DES(4S) — SPECIAL FILES
NAME
des − DES encryption chip interface
SYNOPSIS — SUN-3
des0 at obio ? csr 0x1c0000 #include <sys/des.h>
SYNOPSIS — SUN-2
des0 at virtual ? csr 0xee1800 #include <sys/des.h>
DESCRIPTION
The des driver provides a high level interface to the AmZ8068 Data Ciphering Processor, a hardware implementation of the NBS Data Encryption Standard.
The high level interface provided by this driver is hardware independent and could be shared by future drivers in other systems. The driver implements a number of minor devices (currently, ten); each of these is an exclusive-use device which maintains the state of one encryption channel. The correct way to obtain a file descriptor for a DES channel is to iterate over the possible DES devices (/dev/des0 through /dev/des9) until either an open succeeds or an error other than EBUSY is indicated.
The interface allows access to two modes of the DES algorithm: Electronic Code Book (ECB) and Cipher Block Chaining (CBC). All access to the DES driver is through ioctl(2) calls rather than through reads and writes; all encryption is done in-place in the user’s buffers. The ioctls provided are:
DESIOCSETKEY
This command sets the encryption mode, direction (encrypt or decrypt), and key. The argument to this call is struct deskey as defined in <sys/des.h>.
DESIOCGETKEY
This call returns the current key and modes (struct deskey) for the encryption channel.
DESIOCSETIVEC
This call sets the "initialization vector" used by the Cipher Block Chaining mode. This 8 byte value is XORed with the each 8 byte chunk of data before the beginning of an ecryption operation and replaced by the output of the operation. The argument of the ioctl is the address of a struct desivec which contains the 8 byte value.
DESIOCGETIVEC
This call returns the current value of the initialization vector.
DESIOCCHUNK
This call invokes an encryption operation on a single 8 byte data "chunk". It is expected that this call would be most useful in ECB mode. The argument of the ioctl is the address of the 8 bytes to be encrypted or decrypted.
DESIOCBLOCK
This call encrypts/decrypts an entire buffer of data, whose address and length are passed in the struct desblock addressed by the argument. The length must be a multiple of 8 bytes.
FILES
/dev/des?
SEE ALSO
des(1)
Federal Information Processing Standards Publication 46
AmZ8068 DCP Product Description, Advanced Micro Devices
BUGS
The AmZ8068 is not intended to be context-switchable. Hence, the driver uses only the most basic features of the chip (ECB mode) and maintains other state in software.
Sun Release 3.0β — Last change: 16 September 1985