Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
blowfish.h
00001 /** 00002 * \file blowfish.h 00003 * 00004 * \brief Blowfish block cipher 00005 */ 00006 /* 00007 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00008 * SPDX-License-Identifier: Apache-2.0 00009 * 00010 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00011 * not use this file except in compliance with the License. 00012 * You may obtain a copy of the License at 00013 * 00014 * http://www.apache.org/licenses/LICENSE-2.0 00015 * 00016 * Unless required by applicable law or agreed to in writing, software 00017 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00018 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00019 * See the License for the specific language governing permissions and 00020 * limitations under the License. 00021 * 00022 * This file is part of mbed TLS (https://tls.mbed.org) 00023 */ 00024 #ifndef MBEDTLS_BLOWFISH_H 00025 #define MBEDTLS_BLOWFISH_H 00026 00027 #if !defined(MBEDTLS_CONFIG_FILE) 00028 #include "mbedtls/config.h" 00029 #else 00030 #include MBEDTLS_CONFIG_FILE 00031 #endif 00032 00033 #include <stddef.h> 00034 #include <stdint.h> 00035 00036 #include "mbedtls/platform_util.h" 00037 00038 #define MBEDTLS_BLOWFISH_ENCRYPT 1 00039 #define MBEDTLS_BLOWFISH_DECRYPT 0 00040 #define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 00041 #define MBEDTLS_BLOWFISH_MIN_KEY_BITS 32 00042 #define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */ 00043 #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ 00044 00045 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 00046 #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) 00047 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 00048 #define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */ 00049 00050 #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ 00051 00052 /* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used. 00053 */ 00054 #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ 00055 00056 #ifdef __cplusplus 00057 extern "C" { 00058 #endif 00059 00060 #if !defined(MBEDTLS_BLOWFISH_ALT) 00061 // Regular implementation 00062 // 00063 00064 /** 00065 * \brief Blowfish context structure 00066 */ 00067 typedef struct mbedtls_blowfish_context 00068 { 00069 uint32_t P [MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */ 00070 uint32_t S [4][256]; /*!< key dependent S-boxes */ 00071 } 00072 mbedtls_blowfish_context; 00073 00074 #else /* MBEDTLS_BLOWFISH_ALT */ 00075 #include "blowfish_alt.h" 00076 #endif /* MBEDTLS_BLOWFISH_ALT */ 00077 00078 /** 00079 * \brief Initialize a Blowfish context. 00080 * 00081 * \param ctx The Blowfish context to be initialized. 00082 * This must not be \c NULL. 00083 */ 00084 void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); 00085 00086 /** 00087 * \brief Clear a Blowfish context. 00088 * 00089 * \param ctx The Blowfish context to be cleared. 00090 * This may be \c NULL, in which case this function 00091 * returns immediately. If it is not \c NULL, it must 00092 * point to an initialized Blowfish context. 00093 */ 00094 void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); 00095 00096 /** 00097 * \brief Perform a Blowfish key schedule operation. 00098 * 00099 * \param ctx The Blowfish context to perform the key schedule on. 00100 * \param key The encryption key. This must be a readable buffer of 00101 * length \p keybits Bits. 00102 * \param keybits The length of \p key in Bits. This must be between 00103 * \c 32 and \c 448 and a multiple of \c 8. 00104 * 00105 * \return \c 0 if successful. 00106 * \return A negative error code on failure. 00107 */ 00108 int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, 00109 unsigned int keybits ); 00110 00111 /** 00112 * \brief Perform a Blowfish-ECB block encryption/decryption operation. 00113 * 00114 * \param ctx The Blowfish context to use. This must be initialized 00115 * and bound to a key. 00116 * \param mode The mode of operation. Possible values are 00117 * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or 00118 * #MBEDTLS_BLOWFISH_DECRYPT for decryption. 00119 * \param input The input block. This must be a readable buffer 00120 * of size \c 8 Bytes. 00121 * \param output The output block. This must be a writable buffer 00122 * of size \c 8 Bytes. 00123 * 00124 * \return \c 0 if successful. 00125 * \return A negative error code on failure. 00126 */ 00127 int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, 00128 int mode, 00129 const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], 00130 unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] ); 00131 00132 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00133 /** 00134 * \brief Perform a Blowfish-CBC buffer encryption/decryption operation. 00135 * 00136 * \note Upon exit, the content of the IV is updated so that you can 00137 * call the function same function again on the following 00138 * block(s) of data and get the same result as if it was 00139 * encrypted in one call. This allows a "streaming" usage. 00140 * If on the other hand you need to retain the contents of the 00141 * IV, you should either save it manually or use the cipher 00142 * module instead. 00143 * 00144 * \param ctx The Blowfish context to use. This must be initialized 00145 * and bound to a key. 00146 * \param mode The mode of operation. Possible values are 00147 * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or 00148 * #MBEDTLS_BLOWFISH_DECRYPT for decryption. 00149 * \param length The length of the input data in Bytes. This must be 00150 * multiple of \c 8. 00151 * \param iv The initialization vector. This must be a read/write buffer 00152 * of length \c 8 Bytes. It is updated by this function. 00153 * \param input The input data. This must be a readable buffer of length 00154 * \p length Bytes. 00155 * \param output The output data. This must be a writable buffer of length 00156 * \p length Bytes. 