[398] | 1 | /**
|
---|
| 2 | * \file des.h
|
---|
| 3 | *
|
---|
| 4 | * \brief DES block cipher
|
---|
| 5 | *
|
---|
| 6 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 7 | * security risk. We recommend considering stronger ciphers
|
---|
| 8 | * instead.
|
---|
| 9 | */
|
---|
| 10 | /*
|
---|
| 11 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
---|
| 12 | * SPDX-License-Identifier: Apache-2.0
|
---|
| 13 | *
|
---|
| 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
| 15 | * not use this file except in compliance with the License.
|
---|
| 16 | * You may obtain a copy of the License at
|
---|
| 17 | *
|
---|
| 18 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
| 19 | *
|
---|
| 20 | * Unless required by applicable law or agreed to in writing, software
|
---|
| 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
| 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
| 23 | * See the License for the specific language governing permissions and
|
---|
| 24 | * limitations under the License.
|
---|
| 25 | *
|
---|
| 26 | * This file is part of mbed TLS (https://tls.mbed.org)
|
---|
| 27 | *
|
---|
| 28 | */
|
---|
| 29 | #ifndef MBEDTLS_DES_H
|
---|
| 30 | #define MBEDTLS_DES_H
|
---|
| 31 |
|
---|
| 32 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
| 33 | #include "config.h"
|
---|
| 34 | #else
|
---|
| 35 | #include MBEDTLS_CONFIG_FILE
|
---|
| 36 | #endif
|
---|
| 37 |
|
---|
| 38 | #include <stddef.h>
|
---|
| 39 | #include <stdint.h>
|
---|
| 40 |
|
---|
| 41 | #define MBEDTLS_DES_ENCRYPT 1
|
---|
| 42 | #define MBEDTLS_DES_DECRYPT 0
|
---|
| 43 |
|
---|
| 44 | #define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */
|
---|
| 45 |
|
---|
| 46 | /* MBEDTLS_ERR_DES_HW_ACCEL_FAILED is deprecated and should not be used. */
|
---|
| 47 | #define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */
|
---|
| 48 |
|
---|
| 49 | #define MBEDTLS_DES_KEY_SIZE 8
|
---|
| 50 |
|
---|
| 51 | #ifdef __cplusplus
|
---|
| 52 | extern "C" {
|
---|
| 53 | #endif
|
---|
| 54 |
|
---|
| 55 | #if !defined(MBEDTLS_DES_ALT)
|
---|
| 56 | // Regular implementation
|
---|
| 57 | //
|
---|
| 58 |
|
---|
| 59 | /**
|
---|
| 60 | * \brief DES context structure
|
---|
| 61 | *
|
---|
| 62 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 63 | * security risk. We recommend considering stronger ciphers
|
---|
| 64 | * instead.
|
---|
| 65 | */
|
---|
| 66 | typedef struct mbedtls_des_context
|
---|
| 67 | {
|
---|
| 68 | uint32_t sk[32]; /*!< DES subkeys */
|
---|
| 69 | }
|
---|
| 70 | mbedtls_des_context;
|
---|
| 71 |
|
---|
| 72 | /**
|
---|
| 73 | * \brief Triple-DES context structure
|
---|
| 74 | */
|
---|
| 75 | typedef struct mbedtls_des3_context
|
---|
| 76 | {
|
---|
| 77 | uint32_t sk[96]; /*!< 3DES subkeys */
|
---|
| 78 | }
|
---|
| 79 | mbedtls_des3_context;
|
---|
| 80 |
|
---|
| 81 | #else /* MBEDTLS_DES_ALT */
|
---|
| 82 | #include "des_alt.h"
|
---|
| 83 | #endif /* MBEDTLS_DES_ALT */
|
---|
| 84 |
|
---|
| 85 | /**
|
---|
| 86 | * \brief Initialize DES context
|
---|
| 87 | *
|
---|
| 88 | * \param ctx DES context to be initialized
|
---|
| 89 | *
|
---|
| 90 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 91 | * security risk. We recommend considering stronger ciphers
|
---|
| 92 | * instead.
