DES Class Reference

#include <des.h>

Inheritance diagram for DES:

Inheritance graph
Collaboration diagram for DES:

Collaboration graph

Detailed Description

Implementation of the NIST Data Encryption Standard (DES, TDES, and variants), FIPS 46-3/81.

All DES variants are 8-byte block ciphers with key sizes ranging from 64 to 192 bits.

Buffers may be encrypted or decrypted "in place," i.e., in == out is allowed in crypt().

Usage flow:
  DES()    // instantiate a new DES object
  init()   // specify the direction, key, algorithm variant, mode, and IV (if required)
  crypt()  // perform the encrypt or decrypt operation

Recommendations for strict FIPS 140-1 compliance:
  ALG_DESX and ALG_DES40 cannot be used.
  ALG_DES is deprecated by NIST and should only be used if backwards 
    compatibility with another application is required.
  CTR mode and setcounter() should only be used with TDES.

Sample code illustrating the use of this class appears in the Cookbook section Using the Symmetric Ciphers.

References

DES and TDES are specified in FIPS 46-3. Their modes of operation are specified in FIPS 81, NIST SP 800-20, and SP800-38A.


Public Types

 ENCRYPT
 crypt() call performs encryption
 DECRYPT
 crypt() call performs decryption
 NONE
 DES object is uninitialized
 ALG_DES = 1
 single DES; requires an 8-byte key
 ALG_DESX = 2
 DESX; requires a 24-byte key.
 ALG_TDES = 3
 triple DES; requires a 16- or 24-byte key
 ALG_DES40 = 4
 40-bit DES; not implemented
 ALG_CDMF = 5
 IBM's 40-bit DES; not supported due to patent restrictions.
 ECB = 1
 Electronic Code Book mode.
 CBC = 2
 Cipher Block Chaining mode.
 CFB8
 8-bit Cipher Feedback mode
 CFB32
 32-bit Cipher Feedback mode
 CFB64
 64-bit Cipher Feedback mode
 OFB
 Output Feedback mode.
 CTR
 Counter mode (NIST SP800-38A).
enum  dirs {
  ENCRYPT,
  DECRYPT,
  NONE
}
 Direction flags. More...
enum  variants {
  ALG_DES = 1,
  ALG_DESX = 2,
  ALG_TDES = 3,
  ALG_DES40 = 4,
  ALG_CDMF = 5
}
 Algorithm IDs for DES-based cipher variants. More...
enum  modes {
  ECB = 1,
  CBC = 2 ,
  CFB8,
  CFB32,
  CFB64,
  OFB,
  CTR
}
 Modes of operation. More...

Public Member Functions

 DES ()
 Constructor.
 ~DES ()
 Destructor. Calls clear().
int init (enum dirs dir, int keybytes, const char *key, enum variants var=ALG_DES, enum modes md=ECB, const char *iv=0)
 Initialize algorithm object.
int setcounter (int bytes, const char *counter)
 Set counter for CTR mode.
int crypt (int bytes, const char *inbuf, char *outbuf)
 Encrypt or decrypt a specified buffer.
void clear ()
 Clear the DES object.
void reset (enum dirs dir)
 Reset DES object with possible change in direction of operation, but use same key.


Member Enumeration Documentation

enum dirs

Direction flags.

Enumerator:
ENCRYPT  crypt() call performs encryption
DECRYPT  crypt() call performs decryption
NONE  DES object is uninitialized

enum modes

Modes of operation.

Enumerator:
ECB  Electronic Code Book mode.
CBC  Cipher Block Chaining mode.
CFB8  8-bit Cipher Feedback mode
CFB32  32-bit Cipher Feedback mode
CFB64  64-bit Cipher Feedback mode
OFB  Output Feedback mode.
CTR  Counter mode (NIST SP800-38A).

enum variants

Algorithm IDs for DES-based cipher variants.

Enumerator:
ALG_DES  single DES; requires an 8-byte key
ALG_DESX  DESX; requires a 24-byte key.
ALG_TDES  triple DES; requires a 16- or 24-byte key
ALG_DES40  40-bit DES; not implemented
ALG_CDMF  IBM's 40-bit DES; not supported due to patent restrictions.


Constructor & Destructor Documentation

DES (  )  [inline]

Constructor.

Remarks:
Modifies: dir, var.

~DES (  )  [inline]

Destructor. Calls clear().

Remarks:
Modifies: dir, var, k1, k2, k3, iv, sk1, sk2, sk3, state (keys and iv are zeroized).


Member Function Documentation

void clear (  ) 

Clear the DES object.

Remarks:
Modifies: dir, var, k1, k2, k3, iv, sk1, sk2, sk3, state; keys and iv are zeroized.

int crypt ( int  bytes,
const char *  inbuf,
char *  outbuf 
)

Encrypt or decrypt a specified buffer.

Parameters:
bytes length of input and output buffers; must be a multiple of 8 for ECB, CBC, OFB, CFB64, and CTR modes; a multiple of 4 for CFB32; arbitrary for CFB8.
inbuf pointer to input buffer to be encrypted or decrypted
outbuf pointer to output buffer; output and input buffers may coincide
Returns:
0 (success)
CDK_ERROR_STATE
CDK_INVALID_PTR
CDK_INVALID_DATA_LENGTH
CDK_MODE_UNSUPPORTED
CDK_INVALID_MODE
Remarks:
Modifies: iv; to guard against reuse, ctr is auto-incremented.

int init ( enum dirs  dir,
int  keybytes,
const char *  key,
enum variants  var = ALG_DES,
enum modes  md = ECB,
const char *  iv = 0 
)

Initialize algorithm object.

Parameters:
dir a direction indicator: ENCRYPT or DECRYPT
keybytes the length of key in bytes: 8, 16, or 24 (in TDES mode an 8/16 byte key is replicated to obtain 24 bytes)
key a pointer to a buffer containing the key
var an indicator of the desired DES variant: ALG_DES, ALG_DESX, ALG_TDES
md a mode indicator: ECB, CBC, CFB8, CFB32, CFB64, or OFB
iv an 8-byte initialization vector (if required). If dir = ENCRYPT and md = CBC or CFB, the IV should be "unpredictable". If dir = ENCRYPT and md = OFB, the IV should be unique for each session. See NIST Spec. Pub. 800-38a.
Returns:
0 (success)
CDK_ERROR_STATE
CDK_OP_UNSUPPORTED
CDK_INVALID_MODE
CDK_INVALID_KEY_SIZE
CDK_MODE_UNSUPPORTED
CDK_INVALID_BLOCK_SIZE
CDK_INVALID_ROUNDS
CDK_INVALID_KEY_PTR
Remarks:
Modifies: dir, mode, var, k1, k2, k3, iv, sk1, sk2, sk3, state (i.e., the DES object is completely initialized).

void reset ( enum dirs  dir  ) 

Reset DES object with possible change in direction of operation, but use same key.

Parameters:
dir direction indicator: ENCRYPT or DECRYPT
Remarks:
Modifies: sk1, sk2, sk3. The subkey schedule is recomputed for a direction change. (This function allows the direction to change without requiring the key to be reloaded.)

int setcounter ( int  bytes,
const char *  counter 
)

Set counter for CTR mode.

Parameters:
bytes the length of the counter in bytes (must be 8)
counter a pointer to a buffer containing the 8-byte counter value
Returns:
0 (success)
CDK_INVALID_DATA_LENGTH
CDK_INVALID_PTR
Remarks:
Modifies: ctr.


The documentation for this class was generated from the following file:
ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.