mbed TLS v2.12.0
Data Structures | Macros | Functions
blowfish.h File Reference

Blowfish block cipher. More...

#include "config.h"
#include <stddef.h>
#include <stdint.h>
Include dependency graph for blowfish.h:

Go to the source code of this file.

Data Structures

struct  mbedtls_blowfish_context
 Blowfish context structure. More...
 

Macros

#define MBEDTLS_BLOWFISH_ENCRYPT   1
 
#define MBEDTLS_BLOWFISH_DECRYPT   0
 
#define MBEDTLS_BLOWFISH_MAX_KEY_BITS   448
 
#define MBEDTLS_BLOWFISH_MIN_KEY_BITS   32
 
#define MBEDTLS_BLOWFISH_ROUNDS   16
 
#define MBEDTLS_BLOWFISH_BLOCKSIZE   8 /* Blowfish uses 64 bit blocks */
 
#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH   -0x0016
 
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED   -0x0017
 
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH   -0x0018
 

Functions

void mbedtls_blowfish_init (mbedtls_blowfish_context *ctx)
 Initialize Blowfish context. More...
 
void mbedtls_blowfish_free (mbedtls_blowfish_context *ctx)
 Clear Blowfish context. More...
 
int mbedtls_blowfish_setkey (mbedtls_blowfish_context *ctx, const unsigned char *key, unsigned int keybits)
 Blowfish key schedule. More...
 
int mbedtls_blowfish_crypt_ecb (mbedtls_blowfish_context *ctx, int mode, const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE])
 Blowfish-ECB block encryption/decryption. More...
 
int mbedtls_blowfish_crypt_cbc (mbedtls_blowfish_context *ctx, int mode, size_t length, unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], const unsigned char *input, unsigned char *output)
 Blowfish-CBC buffer encryption/decryption Length should be a multiple of the block size (8 bytes) More...
 
int mbedtls_blowfish_crypt_cfb64 (mbedtls_blowfish_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], const unsigned char *input, unsigned char *output)
 Blowfish CFB buffer encryption/decryption. More...
 
int mbedtls_blowfish_crypt_ctr (mbedtls_blowfish_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], const unsigned char *input, unsigned char *output)
 Blowfish-CTR buffer encryption/decryption. More...
 

Detailed Description

Blowfish block cipher.

Definition in file blowfish.h.

Macro Definition Documentation

#define MBEDTLS_BLOWFISH_BLOCKSIZE   8 /* Blowfish uses 64 bit blocks */

Definition at line 41 of file blowfish.h.

#define MBEDTLS_BLOWFISH_DECRYPT   0

Definition at line 37 of file blowfish.h.

#define MBEDTLS_BLOWFISH_ENCRYPT   1

Definition at line 36 of file blowfish.h.

#define MBEDTLS_BLOWFISH_MAX_KEY_BITS   448

Definition at line 38 of file blowfish.h.

#define MBEDTLS_BLOWFISH_MIN_KEY_BITS   32

Definition at line 39 of file blowfish.h.

#define MBEDTLS_BLOWFISH_ROUNDS   16

Rounds to use. When increasing this value, make sure to extend the initialisation vectors

Definition at line 40 of file blowfish.h.

#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED   -0x0017

Blowfish hardware accelerator failed.

Definition at line 44 of file blowfish.h.

#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH   -0x0018

Invalid data input length.

Definition at line 45 of file blowfish.h.

#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH   -0x0016

Invalid key length.

Definition at line 43 of file blowfish.h.

