APPENDIX D PASSWORD ENCRYPTION AND PASSPHRASE TRANSFORMATION The FORTRAN program provided herein is a suggested method for password encryption and passphrase transformation. The program transforms a user identifier (USER-ID) and a user password (4-8 characters) or passphrase (9-64 characters) into 64-bit values for subsequent encryption. This capability was suggested by several people in comments to NBS on the Password Usage Standard. Limited experience has indicated that passphrases (greater than eight characters) are easier to remember and enter than passwords consisting of any combination of eight characters from the 95 character set suggested in the Standard. The method provided in this appendix is cryptographic algorithm independent, although 64-bit vectors are used. Key consists of 56 significant bits plus eight bits of parity. Input and output are each 64 bits in length. The program allows the entry of passwords consisting of all characters from the 95 character set. Acceptable entries include passwords (4-8 characters), passphrases (9-64 characters), the equivalent eight character virtual password, or the equivalent 16 hexadecimal digit pass key. The last two are printed whenever a passphrase is entered. User IDs up to 64 characters long may also be entered. However, the transformed virtual value for the user ID is not (normally) printed. User IDs and passwords which are entered and are not a multiple of eight characters in length are padded with spaces. A virtual password or user ID is calculated whenever a value greater than 8 characters in length is entered and (for passwords only) which does not consist of precisely 16 hexadecimal characters. The virtual value is produced by CBC encryption using the first eight bytes as key, and subsequent 8-byte blocks as input to the CBC algorithm. The virtual value is selected in 7- bit groups from the final output of this operation. These 7 bits are stored in the right-most bits of a byte, and the left-most bit is set to zero. Seven bit values which are not represented in the 95-character set result in discarding the left-most bit and adding the next bit from the final output value of the encryption operation. If all bits from this final output value are used before a complete 8-byte virtual password or user ID has been calculated, the output value is again processed by the encryption operation to produce an additional 64 bits from which to complete the virtual password or user ID calculation. The value which is