| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, |
| 6 | BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption |
| 7 | |
| 8 | =head1 SYNOPSIS |
| 9 | |
| 10 | #include <openssl/blowfish.h> |
| 11 | |
| 12 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data); |
| 13 | |
| 14 | void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 15 | BF_KEY *key, int enc); |
| 16 | void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, |
| 17 | long length, BF_KEY *schedule, |
| 18 | unsigned char *ivec, int enc); |
| 19 | void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
| 20 | long length, BF_KEY *schedule, |
| 21 | unsigned char *ivec, int *num, int enc); |
| 22 | void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, |
| 23 | long length, BF_KEY *schedule, |
| 24 | unsigned char *ivec, int *num); |
| 25 | const char *BF_options(void); |
| 26 | |
| 27 | void BF_encrypt(BF_LONG *data, const BF_KEY *key); |
| 28 | void BF_decrypt(BF_LONG *data, const BF_KEY *key); |
| 29 | |
| 30 | =head1 DESCRIPTION |
| 31 | |
| 32 | This library implements the Blowfish cipher, which was invented and described |
| 33 | by Counterpane (see http://www.counterpane.com/blowfish.html ). |
| 34 | |
| 35 | Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. |
| 36 | It uses a variable size key, but typically, 128 bit (16 byte) keys are |
| 37 | considered good for strong encryption. Blowfish can be used in the same |
| 38 | modes as DES (see L<des_modes(7)>). Blowfish is currently one |
| 39 | of the faster block ciphers. It is quite a bit faster than DES, and much |
| 40 | faster than IDEA or RC2. |
| 41 | |
| 42 | Blowfish consists of a key setup phase and the actual encryption or decryption |
| 43 | phase. |
| 44 | |
| 45 | BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key |
| 46 | at B<data>. |
| 47 | |
| 48 | BF_ecb_encrypt() is the basic Blowfish encryption and decryption function. |
| 49 | It encrypts or decrypts the first 64 bits of B<in> using the key B<key>, |
| 50 | putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>) |
| 51 | or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by |
| 52 | B<in> and B<out> must be 64 bits in length, no less. If they are larger, |
| 53 | everything after the first 64 bits is ignored. |
| 54 | |
| 55 | The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt() |
| 56 | all operate on variable length data. They all take an initialization vector |
| 57 | B<ivec> which needs to be passed along into the next call of the same function |
| 58 | for the same message. B<ivec> may be initialized with anything, but the |
| 59 | recipient needs to know what it was initialized with, or it won't be able |
| 60 | to decrypt. Some programs and protocols simplify this, like SSH, where |
| 61 | B<ivec> is simply initialized to zero. |
| 62 | BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while |
| 63 | BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt a variable |
| 64 | number of bytes (the amount does not have to be an exact multiple of 8). The |
| 65 | purpose of the latter two is to simulate stream ciphers, and therefore, they |
| 66 | need the parameter B<num>, which is a pointer to an integer where the current |
| 67 | offset in B<ivec> is stored between calls. This integer must be initialized |
| 68 | to zero when B<ivec> is initialized. |
| 69 | |
| 70 | BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It |
| 71 | encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>, |
| 72 | putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or |
| 73 | decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte |
| 74 | long initialization vector. |
| 75 | |
| 76 | BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback. |
| 77 | It encrypts or decrypts the bytes in B<in> using the key B<schedule>, |
| 78 | putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>) |
| 79 | or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an |
| 80 | 8 byte long initialization vector. B<num> must point at an integer which must |
| 81 | be initially zero. |
| 82 | |
| 83 | BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback. |
| 84 | It uses the same parameters as BF_cfb64_encrypt(), which must be initialized |
| 85 | the same way. |
| 86 | |
| 87 | BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish |
| 88 | encryption. They encrypt/decrypt the first 64 bits of the vector pointed by |
| 89 | B<data>, using the key B<key>. These functions should not be used unless you |
| 90 | implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt(). |
| 91 | If you still want to use these functions, you should be aware that they take |
| 92 | each 32-bit chunk in host-byte order, which is little-endian on little-endian |
| 93 | platforms and big-endian on big-endian ones. |
| 94 | |
| 95 | =head1 RETURN VALUES |
| 96 | |
| 97 | None of the functions presented here return any value. |
| 98 | |
| 99 | =head1 NOTE |
| 100 | |
| 101 | Applications should use the higher level functions |
| 102 | L<EVP_EncryptInit(3)> etc. instead of calling these |
| 103 | functions directly. |
| 104 | |
| 105 | =head1 SEE ALSO |
| 106 | |
| 107 | L<EVP_EncryptInit(3)>, |
| 108 | L<des_modes(7)> |
| 109 | |
| 110 | =head1 COPYRIGHT |
| 111 | |
| 112 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. |
| 113 | |
| 114 | Licensed under the OpenSSL license (the "License"). You may not use |
| 115 | this file except in compliance with the License. You can obtain a copy |
| 116 | in the file LICENSE in the source distribution or at |
| 117 | L<https://www.openssl.org/source/license.html>. |
| 118 | |
| 119 | =cut |