]>
Commit | Line | Data |
---|---|---|
9dd2b2a9 RL |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
53934822 | 5 | BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, |
9dd2b2a9 RL |
6 | BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption |
7 | ||
8 | =head1 SYNOPSIS | |
9 | ||
10 | #include <openssl/blowfish.h> | |
11 | ||
03047e7b MC |
12 | Deprecated since OpenSSL 3.0, can be hidden entirely by defining |
13 | B<OPENSSL_API_COMPAT> with a suitable version value, see | |
14 | L<openssl_user_macros(7)>: | |
15 | ||
9dd2b2a9 RL |
16 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data); |
17 | ||
4d524e10 | 18 | void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, |
e9b77246 | 19 | BF_KEY *key, int enc); |
4d524e10 | 20 | void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, |
e9b77246 BB |
21 | long length, BF_KEY *schedule, |
22 | unsigned char *ivec, int enc); | |
4d524e10 | 23 | void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
e9b77246 BB |
24 | long length, BF_KEY *schedule, |
25 | unsigned char *ivec, int *num, int enc); | |
4d524e10 | 26 | void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, |
e9b77246 BB |
27 | long length, BF_KEY *schedule, |
28 | unsigned char *ivec, int *num); | |
9dd2b2a9 RL |
29 | const char *BF_options(void); |
30 | ||
aebb9aac RS |
31 | void BF_encrypt(BF_LONG *data, const BF_KEY *key); |
32 | void BF_decrypt(BF_LONG *data, const BF_KEY *key); | |
8fdec3e5 | 33 | |
9dd2b2a9 RL |
34 | =head1 DESCRIPTION |
35 | ||
03047e7b MC |
36 | All of the functions described on this page are deprecated. Applications should |
37 | instead use L<EVP_EncryptInit_ex(3)>, L<EVP_EncryptUpdate(3)> and | |
38 | L<EVP_EncryptFinal_ex(3)> or the equivalently named decrypt functions. | |
39 | ||
6ce46d69 | 40 | This library implements the Blowfish cipher, which was invented and described |
447a9638 | 41 | by Counterpane (see http://www.counterpane.com/blowfish.html ). |
9dd2b2a9 RL |
42 | |
43 | Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. | |
44 | It uses a variable size key, but typically, 128 bit (16 byte) keys are | |
5286db69 | 45 | considered good for strong encryption. Blowfish can be used in the same |
9b86974e | 46 | modes as DES (see L<des_modes(7)>). Blowfish is currently one |
9dd2b2a9 RL |
47 | of the faster block ciphers. It is quite a bit faster than DES, and much |
48 | faster than IDEA or RC2. | |
49 | ||
50 | Blowfish consists of a key setup phase and the actual encryption or decryption | |
51 | phase. | |
52 | ||
53 | BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key | |
54 | at B<data>. | |
55 | ||
9dd2b2a9 RL |
56 | BF_ecb_encrypt() is the basic Blowfish encryption and decryption function. |
57 | It encrypts or decrypts the first 64 bits of B<in> using the key B<key>, | |
58 | putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>) | |
59 | or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by | |
60 | B<in> and B<out> must be 64 bits in length, no less. If they are larger, | |
61 | everything after the first 64 bits is ignored. | |
62 | ||
63 | The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt() | |
c8973693 | 64 | all operate on variable length data. They all take an initialization vector |
1bc74519 | 65 | B<ivec> which needs to be passed along into the next call of the same function |
c8973693 UM |
66 | for the same message. B<ivec> may be initialized with anything, but the |
67 | recipient needs to know what it was initialized with, or it won't be able | |
1bb30673 | 68 | to decrypt. Some programs and protocols simplify this, like SSH, where |
c8973693 | 69 | B<ivec> is simply initialized to zero. |
6ce46d69 | 70 | BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while |
9dd2b2a9 RL |
71 | BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable |
72 | number of bytes (the amount does not have to be an exact multiple of 8). The | |
73 | purpose of the latter two is to simulate stream ciphers, and therefore, they | |
74 | need the parameter B<num>, which is a pointer to an integer where the current | |
c8973693 UM |
75 | offset in B<ivec> is stored between calls. This integer must be initialized |
76 | to zero when B<ivec> is initialized. | |
9dd2b2a9 RL |
77 | |
78 | BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It | |
79 | encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>, | |
80 | putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or | |
81 | decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte | |
c8973693 | 82 | long initialization vector. |
9dd2b2a9 RL |
83 | |
84 | BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback. | |
85 | It encrypts or decrypts the bytes in B<in> using the key B<schedule>, | |
86 | putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>) | |
87 | or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an | |
c8973693 | 88 | 8 byte long initialization vector. B<num> must point at an integer which must |
1bb30673 | 89 | be initially zero. |
9dd2b2a9 RL |
90 | |
91 | BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback. | |
c8973693 | 92 | It uses the same parameters as BF_cfb64_encrypt(), which must be initialized |
9dd2b2a9 RL |
93 | the same way. |
94 | ||
c15602f4 RL |
95 | BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish |
96 | encryption. They encrypt/decrypt the first 64 bits of the vector pointed by | |
97 | B<data>, using the key B<key>. These functions should not be used unless you | |
98 | implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt(). | |
99 | If you still want to use these functions, you should be aware that they take | |
100 | each 32-bit chunk in host-byte order, which is little-endian on little-endian | |
101 | platforms and big-endian on big-endian ones. | |
102 | ||
9dd2b2a9 RL |
103 | =head1 RETURN VALUES |
104 | ||
105 | None of the functions presented here return any value. | |
106 | ||
107 | =head1 NOTE | |
108 | ||
d52c9734 | 109 | Applications should use the higher level functions |
9b86974e | 110 | L<EVP_EncryptInit(3)> etc. instead of calling these |
c7497f34 | 111 | functions directly. |
9dd2b2a9 RL |
112 | |
113 | =head1 SEE ALSO | |
114 | ||
9b86974e RS |
115 | L<EVP_EncryptInit(3)>, |
116 | L<des_modes(7)> | |
9dd2b2a9 | 117 | |
03047e7b MC |
118 | =head1 HISTORY |
119 | ||
120 | All of these functions were deprecated in OpenSSL 3.0. | |
121 | ||
e2f92610 RS |
122 | =head1 COPYRIGHT |
123 | ||
124 | Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
125 | ||
4746f25a | 126 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
127 | this file except in compliance with the License. You can obtain a copy |
128 | in the file LICENSE in the source distribution or at | |
129 | L<https://www.openssl.org/source/license.html>. | |
130 | ||
131 | =cut |