""" XTEA Block Encryption Algorithm Author: Paul Chakravarti (paul_dot_chakravarti_at_gmail_dot_com) License: Public Domain This module provides a Python implementation of the XTEA block encryption algorithm (http://www.cix.co.uk/~klockstone/xtea.pdf). The module implements the basic XTEA block encryption algortithm (`xtea_encrypt`/`xtea_decrypt`) and also provides a higher level `crypt` function which symmetrically encrypts/decrypts a variable length string using XTEA in OFB mode as a key generator. The `crypt` function does not use `xtea_decrypt` which is provided for completeness only (but can be used to support other stream modes - eg CBC/CFB). This module is intended to provide a simple 'privacy-grade' Python encryption algorithm with no external dependencies. The implementation is relatively slow and is best suited to small volumes of data. Note that the XTEA algorithm has not been subjected to extensive analysis (though is believed to be relatively secure - see http://en.wikipedia.org/wiki/XTEA). For applications requiring 'real' security please use a known and well tested algorithm/implementation. The security of the algorithm is entirely based on quality (entropy) and secrecy of the key. You should generate the key from a known random source and exchange using a trusted mechanism. In addition, you should always use a random IV to seed the key generator (the IV is not sensitive and does not need to be exchanged securely) >>> import os >>> iv = 'ABCDEFGH' >>> z = crypt('0123456789012345','Hello There',iv) >>> z.encode('hex') 'fe196d0a40d6c222b9eff3' >>> crypt('0123456789012345',z,iv) 'Hello There' """ import struct def crypt(key,data,iv='\00\00\00\00\00\00\00\00',n=32): """ Encrypt/decrypt variable length string using XTEA cypher as key generator (OFB mode) * key = 128 bit (16 char) * iv = 64 bit (8 char) * data = string (any length) >>> import os >>> key = os.urandom(16) >>> iv = os.urandom(8) >>> data = os.urandom(10000) >>> z = crypt(key,data,iv) >>> crypt(key,z,iv) == data True """ def keygen(key,iv,n): while True: iv = xtea_encrypt(key,iv,n) for k in iv: yield ord(k) xor = [ chr(x^y) for (x,y) in zip(map(ord,data),keygen(key,iv,n)) ] return "".join(xor) def xtea_encrypt(key,block,n=32,endian="!"): """ Encrypt 64 bit data block using XTEA block cypher * key = 128 bit (16 char) * block = 64 bit (8 char) * n = rounds (default 32) * endian = byte order (see 'struct' doc - default big/network) >>> z = xtea_encrypt('0123456789012345','ABCDEFGH') >>> z.encode('hex') 'b67c01662ff6964a' Only need to change byte order if sending/receiving from alternative endian implementation >>> z = xtea_encrypt('0123456789012345','ABCDEFGH',endian="<") >>> z.encode('hex') 'ea0c3d7c1c22557f' """ v0,v1 = struct.unpack(endian+"2L",block) k = struct.unpack(endian+"4L",key) sum,delta,mask = 0L,0x9e3779b9L,0xffffffffL for round in range(n): v0 = (v0 + (((v1<<4 ^ v1>>5) + v1) ^ (sum + k[sum & 3]))) & mask sum = (sum + delta) & mask v1 = (v1 + (((v0<<4 ^ v0>>5) + v0) ^ (sum + k[sum>>11 & 3]))) & mask return struct.pack(endian+"2L",v0,v1) def xtea_decrypt(key,block,n=32,endian="!"): """ Decrypt 64 bit data block using XTEA block cypher * key = 128 bit (16 char) * block = 64 bit (8 char) * n = rounds (default 32) * endian = byte order (see 'struct' doc - default big/network) >>> z = 'b67c01662ff6964a'.decode('hex') >>> xtea_decrypt('0123456789012345',z) 'ABCDEFGH' Only need to change byte order if sending/receiving from alternative endian implementation >>> z = 'ea0c3d7c1c22557f'.decode('hex') >>> xtea_decrypt('0123456789012345',z,endian="<") 'ABCDEFGH' """ v0,v1 = struct.unpack(endian+"2L",block) k = struct.unpack(endian+"4L",key) delta,mask = 0x9e3779b9L,0xffffffffL sum = (delta * n) & mask for round in range(n): v1 = (v1 - (((v0<<4 ^ v0>>5) + v0) ^ (sum + k[sum>>11 & 3]))) & mask sum = (sum - delta) & mask v0 = (v0 - (((v1<<4 ^ v1>>5) + v1) ^ (sum + k[sum & 3]))) & mask return struct.pack(endian+"2L",v0,v1) if __name__ == "__main__": import doctest doctest.testmod()