1 // Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef OPENSSL_HEADER_DES_H
16 #define OPENSSL_HEADER_DES_H
17 
18 #include <openssl/base.h>   // IWYU pragma: export
19 
20 #if defined(__cplusplus)
21 extern "C" {
22 #endif
23 
24 
25 // DES.
26 //
27 // This module is deprecated and retained for legacy reasons only. It is slow
28 // and may leak key material with timing or cache side channels. Moreover,
29 // single-keyed DES is broken and can be brute-forced in under a day.
30 //
31 // Use a modern cipher, such as AES-GCM or ChaCha20-Poly1305, instead.
32 
33 
34 typedef struct DES_cblock_st {
35   uint8_t bytes[8];
36 } DES_cblock;
37 
38 typedef struct DES_ks {
39   uint32_t subkeys[16][2];
40 } DES_key_schedule;
41 
42 
43 #define DES_KEY_SZ (sizeof(DES_cblock))
44 #define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
45 
46 #define DES_ENCRYPT 1
47 #define DES_DECRYPT 0
48 
49 #define DES_CBC_MODE 0
50 #define DES_PCBC_MODE 1
51 
52 // DES_set_key performs a key schedule and initialises |schedule| with |key|.
53 OPENSSL_EXPORT void DES_set_key(const DES_cblock *key,
54                                 DES_key_schedule *schedule);
55 
56 // DES_set_odd_parity sets the parity bits (the least-significant bits in each
57 // byte) of |key| given the other bits in each byte.
58 OPENSSL_EXPORT void DES_set_odd_parity(DES_cblock *key);
59 
60 // DES_ecb_encrypt encrypts (or decrypts, if |is_encrypt| is |DES_DECRYPT|) a
61 // single DES block (8 bytes) from in to out, using the key configured in
62 // |schedule|.
63 OPENSSL_EXPORT void DES_ecb_encrypt(const DES_cblock *in, DES_cblock *out,
64                                     const DES_key_schedule *schedule,
65                                     int is_encrypt);
66 
67 // DES_ncbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
68 // bytes from |in| to |out| with DES in CBC mode.
69 OPENSSL_EXPORT void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out,
70                                      size_t len,
71                                      const DES_key_schedule *schedule,
72                                      DES_cblock *ivec, int enc);
73 
74 // DES_ecb3_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) a single
75 // block (8 bytes) of data from |input| to |output| using 3DES.
76 OPENSSL_EXPORT void DES_ecb3_encrypt(const DES_cblock *input,
77                                      DES_cblock *output,
78                                      const DES_key_schedule *ks1,
79                                      const DES_key_schedule *ks2,
80                                      const DES_key_schedule *ks3,
81                                      int enc);
82 
83 // DES_ede3_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
84 // bytes from |in| to |out| with 3DES in CBC mode. 3DES uses three keys, thus
85 // the function takes three different |DES_key_schedule|s.
86 OPENSSL_EXPORT void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out,
87                                          size_t len,
88                                          const DES_key_schedule *ks1,
89                                          const DES_key_schedule *ks2,
90                                          const DES_key_schedule *ks3,
91                                          DES_cblock *ivec, int enc);
92 
93 // DES_ede2_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
94 // bytes from |in| to |out| with 3DES in CBC mode. With this keying option, the
95 // first and third 3DES keys are identical. Thus, this function takes only two
96 // different |DES_key_schedule|s.
97 OPENSSL_EXPORT void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out,
98                                          size_t len,
99                                          const DES_key_schedule *ks1,
100                                          const DES_key_schedule *ks2,
101                                          DES_cblock *ivec, int enc);
102 
103 
104 // Deprecated functions.
105 
106 // DES_set_key_unchecked calls |DES_set_key|.
107 OPENSSL_EXPORT void DES_set_key_unchecked(const DES_cblock *key,
108                                           DES_key_schedule *schedule);
109 
110 OPENSSL_EXPORT void DES_ede3_cfb64_encrypt(const uint8_t *in, uint8_t *out,
111                                            long length, DES_key_schedule *ks1,
112                                            DES_key_schedule *ks2,
113                                            DES_key_schedule *ks3,
114                                            DES_cblock *ivec, int *num, int enc);
115 
116 OPENSSL_EXPORT void DES_ede3_cfb_encrypt(const uint8_t *in, uint8_t *out,
117                                          int numbits, long length,
118                                          DES_key_schedule *ks1,
119                                          DES_key_schedule *ks2,
120                                          DES_key_schedule *ks3,
121                                          DES_cblock *ivec, int enc);
122 
123 
124 #if defined(__cplusplus)
125 }  // extern C
126 #endif
127 
128 #endif  // OPENSSL_HEADER_DES_H
129