TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c0eabdc63657f784dee45167b010534cd3924cfa / . / include / mbedtls / des.h
blob: b1c2eead7432d4834e4df1f06d517fc4564fe5df [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/**
2 * \file des.h
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]3 *
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000[diff] [blame]4 * \brief DES block cipher
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]5 *
6 * \warning DES is considered a weak cipher and its use constitutes a
7 * security risk. We recommend considering stronger ciphers
8 * instead.
Darryl Greena40a1012018-01-05 15:33:17 +0000[diff] [blame]9 */
10/*
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]11 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]12 * SPDX-License-Identifier: Apache-2.0
13 *
14 * Licensed under the Apache License, Version 2.0 (the "License"); you may
15 * not use this file except in compliance with the License.
16 * You may obtain a copy of the License at
17 *
18 * http://www.apache.org/licenses/LICENSE-2.0
19 *
20 * Unless required by applicable law or agreed to in writing, software
21 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
22 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23 * See the License for the specific language governing permissions and
24 * limitations under the License.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]25 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]26 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]27#ifndef MBEDTLS_DES_H
28#define MBEDTLS_DES_H
Mateusz Starzyk846f0212021-05-19 19:44:07 +0200[diff] [blame]29#include "mbedtls/private_access.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]30
Bence Szépkútic662b362021-05-27 11:25:03 +0200[diff] [blame]31#include "mbedtls/build_info.h"
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]32
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]33#include <stddef.h>
Manuel Pégourié-Gonnardab229102015-04-15 11:53:16 +0200[diff] [blame]34#include <stdint.h>
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]35
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]36#define MBEDTLS_DES_ENCRYPT 1
37#define MBEDTLS_DES_DECRYPT 0
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38
Gilles Peskined2971572021-07-26 18:48:10 +0200[diff] [blame]39/** The data input has an invalid length. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]40#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032
Ron Eldor9924bdc2018-10-04 10:59:13 +0300[diff] [blame]41
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]42#define MBEDTLS_DES_KEY_SIZE 8
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]43
Paul Bakker407a0da2013-06-27 14:29:21 +0200[diff] [blame]44#ifdef __cplusplus
45extern "C" {
46#endif
47
Ron Eldorb2aacec2017-05-18 16:53:08 +0300[diff] [blame]48#if !defined(MBEDTLS_DES_ALT)
49// Regular implementation
50//
51
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]52/**
53 * \brief DES context structure
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]54 *
55 * \warning DES is considered a weak cipher and its use constitutes a
56 * security risk. We recommend considering stronger ciphers
57 * instead.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]58 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]59typedef struct mbedtls_des_context {
60 uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
61} mbedtls_des_context;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]62
63/**
64 * \brief Triple-DES context structure
65 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]66typedef struct mbedtls_des3_context {
67 uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
68} mbedtls_des3_context;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]69
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]70#else /* MBEDTLS_DES_ALT */
71# include "des_alt.h"
Ron Eldor05d0e512018-04-16 17:40:04 +0300[diff] [blame]72#endif /* MBEDTLS_DES_ALT */
73
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]74/**
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]75 * \brief Initialize DES context
76 *
77 * \param ctx DES context to be initialized
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]78 *
79 * \warning DES is considered a weak cipher and its use constitutes a
80 * security risk. We recommend considering stronger ciphers
81 * instead.
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]82 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]83void mbedtls_des_init(mbedtls_des_context *ctx);
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]84
85/**
86 * \brief Clear DES context
87 *
88 * \param ctx DES context to be cleared
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]89 *
90 * \warning DES is considered a weak cipher and its use constitutes a
91 * security risk. We recommend considering stronger ciphers
92 * instead.
