Embed:
(wiki syntax)
Show/hide line numbers
des.h
00001 /** 00002 * \file des.h 00003 * 00004 * \brief DES block cipher 00005 * 00006 * \warning DES is considered a weak cipher and its use constitutes a 00007 * security risk. We recommend considering stronger ciphers 00008 * instead. 00009 */ 00010 /* 00011 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00012 * SPDX-License-Identifier: Apache-2.0 00013 * 00014 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00015 * not use this file except in compliance with the License. 00016 * You may obtain a copy of the License at 00017 * 00018 * http://www.apache.org/licenses/LICENSE-2.0 00019 * 00020 * Unless required by applicable law or agreed to in writing, software 00021 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00022 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00023 * See the License for the specific language governing permissions and 00024 * limitations under the License. 00025 * 00026 * This file is part of mbed TLS (https://tls.mbed.org) 00027 * 00028 */ 00029 #ifndef MBEDTLS_DES_H 00030 #define MBEDTLS_DES_H 00031 00032 #if !defined(MBEDTLS_CONFIG_FILE) 00033 #include "config.h" 00034 #else 00035 #include MBEDTLS_CONFIG_FILE 00036 #endif 00037 00038 #include <stddef.h> 00039 #include <stdint.h> 00040 00041 #define MBEDTLS_DES_ENCRYPT 1 00042 #define MBEDTLS_DES_DECRYPT 0 00043 00044 #define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */ 00045 #define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */ 00046 00047 #define MBEDTLS_DES_KEY_SIZE 8 00048 00049 #if !defined(MBEDTLS_DES_ALT) 00050 // Regular implementation 00051 // 00052 00053 #ifdef __cplusplus 00054 extern "C" { 00055 #endif 00056 00057 /** 00058 * \brief DES context structure 00059 * 00060 * \warning DES is considered a weak cipher and its use constitutes a 00061 * security risk. We recommend considering stronger ciphers 00062 * instead. 00063 */ 00064 typedef struct 00065 { 00066 uint32_t sk[32]; /*!< DES subkeys */ 00067 } 00068 mbedtls_des_context; 00069 00070 /** 00071 * \brief Triple-DES context structure 00072 */ 00073 typedef struct 00074 { 00075 uint32_t sk[96]; /*!< 3DES subkeys */ 00076 } 00077 mbedtls_des3_context; 00078 00079 /** 00080 * \brief Initialize DES context 00081 * 00082 * \param ctx DES context to be initialized 00083 * 00084 * \warning DES is considered a weak cipher and its use constitutes a 00085 * security risk. We recommend considering stronger ciphers 00086 * instead. 00087 */ 00088 void mbedtls_des_init( mbedtls_des_context *ctx ); 00089 00090 /** 00091 * \brief Clear DES context 00092 * 00093 * \param ctx DES context to be cleared 00094 * 00095 * \warning DES is considered a weak cipher and its use constitutes a 00096 * security risk. We recommend considering stronger ciphers 00097 * instead. 00098 */ 00099 void mbedtls_des_free( mbedtls_des_context *ctx ); 00100 00101 /** 00102 * \brief Initialize Triple-DES context 00103 * 00104 * \param ctx DES3 context to be initialized 00105 */ 00106 void mbedtls_des3_init( mbedtls_des3_context *ctx ); 00107 00108 /** 00109 * \brief Clear Triple-DES context 00110 * 00111 * \param ctx DES3 context to be cleared 00112 */ 00113 void mbedtls_des3_free( mbedtls_des3_context *ctx ); 00114 00115 /** 00116 * \brief Set key parity on the given key to odd. 00117 * 00118 * DES keys are 56 bits long, but each byte is padded with 00119 * a parity bit to allow verification. 00120 * 00121 * \param key 8-byte secret key 00122 * 00123 * \warning DES is considered a weak cipher and its use constitutes a 00124 * security risk. We recommend considering stronger ciphers 00125 * instead. 00126 */ 00127 void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ); 00128 00129 /** 00130 * \brief Check that key parity on the given key is odd. 00131 * 00132 * DES keys are 56 bits long, but each byte is padded with 00133 * a parity bit to allow verification. 00134 * 00135 * \param key 8-byte secret key 00136 * 00137 * \return 0 is parity was ok, 1 if parity was not correct. 00138 * 00139 * \warning DES is considered a weak cipher and its use constitutes a 00140 * security risk. We recommend considering stronger ciphers 00141 * instead. 00142 */ 00143 int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); 00144 00145 /** 00146 * \brief Check that key is not a weak or semi-weak DES key 00147 * 00148 * \param key 8-byte secret key 00149 * 00150 * \return 0 if no weak key was found, 1 if a weak key was identified. 00151 * 00152 * \warning DES is considered a weak cipher and its use constitutes a 00153 * security risk. We recommend considering stronger ciphers 00154 * instead. 00155 */ 00156 int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); 00157 00158 /** 00159 * \brief DES key schedule (56-bit, encryption) 00160 * 00161 * \param ctx DES context to be initialized 00162 * \param key 8-byte secret key 00163 * 00164 * \return 0 00165 * 00166 * \warning DES is considered a weak cipher and its use constitutes a 00167 * security risk. We recommend considering stronger ciphers 00168 * instead. 00169 */ 00170 int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); 00171 00172 /** 00173 * \brief DES key schedule (56-bit, decryption) 00174 * 00175 * \param ctx DES context to be initialized 00176 * \param key 8-byte secret key 00177 * 00178 * \return 0 00179 * 00180 * \warning DES is considered a weak cipher and its use constitutes a 00181 * security risk. We recommend considering stronger ciphers 00182 * instead. 