ultimately stored as the encrypted password is produced by encrypting the user ID (or virtual user ID) by a key which is the exclusive OR of the password (or virtual password) and a system key. The system key may be set to 0 for system independent operation (i.e., for intercommunication between systems). C PASSWORD ENCRYPTION AND PASSPHASE TRANSFORMATION DEMONSTRATION PROGRAM. FC VERSION 1.2 C THIS PROGRAM WAS PRODUCED BY THE COMPUTER INTEGRITY AND SECURITY STAFF, C INSTITUTE FOR COMPUTER SCIENCES AND TECHNOLOGY C TECHNOLOGY A-216 C NATIONAL BUREAU OF STANDARDS C GAITHERSBURG, MARYLAND 20899 C (301)921-3427 C C C THE PROGRAM 15 DESIGNED TO COMBINE A USER'S C IDENTIFIER WITH THE ASSOCIATED PASSWORD 50 THAT THE RESULT CAN NEVER BE C DIVIDED OR DECIPHERED. THE RESULT IS AN ENCRYPTED PASSWORD C WHICH CAN BE COMPARED WITH A PREVIOUSLY ENCRYPTED AND C STORED PASSWORD. THE DESIGN GOALS INCLUDE HAVING A SYSTEM FOR C ENCRYPTING PASSWORDS THAT DOES NOT USE A STORED CRYPTOGRAPHIC KEY. C SUCH SYSTEMS CAN EASILY PASS AN ENCRYPTED PASSWORD TO ANOTHER COMPUTER C SYSTEM FOR VALIDATION. FOR SYSTEMS THAT DO NOT WISH TO USE ANOTHER C COMPUTER TO VALIDATE PASSWORDS OR TO INTERCHANGE PASSWORDS, A SYSTEM C KEY VARIABLE IS PROVIDED WHICH SHOULD BE RANDOMLY SET FOR EACH SYSTEM. C THE SYSTEM KEY SHOULD BE SET TO ZERO FOR INTERCHANGE AND A SECRET VALUE C FOR NO INTERCHANGE. IDENTICAL TRANSFORMATIONS ARE USED FOR THE C USER-ID AND PASSPHRASE. C C C THE USER-ID AND THE PASSPHRASE CAN EACH CONTAIN UP TO 64 CHARACTERS. C PASSPHASES AND LONG USER-IDS (MORE THAN 8 CHARACTERS EACH) C ARE TRANSFORMED TO 64 BIT VALUES. THE RESULTS, CALLED THE VIRTUAL C USER-ID AND VIRTUAL PASSWORD, ARE THEN USED TO PRODUCE AN ENCRYPTED C PASSWORD USING A ONE-WAY ENCRYPTION FUNCTION. C C A USER-ID AND A PASSPHRASE (PASSWORD/PASS KEY) ARE ENTERED BY A C PERSON DESIRING USE OF A SYSTEM. THE USER-ID AND PASSPHRASE ARE C TRANSFORMED. THE VIRTUAL PASSWORD IS USED AS A KEY TO ENCRYPT C THE VIRTUAL USER-ID AND THE RESULT IS COMPARED WITH THE STORED C VALUE FOR THE AUTHORIZED USER OF THE SYSTEM. C C BOTH THE PASSWORD ENCRYPTION AND PASSPHASE TRANSFORMATION OPERATIONS C USE THE DATA ENCRYPTION STANDARD (DES) ALGORITHM, BUT ANY BLOCK C ENCIPHERING ALGORITHM CAN BE USED. C C CALLS TRANSF, PARITY, CBC, HEXKEY, PACK, UNPBIN, DES AND SETKEY ROUTINES C DESCNT IS THE NUMBER OF TIMES TO ENCRYPT PASSWORD (ODD *). INTEGER DESCNT/5/ INTEGER USERID(64) , PASSWD(64) . SYSKEY(8) INTEGER SPACE /' '/,IDLEN, PWLEN , HEXFLG INTEGER