13,297,547 members (54,331 online)
alternative version

#### Stats

76.1K views
48 bookmarked
Posted 8 Dec 2008

, 20 Dec 2008
 Rate this:
Easy to use crypto class that uses TEA, XTEA and XXTEA standards

## Introduction

When we want to hide data for our user based on simple data types we could sometimes ask for a simple and straight forward approach - like a class, a lib or a DLL or something - not necessarily going into all kinds of details and crypto-theory for experts only. This is what this small project is all about. Using the one-and-only class in it `CEncryptDecrypt`, one will be able to encrypt and decrypt simple data types, say to- and from the registry in C.

## Background

The basic ideas are held simple: I wanted to hide a PIN code in the registry to begin with in a safe manner. Just wanted to write the PIN down and reading it up again to a (another) program needing it. To do so, I first had to encrypt the value like "2416", then deliver it and then later do the opposite thing reading it back. I had no idea how to do so even "pretty" safe - so to begin with, I simply Googled the problem instead of going into drowning myself in an overwhelming crypto API that I did not understand and perhaps it turned out a little overkill. Soon I was lead to a series of articles, more or less linked, in Wikipedia (Wiki). Hence this code is based on Wiki knowledge and not a crypto API.

Also, downloading and reading this article, please keep in mind that I'm not in any way a crypto expert - not at all and just at the beginning - again; I just want to be able to do crypto things the simple way... and then ok perhaps some day go more into the theory and mathematics behind. For a discussion on these subjects, please follow the links I've added to the core methods in the class - this is: TEA, XTEA and XXTEA.

## Using the Code

The class is based on three algorithms: The Tiny Encryption Algorithm (called TEA) and two extended and more safe versions of it called XTEA and XXTEA to think of as derivatives of the first.

Given below is a brief description of how to use the project and the code. From the outside, this is really simple - as I wanted it.

Build the project and run the dialog now. You are now enabled to encrypt/decrypt: `int`, `TCHAR `and `CString `- this is sufficient in its first version and for most enterprises. To encrypt an `int`, press "`Encrypt int`" and to have it back press "`Decrypt int`". Likewise for the other types. I'm well aware that there are people out there that can perhaps attack this encryption with their super computer and super brains but to obscure information for the average user, this should be enough - I hope. :-) Also the articles and the Internet are flooded with information about attack principles - interesting stuff but outside the scope of my article and a fast 95% and 'pretty safe' solution. Anyway nothing is good enough and 100%.

```//
// To create a CEncryptDecrypt instance.
//
m_pEncryptDecrypt = new CEncryptDecrypt();```

This makes you access the simplest standard - TEA - by default.

```//
// To use another standard.
//
new CEncryptDecrypt(CEncryptDecrypt::eXTEA)
// or
new CEncryptDecrypt(CEncryptDecrypt::eXXTEA)```

Or call `m_pEncryptDecrypt->SetEncryptionStandard(CEncryptDecrypt::eXTEA)` on the fly. To encrypt a value, you go:

```//
// To encrypt.
//
m_pEncryptDecrypt->Encrypt(456)
// or
m_pEncryptDecrypt->Encrypt('F')
// or
m_pEncryptDecrypt->Encrypt(CString(_T("Hey you."))).```

While the objects are in its encrypted state, the values are held in a vector inside the class. The class then exposes methods to build a comma separated list from or to the vector. In that way, the vector can be wiped and later reconstructed and meanwhile stored in a file or in the registry. Going the other way and decrypting is - big surprise - likewise simple:

```//
// To decrypt.
//
int iVal = 0;
m_pEncryptDecrypt->Decrypt(iVal)
// or
TCHAR chVal = 0;
m_pEncryptDecrypt->Decrypt(chVal)
// or
CString cstrVal(_T(""));
m_pEncryptDecrypt->Decrypt(cstrVal)```

That's it folks - crypto for dummies.

