DES(2)                                                     DES(2)

          setupDESstate, des_key_setup, block_cipher, desCBCencrypt,
          desCBCdecrypt, desECBencrypt, desECBdecrypt, des3CBCencrypt,
          des3CBCdecrypt, des3ECBencrypt, des3ECBdecrypt, key_setup,
          des56to64, des64to56, setupDES3state, triple_block_cipher  -
          single and triple digital encryption standard

          #include <u.h>
          #include <libc.h>
          #include <mp.h>
          #include <libsec.h>

          void des_key_setup(uchar key[8], ulong schedule[32])

          void block_cipher(ulong *schedule, uchar *data, int decrypt-

          void setupDESstate(DESstate *s, uchar key[8], uchar *ivec)

          void desCBCencrypt(uchar *p, int len, DESstate *s)

          void desCBCdecrypt(uchar *p, int len, DESstate *s)

          void desECBencrypt(uchar *p, int len, DESstate *s)

          void desECBdecrypt(uchar *p, int len, DESstate *s)

          void triple_block_cipher(ulong expanded_key[3][32], uchar
               text[8], int ende)

          void setupDES3state(DES3state *s, uchar key[3][8], uchar

          void des3CBCencrypt(uchar *p, int len, DES3state *s)

          void des3CBCdecrypt(uchar *p, int len, DES3state *s)

          void des3ECBencrypt(uchar *p, int len, DES3state *s)

          void des3ECBdecrypt(uchar *p, int len, DES3state *s)

          void key_setup(uchar[7], ulong[32])

          void des56to64(uchar *k56, uchar *k64)

          void des64to56(uchar *k64, uchar *k56)

          The Digital Encryption Standard (DES) is a shared-key or

     Page 1                       Plan 9             (printed 7/22/24)

     DES(2)                                                     DES(2)

          symmetric encryption algorithm using either a 56-bit key for
          single DES or three 56-bit keys for triple DES.  The keys
          are encoded into 64 bits where every eight bit is parity.

          The basic DES function, block_cipher, works on a block of 8
          bytes, converting them in place.  It takes a key schedule, a
          pointer to the block, and a flag indicating encrypting (0)
          or decrypting (1).  The key schedule is created from the key
          using des_key_setup.

          Since it is a bit awkward, block_cipher is rarely called
          directly.  Instead, one normally uses routines that encrypt
          larger buffers of data and which may chain the encryption
          state from one buffer to the next.  These routines keep
          track of the state of the encryption using a DESstate struc-
          ture that contains the key schedule and any chained state.
          SetupDESstate sets up the DESstate structure using the key
          and an 8-byte initialization vector.

          Electronic code book, using desECBencrypt and desECBdecrypt,
          is the less secure mode.  The encryption of each 8 bytes
          does not depend on the encryption of any other.  Hence the
          encryption is a substitution cipher using 64 bit characters.

          Cipher block chaining mode, using desCBCencrypt and
          desCBCdecrypt, is more secure.  Every block encrypted
          depends on the initialization vector and all blocks
          encrypted before it.

          For both CBC and ECB modes, a stream of data can be
          encrypted as multiple buffers.  However, all buffers except
          the last must be a multiple of 8 bytes to ensure successful
          decryption of the stream.

          There are equivalent triple-DES (DES3-EDE) functions for
          each of the DES functions.

          In the past, Plan 9 used a 56-bit or 7-byte format for DES
          keys.  To be compatible with the rest of the world, we've
          abandoned this format.  There are two functions, des56to64
          and des64to56, to convert back and forth between the two
          formats.  Also a key schedule can be set up from the 7-byte
          format using key_setup.


          mp(2), aes(2), blowfish(2), dsa(2), elgamal(2), rc4(2),
          rsa(2), sechash(2), prime(2), rand(2)
          Breaking DES, Electronic Frontier Foundation, O'Reilly, 1998

     Page 2                       Plan 9             (printed 7/22/24)

     DES(2)                                                     DES(2)

          Single DES can be realistically broken by brute-force; its
          56-bit key is just too short.  It should not be used in new
          code, which should probably use aes(2) instead, or at least
          triple DES.

     Page 3                       Plan 9             (printed 7/22/24)