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]93 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]94void mbedtls_des_free(mbedtls_des_context *ctx);
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]95
96/**
97 * \brief Initialize Triple-DES context
98 *
99 * \param ctx DES3 context to be initialized
100 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]101void mbedtls_des3_init(mbedtls_des3_context *ctx);
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]102
103/**
104 * \brief Clear Triple-DES context
105 *
106 * \param ctx DES3 context to be cleared
107 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]108void mbedtls_des3_free(mbedtls_des3_context *ctx);
Paul Bakkerc7ea99a2014-06-18 11:12:03 +0200[diff] [blame]109
110/**
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]111 * \brief Set key parity on the given key to odd.
112 *
113 * DES keys are 56 bits long, but each byte is padded with
114 * a parity bit to allow verification.
115 *
116 * \param key 8-byte secret key
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]117 *
118 * \warning DES is considered a weak cipher and its use constitutes a
119 * security risk. We recommend considering stronger ciphers
120 * instead.
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]121 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]122void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]);
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]123
124/**
125 * \brief Check that key parity on the given key is odd.
126 *
127 * DES keys are 56 bits long, but each byte is padded with
128 * a parity bit to allow verification.
129 *
130 * \param key 8-byte secret key
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]131 *
132 * \return 0 is parity was ok, 1 if parity was not correct.
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]133 *
134 * \warning DES is considered a weak cipher and its use constitutes a
135 * security risk. We recommend considering stronger ciphers
136 * instead.
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]137 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]138int mbedtls_des_key_check_key_parity(
139 const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]140
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]141/**
142 * \brief Check that key is not a weak or semi-weak DES key
143 *
144 * \param key 8-byte secret key
Paul Bakker73206952011-07-06 14:37:33 +0000[diff] [blame]145 *
Paul Bakker4793cc42011-08-17 09:40:55 +0000[diff] [blame]146 * \return 0 if no weak key was found, 1 if a weak key was identified.
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]147 *
148 * \warning DES is considered a weak cipher and its use constitutes a
149 * security risk. We recommend considering stronger ciphers
150 * instead.
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]151 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]152int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
Paul Bakker1f87fb62011-01-15 17:32:24 +0000[diff] [blame]153
154/**
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]155 * \brief DES key schedule (56-bit, encryption)
156 *
157 * \param ctx DES context to be initialized
158 * \param key 8-byte secret key
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]159 *
160 * \return 0
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]161 *
162 * \warning DES is considered a weak cipher and its use constitutes a
163 * security risk. We recommend considering stronger ciphers
164 * instead.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]165 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]166int mbedtls_des_setkey_enc(mbedtls_des_context *ctx,
167 const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]168
169/**
170 * \brief DES key schedule (56-bit, decryption)
171 *
172 * \param ctx DES context to be initialized
173 * \param key 8-byte secret key
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]174 *
175 * \return 0
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]176 *
177 * \warning DES is considered a weak cipher and its use constitutes a
178 * security risk. We recommend considering stronger ciphers
179 * instead.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]180 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]181int mbedtls_des_setkey_dec(mbedtls_des_context *ctx,
182 const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]183
184/**
185 * \brief Triple-DES key schedule (112-bit, encryption)
186 *
187 * \param ctx 3DES context to be initialized
188 * \param key 16-byte secret key
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]189 *
190 * \return 0
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]191 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]192int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
193 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]194
195/**
196 * \brief Triple-DES key schedule (112-bit, decryption)
197 *
198 * \param ctx 3DES context to be initialized
199 * \param key 16-byte secret key
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]200 *
201 * \return 0
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]202 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]203int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
204 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]205
206/**
207 * \brief Triple-DES key schedule (168-bit, encryption)
208 *
209 * \param ctx 3DES context to be initialized
210 * \param key 24-byte secret key
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]211 *
212 * \return 0
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]213 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]214int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
215 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]216
217/**
218 * \brief Triple-DES key schedule (168-bit, decryption)
219 *
220 * \param ctx 3DES context to be initialized
221 * \param key 24-byte secret key
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]222 *
223 * \return 0
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]224 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]225int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
226 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]227
228/**
229 * \brief DES-ECB block encryption/decryption
230 *
231 * \param ctx DES context
232 * \param input 64-bit input block
233 * \param output 64-bit output block
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]234 *
Paul Bakker27caa8a2010-03-21 15:43:59 +0000[diff] [blame]235 * \return 0 if successful
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]236 *
237 * \warning DES is considered a weak cipher and its use constitutes a
238 * security risk. We recommend considering stronger ciphers
239 * instead.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]240 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]241int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
242 const unsigned char input[8],
243 unsigned char output[8]);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]244
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]245#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]246/**
247 * \brief DES-CBC buffer encryption/decryption
248 *
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000[diff] [blame]249 * \note Upon exit, the content of the IV is updated so that you can
250 * call the function same function again on the following
251 * block(s) of data and get the same result as if it was
252 * encrypted in one call. This allows a "streaming" usage.