IDBIN(64) ,KEYBIN(64) , SYSBIN(64) C THE SYSTEM KEY SHOULD BE ALL ZEROS FOR INTERCHANGE WITH OTHER SYSTEMS. C FOR SYSTEMS THAT WILL NOT INTERCHANGE PASSWORDS WITH OTHER SYSTEMS, C THE SYSTEM KEY SHOULD BE SET TO RANDOM EVEN NUMBERS BETWEEN O AND 254 C DECIMAL (INCLUSIVE) IN EACH OF THE EIGHT ENTRIES. THIS IS THE EQUIVALENT C OF A DES KEY WITH THE RIGHT-MOST BIT OF EACH OCTET RESERVED FOR PARITY. C **NOTE: THE FOLLOWING SHOULD BE CHANGED FOR EACH SYSTEM INSTALLATION.** DATA SYSKEY/120,98,46,76,22,2,254,128/ C INITIALIZE USER-ID AND PASSPHRASE VECTORS 1 DO 4 1=1,64 USERID( I) =0 4 PASSWD(I)-O C GET USER ID AND PASSPHRASE AND DETERMINE THEIR LENGTHS 5 WRITE(6,800) 800 FORMAT(//' ENTER USER ID: ') READ(S, 100) USERID CALL TSTVAL( 64 , USERID, IDLEN) IF(IDLEN.LE.0) STOP C FOLLOWING STATEMENT IS PROGRAM DEBUG STATEMENT C WRITE(6,500) (USERID(M),M=1,IDLEN) 500 FORMAT(' ASCII= ',8Z2.2) 10 WRITE(6,900) 900 FORMAT(' ENTER PASSWORD, PASSPHRASE OR 16-DIGIT HEX KEY ') 100 FORMAT(64A1) HEXFLG=0 READ(s, 100)PASSWD CALL TSTVAL( 64, PASSWD, PWLEN) IF (PWLEN.LT.4) GO TO 10 C CHECK FOR A PASSWORD ENTERED AS A HEXADECIMAL KEY IF (PWLEN. EQ. 16) CALL HEXKEY(PWLEN, PASSWD,HEXFLG) C PASSWORD MUST BE DIFFERENT THAN USER-ID; CHECK AND REPORT. IF (IDLEN.NE.PWLEN) GO TO 23 DO 22 I=1,IDLEN IF (PASSWD(I).NE.USERID(I)) GO TO 23 22 CONTINUE WRITE(6,200) 200 FORMAT(' PASSWORD MUST NOT EQUAL THE USER ID') GO TO 10 23 CONTINUE C FOLLOWING STATEMENT IS FOR PROGRAM DEBUG. WRITE(6.500) (PASSWD(M),M=1,PWLEN) C TRANSFORM LONG USER-ID INTO VIRTUAL USER-ID IF REQUIRED. IF (IDLEN .LE. 8) GO TO 43 CALL TRANSF( IDLEN , USERID) C FOLLOWING STATEMENT IS FOR PROGRAM DEBUG. C WRITE(6,650)(USERID(I),I=l,8) 650 FORMAT(' VIRTUAL USER ID IN 95 CHARACTER SET IS ',8A1) 43 CONTINUE C HEXFLG IS A 1 IF SIXTEEN HEX CHARACTERS WERE ENTERED. C SIXTEEN HEX CHARACTERS ARE USED AS A KEY, NOT A PASSPHRASE IF (HEXFLG .EQ. 1) GOTO 46 C TRANSFORM PASSPHRASE INTO VIRTUAL PASSWORD IF MORE THAN 8 CHARACTERS. IF (PWLEN .LE. 8) GO TO 44 CALL TRANSF(PWLEN, PASSWD) WRITE(6,660) (PASSWD(I),I=1,8) 660 FORMAT(' VIRTUAL PASSWORD IN 95 CHARACTER SET IS ',8A1) C SHIFT EACH BYTE LEFT ONE BIT FOR DES PARITY BIT COMPUTATION 44 DO 45 1=1,8 PASSWD(I) = 2*PASSWD(I) 45 CONTINUE IF (PWLEN .LE. 8)GO TO 46 WRITE(6,670) (PASSWD(I),I=1,8) 670 FORMAT(' THE PASSWORD IN HEXADECIMAL IS ',8Z2.2) 46 CONTINUE C CALL SUBROUTINE TO UNPACK PASSWORD INTO BINARY VECTOR, ONE BIT PER WORD. CALL UNPBIN(8 ,8, PASSWD,KEYBIN) C CALL SUBROUTINE TO UNPACK SYSTEM KEY MASK INTO BINARY