|
---|
| 93 | */
|
---|
| 94 | void mbedtls_des_init( mbedtls_des_context *ctx );
|
---|
| 95 |
|
---|
| 96 | /**
|
---|
| 97 | * \brief Clear DES context
|
---|
| 98 | *
|
---|
| 99 | * \param ctx DES context to be cleared
|
---|
| 100 | *
|
---|
| 101 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 102 | * security risk. We recommend considering stronger ciphers
|
---|
| 103 | * instead.
|
---|
| 104 | */
|
---|
| 105 | void mbedtls_des_free( mbedtls_des_context *ctx );
|
---|
| 106 |
|
---|
| 107 | /**
|
---|
| 108 | * \brief Initialize Triple-DES context
|
---|
| 109 | *
|
---|
| 110 | * \param ctx DES3 context to be initialized
|
---|
| 111 | */
|
---|
| 112 | void mbedtls_des3_init( mbedtls_des3_context *ctx );
|
---|
| 113 |
|
---|
| 114 | /**
|
---|
| 115 | * \brief Clear Triple-DES context
|
---|
| 116 | *
|
---|
| 117 | * \param ctx DES3 context to be cleared
|
---|
| 118 | */
|
---|
| 119 | void mbedtls_des3_free( mbedtls_des3_context *ctx );
|
---|
| 120 |
|
---|
| 121 | /**
|
---|
| 122 | * \brief Set key parity on the given key to odd.
|
---|
| 123 | *
|
---|
| 124 | * DES keys are 56 bits long, but each byte is padded with
|
---|
| 125 | * a parity bit to allow verification.
|
---|
| 126 | *
|
---|
| 127 | * \param key 8-byte secret key
|
---|
| 128 | *
|
---|
| 129 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 130 | * security risk. We recommend considering stronger ciphers
|
---|
| 131 | * instead.
|
---|
| 132 | */
|
---|
| 133 | void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
---|
| 134 |
|
---|
| 135 | /**
|
---|
| 136 | * \brief Check that key parity on the given key is odd.
|
---|
| 137 | *
|
---|
| 138 | * DES keys are 56 bits long, but each byte is padded with
|
---|
| 139 | * a parity bit to allow verification.
|
---|
| 140 | *
|
---|
| 141 | * \param key 8-byte secret key
|
---|
| 142 | *
|
---|
| 143 | * \return 0 is parity was ok, 1 if parity was not correct.
|
---|
| 144 | *
|
---|
| 145 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 146 | * security risk. We recommend considering stronger ciphers
|
---|
| 147 | * instead.
|
---|
| 148 | */
|
---|
| 149 | int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
---|
| 150 |
|
---|
| 151 | /**
|
---|
| 152 | * \brief Check that key is not a weak or semi-weak DES key
|
---|
| 153 | *
|
---|
| 154 | * \param key 8-byte secret key
|
---|
| 155 | *
|
---|
| 156 | * \return 0 if no weak key was found, 1 if a weak key was identified.
|
---|
| 157 | *
|
---|
| 158 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 159 | * security risk. We recommend considering stronger ciphers
|
---|
| 160 | * instead.
|
---|
| 161 | */
|
---|
| 162 | int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
---|
| 163 |
|
---|
| 164 | /**
|
---|
| 165 | * \brief DES key schedule (56-bit, encryption)
|
---|
| 166 | *
|
---|
| 167 | * \param ctx DES context to be initialized
|
---|
| 168 | * \param key 8-byte secret key
|
---|
| 169 | *
|
---|
| 170 | * \return 0
|
---|
| 171 | *
|
---|
| 172 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 173 | * security risk. We recommend considering stronger ciphers
|
---|
| 174 | * instead.
|
---|
| 175 | */
|
---|
| 176 | int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
---|
| 177 |
|
---|
| 178 | /**
|
---|
| 179 | * \brief DES key schedule (56-bit, decryption)
|
---|
| 180 | *
|
---|
| 181 | * \param ctx DES context to be initialized
|
---|
| 182 | * \param key 8-byte secret key
|
---|
| 183 | *
|
---|
| 184 | * \return 0
|
---|
| 185 | *
|
---|
| 186 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 187 | * security risk. We recommend considering stronger ciphers
|
---|
| 188 | * instead.