253 * If on the other hand you need to retain the contents of the
254 * IV, you should either save it manually or use the cipher
255 * module instead.
256 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]257 * \param ctx DES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]258 * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]259 * \param length length of the input data
260 * \param iv initialization vector (updated after use)
261 * \param input buffer holding the input data
262 * \param output buffer holding the output data
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]263 *
264 * \warning DES is considered a weak cipher and its use constitutes a
265 * security risk. We recommend considering stronger ciphers
266 * instead.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]267 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]268int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
269 int mode,
270 size_t length,
271 unsigned char iv[8],
272 const unsigned char *input,
273 unsigned char *output);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]274#endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]275
276/**
277 * \brief 3DES-ECB block encryption/decryption
278 *
279 * \param ctx 3DES context
280 * \param input 64-bit input block
281 * \param output 64-bit output block
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]282 *
Paul Bakker27caa8a2010-03-21 15:43:59 +0000[diff] [blame]283 * \return 0 if successful
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]284 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]285int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
286 const unsigned char input[8],
287 unsigned char output[8]);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]288
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290/**
291 * \brief 3DES-CBC buffer encryption/decryption
292 *
Manuel Pégourié-Gonnard2be147a2015-01-23 16:19:47 +0000[diff] [blame]293 * \note Upon exit, the content of the IV is updated so that you can
294 * call the function same function again on the following
295 * block(s) of data and get the same result as if it was
296 * encrypted in one call. This allows a "streaming" usage.
297 * If on the other hand you need to retain the contents of the
298 * IV, you should either save it manually or use the cipher
299 * module instead.
300 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]301 * \param ctx 3DES context
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]302 * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]303 * \param length length of the input data
304 * \param iv initialization vector (updated after use)
305 * \param input buffer holding the input data
306 * \param output buffer holding the output data
Paul Bakkerf3ccc682010-03-18 21:21:02 +0000[diff] [blame]307 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]308 * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]309 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]310int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
311 int mode,
312 size_t length,
313 unsigned char iv[8],
314 const unsigned char *input,
315 unsigned char *output);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]316#endif /* MBEDTLS_CIPHER_MODE_CBC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]317
Manuel Pégourié-Gonnard70a50102015-05-12 15:02:45 +0200[diff] [blame]318/**
319 * \brief Internal function for key expansion.
320 * (Only exposed to allow overriding it,
321 * see MBEDTLS_DES_SETKEY_ALT)
322 *
323 * \param SK Round keys
324 * \param key Base key
Hanno Beckerbbca8c52017-09-25 14:53:51 +0100[diff] [blame]325 *
326 * \warning DES is considered a weak cipher and its use constitutes a
327 * security risk. We recommend considering stronger ciphers
328 * instead.
Manuel Pégourié-Gonnard70a50102015-05-12 15:02:45 +0200[diff] [blame]329 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]330void mbedtls_des_setkey(uint32_t SK[32],
331 const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]332
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]333#if defined(MBEDTLS_SELF_TEST)
334
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame]335/**
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]336 * \brief Checkup routine
337 *
338 * \return 0 if successful, or 1 if the test failed
339 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]340int mbedtls_des_self_test(int verbose);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]342#endif /* MBEDTLS_SELF_TEST */
343
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]344#ifdef __cplusplus
345}
346#endif
347
348#endif /* des.h */