4 * \brief Blowfish block cipher
6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: Apache-2.0
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * This file is part of mbed TLS (https://tls.mbed.org)
23 #ifndef MBEDTLS_BLOWFISH_H
24 #define MBEDTLS_BLOWFISH_H
26 #if !defined(MBEDTLS_CONFIG_FILE)
29 #include MBEDTLS_CONFIG_FILE
35 #define MBEDTLS_BLOWFISH_ENCRYPT 1
36 #define MBEDTLS_BLOWFISH_DECRYPT 0
37 #define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448
38 #define MBEDTLS_BLOWFISH_MIN_KEY_BITS 32
39 #define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
40 #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
42 #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
43 #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
45 #if !defined(MBEDTLS_BLOWFISH_ALT)
46 // Regular implementation
54 * \brief Blowfish context structure
58 uint32_t P
[MBEDTLS_BLOWFISH_ROUNDS
+ 2]; /*!< Blowfish round keys */
59 uint32_t S
[4][256]; /*!< key dependent S-boxes */
61 mbedtls_blowfish_context
;
64 * \brief Initialize Blowfish context
66 * \param ctx Blowfish context to be initialized
68 void mbedtls_blowfish_init( mbedtls_blowfish_context
*ctx
);
71 * \brief Clear Blowfish context
73 * \param ctx Blowfish context to be cleared
75 void mbedtls_blowfish_free( mbedtls_blowfish_context
*ctx
);
78 * \brief Blowfish key schedule
80 * \param ctx Blowfish context to be initialized
81 * \param key encryption key
82 * \param keybits must be between 32 and 448 bits
84 * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
86 int mbedtls_blowfish_setkey( mbedtls_blowfish_context
*ctx
, const unsigned char *key
,
87 unsigned int keybits
);
90 * \brief Blowfish-ECB block encryption/decryption
92 * \param ctx Blowfish context
93 * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
94 * \param input 8-byte input block
95 * \param output 8-byte output block
97 * \return 0 if successful
99 int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context
*ctx
,
101 const unsigned char input
[MBEDTLS_BLOWFISH_BLOCKSIZE
],
102 unsigned char output
[MBEDTLS_BLOWFISH_BLOCKSIZE
] );
104 #if defined(MBEDTLS_CIPHER_MODE_CBC)
106 * \brief Blowfish-CBC buffer encryption/decryption
107 * Length should be a multiple of the block
110 * \note Upon exit, the content of the IV is updated so that you can
111 * call the function same function again on the following
112 * block(s) of data and get the same result as if it was
113 * encrypted in one call. This allows a "streaming" usage.
114 * If on the other hand you need to retain the contents of the
115 * IV, you should either save it manually or use the cipher
118 * \param ctx Blowfish context
119 * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
120 * \param length length of the input data
121 * \param iv initialization vector (updated after use)
122 * \param input buffer holding the input data
123 * \param output buffer holding the output data
125 * \return 0 if successful, or
126 * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
128 int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context
*ctx
,
131 unsigned char iv
[MBEDTLS_BLOWFISH_BLOCKSIZE
],
132 const unsigned char *input
,
133 unsigned char *output
);
134 #endif /* MBEDTLS_CIPHER_MODE_CBC */
136 #if defined(MBEDTLS_CIPHER_MODE_CFB)
138 * \brief Blowfish CFB buffer encryption/decryption.
140 * \note Upon exit, the content of the IV is updated so that you can
141 * call the function same function again on the following
142 * block(s) of data and get the same result as if it was
143 * encrypted in one call. This allows a "streaming" usage.
144 * If on the other hand you need to retain the contents of the
145 * IV, you should either save it manually or use the cipher
148 * \param ctx Blowfish context
149 * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
150 * \param length length of the input data
151 * \param iv_off offset in IV (updated after use)
152 * \param iv initialization vector (updated after use)
153 * \param input buffer holding the input data
154 * \param output buffer holding the output data
156 * \return 0 if successful
158 int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context
*ctx
,
162 unsigned char iv
[MBEDTLS_BLOWFISH_BLOCKSIZE
],
163 const unsigned char *input
,
164 unsigned char *output
);
165 #endif /*MBEDTLS_CIPHER_MODE_CFB */
167 #if defined(MBEDTLS_CIPHER_MODE_CTR)
169 * \brief Blowfish-CTR buffer encryption/decryption
171 * Warning: You have to keep the maximum use of your counter in mind!
173 * \param ctx Blowfish context
174 * \param length The length of the data
175 * \param nc_off The offset in the current stream_block (for resuming
176 * within current cipher stream). The offset pointer to
177 * should be 0 at the start of a stream.
178 * \param nonce_counter The 64-bit nonce and counter.
179 * \param stream_block The saved stream-block for resuming. Is overwritten
181 * \param input The input data stream
182 * \param output The output data stream
184 * \return 0 if successful
186 int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context
*ctx
,
189 unsigned char nonce_counter
[MBEDTLS_BLOWFISH_BLOCKSIZE
],
190 unsigned char stream_block
[MBEDTLS_BLOWFISH_BLOCKSIZE
],
191 const unsigned char *input
,
192 unsigned char *output
);
193 #endif /* MBEDTLS_CIPHER_MODE_CTR */
199 #else /* MBEDTLS_BLOWFISH_ALT */
200 #include "blowfish_alt.h"
201 #endif /* MBEDTLS_BLOWFISH_ALT */
203 #endif /* blowfish.h */