VECTOR. CALL UNPBIN(8 ,8, SYSKEY, SYSBIN) C EXCLUSIVE OR THE PASSWORD AND THE SYSTEM KEY TO MAKE AN ENCRYPTION KEY DO 24 1=1,64 24 KEYBIN(I)=MOD(KEYBIN(I)+SYSBIN(I),2) C SET PARITY OF KEY CORRECTLY BEFORE USING CALL PARITY(KEYBIN) C THE FOLLOWING TWO STATEMENTS MAY BE USED FOR PROGRAM DEBUG. C CALL PACK(8,8,KEYBIN,PASSWD(9)) C WRITE(6,510) (PASSWD(M),M=9,16) 510 FORMAT(' THE KEY FOR PASSWORD ENCRYPTION IS: ',8Z2.2) C NOW LOAD THE KEY CALL SETKEY(KEYBIN) C UNPACK THE USER ID OR VIRTUAL ID INTO IDBIN FOR ENCRYPTION CALL UNPBIN(8,8 ,USERID, IDBIN) C NOW CALL THE DES ROUTINE THE NUMBER OF TIMES SPECIFIED. DO 30 I=1,DESCNT C THIS CALLS THE DES ROUTINE AND ONE-WAY ENCRYPTS IDBIN INTO IDBIN. 30 CALL DES(0.IDBIN,IDBIN) C NOW PACK UP THE RESULTS OF THE ENCRYPTION INTO PASSWD. CALL PACK( 8,8, IDBIN, PASSWD) C ENCRYPTED PASSWORD NAY NOW BE STORED (PRINTED FOR DEMONSTRATION). WRITE(6,300) (PASSWD(M),M-1,8) C Z FORMAT PRINTS HEXADECIMAL CHARACTERS. 300 FORMAT(' THE ENCRYPTED PASSWORD IS: ,8Z2.2) GO TO 1 END SUBROUTINE TRANSF(LEN, STRING) C TRANSFORM A LONG STRING INTO A STRING OF 8 CHARACTERS INTEGER LEN,STRING(*),KEYBIN(64) ,TEMP(128), IV(64) C LOAD THE FIRST 8 BYTES AS KEY AFTER SHIFTING EACH BYTE LEFT, C UNPACKING AND COMPUTING ODD PARITY. DO 10 1-1,8 10 TEMP(I)-2*STRING(I) CALL UNPBIN( 8 , 8 , TEMP , KEYBIN) CALL PARITY(KEYBIN) C CALL PACK(8,8,KEYBIN,TEMP) C WRITE(6,500) (TEMP(M),M=1,8) 500 FORMAT(' THE KEY FOR THE VIRTUAL TRANSFORMATION IS: ',8Z2.2) CALL SETKEY(KEYBIN) C CBC ENCRYPT THE REST OF THE STRING DO 20 1=1,64 20 IV(I)=O CALL CBC(IV,LEN-8,STRING(9) STRING) C DETERMINE THE VIRTUAL ENTITY. ACCEPT ONLY THE 95 LEGAL CHARACTERS C (32-126) CALL UNPBIN( 8 , 8, STRING, TEMP) J=1 DO 50 1=1,8 C GET ADDITIONAL BITS IF NECESSARY 30 IF(J.GE.59) CALL DES(0,TEMP,TEMP(65)) C EXTRACT 7 ASCII BITS AND CHECK FOR VALIDITY CALL PACK(1,7,TEMP(J),STRING(I)) IF((STRING(I).EQ.127).OR.(STRING(I).LT.32)) THEN C SHIFT TO NEXT 7-BIT SET IF ILLEGAL J=J+1 GO TO 30 ENDIF C OTHERWISE, SHIFT TO NEXT 7-BIT SET 50 J=J+7 RETURN END SUBROUTINE CBC(IV,LEN, PLAIN,MAC) C COMPUTES A 64-BIT MAC ON PACKED PLAINTEXT (LENGTH-LEN) C LEN MUST BE A MULTIPLE OF 8 AND PLAIN MUST BE PADDED. INTEGER IV(64).LEN,PLAIN(*),MAC(8).INP(64).OUTP(64) C USE INITIAL VECTOR 10 DO 10 1-1,64 DO 30 I-1,LEN,8 CALL UNPBIN(8,8,PLAIN(I) .INP) DO 20 J-1,64 20 INP(J)-MOD(OUTP(J)+INP(J),2) 30 CALL DES(0,INP,OUTP) CALL PACK(8,8,OUTP,MAC) RETURN END SUBROUTINE HEXKEY(PWLEN, STRING,HEXFLG) C CHECK WHETHER THE ENTERED STRING IS HEXADECIMAL WITH CORRECT PARITY TO SERVE AS A KEY INTEGER PWLEN, STRING( *) ,HEXFLG,TEMP(8) ,TEMPI(64) C TEST FOR HEXADECIMAL. RETURN IF NOT, ELSE CONVERT HEXFLG=0 DO 5 1=1,8 5 TEMP(I)=0 DO 10 1=1,16 TEMP(J)=16*TEMP(J)+STRING(I) IF((STRING(I).GE.48).AND.