9 #include <botan/loadstor.h>
10 
11 namespace Botan {
12 
13 namespace {
14 
15 void xtea_encrypt_4(const byte in[32], byte out[32], const u32bit EK[64])
16  {
17  u32bit L0, R0, L1, R1, L2, R2, L3, R3;
18  load_be(in, L0, R0, L1, R1, L2, R2, L3, R3);
19 
20  for(size_t i = 0; i != 32; ++i)
21  {
22  L0 += (((R0 << 4) ^ (R0 >> 5)) + R0) ^ EK[2*i];
23  L1 += (((R1 << 4) ^ (R1 >> 5)) + R1) ^ EK[2*i];
24  L2 += (((R2 << 4) ^ (R2 >> 5)) + R2) ^ EK[2*i];
25  L3 += (((R3 << 4) ^ (R3 >> 5)) + R3) ^ EK[2*i];
26 
27  R0 += (((L0 << 4) ^ (L0 >> 5)) + L0) ^ EK[2*i+1];
28  R1 += (((L1 << 4) ^ (L1 >> 5)) + L1) ^ EK[2*i+1];
29  R2 += (((L2 << 4) ^ (L2 >> 5)) + L2) ^ EK[2*i+1];
30  R3 += (((L3 << 4) ^ (L3 >> 5)) + L3) ^ EK[2*i+1];
31  }
32 
33  store_be(out, L0, R0, L1, R1, L2, R2, L3, R3);
34  }
35 
36 void xtea_decrypt_4(const byte in[32], byte out[32], const u32bit EK[64])
37  {
38  u32bit L0, R0, L1, R1, L2, R2, L3, R3;
39  load_be(in, L0, R0, L1, R1, L2, R2, L3, R3);
40 
41  for(size_t i = 0; i != 32; ++i)
42  {
43  R0 -= (((L0 << 4) ^ (L0 >> 5)) + L0) ^ EK[63 - 2*i];
44  R1 -= (((L1 << 4) ^ (L1 >> 5)) + L1) ^ EK[63 - 2*i];
45  R2 -= (((L2 << 4) ^ (L2 >> 5)) + L2) ^ EK[63 - 2*i];
46  R3 -= (((L3 << 4) ^ (L3 >> 5)) + L3) ^ EK[63 - 2*i];
47 
48  L0 -= (((R0 << 4) ^ (R0 >> 5)) + R0) ^ EK[62 - 2*i];
49  L1 -= (((R1 << 4) ^ (R1 >> 5)) + R1) ^ EK[62 - 2*i];
50  L2 -= (((R2 << 4) ^ (R2 >> 5)) + R2) ^ EK[62 - 2*i];
51  L3 -= (((R3 << 4) ^ (R3 >> 5)) + R3) ^ EK[62 - 2*i];
52  }
53 
54  store_be(out, L0, R0, L1, R1, L2, R2, L3, R3);
55  }
56 
57 }
58 
59 /*
60 * XTEA Encryption
61 */
62 void XTEA::encrypt_n(const byte in[], byte out[], size_t blocks) const
63  {
64  while(blocks >= 4)
65  {
66  xtea_encrypt_4(in, out, &(this->EK[0]));
67  in += 4 * BLOCK_SIZE;
68  out += 4 * BLOCK_SIZE;
69  blocks -= 4;
70  }
71 
72  for(size_t i = 0; i != blocks; ++i)
73  {
74  u32bit L = load_be<u32bit>(in, 0);
75  u32bit R = load_be<u32bit>(in, 1);
76 
77  for(size_t j = 0; j != 32; ++j)
78  {
79  L += (((R << 4) ^ (R >> 5)) + R) ^ EK[2*j];
80  R += (((L << 4) ^ (L >> 5)) + L) ^ EK[2*j+1];
81  }
82 
83  store_be(out, L, R);
84 
85  in += BLOCK_SIZE;
86  out += BLOCK_SIZE;
87  }
88  }
89 
90 /*
91 * XTEA Decryption
92 */
93 void XTEA::decrypt_n(const byte in[], byte out[], size_t blocks) const
94  {
95  while(blocks >= 4)
96  {
97  xtea_decrypt_4(in, out, &(this->EK[0]));
98  in += 4 * BLOCK_SIZE;
99  out += 4 * BLOCK_SIZE;
100  blocks -= 4;
101  }
102 
103  for(size_t i = 0; i != blocks; ++i)
104  {
105  u32bit L = load_be<u32bit>(in, 0);
106  u32bit R = load_be<u32bit>(in, 1);
107 
108  for(size_t j = 0; j != 32; ++j)
109  {
110  R -= (((L << 4) ^ (L >> 5)) + L) ^ EK[63 - 2*j];
111  L -= (((R << 4) ^ (R >> 5)) + R) ^ EK[62 - 2*j];
112  }
113 
114  store_be(out, L, R);
115 
116  in += BLOCK_SIZE;
117  out += BLOCK_SIZE;
118  }
119  }
120 
121 /*
122 * XTEA Key Schedule
123 */
124 void XTEA::key_schedule(const byte key[], size_t)
125  {
126  SecureVector<u32bit> UK(4);
127  for(size_t i = 0; i != 4; ++i)
128  UK[i] = load_be<u32bit>(key, i);
129 
130  u32bit D = 0;
131  for(size_t i = 0; i != 64; i += 2)
132  {
133  EK[i ] = D + UK[D % 4];
134  D += 0x9E3779B9;
135  EK[i+1] = D + UK[(D >> 11) % 4];
136  }
137  }
138 
139 }
void encrypt_n(const byte in[], byte out[], size_t blocks) const
Definition: xtea.cpp:62
T load_be(const byte in[], size_t off)
Definition: loadstor.h:100
#define R0
Definition: asm_x86_64.h:51
unsigned char byte
Definition: types.h:22
#define R2
Definition: asm_x86_64.h:53
void decrypt_n(const byte in[], byte out[], size_t blocks) const
Definition: xtea.cpp:93
#define R1
Definition: asm_x86_64.h:52
u32bit load_be< u32bit >(const byte in[], size_t off)
Definition: loadstor.h:166
void store_be(u16bit in, byte out[2])
Definition: loadstor.h:412
#define R3
Definition: asm_x86_64.h:55
unsigned int u32bit
Definition: types.h:32