File des.h

DES block cipher.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Defines

MBEDTLS_DES_ENCRYPT
MBEDTLS_DES_DECRYPT
MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH

The data input has an invalid length.

MBEDTLS_DES_KEY_SIZE

Typedefs

typedef struct mbedtls_des_context mbedtls_des_context

DES context structure.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

typedef struct mbedtls_des3_context mbedtls_des3_context

Triple-DES context structure.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Functions

void mbedtls_des_init(mbedtls_des_context *ctx)

Initialize DES context.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:

ctx – DES context to be initialized

void mbedtls_des_free(mbedtls_des_context *ctx)

Clear DES context.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:

ctx – DES context to be cleared

void mbedtls_des3_init(mbedtls_des3_context *ctx)

Initialize Triple-DES context.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:

ctx – DES3 context to be initialized

void mbedtls_des3_free(mbedtls_des3_context *ctx)

Clear Triple-DES context.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:

ctx – DES3 context to be cleared

void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])

Set key parity on the given key to odd.

            DES keys are 56 bits long, but each byte is padded with
            a parity bit to allow verification.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:

key – 8-byte secret key

int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE])

Check that key parity on the given key is odd.

            DES keys are 56 bits long, but each byte is padded with
            a parity bit to allow verification.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:

key – 8-byte secret key

Returns:

0 is parity was ok, 1 if parity was not correct.

int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE])

Check that key is not a weak or semi-weak DES key.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:

key – 8-byte secret key

Returns:

0 if no weak key was found, 1 if a weak key was identified.

int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])

DES key schedule (56-bit, encryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – DES context to be initialized

  • key – 8-byte secret key

Returns:

0

int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])

DES key schedule (56-bit, decryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – DES context to be initialized

  • key – 8-byte secret key

Returns:

0

int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])

Triple-DES key schedule (112-bit, encryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – 3DES context to be initialized

  • key – 16-byte secret key

Returns:

0

int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])

Triple-DES key schedule (112-bit, decryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – 3DES context to be initialized

  • key – 16-byte secret key

Returns:

0

int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])

Triple-DES key schedule (168-bit, encryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – 3DES context to be initialized

  • key – 24-byte secret key

Returns:

0

int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])

Triple-DES key schedule (168-bit, decryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – 3DES context to be initialized

  • key – 24-byte secret key

Returns:

0

int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, const unsigned char input[8], unsigned char output[8])

DES-ECB block encryption/decryption.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – DES context

  • input – 64-bit input block

  • output – 64-bit output block

Returns:

0 if successful

int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)

DES-CBC buffer encryption/decryption.

Note

Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a “streaming” usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – DES context

  • mode – MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT

  • length – length of the input data

  • iv – initialization vector (updated after use)

  • input – buffer holding the input data

  • output – buffer holding the output data

int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, const unsigned char input[8], unsigned char output[8])

3DES-ECB block encryption/decryption

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – 3DES context

  • input – 64-bit input block

  • output – 64-bit output block

Returns:

0 if successful

int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)

3DES-CBC buffer encryption/decryption

Note

Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a “streaming” usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters:
  • ctx – 3DES context

  • mode – MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT

  • length – length of the input data

  • iv – initialization vector (updated after use)

  • input – buffer holding the input data

  • output – buffer holding the output data

Returns:

0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH

int mbedtls_des_self_test(int verbose)

Checkup routine.

Returns:

0 if successful, or 1 if the test failed

struct mbedtls_des_context
#include <des.h>

DES context structure.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Public Members

uint32_t private_sk[32]

DES subkeys

struct mbedtls_des3_context
#include <des.h>

Triple-DES context structure.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Public Members

uint32_t private_sk[96]

3DES subkeys