des_encrypt() -- SSLeay 0.9.0b -- January 1999

NAME

des_encrypt, des_encrypt2, des_ecb_encrypt, des_cbc_encrypt, des_ncbc_encrypt,
des_xcbc_encrypt, des_pcbc_encrypt, des_cfb_encrypt, des_cfb64_encrypt,
des_ofb_encrypt, des_ofb64_encrypt -- DES encryption

SYNOPSIS

#include "des.h"

void des_encrypt(data,ks,enc)
unsigned long *data;
des_key_schedule ks; int enc;

void des_encrypt2(data,ks,enc)
unsigned long *data;
des_key_schedule ks; int enc;

void des_ecb_encrypt(input,output,ks,enc)
des_cblock *input, *output;
des_key_schedule ks; int enc;

void des_cbc_encrypt(input,output,length,ks,ivec,enc)
des_cblock *input, *output, *ivec;
long length;
des_key_schedule ks;
int enc;

void des_ncbc_encrypt(input,output,length,ks,ivec,enc)
des_cblock *input, *output, *ivec;
long length;
des_key_schedule ks;
int enc;

void des_xcbc_encrypt(input,output,length,ks,ivec,inw,outw,enc)
des_cblock *input, *output, *ivec, *inw, *outw;
des_cblock *output;
long length;
des_key_schedule ks;
int enc;

void des_pcbc_encrypt(input,output,length,ks,ivec,enc)
des_cblock *input, *output, *ivec;
long length;
des_key_schedule ks;
int enc;

void des_cfb_encrypt(in,out,numbits,length,ks,ivec,enc)
unsigned char *input, *output;
int numbits, enc;
long length;
des_key_schedule ks;
des_cblock *ivec;

void des_cfb64_encrypt(in,out,length,ks,ivec,num,enc)
unsigned char *in, *out;
long length;
des_key_schedule ks;
des_cblock *ivec;
int *num, enc;

void des_ofb_encrypt(in,out,numbits,length,ks,ivec)
unsigned char *in, *out;
int numbits;
long length;
des_key_schedule ks;
des_cblock *ivec;

void des_ofb64_encrypt(in,out,length,ks,ivec,num)
unsigned char *in, *out;
long length;
des_key_schedule ks;
des_cblock *ivec;
int *num;

DESCRIPTION

In any function prototype which has arguments input and output, the same variable can be passed for both arguments.

des_encrypt() is the basic building block used by all of the other DES encryption routines. It should be used only to implement a DES mode that the library doesn't already supply.

des_encrypt operates on data which is a pointer to two DES_LONGs (at least 4 characters per element, maybe more depending on how large a long is on your machine, but in that case, the extra bytes are treated as padding). In order to make this work right, each function implementing a DES mode does conversion of the input block, essentially a string of characters, to an array of DES_LONGs before invoking des_encrypt. After the encryption the function does the reverse conversion. Here's an example (from ecb_enc.c):

void des_ecb_encrypt(input, output, ks, encrypt)
des_cblock (*input);
des_cblock (*output);
des_key_schedule ks;
int encrypt;
        {
        register DES_LONG l;
        register unsigned char *in,*out;
        DES_LONG ll[2];

        in=(unsigned char *)input;
        out=(unsigned char *)output;
        c2l(in,l); ll[0]=l;
        c2l(in,l); ll[1]=l;
        des_encrypt(ll,ks,encrypt);
        l=ll[0]; l2c(l,out);
        l=ll[1]; l2c(l,out);
        l=ll[0]=ll[1]=0;
        }

ks is a previously-initialized des_key_schedule.

enc takes either the value DES_ENCRYPT, in which case encryption is performed, or DES_DECRYPT, in which case decryption is performed.

des_encrypt2() is identical to des_encrypt except that the DES initial permutation (IP) and final permutation (FP) have been left out. Again, this function should not be used except to implement new DES modes.

It is currently used to implement the various triple-DES modes.

(IP() des_encrypt2() des_encrypt2() des_encrypt2() FP()
is the same as
des_encrypt() des_encrypt() des_encrypt()
except faster :-).)

des_ecb_encrypt() is the Electronic Code Book form of DES, the most basic form of the algorithm. The des_cblock pointed to by input is encrypted into the block pointed to by output (which may be the same as input) using the key represented by ks. enc takes either the value DES_ENCRYPT, in which case encryption is performed, or DES_DECRYPT, in which case decryption is performed.

des_cbc_encrypt() implements DES in Cipher Block Chaining mode. The des_cblocks pointed to by input are encrypted (or decrypted) to the blocks pointed to by output.