|
---|
| 189 | */
|
---|
| 190 | int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
---|
| 191 |
|
---|
| 192 | /**
|
---|
| 193 | * \brief Triple-DES key schedule (112-bit, encryption)
|
---|
| 194 | *
|
---|
| 195 | * \param ctx 3DES context to be initialized
|
---|
| 196 | * \param key 16-byte secret key
|
---|
| 197 | *
|
---|
| 198 | * \return 0
|
---|
| 199 | */
|
---|
| 200 | int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
|
---|
| 201 | const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
---|
| 202 |
|
---|
| 203 | /**
|
---|
| 204 | * \brief Triple-DES key schedule (112-bit, decryption)
|
---|
| 205 | *
|
---|
| 206 | * \param ctx 3DES context to be initialized
|
---|
| 207 | * \param key 16-byte secret key
|
---|
| 208 | *
|
---|
| 209 | * \return 0
|
---|
| 210 | */
|
---|
| 211 | int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
|
---|
| 212 | const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
---|
| 213 |
|
---|
| 214 | /**
|
---|
| 215 | * \brief Triple-DES key schedule (168-bit, encryption)
|
---|
| 216 | *
|
---|
| 217 | * \param ctx 3DES context to be initialized
|
---|
| 218 | * \param key 24-byte secret key
|
---|
| 219 | *
|
---|
| 220 | * \return 0
|
---|
| 221 | */
|
---|
| 222 | int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
|
---|
| 223 | const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
---|
| 224 |
|
---|
| 225 | /**
|
---|
| 226 | * \brief Triple-DES key schedule (168-bit, decryption)
|
---|
| 227 | *
|
---|
| 228 | * \param ctx 3DES context to be initialized
|
---|
| 229 | * \param key 24-byte secret key
|
---|
| 230 | *
|
---|
| 231 | * \return 0
|
---|
| 232 | */
|
---|
| 233 | int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
|
---|
| 234 | const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
---|
| 235 |
|
---|
| 236 | /**
|
---|
| 237 | * \brief DES-ECB block encryption/decryption
|
---|
| 238 | *
|
---|
| 239 | * \param ctx DES context
|
---|
| 240 | * \param input 64-bit input block
|
---|
| 241 | * \param output 64-bit output block
|
---|
| 242 | *
|
---|
| 243 | * \return 0 if successful
|
---|
| 244 | *
|
---|
| 245 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 246 | * security risk. We recommend considering stronger ciphers
|
---|
| 247 | * instead.
|
---|
| 248 | */
|
---|
| 249 | int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
---|
| 250 | const unsigned char input[8],
|
---|
| 251 | unsigned char output[8] );
|
---|
| 252 |
|
---|
| 253 | #if defined(MBEDTLS_CIPHER_MODE_CBC)
|
---|
| 254 | /**
|
---|
| 255 | * \brief DES-CBC buffer encryption/decryption
|
---|
| 256 | *
|
---|
| 257 | * \note Upon exit, the content of the IV is updated so that you can
|
---|
| 258 | * call the function same function again on the following
|
---|
| 259 | * block(s) of data and get the same result as if it was
|
---|
| 260 | * encrypted in one call. This allows a "streaming" usage.
|
---|
| 261 | * If on the other hand you need to retain the contents of the
|
---|
| 262 | * IV, you should either save it manually or use the cipher
|
---|
| 263 | * module instead.
|
---|
| 264 | *
|
---|
| 265 | * \param ctx DES context
|
---|
| 266 | * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
|
---|
| 267 | * \param length length of the input data
|
---|
| 268 | * \param iv initialization vector (updated after use)
|
---|
| 269 | * \param input buffer holding the input data
|
---|
| 270 | * \param output buffer holding the output data
|
---|
| 271 | *
|
---|
| 272 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 273 | * security risk. We recommend considering stronger ciphers
|
---|
| 274 | * instead.
