arm-2011.03/share/doc/arm-arm-none-linux-gnueabi/html/libc/DES-Encryption.html - nest-cam/v366/arm-none-linux-gnueabi-i686-pc-linux-gnu - Git at Google

 <html lang="en">
 <head>
 <title>DES Encryption - The GNU C Library</title>
 <meta http-equiv="Content-Type" content="text/html">
 <meta name="description" content="The GNU C Library">
 <meta name="generator" content="makeinfo 4.13">
 <link title="Top" rel="start" href="index.html#Top">
 <link rel="up" href="Cryptographic-Functions.html#Cryptographic-Functions" title="Cryptographic Functions">
 <link rel="prev" href="crypt.html#crypt" title="crypt">
 <link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
 <!--
 This file documents the GNU C library.

 This is Edition 0.12, last updated 2007-10-27,
 of `The GNU C Library Reference Manual', for version
 2.8 (Sourcery G++ Lite 2011.03-41).

 Copyright (C) 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2001, 2002,
 2003, 2007, 2008, 2010 Free Software Foundation, Inc.

 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
 any later version published by the Free Software Foundation; with the
 Invariant Sections being ``Free Software Needs Free Documentation''
 and ``GNU Lesser General Public License'', the Front-Cover texts being
 ``A GNU Manual'', and with the Back-Cover Texts as in (a) below.  A
 copy of the license is included in the section entitled "GNU Free
 Documentation License".

 (a) The FSF's Back-Cover Text is: ``You have the freedom to
 copy and modify this GNU manual.  Buying copies from the FSF
 supports it in developing GNU and promoting software freedom.''-->
 <meta http-equiv="Content-Style-Type" content="text/css">
 <style type="text/css"><!--
   pre.display { font-family:inherit }
   pre.format  { font-family:inherit }
   pre.smalldisplay { font-family:inherit; font-size:smaller }
   pre.smallformat  { font-family:inherit; font-size:smaller }
   pre.smallexample { font-size:smaller }
   pre.smalllisp    { font-size:smaller }
   span.sc    { font-variant:small-caps }
   span.roman { font-family:serif; font-weight:normal; }
   span.sansserif { font-family:sans-serif; font-weight:normal; }
 --></style>
 <link rel="stylesheet" type="text/css" href="../cs.css">
 </head>
 <body>
 <div class="node">
 <a name="DES-Encryption"></a>
 <p>
 Previous:&nbsp;<a rel="previous" accesskey="p" href="crypt.html#crypt">crypt</a>,
 Up:&nbsp;<a rel="up" accesskey="u" href="Cryptographic-Functions.html#Cryptographic-Functions">Cryptographic Functions</a>
 <hr>
 </div>

 <h3 class="section">32.4 DES Encryption</h3>

 <p>The Data Encryption Standard is described in the US Government Federal
 Information Processing Standards (FIPS) 46-3 published by the National
 Institute of Standards and Technology.  The DES has been very thoroughly
 analyzed since it was developed in the late 1970s, and no new
 significant flaws have been found.

    <p>However, the DES uses only a 56-bit key (plus 8 parity bits), and a
 machine has been built in 1998 which can search through all possible
 keys in about 6 days, which cost about US$200000; faster searches would
 be possible with more money.  This makes simple DES insecure for most
 purposes, and NIST no longer permits new US government systems
 to use simple DES.

    <p>For serious encryption functionality, it is recommended that one of the
 many free encryption libraries be used instead of these routines.

    <p>The DES is a reversible operation which takes a 64-bit block and a
 64-bit key, and produces another 64-bit block.  Usually the bits are
 numbered so that the most-significant bit, the first bit, of each block
 is numbered 1.

    <p>Under that numbering, every 8th bit of the key (the 8th, 16th, and so
 on) is not used by the encryption algorithm itself.  But the key must
 have odd parity; that is, out of bits 1 through 8, and 9 through 16, and
 so on, there must be an odd number of `1' bits, and this completely
 specifies the unused bits.

 <!-- crypt.h -->
 <!-- BSD, SVID -->
 <div class="defun">
 &mdash; Function: void <b>setkey</b> (<var>const char *key</var>)<var><a name="index-setkey-3679"></a></var><br>
 <blockquote>
         <p>The <code>setkey</code> function sets an internal data structure to be an
 expanded form of <var>key</var>.  <var>key</var> is specified as an array of 64
 bits each stored in a <code>char</code>, the first bit is <code>key[0]</code> and
 the 64th bit is <code>key[63]</code>.  The <var>key</var> should have the correct
 parity.
 </p></blockquote></div>

 <!-- crypt.h -->
 <!-- BSD, SVID -->
 <div class="defun">
 &mdash; Function: void <b>encrypt</b> (<var>char *block, int edflag</var>)<var><a name="index-encrypt-3680"></a></var><br>
 <blockquote>
         <p>The <code>encrypt</code> function encrypts <var>block</var> if
 <var>edflag</var> is 0, otherwise it decrypts <var>block</var>, using a key
 previously set by <code>setkey</code>.  The result is
 placed in <var>block</var>.

         <p>Like <code>setkey</code>, <var>block</var> is specified as an array of 64 bits each
 stored in a <code>char</code>, but there are no parity bits in <var>block</var>.
 </p></blockquote></div>

 <!-- crypt.h -->
 <!-- GNU -->
 <div class="defun">
 &mdash; Function: void <b>setkey_r</b> (<var>const char *key, struct crypt_data * data</var>)<var><a name="index-setkey_005fr-3681"></a></var><br>
 <blockquote><!-- crypt.h -->
      <!-- GNU -->
    &mdash; Function: void <b>encrypt_r</b> (<var>char *block, int edflag, struct crypt_data * data</var>)<var><a name="index-encrypt_005fr-3682"></a></var><br>
 <blockquote>
         <p>These are reentrant versions of <code>setkey</code> and <code>encrypt</code>.  The
 only difference is the extra parameter, which stores the expanded
 version of <var>key</var>.  Before calling <code>setkey_r</code> the first time,
 <code>data-&gt;initialized</code> must be cleared to zero.
 </p></blockquote></div>

    <p>The <code>setkey_r</code> and <code>encrypt_r</code> functions are GNU extensions.
 <code>setkey</code>, <code>encrypt</code>, <code>setkey_r</code>, and <code>encrypt_r</code> are
 defined in <samp><span class="file">crypt.h</span></samp>.

 <!-- rpc/des_crypt.h -->
 <!-- SUNRPC -->
 <div class="defun">
 &mdash; Function: int <b>ecb_crypt</b> (<var>char *key, char *blocks, unsigned len, unsigned mode</var>)<var><a name="index-ecb_005fcrypt-3683"></a></var><br>
 <blockquote>
         <p>The function <code>ecb_crypt</code> encrypts or decrypts one or more blocks
 using DES.  Each block is encrypted independently.

         <p>The <var>blocks</var> and the <var>key</var> are stored packed in 8-bit bytes, so
 that the first bit of the key is the most-significant bit of
 <code>key[0]</code> and the 63rd bit of the key is stored as the
 least-significant bit of <code>key[7]</code>.  The <var>key</var> should have the
 correct parity.

         <p><var>len</var> is the number of bytes in <var>blocks</var>.  It should be a
 multiple of 8 (so that there is a whole number of blocks to encrypt).
 <var>len</var> is limited to a maximum of <code>DES_MAXDATA</code> bytes.

         <p>The result of the encryption replaces the input in <var>blocks</var>.

         <p>The <var>mode</var> parameter is the bitwise OR of two of the following:

           <dl>
 <!-- rpc/des_crypt.h -->
 <!-- SUNRPC -->
 <dt><code>DES_ENCRYPT</code><a name="index-DES_005fENCRYPT-3684"></a><dd>This constant, used in the <var>mode</var> parameter, specifies that
 <var>blocks</var> is to be encrypted.