00183 */ 00184 int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); 00185 00186 /** 00187 * \brief Triple-DES key schedule (112-bit, encryption) 00188 * 00189 * \param ctx 3DES context to be initialized 00190 * \param key 16-byte secret key 00191 * 00192 * \return 0 00193 */ 00194 int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, 00195 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); 00196 00197 /** 00198 * \brief Triple-DES key schedule (112-bit, decryption) 00199 * 00200 * \param ctx 3DES context to be initialized 00201 * \param key 16-byte secret key 00202 * 00203 * \return 0 00204 */ 00205 int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, 00206 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); 00207 00208 /** 00209 * \brief Triple-DES key schedule (168-bit, encryption) 00210 * 00211 * \param ctx 3DES context to be initialized 00212 * \param key 24-byte secret key 00213 * 00214 * \return 0 00215 */ 00216 int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, 00217 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); 00218 00219 /** 00220 * \brief Triple-DES key schedule (168-bit, decryption) 00221 * 00222 * \param ctx 3DES context to be initialized 00223 * \param key 24-byte secret key 00224 * 00225 * \return 0 00226 */ 00227 int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, 00228 const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); 00229 00230 /** 00231 * \brief DES-ECB block encryption/decryption 00232 * 00233 * \param ctx DES context 00234 * \param input 64-bit input block 00235 * \param output 64-bit output block 00236 * 00237 * \return 0 if successful 00238 * 00239 * \warning DES is considered a weak cipher and its use constitutes a 00240 * security risk. We recommend considering stronger ciphers 00241 * instead. 00242 */ 00243 int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, 00244 const unsigned char input[8], 00245 unsigned char output[8] ); 00246 00247 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00248 /** 00249 * \brief DES-CBC buffer encryption/decryption 00250 * 00251 * \note Upon exit, the content of the IV is updated so that you can 00252 * call the function same function again on the following 00253 * block(s) of data and get the same result as if it was 00254 * encrypted in one call. This allows a "streaming" usage. 00255 * If on the other hand you need to retain the contents of the 00256 * IV, you should either save it manually or use the cipher 00257 * module instead. 00258 * 00259 * \param ctx DES context 00260 * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT 00261 * \param length length of the input data 00262 * \param iv initialization vector (updated after use) 00263 * \param input buffer holding the input data 00264 * \param output buffer holding the output data 00265 * 00266 * \warning DES is considered a weak cipher and its use constitutes a 00267 * security risk. We recommend considering stronger ciphers 00268 * instead. 00269 */ 00270 int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, 00271 int mode, 00272 size_t length, 00273 unsigned char iv[8], 00274 const unsigned char *input, 00275 unsigned char *output ); 00276 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00277 00278 /** 00279 * \brief 3DES-ECB block encryption/decryption 00280 * 00281 * \param ctx 3DES context 00282 * \param input 64-bit input block 00283 * \param output 64-bit output block 00284 * 00285 * \return 0 if successful 00286 */ 00287 int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, 00288 const unsigned char input[8], 00289 unsigned char output[8] ); 00290 00291 #if defined(MBEDTLS_CIPHER_MODE_CBC) 00292 /** 00293 * \brief 3DES-CBC buffer encryption/decryption 00294 * 00295 * \note Upon exit, the content of the IV is updated so that you can 00296 * call the function same function again on the following 00297 * block(s) of data and get the same result as if it was 00298 * encrypted in one call. This allows a "streaming" usage. 00299 * If on the other hand you need to retain the contents of the 00300 * IV, you should either save it manually or use the cipher 00301 * module instead. 00302 * 00303 * \param ctx 3DES context 00304 * \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT 00305 * \param length length of the input data 00306 * \param iv initialization vector (updated after use) 00307 * \param input buffer holding the input data 00308 * \param output buffer holding the output data 00309 * 00310 * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH 00311 */ 00312 int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, 00313 int mode, 00314 size_t length, 00315 unsigned char iv[8], 00316 const unsigned char *input, 00317 unsigned char *output ); 00318 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 00319 00320 /** 00321 * \brief Internal function for key expansion. 00322 * (Only exposed to allow overriding it, 00323 * see MBEDTLS_DES_SETKEY_ALT) 00324 * 00325 * \param SK Round keys 00326 * \param key Base key 00327 * 00328 * \warning DES is considered a weak cipher and its use constitutes a 00329 * security risk. We recommend considering stronger ciphers 00330 * instead. 00331 */ 00332 void mbedtls_des_setkey( uint32_t SK[32], 00333 const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); 00334 #ifdef __cplusplus 00335 } 00336 #endif 00337 00338 #else /* MBEDTLS_DES_ALT */ 00339 #include "des_alt.h" 00340 #endif /* MBEDTLS_DES_ALT */ 00341 00342 #ifdef __cplusplus 00343 extern "C" { 00344 #endif 00345 00346 /** 00347 * \brief Checkup routine 00348 * 00349 * \return 0 if successful, or 1 if the test failed 00350 */ 00351 int mbedtls_des_self_test( int verbose ); 00352 00353 #ifdef __cplusplus 00354 } 00355 #endif 00356 00357 #endif /* des.h */
Generated on Tue Jul 12 2022 12:21:48 by
1.7.2