Length should contain the number of des_cblocks * 8 (i.e. the total length of the input).

If length is not a multiple of 8, the results are unpredictable.

ivec is used to hold the output cipher text before calling the function again, if you are encrypting a text in several separate calls. This output is typically used in some way to modify the algorithm so that, if you use one of the chaining or feedback modes, encryption of the same block of text does not always give the same output (but encryption of the same block of text, with the same ivec in place, will typically give the same output).

See DES encryption modes overview for a discussion of the various modes.

For more details about the modes, see FIPS Pub 81: DES Modes of Operation; this is the updated version from May of 1996.

Unfortunately, this function does not automatically update ivec; the user must do it by copying in the last 8 bytes of output cipher text into ivec before the next call to this function.

ivec must be initialized to some known (but randomly generated) state before calling this function on the first chunk of data (and when you decrypt the data, the same initialization needs to be used for the first decryption call).

For example (from destest.c),

    des_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
         (long)strlen((char *)cbc_data)+1,ks,
         (C_Block *)cbc_iv,DES_ENCRYPT);
    des_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
         (long)strlen((char *)cbc_data)+1,ks,
         (C_Block *)cbc_iv,DES_DECRYPT);

where cbc_iv has been initialized previously by the user.

des_ncbc_encrypt() is identical to des_cbc_encrypt except that it does the update of ivec automatically. For tha reason it should be used in preference to des_cbc_encrypt whenever possible.

des_xcbc_encrypt() is RSA's DESX mode of DES. It uses inw and outw, supplied by the user, to 'whiten' the key. These should be nice random strings like the DES key unless the user is choosing them manually.

DESX is defined as key1 xor (des ( key2 xor input ) ), where the des encryption is done with a third key key3. Here, inw is keyn, and outw is keyn.

This substantially strengthens the algorithm against exhaustive search of the key space; see DES algorithm references for more details.

des_pcbc_encrypt() is the Propagating Cipher Block Chaining mode of DES. It is used by Kerberos v4. Its parameters are the same as des_ncbc_encrypt().

des_cfb_encrypt() is the Cipher Feedback mode of DES. This implementation 'feeds back' in numbit blocks. The input in) and the output out is in multiples of numbits bits, and numbit should be a multiple of 8 bits. length is the number of bytes in in.

If numbits is not a multiple of 8 bits, the extra bits in the bytes will be considered padding. For example, if numbits is 12, for each 2 input bytes, the 4 high bits of the second byte will be ignored. So to encode 72 bits when using numbits of 12 takes 12 bytes. To encode 72 bits when using numbits of 9 will take 16 bytes. To encode 80 bits when using numbits of 16 will take 10 bytes, and so on. This padding factor applies to both in and out.

ivec is used to keep intermediate results for subsequent calls, and as input to the function the first time it is called on a text.

It should be initialized to a known (but randomly generated) state before this function is called on the first part of a piece of data.

ks is a key schedule that has been previously set by des_set_key.

enc takes either the value DES_ENCRYPT, in which case encryption is performed, or DES_DECRYPT, in which case decryption is performed.

des_cfb64_encrypt() implements the Cipher Feedback Mode of DES, with 64 bit feedback. The arguments are the same as for des_cfb_encrypt except that there is no numbits argument, because there is no padding factor, and there is an additional num argument which is updated by the function along with ivec after each call.

The num argument is updated to show how many bytes of the ivec have been used; one step in the algorithm includes the xor of a byte of the plaintext with a byte of the (encrypted) ivec, so that all 8 bytes of the ivec are used in turn for an input block of 8 bytes. As each byte of the ivec is used, a new byte is created by the algorithm and stuffed into the ivec in place of the used byte. The following byte would be used next, and so on. num can be thought of as a pointer into the ivec to show which byte to start xor-ing with, the next time the function is called.

des_ofb_encrypt() is a implementation of the Output Feedback mode of DES. Its parameters are the same as those of des_cfb_encrypt() except that there is no < b>argument; encryption and decryption use the same arguments. in and out must be multiples of numbits long, numbits should be a multiple of 8 bits, and if it is not, the same padding factor comes into play.

Note that there is no enc parameter; this algorithm functions the same for encryption and decryption.

des_ofb64_encrypt() implements the Output Feedback Mode of DES, with 64 bit feedback. The arguments are the same as for des_cfb64_encrypt.