           <!-- rpc/des_crypt.h -->
           <!-- SUNRPC -->
           <br><dt><code>DES_DECRYPT</code><a name="index-DES_005fDECRYPT-3685"></a><dd>This constant, used in the <var>mode</var> parameter, specifies that
 <var>blocks</var> is to be decrypted.

           <!-- rpc/des_crypt.h -->
           <!-- SUNRPC -->
           <br><dt><code>DES_HW</code><a name="index-DES_005fHW-3686"></a><dd>This constant, used in the <var>mode</var> parameter, asks to use a hardware
 device.  If no hardware device is available, encryption happens anyway,
 but in software.

           <!-- rpc/des_crypt.h -->
           <!-- SUNRPC -->
           <br><dt><code>DES_SW</code><a name="index-DES_005fSW-3687"></a><dd>This constant, used in the <var>mode</var> parameter, specifies that no
 hardware device is to be used.
 </dl>

         <p>The result of the function will be one of these values:

           <dl>
 <!-- rpc/des_crypt.h -->
 <!-- SUNRPC -->
 <dt><code>DESERR_NONE</code><a name="index-DESERR_005fNONE-3688"></a><dd>The encryption succeeded.

           <!-- rpc/des_crypt.h -->
           <!-- SUNRPC -->
           <br><dt><code>DESERR_NOHWDEVICE</code><a name="index-DESERR_005fNOHWDEVICE-3689"></a><dd>The encryption succeeded, but there was no hardware device available.

           <!-- rpc/des_crypt.h -->
           <!-- SUNRPC -->
           <br><dt><code>DESERR_HWERROR</code><a name="index-DESERR_005fHWERROR-3690"></a><dd>The encryption failed because of a hardware problem.

           <!-- rpc/des_crypt.h -->
           <!-- SUNRPC -->
           <br><dt><code>DESERR_BADPARAM</code><a name="index-DESERR_005fBADPARAM-3691"></a><dd>The encryption failed because of a bad parameter, for instance <var>len</var>
 is not a multiple of 8 or <var>len</var> is larger than <code>DES_MAXDATA</code>.
 </dl>
         </p></blockquote></div>

 <!-- rpc/des_crypt.h -->
 <!-- SUNRPC -->
 <div class="defun">
 &mdash; Function: int <b>DES_FAILED</b> (<var>int err</var>)<var><a name="index-DES_005fFAILED-3692"></a></var><br>
 <blockquote><p>This macro returns 1 if <var>err</var> is a `success' result code from
 <code>ecb_crypt</code> or <code>cbc_crypt</code>, and 0 otherwise.
 </p></blockquote></div>

 <!-- rpc/des_crypt.h -->
 <!-- SUNRPC -->
 <div class="defun">
 &mdash; Function: int <b>cbc_crypt</b> (<var>char *key, char *blocks, unsigned len, unsigned mode, char *ivec</var>)<var><a name="index-cbc_005fcrypt-3693"></a></var><br>
 <blockquote>
         <p>The function <code>cbc_crypt</code> encrypts or decrypts one or more blocks
 using DES in Cipher Block Chaining mode.

         <p>For encryption in CBC mode, each block is exclusive-ored with <var>ivec</var>
 before being encrypted, then <var>ivec</var> is replaced with the result of
 the encryption, then the next block is processed.  Decryption is the
 reverse of this process.

         <p>This has the advantage that blocks which are the same before being
 encrypted are very unlikely to be the same after being encrypted, making
 it much harder to detect patterns in the data.

         <p>Usually, <var>ivec</var> is set to 8 random bytes before encryption starts.
 Then the 8 random bytes are transmitted along with the encrypted data
 (without themselves being encrypted), and passed back in as <var>ivec</var>
 for decryption.  Another possibility is to set <var>ivec</var> to 8 zeroes
 initially, and have the first the block encrypted consist of 8 random
 bytes.

         <p>Otherwise, all the parameters are similar to those for <code>ecb_crypt</code>.
 </p></blockquote></div>

 <!-- rpc/des_crypt.h -->
 <!-- SUNRPC -->
 <div class="defun">
 &mdash; Function: void <b>des_setparity</b> (<var>char *key</var>)<var><a name="index-des_005fsetparity-3694"></a></var><br>
 <blockquote>
         <p>The function <code>des_setparity</code> changes the 64-bit <var>key</var>, stored
 packed in 8-bit bytes, to have odd parity by altering the low bits of
 each byte.
 </p></blockquote></div>

    <p>The <code>ecb_crypt</code>, <code>cbc_crypt</code>, and <code>des_setparity</code>
 functions and their accompanying macros are all defined in the header
 <samp><span class="file">rpc/des_crypt.h</span></samp>.

    </body></html>
	<html lang="en">
	<head>
	<title>DES Encryption - The GNU C Library</title>
	<meta http-equiv="Content-Type" content="text/html">
	<meta name="description" content="The GNU C Library">
	<meta name="generator" content="makeinfo 4.13">
	<link title="Top" rel="start" href="index.html#Top">
	<link rel="up" href="Cryptographic-Functions.html#Cryptographic-Functions" title="Cryptographic Functions">
	<link rel="prev" href="crypt.html#crypt" title="crypt">
	<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
	<!--
	This file documents the GNU C library.

	This is Edition 0.12, last updated 2007-10-27,
	of `The GNU C Library Reference Manual', for version
	2.8 (Sourcery G++ Lite 2011.03-41).

	Copyright (C) 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2001, 2002,
	2003, 2007, 2008, 2010 Free Software Foundation, Inc.

	Permission is granted to copy, distribute and/or modify this document
	under the terms of the GNU Free Documentation License, Version 1.3 or
	any later version published by the Free Software Foundation; with the
	Invariant Sections being ``Free Software Needs Free Documentation''
	and ``GNU Lesser General Public License'', the Front-Cover texts being
	``A GNU Manual'', and with the Back-Cover Texts as in (a) below. A
	copy of the license is included in the section entitled "GNU Free
	Documentation License".

	(a) The FSF's Back-Cover Text is: ``You have the freedom to
	copy and modify this GNU manual. Buying copies from the FSF
	supports it in developing GNU and promoting software freedom.''-->
	<meta http-equiv="Content-Style-Type" content="text/css">
	<style type="text/css"><!--
	pre.display { font-family:inherit }
	pre.format { font-family:inherit }
	pre.smalldisplay { font-family:inherit; font-size:smaller }
	pre.smallformat { font-family:inherit; font-size:smaller }
	pre.smallexample { font-size:smaller }
	pre.smalllisp { font-size:smaller }
	span.sc { font-variant:small-caps }
	span.roman { font-family:serif; font-weight:normal; }
	span.sansserif { font-family:sans-serif; font-weight:normal; }
	--></style>
	<link rel="stylesheet" type="text/css" href="../cs.css">
	</head>
	<body>
	<div class="node">
	<a name="DES-Encryption"></a>
	<p>
	Previous: <a rel="previous" accesskey="p" href="crypt.html#crypt">crypt</a>,
	Up: <a rel="up" accesskey="u" href="Cryptographic-Functions.html#Cryptographic-Functions">Cryptographic Functions</a>
	<hr>
	</div>

	<h3 class="section">32.4 DES Encryption</h3>

	<p>The Data Encryption Standard is described in the US Government Federal
	Information Processing Standards (FIPS) 46-3 published by the National
	Institute of Standards and Technology. The DES has been very thoroughly
	analyzed since it was developed in the late 1970s, and no new
	significant flaws have been found.

	<p>However, the DES uses only a 56-bit key (plus 8 parity bits), and a
	machine has been built in 1998 which can search through all possible
	keys in about 6 days, which cost about US$200000; faster searches would
	be possible with more money. This makes simple DES insecure for most
	purposes, and NIST no longer permits new US government systems
	to use simple DES.

	<p>For serious encryption functionality, it is recommended that one of the
	many free encryption libraries be used instead of these routines.

	<p>The DES is a reversible operation which takes a 64-bit block and a
	64-bit key, and produces another 64-bit block. Usually the bits are
	numbered so that the most-significant bit, the first bit, of each block
	is numbered 1.

	<p>Under that numbering, every 8th bit of the key (the 8th, 16th, and so
	on) is not used by the encryption algorithm itself. But the key must
	have odd parity; that is, out of bits 1 through 8, and 9 through 16, and
	so on, there must be an odd number of `1' bits, and this completely
	specifies the unused bits.

	<!-- crypt.h -->
	<!-- BSD, SVID -->
	<div class="defun">
	— Function: void <b>setkey</b> (<var>const char *key</var>)<var><a name="index-setkey-3679"></a></var><br>
	<blockquote>
	<p>The <code>setkey</code> function sets an internal data structure to be an
	expanded form of <var>key</var>. <var>key</var> is specified as an array of 64
	bits each stored in a <code>char</code>, the first bit is <code>key[0]</code> and
	the 64th bit is <code>key[63]</code>. The <var>key</var> should have the correct
	parity.
	</p></blockquote></div>

	<!-- crypt.h -->
	<!-- BSD, SVID -->
	<div class="defun">
	— Function: void <b>encrypt</b> (<var>char *block, int edflag</var>)<var><a name="index-encrypt-3680"></a></var><br>
	<blockquote>
	<p>The <code>encrypt</code> function encrypts <var>block</var> if
	<var>edflag</var> is 0, otherwise it decrypts <var>block</var>, using a key
	previously set by <code>setkey</code>. The result is
	placed in <var>block</var>.

	<p>Like <code>setkey</code>, <var>block</var> is specified as an array of 64 bits each
	stored in a <code>char</code>, but there are no parity bits in <var>block</var>.
	</p></blockquote></div>

	<!-- crypt.h -->
	<!-- GNU -->
	<div class="defun">
	— Function: void <b>setkey_r</b> (<var>const char key, struct crypt_data data</var>)<var><a name="index-setkey_005fr-3681"></a></var><br>
	<blockquote><!-- crypt.h -->
	<!-- GNU -->
	— Function: void <b>encrypt_r</b> (<var>char block, int edflag, struct crypt_data data</var>)<var><a name="index-encrypt_005fr-3682"></a></var><br>
	<blockquote>
	<p>These are reentrant versions of <code>setkey</code> and <code>encrypt</code>. The
	only difference is the extra parameter, which stores the expanded
	version of <var>key</var>. Before calling <code>setkey_r</code> the first time,
	<code>data->initialized</code> must be cleared to zero.
	</p></blockquote></div>

	<p>The <code>setkey_r</code> and <code>encrypt_r</code> functions are GNU extensions.
	<code>setkey</code>, <code>encrypt</code>, <code>setkey_r</code>, and <code>encrypt_r</code> are
	defined in <samp><span class="file">crypt.h</span></samp>.

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<div class="defun">
	— Function: int <b>ecb_crypt</b> (<var>char key, char blocks, unsigned len, unsigned mode</var>)<var><a name="index-ecb_005fcrypt-3683"></a></var><br>
	<blockquote>
	<p>The function <code>ecb_crypt</code> encrypts or decrypts one or more blocks
	using DES. Each block is encrypted independently.

	<p>The <var>blocks</var> and the <var>key</var> are stored packed in 8-bit bytes, so
	that the first bit of the key is the most-significant bit of
	<code>key[0]</code> and the 63rd bit of the key is stored as the
	least-significant bit of <code>key[7]</code>. The <var>key</var> should have the
	correct parity.

	<p><var>len</var> is the number of bytes in <var>blocks</var>. It should be a
	multiple of 8 (so that there is a whole number of blocks to encrypt).
	<var>len</var> is limited to a maximum of <code>DES_MAXDATA</code> bytes.

	<p>The result of the encryption replaces the input in <var>blocks</var>.

	<p>The <var>mode</var> parameter is the bitwise OR of two of the following:

	<dl>
	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<dt><code>DES_ENCRYPT</code><a name="index-DES_005fENCRYPT-3684"></a><dd>This constant, used in the <var>mode</var> parameter, specifies that
	<var>blocks</var> is to be encrypted.

