TEA(Tiny Encryption Algorithm)是一种小型的对称加密解密算法,支持128位密码,与BlowFish一样TEA每次只能加密/解密8字节数据。TEA特点是速度快、效率高,实现也非常简单。由于针对TEA的攻击不断出现,所以TEA也发展出几个版本,分别是XTEA、Block TEA和XXTEA。
TEA加密和解密时都使用一个常量值,这个常量值为0x9e3779b,这个值是近似黄金分割率,注意,有些编程人员为了避免在程序中直接出现"mov 变量,0x9e3779b",以免被破解者直接搜索0x9e3779b这个常数得知使用TEA算法,所以有时会使用"sub 变量,0x61C88647"代替"mov 变量,0x9e3779b",0x61C88647=-(0x9e3779b)。
TEA算法每一次可以操作64bit(8byte),采用128bit(16byte)作为key,算法采用迭代的形式,推荐的迭代轮数是64轮,最少32轮。
标准的16轮运算TEA,如果要改成标准的32轮运算TEA,只需修改code和decode中的n为32,并将decode中的delta左移4位改成左移5位即可。
C#的实现代码:
- public static class Tea
- {
- public static byte[] Encrypt(byte[] data, byte[] key)
- {
- byte[] dataBytes;
- if (data.Length % 2 == 0)
- {
- datadataBytes = data;
- }
- else
- {
- dataBytes = new byte[data.Length + 1];
- Array.Copy(data, 0, dataBytes, 0, data.Length);
- dataBytes[data.Length] = 0x0;
- }
- byte[] result = new byte[dataBytes.Length * 4];
- uint[] formattedKey = FormatKey(key);
- uint[] tempData = new uint[2];
- for (int i = 0; i < dataBytes.Length; i += 2)
- {
- tempData[0] = dataBytes[i];
- tempData[1] = dataBytes[i + 1];
- code(tempData, formattedKey);
- Array.Copy(ConvertUIntToByteArray(tempData[0]), 0, result, i * 4, 4);
- Array.Copy(ConvertUIntToByteArray(tempData[1]), 0, result, i * 4 + 4, 4);
- }
- return result;
- }
- public static byte[] Decrypt(byte[] data, byte[] key)
- {
- uint[] formattedKey = FormatKey(key);
- int x = 0;
- uint[] tempData = new uint[2];
- byte[] dataBytes = new byte[data.Length / 8 * 2];
- for (int i = 0; i < data.Length; i += 8)
- {
- tempData[0] = ConvertByteArrayToUInt(data, i);
- tempData[1] = ConvertByteArrayToUInt(data, i + 4);
- decode(tempData, formattedKey);
- dataBytes[x++] = (byte)tempData[0];
- dataBytes[x++] = (byte)tempData[1];
- }
- //修剪添加的空字符
- if (dataBytes[dataBytes.Length - 1] == 0x0)
- {
- byte[] result = new byte[dataBytes.Length - 1];
- Array.Copy(dataBytes, 0, result, 0, dataBytes.Length - 1);
- }
- return dataBytes;
- }
- static uint[] FormatKey(byte[] key)
- {
- if (key.Length == 0)
- throw new ArgumentException("Key must be between 1 and 16 characters in length");
- byte[] refineKey = new byte[16];
- if (key.Length < 16)
- {
- Array.Copy(key, 0, refineKey, 0, key.Length);
- for (int k = key.Length; k < 16; k++)
- {
- refineKey[k] = 0x20;
- }
- }
- else
- {
- Array.Copy(key, 0, refineKey, 0, 16);
- }
- uint[] formattedKey = new uint[4];
- int j = 0;
- for (int i = 0; i < refineKey.Length; i += 4)
- formattedKey[j++] = ConvertByteArrayToUInt(refineKey, i);
- return formattedKey;
- }
- #region Tea Algorithm
- static void code(uint[] v, uint[] k)
- {
- uint y = v[0];
- uint z = v[1];
- uint sum = 0;
- uint delta = 0x9e3779b9;
- uint n = 16;
- while (n-- > 0)
- {
- sum += delta;
- y += (z << 4) + k[0] ^ z + sum ^ (z >> 5) + k[1];
- z += (y << 4) + k[2] ^ y + sum ^ (y >> 5) + k[3];
- }
- v[0] = y;
- v[1] = z;
- }
- static void decode(uint[] v, uint[] k)
- {
- uint n = 16;
- uint sum;
- uint y = v[0];
- uint z = v[1];
- uint delta = 0x9e3779b9;
- /*
- * 由于进行16轮运算,所以将delta左移4位,减16次后刚好为0.
- */
- sum = delta << 4;
- while (n-- > 0)
- {
- z -= (y << 4) + k[2] ^ y + sum ^ (y >> 5) + k[3];
- y -= (z << 4) + k[0] ^ z + sum ^ (z >> 5) + k[1];
- sum -= delta;
- }
- v[0] = y;
- v[1] = z;
- }
- #endregion
- private static byte[] ConvertUIntToByteArray(uint v)
- {
- byte[] result = new byte[4];
- result[0] = (byte)(v & 0xFF);
- result[1] = (byte)((v >> 8) & 0xFF);
- result[2] = (byte)((v >> 16) & 0xFF);
- result[3] = (byte)((v >> 24) & 0xFF);
- return result;
- }
- private static uint ConvertByteArrayToUInt(byte[] v, int offset)
- {
- if (offset + 4 > v.Length) return 0;
- uint output;
- output = (uint)v[offset];
- output |= (uint)(v[offset + 1] << 8);
- output |= (uint)(v[offset + 2] << 16);
- output |= (uint)(v[offset + 3] << 24);
- return output;
- }
- }
XTEA 跟 TEA 使用了相同的简单运算,但它采用了截然不同的顺序,为了阻止密钥表攻击,四个子密钥(在加密过程中,原 128 位的密钥被拆分为 4 个 32 位的子密钥)采用了一种不太正规的方式进行混合,但速度更慢了。在跟描述 XTEA 算法的同一份报告中,还介绍了另外一种被称为 Block TEA 算法的变种,它可以对 32 位大小任意倍数的变量块进行操作。该算法将 XTEA 轮循函数依次应用于块中的每个字,并且将它附加于它的邻字。该操作重复多少轮依赖于块的大小,但至少需要 6 轮。该方法的优势在于它无需操作模式(CBC,OFB,CFB 等),密钥可直接用于信息。对于长的信息它可能比 XTEA 更有效率。在 1998 年,Markku-Juhani Saarinen 给出了一个可有效攻击 Block TEA 算法的代码,但之后很快 David J. Wheeler 和 Roger M. Needham 就给出了 Block TEA 算法的修订版,这个算法被称为 XXTEA。XXTEA 使用跟 Block TEA 相似的结构,但在处理块中每个字时利用了相邻字。它利用一个更复杂的 MX 函数代替了 XTEA 轮循函数,MX 使用 2 个输入量。
- using System;
- class XXTEA
- {
- public static Byte[] Encrypt(Byte[] Data, Byte[] Key)
- {
- if (Data.Length == 0)
- {
- return Data;
- }
- return ToByteArray(Encrypt(ToUInt32Array(Data, true), ToUInt32Array(Key, false)), false);
- }
- public static Byte[] Decrypt(Byte[] Data, Byte[] Key)
- {
- if (Data.Length == 0)
- {
- return Data;
- }
- return ToByteArray(Decrypt(ToUInt32Array(Data, false), ToUInt32Array(Key, false)), true);
- }
- public static UInt32[] Encrypt(UInt32[] v, UInt32[] k)
- {
- Int32 n = v.Length - 1;
- if (n < 1)
- {
- return v;
- }
- if (k.Length < 4)
- {
- UInt32[] Key = new UInt32[4];
- k.CopyTo(Key, 0);
- k = Key;
- }
- UInt32 z = v[n], y = v[0], delta = 0x9E3779B9, sum = 0, e;
- Int32 p, q = 6 + 52 / (n + 1);
- while (q-- > 0)
- {
- sum = unchecked(sum + delta);
- e = sum >> 2 & 3;
- for (p = 0; p < n; p++)
- {
- y = v[p + 1];
- z = unchecked(v[p] += (z >> 5 ^ y << 2) + (y >> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z));
- }
- y = v[0];
- z = unchecked(v[n] += (z >> 5 ^ y << 2) + (y >> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z));
- }
- return v;
- }
- public static UInt32[] Decrypt(UInt32[] v, UInt32[] k)
- {
- Int32 n = v.Length - 1;
- if (n < 1)
- {
- return v;
- }
- if (k.Length < 4)
- {
- UInt32[] Key = new UInt32[4];
- k.CopyTo(Key, 0);
- k = Key;
- }
- UInt32 z = v[n], y = v[0], delta = 0x9E3779B9, sum, e;
- Int32 p, q = 6 + 52 / (n + 1);
- sum = unchecked((UInt32)(q * delta));
- while (sum != 0)
- {
- e = sum >> 2 & 3;
- for (p = n; p > 0; p--)
- {
- z = v[p - 1];
- y = unchecked(v[p] -= (z >> 5 ^ y << 2) + (y >> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z));
- }
- z = v[n];
- y = unchecked(v[0] -= (z >> 5 ^ y << 2) + (y >> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z));
- sum = unchecked(sum - delta);
- }
- return v;
- }
- private static UInt32[] ToUInt32Array(Byte[] Data, Boolean IncludeLength)
- {
- Int32 n = (((Data.Length & 3) == 0) ? (Data.Length >> 2) : ((Data.Length >> 2) + 1));
- UInt32[] Result;
- if (IncludeLength)
- {
- Result = new UInt32[n + 1];
- Result[n] = (UInt32)Data.Length;
- }
- else
- {
- Result = new UInt32[n];
- }
- n = Data.Length;
- for (Int32 i = 0; i < n; i++)
- {
- Result[i >> 2] |= (UInt32)Data[i] << ((i & 3) << 3);
- }
- return Result;
- }
- private static Byte[] ToByteArray(UInt32[] Data, Boolean IncludeLength)
- {
- Int32 n;
- if (IncludeLength)
- {
- n = (Int32)Data[Data.Length - 1];
- }
- else
- {
- n = Data.Length << 2;
- }
- Byte[] Result = new Byte[n];
- for (Int32 i = 0; i < n; i++)
- {
- Result[i] = (Byte)(Data[i >> 2] >> ((i & 3) << 3));
- }
- return Result;
- }
- }
本文转自linzheng 51CTO博客,原文链接:http://blog.51cto.com/linzheng/1078489