## TEA in C

Keysize is 128 bits in TEA and XTEA and bigger in XXTEA (>= 4 WORDS of 32 bits). To make it work, you have to decide on a magic and arbitrary number as well - to understand how it works find: `#define MAGIC_KEY 3594 `in the implementation. This is more or less how Wiki defines the TEA routine:

```inline const void TEAEncrypt(const int iOffset)
// Core encryption method (TEA) inspired from
// http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm.
{
ULONG ulSum = 0;
ULONG ulVec[SIZE_OF_VEC_TEA] = { GetVec(iOffset + 0), GetVec(iOffset + 1) };
for(register int iBit = 0; iBit < 32; iBit++)
{
ulSum += m_ulDelta;
ulVec[0] += ((ulVec[1] << 4) + m_uKey[0]) ^
(ulVec[1] + ulSum) ^ ((ulVec[1] >> 5) + m_uKey[1]);
ulVec[1] += ((ulVec[0] << 4) + m_uKey[2]) ^
(ulVec[0] + ulSum) ^ ((ulVec[0] >> 5) + m_uKey[3]);
}
SetVec(iOffset + 0, ulVec[0]);
SetVec(iOffset + 1, ulVec[1]);
}
inline const void TEADecrypt(const int iOffset)
// Core decryption method (TEA) inspired from
// http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm.
{
ULONG ulSum = 0xc6ef3720;
ULONG ulVec[SIZE_OF_VEC_TEA] = { GetVec(iOffset + 0), GetVec(iOffset + 1) };
for(register int iBit = 0; iBit < 32; iBit++)
{
ulVec[1] -= ((ulVec[0] << 4) + m_uKey[2]) ^
(ulVec[0] + ulSum) ^ ((ulVec[0] >> 5) + m_uKey[3]);
ulVec[0] -= ((ulVec[1] << 4) + m_uKey[0]) ^
(ulVec[1] + ulSum) ^ ((ulVec[1] >> 5) + m_uKey[1]);
ulSum -= m_ulDelta;
}
SetVec(iOffset + 0, ulVec[0]);
SetVec(iOffset + 1, ulVec[1]);
}```

As for the others, please see the implementation for details. The implementation of XXTEA are split in two and not one like Wiki suggested it. Exposed `public `methods for calling encrypt/decrypt logic are directing the call to the right method one level below based on an `enum EEncryptDecryptStandard `for what standard you want to deal with. Don't change the standard while encrypted! Always encrypt/decrypt using the same - like XTEA! To better understand the mechanism, please see TEA for a graphic display on what's going on at the operator level, etc. To speed up things a little, I'm working on a local counterpart of the part of the original class-owned vector in the core methods. So that's why I copy to an array before I do anything and afterwards from the array to the vector using the `SetVec(...)`/`GetVec(...)`.

## Points of Interest

This class can without any problems be converted into a C# class - all code is inlined. The project is in VC8.0 and should have been 9.0 - but my environment is not right now keen to let me build an MFC dialog from the wizard. But this is really not important. Please come up with ideas to improve the class. I don't say these algorithms are the best, but they are small and easy to implement. I think it would be easy to extend the class with more and even safer crypto-routines in the future. Wiki has a lot, it seems.

## Problems and Ideas

I don't find the comma separated list exactly an elegant solution. Perhaps it's better to stream the vector to a file or some bit-stream? Hope you like it anyway.

## History

• 1.00: 08.12.08: Initial version
• 1.10: 18.12.08: Replaced MFC `CArray<T, T>` with SLT `vector<T>` to loosen MFC dependence. New `Encrypt(...)`/`Decrypt(...)` methods work with `char[]`.

## Share

 Software Developer (Senior) Denmark
c/c++/c# -developer.

## You may also be interested in...

 First PrevNext
 fatal error C1859 mrhydn23-Sep-12 21:26 mrhydn 23-Sep-12 21:26
 Re: fatal error C1859 Michael Pauli23-Sep-12 22:59 Michael Pauli 23-Sep-12 22:59
 My vote of 5 manoj kumar choubey29-Mar-12 21:17 manoj kumar choubey 29-Mar-12 21:17
 XXTea Jose A Pascoa11-Oct-11 7:06 Jose A Pascoa 11-Oct-11 7:06
 For VC 2003 ? MroMarcosKim15-Oct-10 11:29 MroMarcosKim 15-Oct-10 11:29
 Re: For VC 2003 ? Michael Mogensen23-Oct-10 4:18 Michael Mogensen 23-Oct-10 4:18
 src BMW74025-Aug-10 1:42 BMW740 25-Aug-10 1:42
 Re: src Michael Mogensen25-Aug-10 3:11 Michael Mogensen 25-Aug-10 3:11
 Re: src BMW74025-Aug-10 3:14 BMW740 25-Aug-10 3:14
 Re: src Michael Mogensen25-Aug-10 4:17 Michael Mogensen 25-Aug-10 4:17
 Good information Dr.Luiji16-Dec-08 12:39 Dr.Luiji 16-Dec-08 12:39
 Re: Good information Michael Mogensen18-Dec-08 16:02 Michael Mogensen 18-Dec-08 16:02
 Re: Good information Dr.Luiji18-Dec-08 22:44 Dr.Luiji 18-Dec-08 22:44
 Great, the simplified approach is good enough for manu occasions Tage Lejon11-Dec-08 0:48 Tage Lejon 11-Dec-08 0:48
 Encryption needn’t to be water-proof, and simplicity of being able to do encryption and decryption is really appreciated. An easy-to use API, as provided by you, should be good enough for most developers, I believe. Just as they don't need to know the details of how OS create and handles memory, threads and process, they should not bother too much of how encryption is done behind the curtain, to be productive in making powerful applications with many nice features.
 Two improvements desired Tage Lejon11-Dec-08 3:27 Tage Lejon 11-Dec-08 3:27
 Good ideas Michael Mogensen11-Dec-08 4:24 Michael Mogensen 11-Dec-08 4:24
 Re: Good ideas Tage Lejon11-Dec-08 6:03 Tage Lejon 11-Dec-08 6:03
 Re: Good ideas Michael Mogensen12-Dec-08 4:06 Michael Mogensen 12-Dec-08 4:06
 When is simple good? supercat99-Dec-08 10:12 supercat9 9-Dec-08 10:12
 Good point Michael Mogensen11-Dec-08 4:38 Michael Mogensen 11-Dec-08 4:38
 Nice but.. axelriet8-Dec-08 14:45 axelriet 8-Dec-08 14:45
 Re: Nice but.. Michael Mogensen8-Dec-08 15:24 Michael Mogensen 8-Dec-08 15:24
 Re: Nice but.. axelriet9-Dec-08 18:53 axelriet 9-Dec-08 18:53
 The key is secret Michael Mogensen11-Dec-08 4:43 Michael Mogensen 11-Dec-08 4:43
 Re: The key is secret Nnamdi Onyeyiri
 Last Visit: 31-Dec-99 19:00     Last Update: 15-Dec-17 20:47 Refresh 12 Next »