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<br><dt><code>DES_DECRYPT</code><a name="index-DES_005fDECRYPT-3685"></a><dd>This constant, used in the <var>mode</var> parameter, specifies that
	<var>blocks</var> is to be decrypted.

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<br><dt><code>DES_HW</code><a name="index-DES_005fHW-3686"></a><dd>This constant, used in the <var>mode</var> parameter, asks to use a hardware
	device. If no hardware device is available, encryption happens anyway,
	but in software.

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<br><dt><code>DES_SW</code><a name="index-DES_005fSW-3687"></a><dd>This constant, used in the <var>mode</var> parameter, specifies that no
	hardware device is to be used.
	</dl>

	<p>The result of the function will be one of these values:

	<dl>
	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<dt><code>DESERR_NONE</code><a name="index-DESERR_005fNONE-3688"></a><dd>The encryption succeeded.

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<br><dt><code>DESERR_NOHWDEVICE</code><a name="index-DESERR_005fNOHWDEVICE-3689"></a><dd>The encryption succeeded, but there was no hardware device available.

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<br><dt><code>DESERR_HWERROR</code><a name="index-DESERR_005fHWERROR-3690"></a><dd>The encryption failed because of a hardware problem.

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<br><dt><code>DESERR_BADPARAM</code><a name="index-DESERR_005fBADPARAM-3691"></a><dd>The encryption failed because of a bad parameter, for instance <var>len</var>
	is not a multiple of 8 or <var>len</var> is larger than <code>DES_MAXDATA</code>.
	</dl>
	</p></blockquote></div>

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<div class="defun">
	— Function: int <b>DES_FAILED</b> (<var>int err</var>)<var><a name="index-DES_005fFAILED-3692"></a></var><br>
	<blockquote><p>This macro returns 1 if <var>err</var> is a `success' result code from
	<code>ecb_crypt</code> or <code>cbc_crypt</code>, and 0 otherwise.
	</p></blockquote></div>

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<div class="defun">
	— Function: int <b>cbc_crypt</b> (<var>char key, char blocks, unsigned len, unsigned mode, char *ivec</var>)<var><a name="index-cbc_005fcrypt-3693"></a></var><br>
	<blockquote>
	<p>The function <code>cbc_crypt</code> encrypts or decrypts one or more blocks
	using DES in Cipher Block Chaining mode.

	<p>For encryption in CBC mode, each block is exclusive-ored with <var>ivec</var>
	before being encrypted, then <var>ivec</var> is replaced with the result of
	the encryption, then the next block is processed. Decryption is the
	reverse of this process.

	<p>This has the advantage that blocks which are the same before being
	encrypted are very unlikely to be the same after being encrypted, making
	it much harder to detect patterns in the data.

	<p>Usually, <var>ivec</var> is set to 8 random bytes before encryption starts.
	Then the 8 random bytes are transmitted along with the encrypted data
	(without themselves being encrypted), and passed back in as <var>ivec</var>
	for decryption. Another possibility is to set <var>ivec</var> to 8 zeroes
	initially, and have the first the block encrypted consist of 8 random
	bytes.

	<p>Otherwise, all the parameters are similar to those for <code>ecb_crypt</code>.
	</p></blockquote></div>

	<!-- rpc/des_crypt.h -->
	<!-- SUNRPC -->
	<div class="defun">
	— Function: void <b>des_setparity</b> (<var>char *key</var>)<var><a name="index-des_005fsetparity-3694"></a></var><br>
	<blockquote>
	<p>The function <code>des_setparity</code> changes the 64-bit <var>key</var>, stored
	packed in 8-bit bytes, to have odd parity by altering the low bits of
	each byte.
	</p></blockquote></div>

	<p>The <code>ecb_crypt</code>, <code>cbc_crypt</code>, and <code>des_setparity</code>
	functions and their accompanying macros are all defined in the header
	<samp><span class="file">rpc/des_crypt.h</span></samp>.

	</body></html>