Blowfish block cipher. More...
Go to the source code of this file.
Classes | |
| struct | mbedtls_blowfish_context |
| Blowfish context structure. More... | |
Macros | |
| #define | MBEDTLS_BLOWFISH_ENCRYPT 1 |
| #define | MBEDTLS_BLOWFISH_DECRYPT 0 |
| #define | MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 |
| #define | MBEDTLS_BLOWFISH_MIN_KEY_BITS 32 |
| #define | MBEDTLS_BLOWFISH_ROUNDS 16 |
| #define | MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ |
| #define | MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) |
| #define | MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 |
| #define | MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 |
| #define | MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 |
Typedefs | |
| typedef struct mbedtls_blowfish_context | mbedtls_blowfish_context |
| Blowfish context structure. | |
Detailed Description
Blowfish block cipher.
Definition in file blowfish.h.
Macro Definition Documentation
◆ MBEDTLS_BLOWFISH_BLOCKSIZE
Definition at line 68 of file blowfish.h.
◆ MBEDTLS_BLOWFISH_DECRYPT
| #define MBEDTLS_BLOWFISH_DECRYPT 0 |
Definition at line 64 of file blowfish.h.
◆ MBEDTLS_BLOWFISH_ENCRYPT
| #define MBEDTLS_BLOWFISH_ENCRYPT 1 |
Definition at line 63 of file blowfish.h.
◆ MBEDTLS_BLOWFISH_MAX_KEY_BITS
| #define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 |
Definition at line 65 of file blowfish.h.
◆ MBEDTLS_BLOWFISH_MIN_KEY_BITS
| #define MBEDTLS_BLOWFISH_MIN_KEY_BITS 32 |
Definition at line 66 of file blowfish.h.
◆ MBEDTLS_BLOWFISH_ROUNDS
| #define MBEDTLS_BLOWFISH_ROUNDS 16 |
Rounds to use. When increasing this value, make sure to extend the initialisation vectors
Definition at line 67 of file blowfish.h.
◆ MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
| #define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 |
Bad input data.
Definition at line 73 of file blowfish.h.
◆ MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED
| #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 |
Blowfish hardware accelerator failed.
Definition at line 79 of file blowfish.h.
◆ MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
| #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 |
Invalid data input length.
Definition at line 75 of file blowfish.h.
◆ MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
| #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) |
Definition at line 71 of file blowfish.h.
Typedef Documentation
◆ mbedtls_blowfish_context
Blowfish context structure.
Function Documentation
◆ mbedtls_blowfish_crypt_cbc()
| int mbedtls_blowfish_crypt_cbc | ( | mbedtls_blowfish_context * | ctx, |
| int | mode, | ||
| size_t | length, | ||
| unsigned char | iv[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
| const unsigned char * | input, | ||
| unsigned char * | output | ||
| ) |
Perform a Blowfish-CBC buffer encryption/decryption operation.
- Note
- Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
- Parameters
-
ctx The Blowfish context to use. This must be initialized and bound to a key. mode The mode of operation. Possible values are MBEDTLS_BLOWFISH_ENCRYPT for encryption, or MBEDTLS_BLOWFISH_DECRYPT for decryption. length The length of the input data in Bytes. This must be multiple of 8.iv The initialization vector. This must be a read/write buffer of length 8Bytes. It is updated by this function.input The input data. This must be a readable buffer of length lengthBytes.output The output data. This must be a writable buffer of length lengthBytes.
- Returns
0if successful.- A negative error code on failure.
◆ mbedtls_blowfish_crypt_cfb64()
| int mbedtls_blowfish_crypt_cfb64 | ( | mbedtls_blowfish_context * | ctx, |
| int | mode, | ||
| size_t | length, | ||
| size_t * | iv_off, | ||
| unsigned char | iv[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
| const unsigned char * | input, | ||
| unsigned char * | output | ||
| ) |
Perform a Blowfish CFB buffer encryption/decryption operation.
- Note
- Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
- Parameters
-
ctx The Blowfish context to use. This must be initialized and bound to a key. mode The mode of operation. Possible values are MBEDTLS_BLOWFISH_ENCRYPT for encryption, or MBEDTLS_BLOWFISH_DECRYPT for decryption. length The length of the input data in Bytes. iv_off The offset in the initialiation vector. The value pointed to must be smaller than 8Bytes. It is updated by this function to support the aforementioned streaming usage.iv The initialization vector. This must be a read/write buffer of size 8Bytes. It is updated after use.input The input data. This must be a readable buffer of length lengthBytes.output The output data. This must be a writable buffer of length lengthBytes.
