ISC CDK 7: DES Class Reference

All DES variants are 8-byte block ciphers with key sizes ranging from 64 to 192 bits.

Buffers may be encrypted or decrypted "in place," i.e., in == out is allowed in crypt().

Usage flow:
  DES()    // instantiate a new DES object
  init()   // specify the direction, key, algorithm variant, mode, and IV (if required)
  crypt()  // perform the encrypt or decrypt operation

Recommendations for strict FIPS 140-1 compliance:
  ALG_DESX and ALG_DES40 cannot be used.
  ALG_DES is deprecated by NIST and should only be used if backwards 
    compatibility with another application is required.
  CTR mode and setcounter() should only be used with TDES.

References


Public Types
	ENCRYPT
	crypt() call performs encryption
	DECRYPT
	crypt() call performs decryption
	NONE
	DES object is uninitialized
	ALG_DES = 1
	single DES; requires an 8-byte key
	ALG_DESX = 2
	DESX; requires a 24-byte key.
	ALG_TDES = 3
	triple DES; requires a 16- or 24-byte key
	ALG_DES40 = 4
	40-bit DES; not implemented
	ALG_CDMF = 5
	IBM's 40-bit DES; not supported due to patent restrictions.
	ECB = 1
	Electronic Code Book mode.
	CBC = 2
	Cipher Block Chaining mode.
	CFB8
	8-bit Cipher Feedback mode
	CFB32
	32-bit Cipher Feedback mode
	CFB64
	64-bit Cipher Feedback mode
	OFB
	Output Feedback mode.
	CTR
	Counter mode (NIST SP800-38A).
enum	dirs { ENCRYPT, DECRYPT, NONE }
	Direction flags. More...
enum	variants { ALG_DES = 1, ALG_DESX = 2, ALG_TDES = 3, ALG_DES40 = 4, ALG_CDMF = 5 }
	Algorithm IDs for DES-based cipher variants. More...
enum	modes { ECB = 1, CBC = 2 , CFB8, CFB32, CFB64, OFB, CTR }
	Modes of operation. More...
Public Member Functions
	DES ()
	Constructor.
	~DES ()
	Destructor. Calls clear().
int	init (enum dirs dir, int keybytes, const char key, enum variants var=ALG_DES, enum modes md=ECB, const char iv=0)
	Initialize algorithm object.
int	setcounter (int bytes, const char *counter)
	Set counter for CTR mode.
int	crypt (int bytes, const char inbuf, char outbuf)
	Encrypt or decrypt a specified buffer.
void	clear ()
	Clear the DES object.
void	reset (enum dirs dir)
	Reset DES object with possible change in direction of operation, but use same key.

Member Enumeration Documentation

enum dirs

Direction flags.

Enumerator:

ENCRYPT	crypt() call performs encryption
DECRYPT	crypt() call performs decryption
NONE	DES object is uninitialized

enum modes

Modes of operation.

Enumerator:

ECB	Electronic Code Book mode.
CBC	Cipher Block Chaining mode.
CFB8	8-bit Cipher Feedback mode
CFB32	32-bit Cipher Feedback mode
CFB64	64-bit Cipher Feedback mode
OFB	Output Feedback mode.
CTR	Counter mode (NIST SP800-38A).

enum variants

Algorithm IDs for DES-based cipher variants.

Enumerator:

ALG_DES	single DES; requires an 8-byte key
ALG_DESX	DESX; requires a 24-byte key.
ALG_TDES	triple DES; requires a 16- or 24-byte key
ALG_DES40	40-bit DES; not implemented
ALG_CDMF	IBM's 40-bit DES; not supported due to patent restrictions.

Constructor & Destructor Documentation

DES ( ) [inline]

Constructor.

Remarks:: Modifies: dir, var.

~DES ( ) [inline]

Destructor. Calls clear().

Remarks:: Modifies: dir, var, k1, k2, k3, iv, sk1, sk2, sk3, state (keys and iv are zeroized).

Member Function Documentation

void clear ( )

Clear the DES object.

Remarks:: Modifies: dir, var, k1, k2, k3, iv, sk1, sk2, sk3, state; keys and iv are zeroized.

int crypt	(	int	bytes,
		const char *	inbuf,
		char *	outbuf
	)

Encrypt or decrypt a specified buffer.

Parameters:

	bytes	length of input and output buffers; must be a multiple of 8 for ECB, CBC, OFB, CFB64, and CTR modes; a multiple of 4 for CFB32; arbitrary for CFB8.
	inbuf	pointer to input buffer to be encrypted or decrypted
	outbuf	pointer to output buffer; output and input buffers may coincide

Returns:: 0 (success)
CDK_ERROR_STATE
CDK_INVALID_PTR
CDK_INVALID_DATA_LENGTH
CDK_MODE_UNSUPPORTED
CDK_INVALID_MODE

Remarks:: Modifies: iv; to guard against reuse, ctr is auto-incremented.

int init	(	enum dirs	dir,
		int	keybytes,
		const char *	key,
		enum variants	var = `ALG_DES`,
		enum modes	md = `ECB`,
		const char *	iv = `0`
	)

Initialize algorithm object.

Parameters:

	dir	a direction indicator: ENCRYPT or DECRYPT
	keybytes	the length of key in bytes: 8, 16, or 24 (in TDES mode an 8/16 byte key is replicated to obtain 24 bytes)
	key	a pointer to a buffer containing the key
	var	an indicator of the desired DES variant: ALG_DES, ALG_DESX, ALG_TDES
	md	a mode indicator: ECB, CBC, CFB8, CFB32, CFB64, or OFB
	iv	an 8-byte initialization vector (if required). If dir = ENCRYPT and md = CBC or CFB, the IV should be "unpredictable". If dir = ENCRYPT and md = OFB, the IV should be unique for each session. See NIST Spec. Pub. 800-38a.

Returns:: 0 (success)
CDK_ERROR_STATE
CDK_OP_UNSUPPORTED
CDK_INVALID_MODE
CDK_INVALID_KEY_SIZE
CDK_MODE_UNSUPPORTED
CDK_INVALID_BLOCK_SIZE
CDK_INVALID_ROUNDS
CDK_INVALID_KEY_PTR

Remarks:: Modifies: dir, mode, var, k1, k2, k3, iv, sk1, sk2, sk3, state (i.e., the DES object is completely initialized).

void reset ( enum dirs dir )

Reset DES object with possible change in direction of operation, but use same key.

Parameters:

dir

direction indicator: ENCRYPT or DECRYPT

Remarks:: Modifies: sk1, sk2, sk3. The subkey schedule is recomputed for a direction change. (This function allows the direction to change without requiring the key to be reloaded.)

int setcounter	(	int	bytes,
		const char *	counter
	)

Set counter for CTR mode.

Parameters:

	bytes	the length of the counter in bytes (must be 8)
	counter	a pointer to a buffer containing the 8-byte counter value

Returns:: 0 (success)
CDK_INVALID_DATA_LENGTH
CDK_INVALID_PTR

Remarks:: Modifies: ctr.

ISC Cryptographic Development Kit - User's Guide
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.

DES Class Reference

Detailed Description

References

Public Types

Public Member Functions

Member Enumeration Documentation

Constructor & Destructor Documentation

Member Function Documentation