0

I am trying to test this implementation of the xtea algorithm in Python. The only testvectors I have found are these. How can I test the output of the algorithm so that I can compare it bytewise? Which password/key should I choose? Which endian would be best? (I am on 64 bit xubuntu/x86/little endian)

XTEA

# 64 bit block of data to encrypt
v0, v1 = struct.unpack(endian + "2L", block)
# 128 bit key
k = struct.unpack(endian + "4L", key)
sum, delta, mask = 0L, 0x9e3779b9L, 0xffffffffL
for round in range(n):
    v0 = (v0 + (((v1<<4 ^ v1>>5) + v1) ^ (sum + k[sum & 3]))) & mask
    sum = (sum + delta) & mask
    v1 = (v1 + (((v0<<4 ^ v0>>5) + v0) ^ (sum + k[sum>>11 & 3]))) & mask)
return struct.pack(endian + "2L", v0, v1)

Initial 64 bit test input

# pack 000000 in 64 bit string
byte_string = ''
for c in range(56, -8, -8):
    byte_string += chr(000000 >> c & 0xff)

Testvectors (copied from here)

tean values
These are made by starting with a vector of 6 zeroes,
data followed by key, and coding with one cycle then 
moving the six cyclically so that n becomes n-1 modulo 6. 

We repeat with 2-64 cycles printing at powers of 2 in 
hexadecimal.  The process is reversed decoding back 
to the original zeroes which are printed.

  1        0 9e3779b9        0        0         0        0
  2 ec01a1de aaa0256d        0        0         0        0
  4 bc3a7de2 4e238eb9        0        0  ec01a1de 114f6d74
  8 31c5fa6c 241756d6 bc3a7de2 845846cf  2794a127 6b8ea8b8
 16 1d8e6992 9a478905 6a1d78c8  8c86d67  2a65bfbe b4bd6e46
 32 d26428af  a202283 27f917b1 c1da8993  60e2acaa a6eb923d
 64 7a01cbc9 b03d6068 62ee209f  69b7afc  376a8936 cdc9e923
  1        0        0        0        0         0        0
user937284
  • 2,454
  • 6
  • 25
  • 29

1 Answers1

2

The C code you linked to seems to assume that a long has 32 bits -- XTEA uses a 64-bit block made of two uint32; the code uses a couple of long and doesn't do anything to handle the overflow which happens when you sum/leftshift (and propagates into later computations).

The python code lets you choose endianness, while the C code treats those numbers as... well, numbers, so if you want to compare them, you need to pick endianness (or if you're lazy, try both and see if one matches :)

Regarding the key, I'm not sure what your problem is, so I'll guess: in case you're not a C programmer, the line static long pz[1024], n, m; is a static declaration, meaning that all those values are implicitly initialized to zero.

Anything else I missed?

loreb
  • 1,327
  • 1
  • 7
  • 6
  • thanks for your answer! i am using 6 zeros for the key now with big endian. but i still do not get the point how to get the "6 blocks output" from the 64 bit result of the xtea.(i get 00000000b979379e as result of the first iteration) – user937284 Jan 07 '14 at 12:04
  • You mean the 1st line of output? It looks like a bug to me -- his "power of two" includes the case where n==1, ie on the first iteration, where he's only written a couple of elements but the rest of the `pz` array is still zeroed from the (implicit) initialization, not any encrypted value. You should try to indent the code properly and step it in a debugger, it's more convoluted than it needs to be. – loreb Jan 07 '14 at 16:08
  • https://polarssl.org/api/xtea_8c_source.html looks easier to understand imho (unless pointer arithmetic is your mother tongue :) – loreb Jan 07 '14 at 16:13