Muhammet Esat BÜYÜKBULUT

DES Modes of Operation

by

Muhammet Esat BÜYÜKBULUT
in ,

Modes of operation

https://www.ibm.com/docs/en/zos/2.4.0?topic=data-modes-operation

To encipher or decipher data or keys, ICSF uses either the U.S. National Institute of Standards and Technology (NIST) Data Encryption Standard (DES) algorithm or the Advanced Encryption Standard (AES) algorithm. The DES algorithm is documented in Federal Information Processing Standard #46. The AES algorithm is documented in Federal Information Processing Standard 197.

ICSF enciphers and deciphers using several modes of operation. Some of the modes have variations related to padding or blocking of the data. The text in parentheses is the processing rule associated with that mode.

The supported modes are:

  • Electronic code book (ECB)
  • Cipher block chaining (CBC)
    • Cipher block chaining with ciphertext stealing (CBC-CS)
    • Cipher block chaining compatible with CUSP/PCF (CUSP)
    • Cipher block chaining compatible with IPS (IPS)
    • Cipher block chaining using PKCS#7 padding (PKCS-PAD)
    • Cipher block chaining using ANSI X9.23 padding (X9.23)
    • Cipher block chaining using IBM 4700 padding (4700-PAD)
  • Cipher Feedback (CFB)
    • Cipher Feedback with a non-blocksize segment (CFB-LCFB)
  • Output Feedback (OFB)
  • Galois/Counter Mode (GCM)

Electronic Code Book (ECB) Mode

In the ECB mode, each block of plaintext is separately enciphered and each block of the ciphertext is separately deciphered. In other words, the encipherment or decipherment of a block is totally independent of other blocks. ICSF uses the ECB encipherment mode for enciphering and deciphering data with clear keys using the encode and decode callable services.

Cipher Block Chaining (CBC) Mode

The CBC mode uses an initial chaining vector (ICV) in its processing. The CBC mode only processes blocks of data in exact multiples of the blocksize. The ICV is exclusive ORed with the first block of plaintext prior to the encryption step; the block of ciphertext just produced is exclusive-ORed with the next block of plaintext, and so on. You must use the same ICV to decipher the data. This disguises any pattern that may exist in the plaintext. CBC mode is the default for encrypting and decrypting data using the Encipher and Decipher callable services. Cipher processing rules describes the CBC-specific processing rules in detail.

Cipher Feedback (CFB) Mode

The CFB mode uses an initial chaining vector (ICV) in its processing. CFB mode performs cipher feedback encryption. CFB mode operates on segments instead of blocks. The segment length (called s) is between one bit and the block size (called b) for the underlying algorithm (DES or AES), inclusive. ICSF only allows segment sizes which are a multiple of eight bits (complete bytes). Each encryption step takes an input block, enciphers it with the key provided to generate an output block, takes the most significant s bits of the output block, and then exclusive ORs that with the plaintext segment. The first input block is the ICV and each subsequent input block is formed by concatenating the (bs) least significant bits of the previous input block and the ciphertext (s bits) from the previous step to form a full block. The input text can be of any length. The output text will have the same length as the input text.

Output Feedback (OFB) Mode

The OFB mode uses an initial chaining vector (ICV) in its processing. OFB mode requires that the ICV is a nonce (the ICV must be unique for each execution of the mode under the given key). Each encryption step takes an input block, enciphers it with the key provided to generate an output block, and then exclusive ORs the output block with the plaintext block. The first input block is the ICV and each subsequent input block is the previous output block. The input text can be of any length. The output text will have the same length as the input text.

Galois/Counter Mode (GCM)

The GCM mode uses an initialization vector (IV) in its processing. This mode is used for authenticated encryption with associated data. GCM provides confidentiality and authenticity for the encrypted data and authenticity for the additional authenticated data (AAD). The AAD is not encrypted. GCM mode requires that the IV is a nonce, i.e., the IV must be unique for each execution of the mode under the given key. The steps for GCM encryption are:

  1. The hash subkey for the GHASH function is generated by applying the block cipher to the “zero” block.
  2. The pre-counter block (J0) is generated from the IV. In particular, when the length of the IV is 96 bits, then the padding string 031||1 is appended to the IV to form the pre-counter block. Otherwise, the IV is padded with the minimum number of ‘0’ bits, possibly none, so that the length of the resulting string is a multiple of 128 bits (the block size); this string in turn is appended with 64 additional ‘0’ bits, followed by the 64-bit representation of the length of the IV, and the GHASH function is applied to the resulting string to form the pre-counter block.
  3. The 32-bit incrementing function is applied to the pre-counter block to produce the initial counter block for an invocation of the GCTR function on the plaintext. The output of this invocation of the GCTR function is the ciphertext.
  4. The AAD and the ciphertext are each appended with the minimum number of ‘0’ bits, possibly none, so that the bit lengths of the resulting strings are multiples of the block size. The concatenation of these strings is appended with the 64-bit representations of the lengths of the AAD and the ciphertext to produce block u.
  5. The GHASH function is applied to block u to produce a single output block.
  6. This output block is encrypted using the GCTR function with the pre-counter block that was generated in Step 2, and the result is truncated to the specified tag length to form the authentication tag.
  7. The ciphertext and the tag are returned as the output.The plaintext can be of any length. The ciphertext will have the same length as the plaintext.

For GCM decryption, the tag is an input parameter. ICSF calculates a tag using the same process as encryption and compares that to the parameter passed by the caller. If they match, the decryption will proceed.

Triple DES Encryption

Triple-DES encryption uses a triple-length key comprised of three 8-byte DES keys to encipher 8 bytes of data using this method:

  • Encipher the data using the first key
  • Decipher the result using the second key
  • Encipher the second result using the third key

The procedure is reversed to decipher data that has been triple-DES enciphered:

  • Decipher the data using the third key
  • Encipher the result using the second key
  • Decipher the second result using the first key

ICSF uses the triple-DES encryption in the CBC encipherment mode.

A variation of the triple DES algorithm supports the use of a double-length data-encryption key comprised of two 8-byte DATA keys. In this method, the first 8-byte key is reused in the last encipherment step.

Due to export regulations, triple-DES encryption may not be available on your processor.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *