From 1f5936dbe423d54b92b950fc7b48f9edb209c7cd Mon Sep 17 00:00:00 2001
From: Dmitry <dmitrystu@gmail.com>
Date: Tue, 16 Jul 2019 01:41:25 +0300
Subject: [PATCH] add RTEA cipher

---
 Makefile     |  2 +-
 inc/crypto.h |  6 +++++
 inc/rtea.h   | 34 +++++++++++++++++++++++
 src/rtea.c   | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 117 insertions(+), 1 deletion(-)
 create mode 100644 inc/rtea.h
 create mode 100644 src/rtea.c

diff --git a/Makefile b/Makefile
index ef9c5f0..a5738d2 100644
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,7 @@ LDPARAMS   ?= ROMLEN=64K RAMLEN=8K
 
 #sources
 CRYPT_SRC   = src/arc4.c src/chacha.c src/gost.c src/raiden.c src/rc5.c src/speck.c
-CRYPT_SRC  += src/xtea.c src/blowfish.c
+CRYPT_SRC  += src/xtea.c src/blowfish.c src/rtea.c
 FW_SRC      = $(CRYPT_SRC) $(FWSTARTUP) src/descriptors.c src/bootloader.c src/rc5a.S src/chacha_a.S
 SW_SRC      = $(CRYPT_SRC) src/encrypter.c
 
diff --git a/inc/crypto.h b/inc/crypto.h
index 86f996e..799341b 100644
--- a/inc/crypto.h
+++ b/inc/crypto.h
@@ -88,6 +88,12 @@
     #define aes_encrypt(out, in, b) blowfish_encrypt(out, in, b)
     #define aes_decrypt(out, in, b) blowfish_decrypt(out, in, b)
 
+#elif (DFU_CIPHER == DFU_CIPHER_RTEA)
+    #include "rtea.h"
+    #define aes_init(key) rtea_init()
+    #define aes_encrypt(out, in, b) rtea_encrypt(out, in, b)
+    #define aes_decrypt(out, in, b) rtea_decrypt(out, in, b)
+
 #else
     #undef DFU_USE_CIPHER
     #define CRYPTO_BLKSIZE 1
diff --git a/inc/rtea.h b/inc/rtea.h
new file mode 100644
index 0000000..37432c6
--- /dev/null
+++ b/inc/rtea.h
@@ -0,0 +1,34 @@
+/* This file is the part of the STM32 secure bootloader
+ *
+ * Ruptor's TEA or Repaired TEA
+ *
+ * Copyright ©2017 Dmitry Filimonchuk <dmitrystu[at]gmail[dot]com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _RTEA_H_
+#define _RTEA_H_
+#if defined(__cplusplus)
+    extern "C" {
+#endif
+
+#define CRYPTO_BLKSIZE 8
+#define CRYPTO_NAME    "RTEA 64/64/256-CBC"
+
+void rtea_init(void);
+void rtea_encrypt(uint32_t *out, const uint32_t *in, int32_t bytes);
+void rtea_decrypt(uint32_t *out, const uint32_t *in, int32_t bytes);
+
+#if defined(__cplusplus)
+    }
+#endif
+#endif // _RTEA_H_
diff --git a/src/rtea.c b/src/rtea.c
new file mode 100644
index 0000000..acfc3f1
--- /dev/null
+++ b/src/rtea.c
@@ -0,0 +1,76 @@
+/* This file is the part of the STM32 secure bootloader
+ *
+ * Ruptor's TEA or Repaired TEA
+ *
+ * Copyright ©2017 Dmitry Filimonchuk <dmitrystu[at]gmail[dot]com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include "misc.h"
+#include "config.h"
+#include "rtea.h"
+
+#define rounds  64
+
+static const uint8_t key[]  = {DFU_AES_KEY_A, DFU_AES_KEY_B};
+static uint32_t K[8];
+static uint32_t CK[2];
+
+static void rtea_encrypt_block(uint32_t *out, const uint32_t *in) {
+    uint32_t A = in[0] ^ CK[0];
+    uint32_t B = in[1] ^ CK[1];
+    for (int32_t i = 0; i < rounds; i++) {
+        B += A + ((A << 6) ^ (A >> 8)) + K[i & 0x07] + i;
+        i++;
+        A += B + ((B << 6) ^ (B >> 8)) + K[i & 0x07] + i;
+    }
+    out[0] = CK[0] = A;
+    out[1] = CK[1] = B;
+}
+
+static void rtea_decrypt_block(uint32_t *out, const uint32_t *in) {
+    uint32_t A = in[0];
+    uint32_t B = in[1];
+    for (int32_t i = (rounds - 1); i >= 0; i--) {
+        A -= B + ((B << 6) ^ (B >> 8)) + K[i & 0x07] + i;
+        i--;
+        B -= A + ((A << 6) ^ (A >> 8)) + K[i & 0x07] + i;
+    }
+
+    A ^= CK[0]; CK[0] = in[0]; out[0] = A;
+    B ^= CK[1]; CK[1] = in[1]; out[1] = B;
+}
+
+void rtea_init(void) {
+    __memcpy(K, key, sizeof(K));
+    CK[0] = DFU_AES_NONCE0;
+    CK[1] = DFU_AES_NONCE1;
+}
+
+void rtea_encrypt(uint32_t *out, const uint32_t *in, int32_t bytes) {
+    while(bytes > 0) {
+        rtea_encrypt_block(out, in);
+        in += 2;
+        out += 2;
+        bytes -= 0x08;
+    }
+}
+
+void rtea_decrypt(uint32_t *out, const uint32_t *in, int32_t bytes) {
+    while(bytes > 0) {
+        rtea_decrypt_block(out, in);
+        in += 2;
+        out += 2;
+        bytes -= 0x08;
+    }
+}