00157 * 00158 * \return \c 0 if successful. 00159 * \return A negative error code on failure. 00160 */ 00161 int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, 00162 int mode, 00163 size_t length, 00164 unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], 00165 const unsigned char *input, 00166 unsigned char *output ); 00167 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00168 00169 #if defined(MBEDTLS_CIPHER_MODE_CFB) 00170 /** 00171 * \brief Perform a Blowfish CFB buffer encryption/decryption operation. 00172 * 00173 * \note Upon exit, the content of the IV is updated so that you can 00174 * call the function same function again on the following 00175 * block(s) of data and get the same result as if it was 00176 * encrypted in one call. This allows a "streaming" usage. 00177 * If on the other hand you need to retain the contents of the 00178 * IV, you should either save it manually or use the cipher 00179 * module instead. 00180 * 00181 * \param ctx The Blowfish context to use. This must be initialized 00182 * and bound to a key. 00183 * \param mode The mode of operation. Possible values are 00184 * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or 00185 * #MBEDTLS_BLOWFISH_DECRYPT for decryption. 00186 * \param length The length of the input data in Bytes. 00187 * \param iv_off The offset in the initialiation vector. 00188 * The value pointed to must be smaller than \c 8 Bytes. 00189 * It is updated by this function to support the aforementioned 00190 * streaming usage. 00191 * \param iv The initialization vector. This must be a read/write buffer 00192 * of size \c 8 Bytes. It is updated after use. 00193 * \param input The input data. This must be a readable buffer of length 00194 * \p length Bytes. 00195 * \param output The output data. This must be a writable buffer of length 00196 * \p length Bytes. 00197 * 00198 * \return \c 0 if successful. 00199 * \return A negative error code on failure. 00200 */ 00201 int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, 00202 int mode, 00203 size_t length, 00204 size_t *iv_off, 00205 unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], 00206 const unsigned char *input, 00207 unsigned char *output ); 00208 #endif /*MBEDTLS_CIPHER_MODE_CFB */ 00209 00210 #if defined(MBEDTLS_CIPHER_MODE_CTR) 00211 /** 00212 * \brief Perform a Blowfish-CTR buffer encryption/decryption operation. 00213 * 00214 * \warning You must never reuse a nonce value with the same key. Doing so 00215 * would void the encryption for the two messages encrypted with 00216 * the same nonce and key. 00217 * 00218 * There are two common strategies for managing nonces with CTR: 00219 * 00220 * 1. You can handle everything as a single message processed over 00221 * successive calls to this function. In that case, you want to 00222 * set \p nonce_counter and \p nc_off to 0 for the first call, and 00223 * then preserve the values of \p nonce_counter, \p nc_off and \p 00224 * stream_block across calls to this function as they will be 00225 * updated by this function. 00226 * 00227 * With this strategy, you must not encrypt more than 2**64 00228 * blocks of data with the same key. 00229 * 00230 * 2. You can encrypt separate messages by dividing the \p 00231 * nonce_counter buffer in two areas: the first one used for a 00232 * per-message nonce, handled by yourself, and the second one 00233 * updated by this function internally. 00234 * 00235 * For example, you might reserve the first 4 bytes for the 00236 * per-message nonce, and the last 4 bytes for internal use. In that 00237 * case, before calling this function on a new message you need to 00238 * set the first 4 bytes of \p nonce_counter to your chosen nonce 00239 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p 00240 * stream_block to be ignored). That way, you can encrypt at most 00241 * 2**32 messages of up to 2**32 blocks each with the same key. 00242 * 00243 * The per-message nonce (or information sufficient to reconstruct 00244 * it) needs to be communicated with the ciphertext and must be unique. 00245 * The recommended way to ensure uniqueness is to use a message 00246 * counter. 00247 * 00248 * Note that for both stategies, sizes are measured in blocks and 00249 * that a Blowfish block is 8 bytes. 00250 * 00251 * \warning Upon return, \p stream_block contains sensitive data. Its 00252 * content must not be written to insecure storage and should be 00253 * securely discarded as soon as it's no longer needed. 00254 * 00255 * \param ctx The Blowfish context to use. This must be initialized 00256 * and bound to a key. 00257 * \param length The length of the input data in Bytes. 00258 * \param nc_off The offset in the current stream_block (for resuming 00259 * within current cipher stream). The offset pointer 00260 * should be \c 0 at the start of a stream and must be 00261 * smaller than \c 8. It is updated by this function. 00262 * \param nonce_counter The 64-bit nonce and counter. This must point to a 00263 * read/write buffer of length \c 8 Bytes. 00264 * \param stream_block The saved stream-block for resuming. This must point to 00265 * a read/write buffer of length \c 8 Bytes. 00266 * \param input The input data. This must be a readable buffer of 00267 * length \p length Bytes. 00268 * \param output The output data. This must be a writable buffer of 00269 * length \p length Bytes. 00270 * 00271 * \return \c 0 if successful. 00272 * \return A negative error code on failure. 00273 */ 00274 int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, 00275 size_t length, 00276 size_t *nc_off, 00277 unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], 00278 unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], 00279 const unsigned char *input, 00280 unsigned char *output ); 00281 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 00282 00283 #ifdef __cplusplus 00284 } 00285 #endif 00286 00287 #endif /* blowfish.h */
Generated on Tue Jul 12 2022 13:54:03 by
