Data Structures
struct	mbedtls_blowfish_context
	Blowfish context structure. More...

Macros
#define	MBEDTLS_BLOWFISH_ENCRYPT 1
	Constant to select blowfish encryption.

#define	MBEDTLS_BLOWFISH_DECRYPT 0
	Constant to select blowfish decryption.

#define	MBEDTLS_BLOWFISH_ROUNDS 16
	Rounds to use.

#define	MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016
	Bad input data.

#define	MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018
	Invalid data input length.

#define	MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017
	Blowfish hardware accelerator failed.

Typedefs
typedef struct mbedtls_blowfish_context	mbedtls_blowfish_context
	Blowfish context structure.

Functions
void	mbedtls_blowfish_init (mbedtls_blowfish_context *ctx)
	Initialize a Blowfish context.

void	mbedtls_blowfish_free (mbedtls_blowfish_context *ctx)
	Clear a Blowfish context.

int	mbedtls_blowfish_setkey (mbedtls_blowfish_context ctx, const unsigned char key, unsigned int keybits)
	Perform a Blowfish key schedule operation.

int	mbedtls_blowfish_crypt_ecb (mbedtls_blowfish_context *ctx, int mode, const unsigned char input[8], unsigned char output[8])
	Perform a Blowfish-ECB block encryption/decryption operation.

int	mbedtls_blowfish_crypt_ctr (mbedtls_blowfish_context ctx, size_t length, size_t nc_off, unsigned char nonce_counter[8], unsigned char stream_block[8], const unsigned char input, unsigned char output)
	Perform a Blowfish-CTR buffer encryption/decryption operation.

Detailed Description

Macro Definition Documentation

◆ MBEDTLS_BLOWFISH_ENCRYPT

#define MBEDTLS_BLOWFISH_ENCRYPT 1

Constant to select blowfish encryption.

Definition at line 43 of file blowfish.h.

◆ MBEDTLS_BLOWFISH_DECRYPT

#define MBEDTLS_BLOWFISH_DECRYPT 0

Constant to select blowfish decryption.

Definition at line 44 of file blowfish.h.

◆ MBEDTLS_BLOWFISH_ROUNDS

#define MBEDTLS_BLOWFISH_ROUNDS 16

Rounds to use.

When increasing this value, make sure to extend the initialisation vectors

Definition at line 47 of file blowfish.h.

◆ MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA

#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016

Bad input data.

Definition at line 53 of file blowfish.h.

◆ MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH

#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018

Invalid data input length.

Definition at line 55 of file blowfish.h.

◆ MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED

#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017

Blowfish hardware accelerator failed.

Definition at line 59 of file blowfish.h.

Typedef Documentation

◆ mbedtls_blowfish_context

typedef struct mbedtls_blowfish_context mbedtls_blowfish_context

Blowfish context structure.

Function Documentation

◆ mbedtls_blowfish_init()

void mbedtls_blowfish_init ( mbedtls_blowfish_context * ctx )

Initialize a Blowfish context.

Parameters

ctx	The Blowfish context to be initialized. This must not be `NULL`.

◆ mbedtls_blowfish_free()

void mbedtls_blowfish_free ( mbedtls_blowfish_context * ctx )

Clear a Blowfish context.

Parameters

ctx	The Blowfish context to be cleared. This may be `NULL`, in which case this function returns immediately. If it is not `NULL`, it must point to an initialized Blowfish context.

◆ mbedtls_blowfish_setkey()

int mbedtls_blowfish_setkey	(	mbedtls_blowfish_context *	ctx,
		const unsigned char *	key,
		unsigned int	keybits
	)

Perform a Blowfish key schedule operation.

Parameters

ctx	The Blowfish context to perform the key schedule on.
key	The encryption key. This must be a readable buffer of length `keybits` Bits.
keybits	The length of `key` in Bits. This must be between `32` and `448` and a multiple of `8`.

Returns: 0 if successful.; A negative error code on failure.