- Returns
0if successful.- A negative error code on failure.
◆ mbedtls_blowfish_crypt_ctr()
| int mbedtls_blowfish_crypt_ctr | ( | mbedtls_blowfish_context * | ctx, |
| size_t | length, | ||
| size_t * | nc_off, | ||
| unsigned char | nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
| unsigned char | stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
| const unsigned char * | input, | ||
| unsigned char * | output | ||
| ) |
Perform a Blowfish-CTR buffer encryption/decryption operation.
- Warning
- You must never reuse a nonce value with the same key. Doing so would void the encryption for the two messages encrypted with the same nonce and key.
There are two common strategies for managing nonces with CTR:
- You can handle everything as a single message processed over successive calls to this function. In that case, you want to set
nonce_counterandnc_offto 0 for the first call, and then preserve the values ofnonce_counter,nc_offandstream_blockacross calls to this function as they will be updated by this function.
With this strategy, you must not encrypt more than 2**64 blocks of data with the same key.
- You can encrypt separate messages by dividing the
nonce_counterbuffer in two areas: the first one used for a per-message nonce, handled by yourself, and the second one updated by this function internally.
For example, you might reserve the first 4 bytes for the per-message nonce, and the last 4 bytes for internal use. In that case, before calling this function on a new message you need to set the first 4 bytes of nonce_counter to your chosen nonce value, the last 4 to 0, and nc_off to 0 (which will cause stream_block to be ignored). That way, you can encrypt at most 2**32 messages of up to 2**32 blocks each with the same key.
The per-message nonce (or information sufficient to reconstruct it) needs to be communicated with the ciphertext and must be unique. The recommended way to ensure uniqueness is to use a message counter.
Note that for both stategies, sizes are measured in blocks and that a Blowfish block is 8 bytes.
- Warning
- Upon return,
stream_blockcontains sensitive data. Its content must not be written to insecure storage and should be securely discarded as soon as it's no longer needed.
- Parameters
-
ctx The Blowfish context to use. This must be initialized and bound to a key. length The length of the input data in Bytes. nc_off The offset in the current stream_block (for resuming within current cipher stream). The offset pointer should be 0at the start of a stream and must be smaller than8. It is updated by this function.nonce_counter The 64-bit nonce and counter. This must point to a read/write buffer of length 8Bytes.stream_block The saved stream-block for resuming. This must point to a read/write buffer of length 8Bytes.input The input data. This must be a readable buffer of length lengthBytes.output The output data. This must be a writable buffer of length lengthBytes.
- Returns
0if successful.- A negative error code on failure.
◆ mbedtls_blowfish_crypt_ecb()
| int mbedtls_blowfish_crypt_ecb | ( | mbedtls_blowfish_context * | ctx, |
| int | mode, | ||
| const unsigned char | input[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
| unsigned char | output[MBEDTLS_BLOWFISH_BLOCKSIZE] | ||
| ) |
Perform a Blowfish-ECB block encryption/decryption operation.
- Parameters
-
ctx The Blowfish context to use. This must be initialized and bound to a key. mode The mode of operation. Possible values are MBEDTLS_BLOWFISH_ENCRYPT for encryption, or MBEDTLS_BLOWFISH_DECRYPT for decryption. input The input block. This must be a readable buffer of size 8Bytes.output The output block. This must be a writable buffer of size 8Bytes.
- Returns
0if successful.- A negative error code on failure.
◆ mbedtls_blowfish_free()
| void mbedtls_blowfish_free | ( | mbedtls_blowfish_context * | ctx | ) |
Clear a Blowfish context.
- Parameters
-
ctx The Blowfish context to be cleared. This may be NULL, in which case this function returns immediately. If it is notNULL, it must point to an initialized Blowfish context.
◆ mbedtls_blowfish_init()
| void mbedtls_blowfish_init | ( | mbedtls_blowfish_context * | ctx | ) |
Initialize a Blowfish context.
- Parameters
-
ctx The Blowfish context to be initialized. This must not be NULL.
◆ mbedtls_blowfish_setkey()
| int mbedtls_blowfish_setkey | ( | mbedtls_blowfish_context * | ctx, |
| const unsigned char * | key, | ||
| unsigned int | keybits | ||
| ) |
Perform a Blowfish key schedule operation.
- Parameters
-
ctx The Blowfish context to perform the key schedule on. key The encryption key. This must be a readable buffer of length keybitsBits.keybits The length of keyin Bits. This must be between32and448and a multiple of8.
- Returns
0if successful.- A negative error code on failure.
