Botan 2.19.3
Crypto and TLS for C&
xtea.cpp
Go to the documentation of this file.
1/*
2* XTEA
3* (C) 1999-2009,2016 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/xtea.h>
9#include <botan/loadstor.h>
10
11namespace Botan {
12
13/*
14* XTEA Encryption
15*/
16void XTEA::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
17 {
18 verify_key_set(m_EK.empty() == false);
19
20 const uint32_t* EK = &m_EK[0];
21
22 const size_t blocks4 = blocks / 4;
23 const size_t blocks_left = blocks % 4;
24
25 BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks4; i++)
26 {
27 uint32_t L0, R0, L1, R1, L2, R2, L3, R3;
28 load_be(in + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
29
30 for(size_t r = 0; r != 32; ++r)
31 {
32 L0 += (((R0 << 4) ^ (R0 >> 5)) + R0) ^ EK[2*r];
33 L1 += (((R1 << 4) ^ (R1 >> 5)) + R1) ^ EK[2*r];
34 L2 += (((R2 << 4) ^ (R2 >> 5)) + R2) ^ EK[2*r];
35 L3 += (((R3 << 4) ^ (R3 >> 5)) + R3) ^ EK[2*r];
36
37 R0 += (((L0 << 4) ^ (L0 >> 5)) + L0) ^ EK[2*r+1];
38 R1 += (((L1 << 4) ^ (L1 >> 5)) + L1) ^ EK[2*r+1];
39 R2 += (((L2 << 4) ^ (L2 >> 5)) + L2) ^ EK[2*r+1];
40 R3 += (((L3 << 4) ^ (L3 >> 5)) + L3) ^ EK[2*r+1];
41 }
42
43 store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
44 }
45
46 BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i)
47 {
48 uint32_t L, R;
49 load_be(in + BLOCK_SIZE*(4*blocks4+i), L, R);
50
51 for(size_t r = 0; r != 32; ++r)
52 {
53 L += (((R << 4) ^ (R >> 5)) + R) ^ EK[2*r];
54 R += (((L << 4) ^ (L >> 5)) + L) ^ EK[2*r+1];
55 }
56
57 store_be(out + BLOCK_SIZE*(4*blocks4+i), L, R);
58 }
59 }
60
61/*
62* XTEA Decryption
63*/
64void XTEA::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
65 {
66 verify_key_set(m_EK.empty() == false);
67
68 const uint32_t* EK = &m_EK[0];
69
70 const size_t blocks4 = blocks / 4;
71 const size_t blocks_left = blocks % 4;
72
73 BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks4; i++)
74 {
75 uint32_t L0, R0, L1, R1, L2, R2, L3, R3;
76 load_be(in + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
77
78 for(size_t r = 0; r != 32; ++r)
79 {
80 R0 -= (((L0 << 4) ^ (L0 >> 5)) + L0) ^ EK[63 - 2*r];
81 R1 -= (((L1 << 4) ^ (L1 >> 5)) + L1) ^ EK[63 - 2*r];
82 R2 -= (((L2 << 4) ^ (L2 >> 5)) + L2) ^ EK[63 - 2*r];
83 R3 -= (((L3 << 4) ^ (L3 >> 5)) + L3) ^ EK[63 - 2*r];
84
85 L0 -= (((R0 << 4) ^ (R0 >> 5)) + R0) ^ EK[62 - 2*r];
86 L1 -= (((R1 << 4) ^ (R1 >> 5)) + R1) ^ EK[62 - 2*r];
87 L2 -= (((R2 << 4) ^ (R2 >> 5)) + R2) ^ EK[62 - 2*r];
88 L3 -= (((R3 << 4) ^ (R3 >> 5)) + R3) ^ EK[62 - 2*r];
89 }
90
91 store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3);
92 }
93
94 BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i)
95 {
96 uint32_t L, R;
97 load_be(in + BLOCK_SIZE*(4*blocks4+i), L, R);
98
99 for(size_t r = 0; r != 32; ++r)
100 {
101 R -= (((L << 4) ^ (L >> 5)) + L) ^ m_EK[63 - 2*r];
102 L -= (((R << 4) ^ (R >> 5)) + R) ^ m_EK[62 - 2*r];
103 }
104
105 store_be(out + BLOCK_SIZE*(4*blocks4+i), L, R);
106 }
107 }
108
109/*
110* XTEA Key Schedule
111*/
112void XTEA::key_schedule(const uint8_t key[], size_t)
113 {
114 m_EK.resize(64);
115
117 for(size_t i = 0; i != 4; ++i)
118 UK[i] = load_be<uint32_t>(key, i);
119
120 uint32_t D = 0;
121 for(size_t i = 0; i != 64; i += 2)
122 {
123 m_EK[i ] = D + UK[D % 4];
124 D += 0x9E3779B9;
125 m_EK[i+1] = D + UK[(D >> 11) % 4];
126 }
127 }
128
130 {
131 zap(m_EK);
132 }
133
134}
void verify_key_set(bool cond) const
Definition sym_algo.h:171
void clear() override
Definition xtea.cpp:129
void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override
Definition xtea.cpp:16
void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override
Definition xtea.cpp:64
#define BOTAN_PARALLEL_FOR
Definition compiler.h:188
void zap(std::vector< T, Alloc > &vec)
Definition secmem.h:124
void store_be(uint16_t in, uint8_t out[2])
Definition loadstor.h:438
T load_be(const uint8_t in[], size_t off)
Definition loadstor.h:107
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition loadstor.h:179
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65