Function Documentation

int mbedtls_blowfish_crypt_cbc ( mbedtls_blowfish_context ctx,
int  mode,
size_t  length,
unsigned char  iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
const unsigned char *  input,
unsigned char *  output 
)

Blowfish-CBC buffer encryption/decryption Length should be a multiple of the block size (8 bytes)

Note
Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
Parameters
ctxBlowfish context
modeMBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
lengthlength of the input data
ivinitialization vector (updated after use)
inputbuffer holding the input data
outputbuffer holding the output data
Returns
0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
int mbedtls_blowfish_crypt_cfb64 ( mbedtls_blowfish_context ctx,
int  mode,
size_t  length,
size_t *  iv_off,
unsigned char  iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
const unsigned char *  input,
unsigned char *  output 
)

Blowfish CFB buffer encryption/decryption.

Note
Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
Parameters
ctxBlowfish context
modeMBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
lengthlength of the input data
iv_offoffset in IV (updated after use)
ivinitialization vector (updated after use)
inputbuffer holding the input data
outputbuffer holding the output data
Returns
0 if successful
int mbedtls_blowfish_crypt_ctr ( mbedtls_blowfish_context ctx,
size_t  length,
size_t *  nc_off,
unsigned char  nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
unsigned char  stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
const unsigned char *  input,
unsigned char *  output 
)

Blowfish-CTR buffer encryption/decryption.

Warning
You must never reuse a nonce value with the same key. Doing so would void the encryption for the two messages encrypted with the same nonce and key.

There are two common strategies for managing nonces with CTR:

  1. You can handle everything as a single message processed over successive calls to this function. In that case, you want to set nonce_counter and nc_off to 0 for the first call, and then preserve the values of nonce_counter, nc_off and stream_block across calls to this function as they will be updated by this function.

With this strategy, you must not encrypt more than 2**64 blocks of data with the same key.

  1. You can encrypt separate messages by dividing the nonce_counter buffer in two areas: the first one used for a per-message nonce, handled by yourself, and the second one updated by this function internally.

For example, you might reserve the first 4 bytes for the per-message nonce, and the last 4 bytes for internal use. In that case, before calling this function on a new message you need to set the first 4 bytes of nonce_counter to your chosen nonce value, the last 4 to 0, and nc_off to 0 (which will cause stream_block to be ignored). That way, you can encrypt at most 2**32 messages of up to 2**32 blocks each with the same key.

The per-message nonce (or information sufficient to reconstruct it) needs to be communicated with the ciphertext and must be unique. The recommended way to ensure uniqueness is to use a message counter.

Note that for both stategies, sizes are measured in blocks and that a Blowfish block is 8 bytes.

Warning
Upon return, stream_block contains sensitive data. Its content must not be written to insecure storage and should be securely discarded as soon as it's no longer needed.
Parameters
ctxBlowfish context
lengthThe length of the data
nc_offThe offset in the current stream_block (for resuming within current cipher stream). The offset pointer to should be 0 at the start of a stream.
nonce_counterThe 64-bit nonce and counter.
stream_blockThe saved stream-block for resuming. Is overwritten by the function.
inputThe input data stream
outputThe output data stream
Returns
0 if successful
int mbedtls_blowfish_crypt_ecb ( mbedtls_blowfish_context ctx,
int  mode,
const unsigned char  input[MBEDTLS_BLOWFISH_BLOCKSIZE],
unsigned char  output[MBEDTLS_BLOWFISH_BLOCKSIZE] 
)

Blowfish-ECB block encryption/decryption.

Parameters
ctxBlowfish context
modeMBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
input8-byte input block
output8-byte output block
Returns
0 if successful
void mbedtls_blowfish_free ( mbedtls_blowfish_context ctx)

Clear Blowfish context.

Parameters
ctxBlowfish context to be cleared
void mbedtls_blowfish_init ( mbedtls_blowfish_context ctx)

Initialize Blowfish context.

Parameters
ctxBlowfish context to be initialized
int mbedtls_blowfish_setkey ( mbedtls_blowfish_context ctx,
const unsigned char *  key,
unsigned int  keybits 
)

Blowfish key schedule.

Parameters
ctxBlowfish context to be initialized
keyencryption key
keybitsmust be between 32 and 448 bits
Returns
0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH