DES Cipher Object

Operations Supported

Encrypt, Decrypt, Multi-Part MAC, and Multi-Part Verify.

Key encoding

Every byte contains 7 key bits, and 1 parity bit. The parity bit is the least significant bit in each byte. There is no additional encoding of the key data. The key must be 8 bytes long.

Encrypt/Decrypt Modes

The least significant nibble (4 bits) determines the operational mode.

Possible values:

>SYM_MODE_ECB (0)

Electronic Code Book (ECB) mode. It may be combined with a padding mode (see below).

>SYM_MODE_CBC (1)

Cipher Block Chaining (CBC) mode. It may be combined with a padding mode (see below).

>SYM_MODE_CFB (2)

Cipher Feedback (64-bit) mode

>SYM_MODE_BCF (3)

Byte Cipher Feedback (8-bit CFB) mode

>SYM_MODE_OFB (4)

Output Feedback (64-bit) mode

>SYM_MODE_BOF (5)

Byte Output Feedback (8-bit OFB) mode

The most significant nibble defines the padding mode used.

Possible values:

>SYM_MODE_PADNONE (0x00)

No padding applied. Data must be a multiple of the block size (8 bytes).

>SYM_MODE_PADNULL (0x80)

0 to 7 bytes with value 0 is added to the data to extend it to be a multiple of block size.

>SYM_MODE_PADPKCS1 (0x90)

PKCS#1 padding is applied. This causes 1 to 8 bytes of padding to be added to the data.

MAC modes

For MAC generation and verification operation the following modes are available:

>0: Standard DES CBC

>1: Standard DES CBC with configurable MAC length

In both methods, NULL padding is applied to the data.

Encrypt/Decrypt Parameters

In all modes, except SYM_MODE_ECB, the parameter buffer must contain the IV (8 bytes). In SYM_MODE_ECB, there are no parameters.

MAC Parameters

When mode 1 is used, parameter buffer contains 4 bytes, which contain a little-endian encoding of an integer. The integer value must contain a value from 1 to 8, indicating the number of bytes of the final IV that will be used as the MAC.