Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Formally deprecate the DES module #7024

Open
gilles-peskine-arm opened this issue Feb 2, 2023 · 3 comments
Open

Formally deprecate the DES module #7024

gilles-peskine-arm opened this issue Feb 2, 2023 · 3 comments
Labels
component-crypto Crypto primitives and low-level interfaces enhancement size-s Estimated task size: small (~2d)

Comments

@gilles-peskine-arm
Copy link
Contributor

gilles-peskine-arm commented Feb 2, 2023
edited
Loading

Triple-DES (a.k.a 3DES a.k.a. DES3) is on its way out. NIST SP 800-131A disallows TDEA encryption after 31 December 2023 (decryption of legacy data remains allowed). 3DES was widely deprecated for TLS after Sweet32 in 2016, and we removed 3DES in TLS in Mbed TLS 3.0. Today, the main use of (3)DES in Mbed TLS is to support encrypted PEM files.

Currently (as of Mbed TLS 3.3.0), we have warnings in the documentation saying not to use single-key DES. Our plans regarding DES and 3DES are:

  1. Extend the warnings to 3DES as well.
  2. Formally deprecate the DES module.
  3. Have equivalent test coverage with and without PEM: pem, pkcs5, pkparse and x509write.
  4. In Mbed TLS 4.0, remove all support for DES (including 3DES).

The goal of this task is to deprecate DES (including 3DES). That is:

  • The documentation of the DES module, and any other function or constant that explicitly refers to DES, should state that DES is deprecated, with a \deprecated Doxygen directive. (enum constants might be excluded from \deprecated if that's a problem, because we don't exclude them from the build.)
  • DES-specific functions should be declared with an MBEDTLS_DEPRECATED annotation.
  • DES-specific constants should be declared with MBEDTLS_DEPRECATED_NUMERIC_CONSTANT (or MBEDTLS_DEPRECATED_STRING_CONSTANT if applicable).

This may require tweaking some CI scripts to disable MBEDTLS_DES_C when testing with MBEDTLS_DEPRECATED_WARNING or MBEDTLS_DEPRECATED_REMOVED.
@gilles-peskine-arm gilles-peskine-arm added enhancement component-crypto Crypto primitives and low-level interfaces size-s Estimated task size: small (~2d) labels Feb 2, 2023
@tom-cosgrove-arm tom-cosgrove-arm mentioned this issue Feb 2, 2023
Closed
This was referenced Feb 2, 2023
Closed
Closed
Closed
@GiPa-renesas
Copy link

TDES is still widely accepted and used within payment industry (PCI etc). Although a migration to AES/ECC is being considered and planned, also in light of future PQC crypto algorithms, it is still part of the requirements. Therefore, making the API deprecated (or rather say 'not recommended for new designs') is maybe ok but removing the support completely might have an impact.

This was referenced May 11, 2023
Open
Merged
@daverodgman daverodgman mentioned this issue Sep 12, 2023
Closed
@mpg
Copy link
Contributor

mpg commented Dec 28, 2023

Note: des.h will be made internal (non-public), see #8663

@gilles-peskine-arm
Copy link
Contributor Author

It's too late to announce DES as deprecated in Mbed TLS 3.x. But since more time has passed, we are considering completely removing DES in Mbed TLS 4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-crypto Crypto primitives and low-level interfaces enhancement size-s Estimated task size: small (~2d)
Projects
Backlog for Mbed TLS
Status: Mbed TLS 4.0 SHOULD
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mpg @gilles-peskine-arm @GiPa-renesas