1
0

des 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
  1. .TH DES 2
  2. .SH NAME
  3. setupDESstate, des_key_setup, block_cipher, desCBCencrypt, desCBCdecrypt, desECBencrypt, desECBdecrypt, des3CBCencrypt, des3CBCdecrypt, des3ECBencrypt, des3ECBdecrypt, key_setup, des56to64, des64to56, setupDES3state, triple_block_cipher - single and triple digital encryption standard
  4. .SH SYNOPSIS
  5. .B #include <u.h>
  6. .br
  7. .B #include <libc.h>
  8. .br
  9. .B #include <mp.h>
  10. .br
  11. .B #include <libsec.h>
  12. .PP
  13. .B
  14. void des_key_setup(uchar key[8], ulong schedule[32])
  15. .PP
  16. .B
  17. void block_cipher(ulong *schedule, uchar *data, int decrypting)
  18. .PP
  19. .B
  20. void setupDESstate(DESstate *s, uchar key[8], uchar *ivec)
  21. .PP
  22. .B
  23. void desCBCencrypt(uchar *p, int len, DESstate *s)
  24. .PP
  25. .B
  26. void desCBCdecrypt(uchar *p, int len, DESstate *s)
  27. .PP
  28. .B
  29. void desECBencrypt(uchar *p, int len, DESstate *s)
  30. .PP
  31. .B
  32. void desECBdecrypt(uchar *p, int len, DESstate *s)
  33. .PP
  34. .in +0.5i
  35. .ti -0.5i
  36. .B
  37. void triple_block_cipher(ulong expanded_key[3][32], uchar text[8], int ende)
  38. .PP
  39. .B
  40. void setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec)
  41. .PP
  42. .B
  43. void des3CBCencrypt(uchar *p, int len, DES3state *s)
  44. .PP
  45. .B
  46. void des3CBCdecrypt(uchar *p, int len, DES3state *s)
  47. .PP
  48. .B
  49. void des3ECBencrypt(uchar *p, int len, DES3state *s)
  50. .PP
  51. .B
  52. void des3ECBdecrypt(uchar *p, int len, DES3state *s)
  53. .PP
  54. .B
  55. void key_setup(uchar[7], ulong[32])
  56. .PP
  57. .B
  58. void des56to64(uchar *k56, uchar *k64)
  59. .PP
  60. .B
  61. void des64to56(uchar *k64, uchar *k56)
  62. .SH DESCRIPTION
  63. The Digital Encryption Standard (DES)
  64. is a shared-key or symmetric encryption algorithm using either
  65. a 56-bit key for single DES or three 56-bit keys for triple DES.
  66. The keys are encoded into 64 bits where every eight bit
  67. is parity.
  68. .PP
  69. The basic DES function,
  70. .IR block_cipher ,
  71. works on a block of 8 bytes, converting them in place.
  72. It takes a key schedule, a pointer to the block, and
  73. a flag indicating encrypting (0) or decrypting (1).
  74. The key schedule is created from the key using
  75. .IR des_key_setup .
  76. .PP
  77. Since it is a bit awkward,
  78. .I block_cipher
  79. is rarely called directly. Instead, one normally uses
  80. routines that encrypt larger buffers of data and
  81. which may chain the encryption state from one buffer
  82. to the next.
  83. These routines keep track of the state of the
  84. encryption using a
  85. .B DESstate
  86. structure that contains the key schedule and any chained
  87. state.
  88. .I SetupDESstate
  89. sets up the
  90. .B DESstate
  91. structure using the key and an 8-byte initialization vector.
  92. .PP
  93. Electronic code book, using
  94. .I desECBencrypt
  95. and
  96. .IR desECBdecrypt ,
  97. is the less secure mode. The encryption of each 8 bytes
  98. does not depend on the encryption of any other.
  99. Hence the encryption is a substitution
  100. cipher using 64 bit characters.
  101. .PP
  102. Cipher block chaining mode, using
  103. .I desCBCencrypt
  104. and
  105. .IR desCBCdecrypt ,
  106. is more secure. Every block encrypted depends on the initialization
  107. vector and all blocks encrypted before it.
  108. .PP
  109. For both CBC and ECB modes, a stream of data can be encrypted as
  110. multiple buffers. However, all buffers except the last must
  111. be a multiple of 8 bytes to ensure successful decryption of
  112. the stream.
  113. .PP
  114. There are equivalent triple-DES (DES3-EDE) functions for each of the
  115. DES functions.
  116. .PP
  117. In the past, Plan 9 used a 56-bit or 7-byte
  118. format for DES keys. To be compatible with the rest
  119. of the world, we've abandoned this format.
  120. There are two functions,
  121. .I des56to64
  122. and
  123. .IR des64to56 ,
  124. to convert back and forth between the two formats.
  125. Also a key schedule can be set up from the 7-byte format using
  126. .IR key_setup .
  127. .SH SOURCE
  128. .B /sys/src/libsec
  129. .SH SEE ALSO
  130. .IR mp (2),
  131. .IR aes (2),
  132. .IR blowfish (2),
  133. .IR dsa (2),
  134. .IR elgamal (2),
  135. .IR rc4 (2),
  136. .IR rsa (2),
  137. .IR sechash (2),
  138. .IR prime (2),
  139. .IR rand (2)
  140. .br
  141. .IR "Breaking DES" ,
  142. Electronic Frontier Foundation,
  143. O'Reilly, 1998
  144. .SH BUGS
  145. Single DES can be realistically broken by brute-force;
  146. its 56-bit key is just too short.
  147. It should not be used in new code, which should probably use
  148. .IR aes (2)
  149. instead, or at least triple DES.