1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
.TH DES 3
.SH NAME
setupDESstate, des_key_setup, block_cipher, desCBCencrypt, desCBCdecrypt, desECBencrypt, desECBdecrypt, des3CBCencrypt, des3CBCdecrypt, des3ECBencrypt, des3ECBdecrypt, key_setup, des56to64, des64to56, setupDES3state, triple_block_cipher, - single and triple digital encryption standard
.SH SYNOPSIS
.B #include <u.h>
.br
.B #include <libc.h>
.br
.B #include <mp.h>
.br
.B #include <libsec.h>
.PP
.B
void des_key_setup(uchar key[8], ulong schedule[32])
.PP
.B
void block_cipher(ulong *schedule, uchar *data,
.B
int decrypting)
.PP
.B
void setupDESstate(DESstate *s, uchar key[8], uchar *ivec)
.PP
.B
void desCBCencrypt(uchar*, int, DESstate*)
.PP
.B
void desCBCdecrypt(uchar*, int, DESstate*)
.PP
.B
void desECBencrypt(uchar*, int, DESstate*)
.PP
.B
void desECBdecrypt(uchar*, int, DESstate*)
.PP
.B
void triple_block_cipher(ulong keys[3][32], uchar*, int)
.PP
.B
void setupDES3state(DES3state *s, uchar key[3][8],
.B
uchar *ivec)
.PP
.B
void des3CBCencrypt(uchar*, int, DES3state*)
.PP
.B
void des3CBCdecrypt(uchar*, int, DES3state*)
.PP
.B
void des3ECBencrypt(uchar*, int, DES3state*)
.PP
.B
void des3ECBdecrypt(uchar*, int, DES3state*)
.PP
.B
void key_setup(uchar[7], ulong[32])
.PP
.B
void des56to64(uchar *k56, uchar *k64)
.PP
.B
void des64to56(uchar *k64, uchar *k56)
.SH DESCRIPTION
.PP
The Digital Encryption Standard (DES)
is a shared key or symmetric encryption using either
a 56 bit key for single DES or three 56 bit keys for triple des.
The keys are encoded into 64 bits where every eight bit
is parity.
.PP
The basic DES function,
.IR block_cipher ,
works on a block of 8 bytes, converting them in place.
It takes a key schedule, a pointer to the block, and
a flag indicating encrypting (0) or decrypting (1).
The key schedule is created from the key using
.IR des_key_setup .
.PP
Since it is a bit awkward,
.I block_cipher
is rarely called directly. Instead, one normally uses
routines that encrypt larger buffers of data and
which may chain the encryption state from one buffer
to the next.
These routines keep track of the state of the
encryption using a
.B DESstate
structure that contains the key schedule and any chained
state.
.I SetupDESstate
sets up the
.B DESstate
structure using the key and an 8 byte initialization vector.
.PP
Electronic code book, using
.I desECBencrypt
and
.IR desECBdecrypt ,
is the less secure mode. The encryption of each 8 bytes
does not depend on the encryption of any other.
Hence the encryption is a substitution
cipher using 64 bit characters.
.PP
Cipher block chaining mode, using
.I desCBCencrypt
and
.IR desCBCdecrypt ,
is more secure. Every block encrypted depends on the initialization
vector and all blocks encrypted before it.
.PP
For both CBC and ECB modes, a stream of data can be encrypted as
multiple buffers. However, all buffers except the last must
be a multiple of 8 bytes to ensure successful decryption of
the stream.
.PP
There are equivalent triple DES functions for each of the
DES functions.
.PP
In the past Plan 9 used a 56 bit or 7 byte
format for DES keys. To be compatible with the rest
of the world, we've abandoned this format.
There are two functions:
.I des56to64
and
.I des64to56
to convert back and forth between the two formats.
Also a key schedule can be set up from the 7 byte format
using
.IR key_setup .
.PP
.SH SOURCE
.B \*9/src/libsec
.SH SEE ALSO
.IM mp (3) ,
.IM aes (3) ,
.IM blowfish (3) ,
.IM dsa (3) ,
.IM elgamal (3) ,
.IM rc4 (3) ,
.IM rsa (3) ,
.IM sechash (3) ,
.IM prime (3) ,
.IM rand (3)
|