]> git.zerfleddert.de Git - proxmark3-svn/blob - common/mbedtls/blowfish.h
Add ROCA vulnerability test (RRG repository PR 76 by @merlokk) (#762)
[proxmark3-svn] / common / mbedtls / blowfish.h
1 /**
2 * \file blowfish.h
3 *
4 * \brief Blowfish block cipher
5 */
6 /*
7 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8 * SPDX-License-Identifier: GPL-2.0
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 *
24 * This file is part of mbed TLS (https://tls.mbed.org)
25 */
26 #ifndef MBEDTLS_BLOWFISH_H
27 #define MBEDTLS_BLOWFISH_H
28
29 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include "config.h"
31 #else
32 #include MBEDTLS_CONFIG_FILE
33 #endif
34
35 #include <stddef.h>
36 #include <stdint.h>
37
38 #define MBEDTLS_BLOWFISH_ENCRYPT 1
39 #define MBEDTLS_BLOWFISH_DECRYPT 0
40 #define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448
41 #define MBEDTLS_BLOWFISH_MIN_KEY_BITS 32
42 #define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
43 #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
44
45 #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
46 #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
47 #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
48
49 #ifdef __cplusplus
50 extern "C" {
51 #endif
52
53 #if !defined(MBEDTLS_BLOWFISH_ALT)
54 // Regular implementation
55 //
56
57 /**
58 * \brief Blowfish context structure
59 */
60 typedef struct mbedtls_blowfish_context
61 {
62 uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
63 uint32_t S[4][256]; /*!< key dependent S-boxes */
64 }
65 mbedtls_blowfish_context;
66
67 #else /* MBEDTLS_BLOWFISH_ALT */
68 #include "blowfish_alt.h"
69 #endif /* MBEDTLS_BLOWFISH_ALT */
70
71 /**
72 * \brief Initialize Blowfish context
73 *
74 * \param ctx Blowfish context to be initialized
75 */
76 void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
77
78 /**
79 * \brief Clear Blowfish context
80 *
81 * \param ctx Blowfish context to be cleared
82 */
83 void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
84
85 /**
86 * \brief Blowfish key schedule
87 *
88 * \param ctx Blowfish context to be initialized
89 * \param key encryption key
90 * \param keybits must be between 32 and 448 bits
91 *
92 * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
93 */
94 int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
95 unsigned int keybits );
96
97 /**
98 * \brief Blowfish-ECB block encryption/decryption
99 *
100 * \param ctx Blowfish context
101 * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
102 * \param input 8-byte input block
103 * \param output 8-byte output block
104 *
105 * \return 0 if successful
106 */
107 int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
108 int mode,
109 const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
110 unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
111
112 #if defined(MBEDTLS_CIPHER_MODE_CBC)
113 /**
114 * \brief Blowfish-CBC buffer encryption/decryption
115 * Length should be a multiple of the block
116 * size (8 bytes)
117 *
118 * \note Upon exit, the content of the IV is updated so that you can
119 * call the function same function again on the following
120 * block(s) of data and get the same result as if it was
121 * encrypted in one call. This allows a "streaming" usage.
122 * If on the other hand you need to retain the contents of the
123 * IV, you should either save it manually or use the cipher
124 * module instead.
125 *
126 * \param ctx Blowfish context
127 * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
128 * \param length length of the input data
129 * \param iv initialization vector (updated after use)
130 * \param input buffer holding the input data
131 * \param output buffer holding the output data
132 *
133 * \return 0 if successful, or
134 * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
135 */
136 int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
137 int mode,
138 size_t length,
139 unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
140 const unsigned char *input,
141 unsigned char *output );
142 #endif /* MBEDTLS_CIPHER_MODE_CBC */
143
144 #if defined(MBEDTLS_CIPHER_MODE_CFB)
145 /**
146 * \brief Blowfish CFB buffer encryption/decryption.
147 *
148 * \note Upon exit, the content of the IV is updated so that you can
149 * call the function same function again on the following
150 * block(s) of data and get the same result as if it was
151 * encrypted in one call. This allows a "streaming" usage.
152 * If on the other hand you need to retain the contents of the
153 * IV, you should either save it manually or use the cipher
154 * module instead.
155 *
156 * \param ctx Blowfish context
157 * \param mode MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
158 * \param length length of the input data
159 * \param iv_off offset in IV (updated after use)
160 * \param iv initialization vector (updated after use)
161 * \param input buffer holding the input data
162 * \param output buffer holding the output data
163 *
164 * \return 0 if successful
165 */
166 int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
167 int mode,
168 size_t length,
169 size_t *iv_off,
170 unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
171 const unsigned char *input,
172 unsigned char *output );
173 #endif /*MBEDTLS_CIPHER_MODE_CFB */
174
175 #if defined(MBEDTLS_CIPHER_MODE_CTR)
176 /**
177 * \brief Blowfish-CTR buffer encryption/decryption
178 *
179 * \warning You must never reuse a nonce value with the same key. Doing so
180 * would void the encryption for the two messages encrypted with
181 * the same nonce and key.
182 *
183 * There are two common strategies for managing nonces with CTR:
184 *
185 * 1. You can handle everything as a single message processed over
186 * successive calls to this function. In that case, you want to
187 * set \p nonce_counter and \p nc_off to 0 for the first call, and
188 * then preserve the values of \p nonce_counter, \p nc_off and \p
189 * stream_block across calls to this function as they will be
190 * updated by this function.
191 *
192 * With this strategy, you must not encrypt more than 2**64
193 * blocks of data with the same key.
194 *
195 * 2. You can encrypt separate messages by dividing the \p
196 * nonce_counter buffer in two areas: the first one used for a
197 * per-message nonce, handled by yourself, and the second one
198 * updated by this function internally.
199 *
200 * For example, you might reserve the first 4 bytes for the
201 * per-message nonce, and the last 4 bytes for internal use. In that
202 * case, before calling this function on a new message you need to
203 * set the first 4 bytes of \p nonce_counter to your chosen nonce
204 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
205 * stream_block to be ignored). That way, you can encrypt at most
206 * 2**32 messages of up to 2**32 blocks each with the same key.
207 *
208 * The per-message nonce (or information sufficient to reconstruct
209 * it) needs to be communicated with the ciphertext and must be unique.
210 * The recommended way to ensure uniqueness is to use a message
211 * counter.
212 *
213 * Note that for both stategies, sizes are measured in blocks and
214 * that a Blowfish block is 8 bytes.
215 *
216 * \warning Upon return, \p stream_block contains sensitive data. Its
217 * content must not be written to insecure storage and should be
218 * securely discarded as soon as it's no longer needed.
219 *
220 * \param ctx Blowfish context
221 * \param length The length of the data
222 * \param nc_off The offset in the current stream_block (for resuming
223 * within current cipher stream). The offset pointer to
224 * should be 0 at the start of a stream.
225 * \param nonce_counter The 64-bit nonce and counter.
226 * \param stream_block The saved stream-block for resuming. Is overwritten
227 * by the function.
228 * \param input The input data stream
229 * \param output The output data stream
230 *
231 * \return 0 if successful
232 */
233 int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
234 size_t length,
235 size_t *nc_off,
236 unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
237 unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
238 const unsigned char *input,
239 unsigned char *output );
240 #endif /* MBEDTLS_CIPHER_MODE_CTR */
241
242 #ifdef __cplusplus
243 }
244 #endif
245
246 #endif /* blowfish.h */
Impressum, Datenschutz