The
ecb_crypt ();
and
cbc_crypt ();
functions
implement the
NBSDES
(Data Encryption Standard).
These routines are faster and more general purpose than
crypt(3).
They also are able to utilize
DES
hardware if it is available.
The
ecb_crypt ();
function
encrypts in
ECB
(Electronic Code Book)
mode, which encrypts blocks of data independently.
The
cbc_crypt ();
function
encrypts in
CBC
(Cipher Block Chaining)
mode, which chains together
successive blocks.
CBC
mode protects against insertions, deletions and
substitutions of blocks.
Also, regularities in the clear text will
not appear in the cipher text.
Here is how to use these routines.
The first argument,
Fa key ,
is the 8-byte encryption key with parity.
To set the key's parity, which for
DES
is in the low bit of each byte, use
des_setparity (.);
The second argument,
Fa data ,
contains the data to be encrypted or decrypted.
The
third argument,
Fa datalen ,
is the length in bytes of
Fa data ,
which must be a multiple of 8.
The fourth argument,
Fa mode ,
is formed by
OR 'ing
together some things.
For the encryption direction
OR
in either
DES_ENCRYPT
or
DES_DECRYPT
For software versus hardware
encryption,
OR
in either
DES_HW
or
DES_SW
If
DES_HW
is specified, and there is no hardware, then the encryption is performed
in software and the routine returns
Er DESERR_NOHWDEVICE .
For
cbc_crypt (,);
the
Fa ivec
argument
is the 8-byte initialization
vector for the chaining.
It is updated to the next initialization
vector upon return.
ERRORS
Bq Er DESERR_NONE
No error.
Bq Er DESERR_NOHWDEVICE
Encryption succeeded, but done in software instead of the requested hardware.
Bq Er DESERR_HWERR
An error occurred in the hardware or driver.
Bq Er DESERR_BADPARAM
Bad argument to routine.
Given a result status
stat
the macro
DES_FAILED (stat);
is false only for the first two statuses.
