mirror of
https://foundry.openuru.org/gitblit/r/CWE-ou-minkata.git
synced 2025-07-19 11:49:09 +00:00
Initial Commit of CyanWorlds.com Engine Open Source Client/Plugin
This commit is contained in:
jwplatt
@ -0,0 +1,149 @@
|
||||
The Blowfish library.
|
||||
|
||||
Blowfish is a block cipher that operates on 64bit (8 byte) quantities. It
|
||||
uses variable size key, but 128bit (16 byte) key would normally be considered
|
||||
good. It can be used in all the modes that DES can be used. This
|
||||
library implements the ecb, cbc, cfb64, ofb64 modes.
|
||||
|
||||
Blowfish is quite a bit faster that DES, and much faster than IDEA or
|
||||
RC2. It is one of the faster block ciphers.
|
||||
|
||||
For all calls that have an 'input' and 'output' variables, they can be the
|
||||
same.
|
||||
|
||||
This library requires the inclusion of 'blowfish.h'.
|
||||
|
||||
All of the encryption functions take what is called an BF_KEY as an
|
||||
argument. An BF_KEY is an expanded form of the Blowfish key.
|
||||
For all modes of the Blowfish algorithm, the BF_KEY used for
|
||||
decryption is the same one that was used for encryption.
|
||||
|
||||
The define BF_ENCRYPT is passed to specify encryption for the functions
|
||||
that require an encryption/decryption flag. BF_DECRYPT is passed to
|
||||
specify decryption.
|
||||
|
||||
Please note that any of the encryption modes specified in my DES library
|
||||
could be used with Blowfish. I have only implemented ecb, cbc, cfb64 and
|
||||
ofb64 for the following reasons.
|
||||
- ecb is the basic Blowfish encryption.
|
||||
- cbc is the normal 'chaining' form for block ciphers.
|
||||
- cfb64 can be used to encrypt single characters, therefore input and output
|
||||
do not need to be a multiple of 8.
|
||||
- ofb64 is similar to cfb64 but is more like a stream cipher, not as
|
||||
secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
|
||||
- If you want triple Blowfish, thats 384 bits of key and you must be totally
|
||||
obsessed with security. Still, if you want it, it is simple enough to
|
||||
copy the function from the DES library and change the des_encrypt to
|
||||
BF_encrypt; an exercise left for the paranoid reader :-).
|
||||
|
||||
The functions are as follows:
|
||||
|
||||
void BF_set_key(
|
||||
BF_KEY *ks;
|
||||
int len;
|
||||
unsigned char *key;
|
||||
BF_set_key converts an 'len' byte key into a BF_KEY.
|
||||
A 'ks' is an expanded form of the 'key' which is used to
|
||||
perform actual encryption. It can be regenerated from the Blowfish key
|
||||
so it only needs to be kept when encryption or decryption is about
|
||||
to occur. Don't save or pass around BF_KEY's since they
|
||||
are CPU architecture dependent, 'key's are not. Blowfish is an
|
||||
interesting cipher in that it can be used with a variable length
|
||||
key. 'len' is the length of 'key' to be used as the key.
|
||||
A 'len' of 16 is recomended by me, but blowfish can use upto
|
||||
72 bytes. As a warning, blowfish has a very very slow set_key
|
||||
function, it actually runs BF_encrypt 521 times.
|
||||
|
||||
void BF_encrypt(
|
||||
unsigned long *data,
|
||||
BF_KEY *key,
|
||||
int encrypt);
|
||||
This is the Blowfish encryption function that gets called by just about
|
||||
every other Blowfish routine in the library. You should not use this
|
||||
function except to implement 'modes' of Blowfish.
|
||||
I say this because the
|
||||
functions that call this routine do the conversion from 'char *' to
|
||||
long, and this needs to be done to make sure 'non-aligned' memory
|
||||
access do not occur.
|
||||
Data is a pointer to 2 unsigned long's and key is the
|
||||
BF_KEY to use. Encryption or decryption is indicated by 'encrypt'.
|
||||
which can have the values BF_ENCRYPT or BF_DECRYPT.
|
||||
|
||||
void BF_ecb_encrypt(
|
||||
unsigned char *in,
|
||||
unsigned char *out,
|
||||
BF_KEY *key,
|
||||
int encrypt);
|
||||
This is the basic Electronic Code Book form of Blowfish (in DES this
|
||||
mode is called Electronic Code Book so I'm going to use the term
|
||||
for blowfish as well.
|
||||
Input is encrypted into output using the key represented by
|
||||
key. Depending on the encrypt, encryption or
|
||||
decryption occurs. Input is 8 bytes long and output is 8 bytes.
|
||||
|
||||
void BF_cbc_encrypt(
|
||||
unsigned char *in,
|
||||
unsigned char *out,
|
||||
long length,
|
||||
BF_KEY *ks,
|
||||
unsigned char *ivec,
|
||||
int encrypt);
|
||||
This routine implements Blowfish in Cipher Block Chaining mode.
|
||||
Input, which should be a multiple of 8 bytes is encrypted
|
||||
(or decrypted) to output which will also be a multiple of 8 bytes.
|
||||
The number of bytes is in length (and from what I've said above,
|
||||
should be a multiple of 8). If length is not a multiple of 8, bad
|
||||
things will probably happen. ivec is the initialisation vector.
|
||||
This function updates iv after each call so that it can be passed to
|
||||
the next call to BF_cbc_encrypt().
|
||||
|
||||
void BF_cfb64_encrypt(
|
||||
unsigned char *in,
|
||||
unsigned char *out,
|
||||
long length,
|
||||
BF_KEY *schedule,
|
||||
unsigned char *ivec,
|
||||
int *num,
|
||||
int encrypt);
|
||||
This is one of the more useful functions in this Blowfish library, it
|
||||
implements CFB mode of Blowfish with 64bit feedback.
|
||||
This allows you to encrypt an arbitrary number of bytes,
|
||||
you do not require 8 byte padding. Each call to this
|
||||
routine will encrypt the input bytes to output and then update ivec
|
||||
and num. Num contains 'how far' we are though ivec.
|
||||
'Encrypt' is used to indicate encryption or decryption.
|
||||
CFB64 mode operates by using the cipher to generate a stream
|
||||
of bytes which is used to encrypt the plain text.
|
||||
The cipher text is then encrypted to generate the next 64 bits to
|
||||
be xored (incrementally) with the next 64 bits of plain
|
||||
text. As can be seen from this, to encrypt or decrypt,
|
||||
the same 'cipher stream' needs to be generated but the way the next
|
||||
block of data is gathered for encryption is different for
|
||||
encryption and decryption.
|
||||
|
||||
void BF_ofb64_encrypt(
|
||||
unsigned char *in,
|
||||
unsigned char *out,
|
||||
long length,
|
||||
BF_KEY *schedule,
|
||||
unsigned char *ivec,
|
||||
int *num);
|
||||
This functions implements OFB mode of Blowfish with 64bit feedback.
|
||||
This allows you to encrypt an arbitrary number of bytes,
|
||||
you do not require 8 byte padding. Each call to this
|
||||
routine will encrypt the input bytes to output and then update ivec
|
||||
and num. Num contains 'how far' we are though ivec.
|
||||
This is in effect a stream cipher, there is no encryption or
|
||||
decryption mode.
|
||||
|
||||
For reading passwords, I suggest using des_read_pw_string() from my DES library.
|
||||
To generate a password from a text string, I suggest using MD5 (or MD2) to
|
||||
produce a 16 byte message digest that can then be passed directly to
|
||||
BF_set_key().
|
||||
|
||||
=====
|
||||
For more information about the specific Blowfish modes in this library
|
||||
(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
|
||||
documentation on my DES library. What is said about DES is directly
|
||||
applicable for Blowfish.
|
||||
|
||||
Reference in New Issue
Block a user