◆ mbedtls_blowfish_crypt_ecb()

int mbedtls_blowfish_crypt_ecb	(	mbedtls_blowfish_context *	ctx,
		int	mode,
		const unsigned char	input[8],
		unsigned char	output[8]
	)

Perform a Blowfish-ECB block encryption/decryption operation.

Parameters

ctx	The Blowfish context to use. This must be initialized and bound to a key.
mode	The mode of operation. Possible values are MBEDTLS_BLOWFISH_ENCRYPT for encryption, or MBEDTLS_BLOWFISH_DECRYPT for decryption.
input	The input block. This must be a readable buffer of size `8` Bytes.
output	The output block. This must be a writable buffer of size `8` Bytes.

Returns: 0 if successful.; A negative error code on failure.

◆ mbedtls_blowfish_crypt_ctr()

int mbedtls_blowfish_crypt_ctr	(	mbedtls_blowfish_context *	ctx,
		size_t	length,
		size_t *	nc_off,
		unsigned char	nonce_counter[8],
		unsigned char	stream_block[8],
		const unsigned char *	input,
		unsigned char *	output
	)

Perform a Blowfish-CTR buffer encryption/decryption operation.

Warning: You must never reuse a nonce value with the same key. Doing so would void the encryption for the two messages encrypted with the same nonce and key.

There are two common strategies for managing nonces with CTR:

You can handle everything as a single message processed over successive calls to this function. In that case, you want to set nonce_counter and nc_off to 0 for the first call, and then preserve the values of nonce_counter, nc_off and stream_block across calls to this function as they will be updated by this function.

With this strategy, you must not encrypt more than 2**64 blocks of data with the same key.

You can encrypt separate messages by dividing the nonce_counter buffer in two areas: the first one used for a per-message nonce, handled by yourself, and the second one updated by this function internally.

For example, you might reserve the first 4 bytes for the per-message nonce, and the last 4 bytes for internal use. In that case, before calling this function on a new message you need to set the first 4 bytes of nonce_counter to your chosen nonce value, the last 4 to 0, and nc_off to 0 (which will cause stream_block to be ignored). That way, you can encrypt at most 2**32 messages of up to 2**32 blocks each with the same key.

The per-message nonce (or information sufficient to reconstruct it) needs to be communicated with the ciphertext and must be unique. The recommended way to ensure uniqueness is to use a message counter.

Note that for both stategies, sizes are measured in blocks and that a Blowfish block is 8 bytes.

Warning: Upon return, stream_block contains sensitive data. Its content must not be written to insecure storage and should be securely discarded as soon as it's no longer needed.

Parameters

ctx	The Blowfish context to use. This must be initialized and bound to a key.
length	The length of the input data in Bytes.
nc_off	The offset in the current stream_block (for resuming within current cipher stream). The offset pointer should be `0` at the start of a stream and must be smaller than `8`. It is updated by this function.
nonce_counter	The 64-bit nonce and counter. This must point to a read/write buffer of length `8` Bytes.
stream_block	The saved stream-block for resuming. This must point to a read/write buffer of length `8` Bytes.
input	The input data. This must be a readable buffer of length `length` Bytes.
output	The output data. This must be a writable buffer of length `length` Bytes.

Returns: 0 if successful.; A negative error code on failure.

Data Structures

Macros

Typedefs

Functions

Detailed Description

Macro Definition Documentation

◆ MBEDTLS_BLOWFISH_ENCRYPT

◆ MBEDTLS_BLOWFISH_DECRYPT

◆ MBEDTLS_BLOWFISH_ROUNDS

◆ MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA

◆ MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH

◆ MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED

Typedef Documentation

◆ mbedtls_blowfish_context

Function Documentation

◆ mbedtls_blowfish_init()

◆ mbedtls_blowfish_free()

◆ mbedtls_blowfish_setkey()

◆ mbedtls_blowfish_crypt_ecb()

◆ mbedtls_blowfish_crypt_ctr()