ReactOS 0.4.16-dev-297-gc569aee
|
Blowfish block cipher. More...
Go to the source code of this file.
Classes | |
struct | mbedtls_blowfish_context |
Blowfish context structure. More... | |
Macros | |
#define | MBEDTLS_BLOWFISH_ENCRYPT 1 |
#define | MBEDTLS_BLOWFISH_DECRYPT 0 |
#define | MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 |
#define | MBEDTLS_BLOWFISH_MIN_KEY_BITS 32 |
#define | MBEDTLS_BLOWFISH_ROUNDS 16 |
#define | MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ |
#define | MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) |
#define | MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 |
#define | MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 |
#define | MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 |
Typedefs | |
typedef struct mbedtls_blowfish_context | mbedtls_blowfish_context |
Blowfish context structure. | |
Blowfish block cipher.
Definition in file blowfish.h.
Definition at line 68 of file blowfish.h.
#define MBEDTLS_BLOWFISH_DECRYPT 0 |
Definition at line 64 of file blowfish.h.
#define MBEDTLS_BLOWFISH_ENCRYPT 1 |
Definition at line 63 of file blowfish.h.
#define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 |
Definition at line 65 of file blowfish.h.
#define MBEDTLS_BLOWFISH_MIN_KEY_BITS 32 |
Definition at line 66 of file blowfish.h.
#define MBEDTLS_BLOWFISH_ROUNDS 16 |
Rounds to use. When increasing this value, make sure to extend the initialisation vectors
Definition at line 67 of file blowfish.h.
#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 |
Bad input data.
Definition at line 73 of file blowfish.h.
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 |
Blowfish hardware accelerator failed.
Definition at line 79 of file blowfish.h.
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 |
Invalid data input length.
Definition at line 75 of file blowfish.h.
#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) |
Definition at line 71 of file blowfish.h.
Blowfish context structure.
int mbedtls_blowfish_crypt_cbc | ( | mbedtls_blowfish_context * | ctx, |
int | mode, | ||
size_t | length, | ||
unsigned char | iv[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
Perform a Blowfish-CBC buffer encryption/decryption operation.
ctx | The Blowfish context to use. This must be initialized and bound to a key. |
mode | The mode of operation. Possible values are MBEDTLS_BLOWFISH_ENCRYPT for encryption, or MBEDTLS_BLOWFISH_DECRYPT for decryption. |
length | The length of the input data in Bytes. This must be multiple of 8 . |
iv | The initialization vector. This must be a read/write buffer of length 8 Bytes. It is updated by this function. |
input | The input data. This must be a readable buffer of length length Bytes. |
output | The output data. This must be a writable buffer of length length Bytes. |
0
if successful. int mbedtls_blowfish_crypt_cfb64 | ( | mbedtls_blowfish_context * | ctx, |
int | mode, | ||
size_t | length, | ||
size_t * | iv_off, | ||
unsigned char | iv[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
Perform a Blowfish CFB buffer encryption/decryption operation.
ctx | The Blowfish context to use. This must be initialized and bound to a key. |
mode | The mode of operation. Possible values are MBEDTLS_BLOWFISH_ENCRYPT for encryption, or MBEDTLS_BLOWFISH_DECRYPT for decryption. |
length | The length of the input data in Bytes. |
iv_off | The offset in the initialiation vector. The value pointed to must be smaller than 8 Bytes. It is updated by this function to support the aforementioned streaming usage. |
iv | The initialization vector. This must be a read/write buffer of size 8 Bytes. It is updated after use. |
input | The input data. This must be a readable buffer of length length Bytes. |
output | The output data. This must be a writable buffer of length length Bytes. |
0
if successful. int mbedtls_blowfish_crypt_ctr | ( | mbedtls_blowfish_context * | ctx, |
size_t | length, | ||
size_t * | nc_off, | ||
unsigned char | nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
unsigned char | stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
const unsigned char * | input, | ||
unsigned char * | output | ||
) |
Perform a Blowfish-CTR buffer encryption/decryption operation.
There are two common strategies for managing nonces with CTR:
nonce_counter
and nc_off
to 0 for the first call, and then preserve the values of nonce_counter
, nc_off
and stream_block
across calls to this function as they will be updated by this function.With this strategy, you must not encrypt more than 2**64 blocks of data with the same key.
nonce_counter
buffer in two areas: the first one used for a per-message nonce, handled by yourself, and the second one updated by this function internally.For example, you might reserve the first 4 bytes for the per-message nonce, and the last 4 bytes for internal use. In that case, before calling this function on a new message you need to set the first 4 bytes of nonce_counter
to your chosen nonce value, the last 4 to 0, and nc_off
to 0 (which will cause stream_block
to be ignored). That way, you can encrypt at most 2**32 messages of up to 2**32 blocks each with the same key.
The per-message nonce (or information sufficient to reconstruct it) needs to be communicated with the ciphertext and must be unique. The recommended way to ensure uniqueness is to use a message counter.
Note that for both stategies, sizes are measured in blocks and that a Blowfish block is 8 bytes.
stream_block
contains sensitive data. Its content must not be written to insecure storage and should be securely discarded as soon as it's no longer needed.ctx | The Blowfish context to use. This must be initialized and bound to a key. |
length | The length of the input data in Bytes. |
nc_off | The offset in the current stream_block (for resuming within current cipher stream). The offset pointer should be 0 at the start of a stream and must be smaller than 8 . It is updated by this function. |
nonce_counter | The 64-bit nonce and counter. This must point to a read/write buffer of length 8 Bytes. |
stream_block | The saved stream-block for resuming. This must point to a read/write buffer of length 8 Bytes. |
input | The input data. This must be a readable buffer of length length Bytes. |
output | The output data. This must be a writable buffer of length length Bytes. |
0
if successful. int mbedtls_blowfish_crypt_ecb | ( | mbedtls_blowfish_context * | ctx, |
int | mode, | ||
const unsigned char | input[MBEDTLS_BLOWFISH_BLOCKSIZE], | ||
unsigned char | output[MBEDTLS_BLOWFISH_BLOCKSIZE] | ||
) |
Perform a Blowfish-ECB block encryption/decryption operation.
ctx | The Blowfish context to use. This must be initialized and bound to a key. |
mode | The mode of operation. Possible values are MBEDTLS_BLOWFISH_ENCRYPT for encryption, or MBEDTLS_BLOWFISH_DECRYPT for decryption. |
input | The input block. This must be a readable buffer of size 8 Bytes. |
output | The output block. This must be a writable buffer of size 8 Bytes. |
0
if successful. void mbedtls_blowfish_free | ( | mbedtls_blowfish_context * | ctx | ) |
Clear a Blowfish context.
ctx | The Blowfish context to be cleared. This may be NULL , in which case this function returns immediately. If it is not NULL , it must point to an initialized Blowfish context. |
void mbedtls_blowfish_init | ( | mbedtls_blowfish_context * | ctx | ) |
Initialize a Blowfish context.
ctx | The Blowfish context to be initialized. This must not be NULL . |
int mbedtls_blowfish_setkey | ( | mbedtls_blowfish_context * | ctx, |
const unsigned char * | key, | ||
unsigned int | keybits | ||
) |
Perform a Blowfish key schedule operation.
ctx | The Blowfish context to perform the key schedule on. |
key | The encryption key. This must be a readable buffer of length keybits Bits. |
keybits | The length of key in Bits. This must be between 32 and 448 and a multiple of 8 . |
0
if successful.