emLib DES – Encrypt & Decrypt Data Files with DES
The emLib DES module allows encryption and dycryption of data using DES, the Data Encryption Standard as published in 1976. This chapter describes the DES API functions and shows their usage based on example code.
What is DES?
The Data Encryption Standard, short DES, is a symmetric-key algorithm for en- and decryption of data. It was developed in the 1970's and established as a standard for the United States by the National Bureau of Standards (NBS, now NIST). DES has been superseded by AES.
DES is a block cypher, taking a fixed-length block of data (64 bits). The key used for processing consists of 64 bits, where only 56 are actually used for transformations and 8 bits are used for parity checks.
DES performs an initial permitation of the data, 16 rounds of transformation, and a final permitation, the inverse of the initial permutation. In the transformations the data block is initially splitted in two 32 bit blocks where the first block is transformated with the round key using a Feistel cipher and XOR-linked with the second block. The first block and the resulting block are used for the next round.
emLib DES uses a key of 64 bits to encrypt a block of 68 bits of data at a time. To optimize the performance of the algorithms the generation of the round keys can be done before the actual encryption or decryption and used more than one time. DES can also be used in cipher block chaining (CBC) mode to process more than 64 bits.
In CBC mode every chunk of 64 bits is XOR linked with the result of the previous encryption (the cipher text), before being encrypted. To decrypt one block, all previous blocks have to be known.
For the encryption of the first block an initialization vector which will be linked with the block, can be used to make sure the first block cannot be brute-force decrypted by comparing it to common first data blocks.
Using emLib DES
The emLib DES module has a simple yet powerful API. It can be easily integrated into an existing application. The code is completely written in ANSI-C.
All functionality can be verified with standard test patterns using the Validation API functions. The functions for generating the tables used for higher optimization levels are also included for full transparency. To simply encrypt or decrypt data the application would only need to call one function.
If more than one block needs to be processed with the same key, a context containing the round keys calculated from the key can be prepared and directly used by the encryption and decryption functions. For more than one call of these functions this method results in a slightly higher processing speed.
DES API Functions
The table below lists the available DES API functions.
| Function | Description |
|---|---|
| DES_CBC_Encrypt() | Encrypts data with DES using CBC. |
| DES_CBC_Decrypt() | Decrypts data with DES using CBC. |
| DES_Decrypt() | Decrypts 8 Bytes with DES. |
| DES_Encrypt() | Encrypts 8 Bytes with DES. |
| DES_Prepare() | Prepares the context for de-/encryption. |
| DES_Validate() | Test function for validation of DES. |
Detailed descriptions of all functions can be found in the emLib user manual.
Example Code
DES en-/decryption of 16 Bytes using CBC
#include <DES.h>
int main(void) {
DES_CONTEXT Context;
const U8 aKey[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF};
const U8 aPlain[16] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xE7,
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xE7};
U8 aRefPlain[16];
U8 aCipher[16];
int r;
//
// Prepare the DES Context with aKey
//
DES_PrepareKey(&Context, &aKey[0]);
//
// Encrypt the data of aPlain
//
DES_CBC_Encrypt(&Context, &aCipher[0], &aPlain[0], sizeof(aPlain), NULL);
//
// Decrypt the data of aCipher
//
DES_CBC_Decrypt(&Context, &aRefPlain[0], &aCipher[0], sizeof(aCipher), NULL);
r = memcmp(&aPlain[0], &aRefPlain[0], sizeof(aRefPlain));
if (r != 0) {
return -2;
}
return r; // DES works fine.
}#include <DES.h>Sample Applications
emLib includes some sample applications to show the modules functionality and provide an easy to use starting point for your application. The application's source code is included within the module. The following applications are included in emLib DES:
| Application name | Target platform | Description |
|---|---|---|
| DESSpeedtest.exe | Windows | Console application testing the speed of emLib DES. |
| DESValidate.exe | Windows | Console application validating emLib DES with standard test patterns. |
DESSpeedTest
DESSpeedtest is a windows application, testing the performance of the emLib DES algorithms.
DESValidate
DESValidate is a Windows application used to test and validate the implementation of the DES algorithms. The application uses the Validation API and compares the results of encryption and decryption with the expected results. DESValidate will show an error message, if a validation test fails.
Performance and Memory Footprint
emLib DES aims for portability and is designed to fit speed and size requirements for different targets.
Performance test
The performance and memory footprint have been tested on a Cortex-M4 running at 200 MHz from internal flash, using internal RAM.
Results
The following table shows the en- and decryption speed of emLib DES:
| Compiler options | Speed1 | ROM usage1 |
|---|---|---|
| Optimize high for speed | 1.0 MB/s | 3.2 KB |
| Optimize high for size | 0.7 MB/s | 3.0 KB |
1: Results may vary depening on the compiler, compiler settings and memory timings of the microcontroller used.