Implementation of (Triple) DES in C

This algorithm implementation is a part of my cryptography implementations project. The full project, along with licensing information and more detail, is hosted on GitHub.

Algorithm

This is an implementation of the DES and 3 DES block ciphers. 3DES (is simply the DES algorithm iterated three times and sometimes referred to as Triple DES. This algorithm encrypts plaintext in block sizes of 8 bytes.

Code Documentation

For DES:

  • void key_schedule(unsigned char key[], unsigned char schedule[][6], unsigned int mode)
    This function generates a multi-dimensional key schedule from a user-supplied key, the key schedule will be used for encryption.

    • unsigned char key[]
      Must contain 8 bytes of data to be used as the key.
    • unsigned int schedule[][6]
      Must be 16 arrays of 6 bytes each. This will contain the final key output.
    • unsigned int mode
      This value should be set to appropriate the macro-defined ENCRYPT or DECRYPT value.
  • void des_crypt(unsigned char in[], unsigned char out[], unsigned char key[][6])
    This function both encrypts and decrypts text using the key schedule.

    • unsigned char in[]
      This contains the plaintext/ciphertext to be encrypted/decrypted. It must contain 8 bytes of data. Padding may be necessary if it is the last block of the plaintext.
    • unsigned char out[]
      This contains the encrypted/decrypted ciphertext/plaintext output. It must be 8 bytes in size.
    • unsigned int key[][6]
      The "schedule" array from the key_schedule() function.
For 3DES:
  • void three_des_key_schedule(unsigned char key[], unsigned char schedule[][16][6], unsigned int mode)

    • unsigned char key[]
      This array must contain 24 bytes of data to be used as the encryption key.
    • unsigned int schedule[][16][6]
      Must be 3 arrays each with 16 arrays of 6 bytes each.
    • unsigned int mode
      Set this equal to the macro-defined ENCRYPT or DECRYPT values.
  • three_des_crypt()
    function must be called, the same function both encrypts or decrypts the data.
    • unsigned char in[]
      Must contain 8 bytes of data to be encrypted/decrypted.
    • unsigned char out[]
      Must be 8 bytes in size to hold the encrypted/decrypted data.
    • unsigned int key[][16][6]
      The "schedule" array from three_key_schedule() function.

Code Usage

For DES:
  1. Generate an 8 byte key. Note that only the seven most significant bits of each byte will actually be used.
  2. Use the key_schedule() function to generate a key schedule from the eight byte key.
  3. Use the des_crypt() function to encrypt your plaintext in blocks of 8 bytes. (You will likely have to pad your last block of plaintext.) The output is the ciphertext.
  4. To decrypt the ciphertext, switch the "mode" argument for des_crypt() and pass said function the ciphertext as input.
For 3DES:
  1. Generate a 24 byte key. Note that only the seven most significant bits of each byte will actually be used.
  2. Use the three_des_key_schedule() function to expand the key into a key schedule.
  3. Use the three_des_crypt() function to encrypt your plaintext in blocks of 8 bytes. (You will likely have to pad your last block of plaintext.) The output is the ciphertext.
  4. To decrypt the ciphertext, switch the "mode" argument for three_des_crypt() and pass said function the ciphertext as input.

Code

Notes

This implementation adheres fully to the official DES specification and includes the Initial Permutation and Inverse Initial Permutation steps that are often neglected for convenience due to their lack of cryptographic purpose.

This is an amateur implementation of DES. It has benchmarked to be fairly slow and has not been designed to be resistant to any sort of side-channel attacks.