File des.h

DES block cipher.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Defines

MBEDTLS_DES_ENCRYPT

MBEDTLS_DES_DECRYPT

MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH: The data input has an invalid length.

MBEDTLS_DES_KEY_SIZE

Functions

void mbedtls_des_init(mbedtls_des_context *ctx)

Initialize DES context.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters: ctx – DES context to be initialized

void mbedtls_des_free(mbedtls_des_context *ctx)

Clear DES context.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters: ctx – DES context to be cleared

void mbedtls_des3_init(mbedtls_des3_context *ctx)

Initialize Triple-DES context.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters: ctx – DES3 context to be initialized

void mbedtls_des3_free(mbedtls_des3_context *ctx)

Clear Triple-DES context.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters: ctx – DES3 context to be cleared

void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])

Set key parity on the given key to odd.

            DES keys are 56 bits long, but each byte is padded with
            a parity bit to allow verification.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters: key – 8-byte secret key

int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE])

Check that key parity on the given key is odd.

            DES keys are 56 bits long, but each byte is padded with
            a parity bit to allow verification.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters: key – 8-byte secret key
Returns: 0 is parity was ok, 1 if parity was not correct.

int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE])

Check that key is not a weak or semi-weak DES key.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters: key – 8-byte secret key
Returns: 0 if no weak key was found, 1 if a weak key was identified.

int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])

DES key schedule (56-bit, encryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – DES context to be initialized
key – 8-byte secret key

Returns

0

int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])

DES key schedule (56-bit, decryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – DES context to be initialized
key – 8-byte secret key

Returns

0

int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])

Triple-DES key schedule (112-bit, encryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – 3DES context to be initialized
key – 16-byte secret key

Returns

0

int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])

Triple-DES key schedule (112-bit, decryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – 3DES context to be initialized
key – 16-byte secret key

Returns

0

int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])

Triple-DES key schedule (168-bit, encryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – 3DES context to be initialized
key – 24-byte secret key

Returns

0

int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])

Triple-DES key schedule (168-bit, decryption)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – 3DES context to be initialized
key – 24-byte secret key

Returns

0

int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, const unsigned char input[8], unsigned char output[8])

DES-ECB block encryption/decryption.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – DES context
input – 64-bit input block
output – 64-bit output block

Returns

0 if successful

int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)

DES-CBC buffer encryption/decryption.

Note

Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a “streaming” usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – DES context
mode – MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
length – length of the input data
iv – initialization vector (updated after use)
input – buffer holding the input data
output – buffer holding the output data

int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, const unsigned char input[8], unsigned char output[8])

3DES-ECB block encryption/decryption

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – 3DES context
input – 64-bit input block
output – 64-bit output block

Returns

0 if successful

int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, int mode, size_t length, unsigned char iv[8], const unsigned char *input, unsigned char *output)

3DES-CBC buffer encryption/decryption

Note

Upon exit, the content of the IV is updated so that you can call the function same function again on the following block(s) of data and get the same result as if it was encrypted in one call. This allows a “streaming” usage. If on the other hand you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

ctx – 3DES context
mode – MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
length – length of the input data
iv – initialization vector (updated after use)
input – buffer holding the input data
output – buffer holding the output data

Returns

0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH

void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE])

Internal function for key expansion. (Only exposed to allow overriding it, see MBEDTLS_DES_SETKEY_ALT)

Warning

DES/3DES are considered weak ciphers and their use constitutes a security risk. We recommend considering stronger ciphers instead.

Parameters

SK – Round keys
key – Base key

int mbedtls_des_self_test(int verbose)

Checkup routine.

Returns: 0 if successful, or 1 if the test failed