void BF_set_key(key, len, data)
BF_KEY *key;
int len;
unsigned char *data;
void BF_ecb_encrypt(in, out, key, encrypt)
unsigned char *in, *out;
BF_KEY *key;
int encrypt;
void BF_encrypt(data, key, encrypt)
BF_LONG *data;
BF_KEY *key;
int encrypt;
void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
unsigned char *in, *out, *iv;
long length;
BF_KEY *ks;
int encrypt;
void BF_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
unsigned char *in, *out, *ivec;
long length;
BF_KEY *schedule;
int *num, encrypt;
void BF_ofb64_encrypt(in, out, length, schedule, ivec, num)
unsigned char *in, *out, *ivec;
long length;
BF_KEY *schedule;
int *num;
char *BF_options();
typedef struct bf_key_st
{
BF_LONG P[BF_ROUNDS+2];
BF_LONG S[4*256];
} BF_KEY;
This is an expanded form of the actual key.
Blowfish is a symmetric block cipher that operates on 64 bit (8 byte) quantities. It uses a variable size key; 16 bytes is usually considered a good length. It can be used in all the modes that DES can be used. This library implements the ecb, cbc, cfb64, and ofb64 modes. For more information on these, see the DES encryption modes overview.
Blowfish is quite a bit faster that DES, and much faster than IDEA or RC2. It is one of the faster block ciphers.
All functions that have input and output for arguments may be passed the same argument for both.
The value BF_ENCRYPT is passed to specify encryption for the functions that require an encryption/decryption flag. BF_DECRYPT is passed to specify decryption.
Note that triple-Blowfish has not been implemented, but if you really feel that you need the security that a 384-bit key provides, you can follow the template of des_ecb3_encrypt and replace the des_encrypt() calls to BF_encrypt. The same goes for triple-Blowfish in the other modes.
BF_set_key() converts a len-byte key to a BF_KEY. A ks is an expanded form of key which is used to perform actual encryption. It can be regenerated from the Blowfish key so it only needs to be kept when encryption or decryption is about to occur. Don't save or pass around BF_KEYs since they are CPU architecture dependent, keys are not.
Blowfish is an interesting cipher in that it can be used with a variable length key. len is the number of bytes of key to be used as the key. A len of 16 is recomended.
As a warning, Blowfish has a very very slow set_key function; it actually runs BF_encrypt 521 times.
To generate a password from a text string, you might use MD5 (or the first 16 bytes of SHA-1 output) to produce a 16 byte message digest that can then be passed directly to BF_set_key().
For reading passwords, you can use des_read_pw_string().
BF_encrypt() is the encryption function that gets called by just about every other BF routine in the library. You should not use this function except to implement modes of BF. If you do use it you need to do char-to-long conversion beforehand and the reverse after, to make sure 'non-aligned' memory accesses do not occur. See the c2l and l2c routines in BF_locl.h, for example of such routines. See the des_encrypt() man page for use of these routines in implementing various encryption modes from the underlying function.
data is a pointer to 2 unsigned longs and key is the BF_KEY to use. Encryption or decryption is indicated by encrypt, which can have the values BF_ENCRYPT or BF_DECRYPT.
BF_ecb_encrypt() (Electronic Code Book) encrypts/decrypts input into output using the key given by key. Encryption or decryption is indicated by encrypt, which can have the values BF_ENCRYPT or BF_DECRYPT. input and output must be pointers to 8-byte arrays.
BF_cbc_encrypt() (Cipher Block Chaining mode) encrypts/decrypts input into output using the key given by ks. Encryption or decryption is indicated by encrypt, which can have the values BF_ENCRYPT or BF_DECRYPT. input and output must be pointers to character arrays that are a multiple of 8 bytes in length, same length for both, given by the argument length. ivec is the initialization vector. This function updates ivec after each call so that it can be passed to the next call to BF_cbc_encrypt().
BF_cfb64_encrypt() (Cipher Feedback mode with 64-bit feedback) encrypts/decrypts input into output using the key given by schedule. Encryption or decryption is indicated by encrypt, which can have the values BF_ENCRYPT or BF_DECRYPT. input and output must be pointers to character arrays which can be of arbitrary length, given by the argument length. ivec is the initialization vector. This function updates ivec after each call so that it can be passed to the next call to BF_cfb64_encrypt(). num is also updated to indicate how many bytes of the initialization vector we have used.
BF_ofb64_encrypt() (Output Feedback Mode with 64-bit feedback) encrypts/decrypts input into output using the key given by schedule. input and output must be pointers to character arrays which can be of arbitrary length, given by the argument length. ivec is the initialization vector. This function updates ivec after each call so that it can be passed to the next call to BF_cfb64_encrypt(). num is also updated to indicate how many bytes of the initialization vector we have used.
For more information about the specific Blowfish modes in this library (ecb, cbc, cfb and ofb), read the section entitled DES encryption modes overview. What is said about DES is directly applicable for Blowfish.