|
---|
| 275 | */
|
---|
| 276 | int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
---|
| 277 | int mode,
|
---|
| 278 | size_t length,
|
---|
| 279 | unsigned char iv[8],
|
---|
| 280 | const unsigned char *input,
|
---|
| 281 | unsigned char *output );
|
---|
| 282 | #endif /* MBEDTLS_CIPHER_MODE_CBC */
|
---|
| 283 |
|
---|
| 284 | /**
|
---|
| 285 | * \brief 3DES-ECB block encryption/decryption
|
---|
| 286 | *
|
---|
| 287 | * \param ctx 3DES context
|
---|
| 288 | * \param input 64-bit input block
|
---|
| 289 | * \param output 64-bit output block
|
---|
| 290 | *
|
---|
| 291 | * \return 0 if successful
|
---|
| 292 | */
|
---|
| 293 | int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
---|
| 294 | const unsigned char input[8],
|
---|
| 295 | unsigned char output[8] );
|
---|
| 296 |
|
---|
| 297 | #if defined(MBEDTLS_CIPHER_MODE_CBC)
|
---|
| 298 | /**
|
---|
| 299 | * \brief 3DES-CBC buffer encryption/decryption
|
---|
| 300 | *
|
---|
| 301 | * \note Upon exit, the content of the IV is updated so that you can
|
---|
| 302 | * call the function same function again on the following
|
---|
| 303 | * block(s) of data and get the same result as if it was
|
---|
| 304 | * encrypted in one call. This allows a "streaming" usage.
|
---|
| 305 | * If on the other hand you need to retain the contents of the
|
---|
| 306 | * IV, you should either save it manually or use the cipher
|
---|
| 307 | * module instead.
|
---|
| 308 | *
|
---|
| 309 | * \param ctx 3DES context
|
---|
| 310 | * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
|
---|
| 311 | * \param length length of the input data
|
---|
| 312 | * \param iv initialization vector (updated after use)
|
---|
| 313 | * \param input buffer holding the input data
|
---|
| 314 | * \param output buffer holding the output data
|
---|
| 315 | *
|
---|
| 316 | * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
|
---|
| 317 | */
|
---|
| 318 | int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
---|
| 319 | int mode,
|
---|
| 320 | size_t length,
|
---|
| 321 | unsigned char iv[8],
|
---|
| 322 | const unsigned char *input,
|
---|
| 323 | unsigned char *output );
|
---|
| 324 | #endif /* MBEDTLS_CIPHER_MODE_CBC */
|
---|
| 325 |
|
---|
| 326 | /**
|
---|
| 327 | * \brief Internal function for key expansion.
|
---|
| 328 | * (Only exposed to allow overriding it,
|
---|
| 329 | * see MBEDTLS_DES_SETKEY_ALT)
|
---|
| 330 | *
|
---|
| 331 | * \param SK Round keys
|
---|
| 332 | * \param key Base key
|
---|
| 333 | *
|
---|
| 334 | * \warning DES is considered a weak cipher and its use constitutes a
|
---|
| 335 | * security risk. We recommend considering stronger ciphers
|
---|
| 336 | * instead.
|
---|
| 337 | */
|
---|
| 338 | void mbedtls_des_setkey( uint32_t SK[32],
|
---|
| 339 | const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
---|
| 340 |
|
---|
| 341 | #if defined(MBEDTLS_SELF_TEST)
|
---|
| 342 |
|
---|
| 343 | /**
|
---|
| 344 | * \brief Checkup routine
|
---|
| 345 | *
|
---|
| 346 | * \return 0 if successful, or 1 if the test failed
|
---|
| 347 | */
|
---|
| 348 | int mbedtls_des_self_test( int verbose );
|
---|
| 349 |
|
---|
| 350 | #endif /* MBEDTLS_SELF_TEST */
|
---|
| 351 |
|
---|
| 352 | #ifdef __cplusplus
|
---|
| 353 | }
|
---|
| 354 | #endif
|
---|
| 355 |
|
---|
| 356 | #endif /* des.h */
|
---|