1.Dd $Mdocdate: September 9 2015 $ 2.Dt BF_SET_KEY 3 3.Os 4.Sh NAME 5.Nm BF_set_key , 6.Nm BF_encrypt , 7.Nm BF_decrypt , 8.Nm BF_ecb_encrypt , 9.Nm BF_cbc_encrypt , 10.Nm BF_cfb64_encrypt , 11.Nm BF_ofb64_encrypt , 12.Nm BF_options 13.Nd Blowfish encryption 14.Sh SYNOPSIS 15.In openssl/blowfish.h 16.Ft void 17.Fo BF_set_key 18.Fa "BF_KEY *key" 19.Fa "int len" 20.Fa "const unsigned char *data" 21.Fc 22.Ft void 23.Fo BF_ecb_encrypt 24.Fa "const unsigned char *in" 25.Fa "unsigned char *out" 26.Fa "BF_KEY *key" 27.Fa "int enc" 28.Fc 29.Ft void 30.Fo BF_cbc_encrypt 31.Fa "const unsigned char *in" 32.Fa "unsigned char *out" 33.Fa "long length" 34.Fa "BF_KEY *schedule" 35.Fa "unsigned char *ivec" 36.Fa "int enc" 37.Fc 38.Ft void 39.Fo BF_cfb64_encrypt 40.Fa "const unsigned char *in" 41.Fa "unsigned char *out" 42.Fa "long length" 43.Fa "BF_KEY *schedule" 44.Fa "unsigned char *ivec" 45.Fa "int *num" 46.Fa "int enc" 47.Fc 48.Ft void 49.Fo BF_ofb64_encrypt 50.Fa "const unsigned char *in" 51.Fa "unsigned char *out" 52.Fa "long length" 53.Fa "BF_KEY *schedule" 54.Fa "unsigned char *ivec" 55.Fa "int *num" 56.Fc 57.Ft const char * 58.Fo BF_options 59.Fa void 60.Fc 61.Ft void 62.Fo BF_encrypt 63.Fa "BF_LONG *data" 64.Fa "const BF_KEY *key" 65.Fc 66.Ft void 67.Fo BF_decrypt 68.Fa "BF_LONG *data" 69.Fa "const BF_KEY *key" 70.Fc 71.Sh DESCRIPTION 72This library implements the Blowfish cipher, 73which was invented and described by 74.An Counterpane . 75.Pp 76Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. 77It uses a variable size key, but typically, 128 bit (16 byte) keys 78are considered good for strong encryption. 79Blowfish can be used in the same modes as DES (see 80.Xr des_modes 3 ) . 81Blowfish is currently one of the faster block ciphers. 82It is quite a bit faster than DES, and much faster than IDEA or RC2. 83.Pp 84Blowfish consists of a key setup phase 85and the actual encryption or decryption phase. 86.Pp 87.Fn BF_set_key 88sets up the 89.Vt BF_KEY 90.Fa key 91using the 92.Fa len 93bytes long key at 94.Fa data . 95.Pp 96.Fn BF_ecb_encrypt 97is the basic Blowfish encryption and decryption function. 98It encrypts or decrypts the first 64 bits of 99.Fa in 100using the key 101.Fa key , 102putting the result in 103.Fa out . 104.Fa enc 105decides if encryption 106.Pq Dv BF_ENCRYPT 107or decryption 108.Pq Dv BF_DECRYPT 109shall be performed. 110The vector pointed at by 111.Fa in 112and 113.Fa out 114must be 64 bits in length, no less. 115If they are larger, everything after the first 64 bits is ignored. 116.Pp 117The mode functions 118.Fn BF_cbc_encrypt , 119.Fn BF_cfb64_encrypt , 120and 121.Fn BF_ofb64_encrypt 122all operate on variable length data. 123They all take an initialization vector 124.Fa ivec 125which needs to be passed along into the next call of the same function 126for the same message. 127.Fa ivec 128may be initialized with anything, but the recipient needs to know what 129it was initialized with, or it won't be able to decrypt. 130Some programs and protocols simplify this, like SSH, where 131.Fa ivec 132is simply initialized to zero. 133.Fn BF_cbc_encrypt 134operates on data that is a multiple of 8 bytes long, while 135.Fn BF_cfb64_encrypt 136and 137.Fn BF_ofb64_encrypt 138are used to encrypt an variable number of bytes (the amount 139does not have to be an exact multiple of 8). 140The purpose of the latter two is to simulate stream ciphers, 141and therefore, they need the parameter 142.Fa num , 143which is a pointer to an integer where the current offset in 144.Fa ivec 145is stored between calls. 146This integer must be initialized to zero when 147.Fa ivec 148is initialized. 149.Pp 150.Fn BF_cbc_encrypt 151is the Cipher Block Chaining function for Blowfish. 152It encrypts or decrypts the 64 bits chunks of 153.Fa in 154using the key 155.Fa schedule , 156putting the result in 157.Fa out . 158.Fa enc 159decides if encryption 160.Pq Dv BF_ENCRYPT 161or decryption 162.Pq Dv BF_DECRYPT 163shall be performed. 164.Fa ivec 165must point at an 8 byte long initialization vector. 166.Pp 167.Fn BF_cfb64_encrypt 168is the CFB mode for Blowfish with 64 bit feedback. 169It encrypts or decrypts the bytes in 170.Fa in 171using the key 172.Fa schedule , 173putting the result in 174.Fa out . 175.Fa enc 176decides if encryption 177.Pq Dv BF_ENCRYPT 178or decryption 179.Pq Dv BF_DECRYPT 180shall be performed. 181.Fa ivec 182must point at an 1838 byte long initialization vector. 184.Fa num 185must point at an integer which must be initially zero. 186.Pp 187.Fn BF_ofb64_encrypt 188is the OFB mode for Blowfish with 64 bit feedback. 189It uses the same parameters as 190.Fn BF_cfb64_encrypt , 191which must be initialized the same way. 192.Pp 193.Fn BF_encrypt 194and 195.Fn BF_decrypt 196are the lowest level functions for Blowfish encryption. 197They encrypt/decrypt the first 64 bits of the vector pointed by 198.Fa data , 199using the key 200.Fa key . 201These functions should not be used unless you implement 'modes' of Blowfish. 202The alternative is to use 203.Fn BF_ecb_encrypt . 204If you still want to use these functions, you should be aware 205that they take each 32-bit chunk in host-byte order, 206which is little-endian on little-endian platforms 207and big-endian on big-endian ones. 208.Sh RETURN VALUES 209None of the functions presented here return any value. 210.Sh NOTE 211Applications should use the higher level functions 212.Xr EVP_EncryptInit 3 213etc. instead of calling the blowfish functions directly. 214.Sh HISTORY 215The Blowfish functions are available in all versions of SSLeay and OpenSSL. 216