lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-10 05:03:02 +03:00
Code Activity

Improve warnings for DES/3DES

Browse Source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman
2023-02-02 10:47:58 +00:00
parent 45379cbe6b
commit b43d5e7aa7
2 changed files with 49 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/config.h
View File

@@ -2765,7 +2765,7 @@
* *
* PEM_PARSE uses DES/3DES for decrypting encrypted keys. * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers instead. * security risk. We recommend considering stronger ciphers instead.
*/ */
#define MBEDTLS_DES_C #define MBEDTLS_DES_C

60
include/mbedtls/des.h
View File

@@ -3,7 +3,7 @@
* *
* \brief DES block cipher * \brief DES block cipher
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -60,7 +60,7 @@ extern "C" {
/** /**
* \brief DES context structure * \brief DES context structure
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -71,6 +71,10 @@ mbedtls_des_context;
/** /**
* \brief Triple-DES context structure * \brief Triple-DES context structure
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/ */
typedef struct mbedtls_des3_context { typedef struct mbedtls_des3_context {
uint32_t sk[96]; /*!< 3DES subkeys */ uint32_t sk[96]; /*!< 3DES subkeys */
@@ -86,7 +90,7 @@ mbedtls_des3_context;
* *
* \param ctx DES context to be initialized * \param ctx DES context to be initialized
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -97,7 +101,7 @@ void mbedtls_des_init(mbedtls_des_context *ctx);
* *
* \param ctx DES context to be cleared * \param ctx DES context to be cleared
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -107,6 +111,10 @@ void mbedtls_des_free(mbedtls_des_context *ctx);
* \brief Initialize Triple-DES context * \brief Initialize Triple-DES context
* *
* \param ctx DES3 context to be initialized * \param ctx DES3 context to be initialized
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/ */
void mbedtls_des3_init(mbedtls_des3_context *ctx); void mbedtls_des3_init(mbedtls_des3_context *ctx);
@@ -114,6 +122,10 @@ void mbedtls_des3_init(mbedtls_des3_context *ctx);
* \brief Clear Triple-DES context * \brief Clear Triple-DES context
* *
* \param ctx DES3 context to be cleared * \param ctx DES3 context to be cleared
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/ */
void mbedtls_des3_free(mbedtls_des3_context *ctx); void mbedtls_des3_free(mbedtls_des3_context *ctx);
@@ -125,7 +137,7 @@ void mbedtls_des3_free(mbedtls_des3_context *ctx);
* *
* \param key 8-byte secret key * \param key 8-byte secret key
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -141,7 +153,7 @@ void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]);
* *
* \return 0 is parity was ok, 1 if parity was not correct. * \return 0 is parity was ok, 1 if parity was not correct.
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -155,7 +167,7 @@ int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZ
* *
* \return 0 if no weak key was found, 1 if a weak key was identified. * \return 0 if no weak key was found, 1 if a weak key was identified.
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -170,7 +182,7 @@ int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
* *
* \return 0 * \return 0
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -185,7 +197,7 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE
* *
* \return 0 * \return 0
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -199,6 +211,10 @@ int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBE
* \param key 16-byte secret key * \param key 16-byte secret key
* *
* \return 0 * \return 0
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/ */
MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
@@ -211,6 +227,10 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
* \param key 16-byte secret key * \param key 16-byte secret key
* *
* \return 0 * \return 0
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/ */
MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
@@ -223,6 +243,10 @@ int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
* \param key 24-byte secret key * \param key 24-byte secret key
* *
* \return 0 * \return 0
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/ */
MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
@@ -235,6 +259,10 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
* \param key 24-byte secret key * \param key 24-byte secret key
* *
* \return 0 * \return 0
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/ */
MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
@@ -249,7 +277,7 @@ int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
* *
* \return 0 if successful * \return 0 if successful
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -277,7 +305,7 @@ int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */
@@ -298,6 +326,10 @@ int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
* \param output 64-bit output block * \param output 64-bit output block
* *
* \return 0 if successful * \return 0 if successful
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/ */
MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
@@ -324,6 +356,10 @@ int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
*
* \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/ */
MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
@@ -342,7 +378,7 @@ int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
* \param SK Round keys * \param SK Round keys
* \param key Base key * \param key Base key
* *
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers * security risk. We recommend considering stronger ciphers
* instead. * instead.
*/ */