From c04515b83cce98517183812fd52404b2f0771f23 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Feb 2023 10:47:58 +0000 Subject: [PATCH 1/3] Improve warnings for DES/3DES Signed-off-by: Dave Rodgman --- include/mbedtls/des.h | 60 +++++++++++++++++++++++++------- include/mbedtls/mbedtls_config.h | 2 +- 2 files changed, 49 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 5a18634f8e..f445102d9d 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -3,7 +3,7 @@ * * \brief DES block cipher * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -53,7 +53,7 @@ extern "C" { /** * \brief DES context structure * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -64,6 +64,10 @@ mbedtls_des_context; /** * \brief Triple-DES context structure + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ typedef struct mbedtls_des3_context { uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */ @@ -79,7 +83,7 @@ mbedtls_des3_context; * * \param ctx DES context to be initialized * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -90,7 +94,7 @@ void mbedtls_des_init(mbedtls_des_context *ctx); * * \param ctx DES context to be cleared * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -100,6 +104,10 @@ void mbedtls_des_free(mbedtls_des_context *ctx); * \brief Initialize Triple-DES context * * \param ctx DES3 context to be initialized + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ void mbedtls_des3_init(mbedtls_des3_context *ctx); @@ -107,6 +115,10 @@ void mbedtls_des3_init(mbedtls_des3_context *ctx); * \brief Clear Triple-DES context * * \param ctx DES3 context to be cleared + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ void mbedtls_des3_free(mbedtls_des3_context *ctx); @@ -118,7 +130,7 @@ void mbedtls_des3_free(mbedtls_des3_context *ctx); * * \param key 8-byte secret key * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -134,7 +146,7 @@ void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]); * * \return 0 is parity was ok, 1 if parity was not correct. * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -148,7 +160,7 @@ int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZ * * \return 0 if no weak key was found, 1 if a weak key was identified. * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -163,7 +175,7 @@ int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]); * * \return 0 * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -178,7 +190,7 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE * * \return 0 * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -192,6 +204,10 @@ int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBE * \param key 16-byte secret key * * \return 0 + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, @@ -204,6 +220,10 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, * \param key 16-byte secret key * * \return 0 + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, @@ -216,6 +236,10 @@ int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, * \param key 24-byte secret key * * \return 0 + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, @@ -228,6 +252,10 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, * \param key 24-byte secret key * * \return 0 + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, @@ -242,7 +270,7 @@ int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, * * \return 0 if successful * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -270,7 +298,7 @@ int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, * \param input buffer holding the input data * \param output buffer holding the output data * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ @@ -291,6 +319,10 @@ int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx, * \param output 64-bit output block * * \return 0 if successful + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, @@ -317,6 +349,10 @@ int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH + * + * \warning DES/3DES are considered weak ciphers and their use constitutes a + * security risk. We recommend considering stronger ciphers + * instead. */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, @@ -335,7 +371,7 @@ int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, * \param SK Round keys * \param key Base key * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers * instead. */ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2a2c039d76..9ae51c964a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2428,7 +2428,7 @@ * * PEM_PARSE uses DES/3DES for decrypting encrypted keys. * - * \warning DES is considered a weak cipher and its use constitutes a + * \warning DES/3DES are considered weak ciphers and their use constitutes a * security risk. We recommend considering stronger ciphers instead. */ #define MBEDTLS_DES_C From 23caf02c5b56c2ac5839053233b80dbe33789c87 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Feb 2023 13:17:34 +0000 Subject: [PATCH 2/3] Update warnings in cipher.h Signed-off-by: Dave Rodgman --- include/mbedtls/cipher.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index e09bd92e76..0421f8106f 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -71,16 +71,16 @@ extern "C" { /** * \brief Supported cipher types. * - * \warning DES is considered weak cipher and its use - * constitutes a security risk. Arm recommends considering stronger + * \warning DES/3DES are considered weak ciphers and their use + * constitutes a security risk. We recommend considering stronger * ciphers instead. */ typedef enum { MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */ MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */ MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */ - MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ - MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */ + MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. \warning DES is considered weak. */ + MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. \warning 3DES is considered weak. */ MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */ MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */ From fdbfaafc2f2785c9a58b9f077d503172671f4273 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Feb 2023 13:42:38 +0000 Subject: [PATCH 3/3] Additional warnings in cipher.h Signed-off-by: Dave Rodgman --- include/mbedtls/cipher.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 0421f8106f..2f89040713 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -89,8 +89,8 @@ typedef enum { /** * \brief Supported {cipher type, cipher mode} pairs. * - * \warning DES is considered weak cipher and its use - * constitutes a security risk. Arm recommends considering stronger + * \warning DES/3DES are considered weak ciphers and their use + * constitutes a security risk. We recommend considering stronger * ciphers instead. */ typedef enum { @@ -126,12 +126,12 @@ typedef enum { MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */ MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */ MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */ - MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */ - MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */ - MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */ - MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */ - MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */ - MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */ + MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. \warning DES is considered weak. */ + MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. \warning DES is considered weak. */ + MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. \warning 3DES is considered weak. */ + MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. \warning 3DES is considered weak. */ + MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak. */ + MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak. */ MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */ MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */ MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */ @@ -217,11 +217,11 @@ typedef enum { enum { /** Undefined key length. */ MBEDTLS_KEY_LENGTH_NONE = 0, - /** Key length, in bits (including parity), for DES keys. */ + /** Key length, in bits (including parity), for DES keys. \warning DES is considered weak. */ MBEDTLS_KEY_LENGTH_DES = 64, - /** Key length in bits, including parity, for DES in two-key EDE. */ + /** Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak. */ MBEDTLS_KEY_LENGTH_DES_EDE = 128, - /** Key length in bits, including parity, for DES in three-key EDE. */ + /** Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak. */ MBEDTLS_KEY_LENGTH_DES_EDE3 = 192, };