(STRING(I).LE.57)) THEN TEMP(J)=TEMP(J)-48 ELSE IF((STRING(I).GE.65).AND.(STRING(I).LE.70)) THEN TEMP(J)=TEMP(J)-55 ELSE IF((STRING(I).GE.97).AND.(STRING(I).LE.102)) THEN TEMP(J)=TEMP(J)-'87 ELSE RETURN ENDIF 10 CONTINUE HEXFLG= 1 PWLEN=8 DO 30 I=1,8 30 STRING(I)=TEMP(I) RETURN END SUBROUTINE TSTVAL( LEN, BUFFER, STATUS) C MASK CHARACTERS, CHECK FOR VALIDITY AND DETERMINE BUFFER LENGTH INTEGER LEN, BUFFER(*) , STATUS STATUS=0 DO 10 I=LEN,1,-1 BUFFER(I)=BUFFER(I)-(BUFFER(I)/128) *128 IF((BUFFER(I).EQ.127).OR.(BUFFER(I).LT.32)) THEN WRITE(6, 100) BUFFER(I) 100 FORMAT(' UNACCEPTABLE ASCII CHARACTER: ,Z2.2) DO 5 J=1,LEN 5 BUFFER(J)=' STATUS=- 1 RETURN ENDIF IF((STATUS.EQ.O).AND.(BUFFER(I).NE.32)) STATUS=I 10 CONTINUE RETURN END SUBROUTINE PACK(LEN, BPW, BINARY, PACKED) C SUBROUTINE TO PACK FROM BINARY VECTOR TO PACKED C VECTOR OF LENGTH LEN FILLING THE LEAST SIGNIFICANT BPW BITS. INTEGER BINARY( *) , PACKED( *) INTEGER LEN,BPW K=0 DO 20 I=1,LEN ITEM=0 DO 10 J=1,BPW K=K+1 10 ITEM=ITEM*2+MOD(BINARY(K) ,2) 20 PACKED(I)=ITEM END SUBROUTINE UNPBIN (LEN, BPW,PACKED, BINARY) O SUBROUTINE TO UNPACK INTO BINARY VECTOR O FROM PACKED VECTOR OF LENGTH N CONTAINING BPW BITS IN EACH WORD. INTEGER PACKED(*), BINARY(*) INTEGER LEN,BPW K=0 DO 100 I=1,LEN ITEM=MOD(PACKED(I) ,2**BPW) DO 100 J-1,BPW IEX=2**(BPW-J) IBIT=ITEM/ IEX K-K+1 BINARY(K)=IBIT 100 ITEM=ITEM-IBIT*IEX END SUBROUTINE PARITY (VECTOR) C COMPUTE ODD PARITY ON A 64-BIT UNPACKED VECTOR INTEGER VECTOR( 64) DO 10 1=8,64,8 VECTOR(I)=1 DO 10 J=1,7 10 VECTOR(I)=MOD(VECTOR(I)+VECTOR(I+J-8) ,2) RETURN END C PROGRAMS PRODUCED BY THE NATIONAL BUREAU OF STANDARDS C NOT SUPPORTED BY NBS AND NOT SUBJECT TO COPYRIGHT C SUBROUTINE TO PERFORM THE DATA ENCRYPTION STANDARD ALGORITHM SUBROUTINE DES ( SWITCH, INPUT , OUTPUT) C SWITCH = O CAUSES ENCRYPTION; SWITCH = 1 CAUSES DECRYPTION. C INPUT IS PLAINTEXT FOR ENCRYPTION, CIPHERTEXT FOR DECRYPTION. C OUTPUT IS CIPHERTEXT AFTER ENCRYPTION. PLAINTEXT AFTER DECRYPTION. C CALL DES(0,PT,CT) IS AN EXAMPLE OF CALL TO ENCRYPT PT INTO CT C C CALL DES(1,CT,PT) IS AN EXAMPLE OF CALL TO DECRYPT CT INTO PT C C THIS PROGRAM SHOULD NOT BE EXPORTED FROM THE UNITED STATES. IMPLICIT INTEGER (A- z) INTEGER INPUT(64) ,OUTPUT(64) INTEGER KS(48,16) O KS IS AN ARRAY TO HOLD THE 16 SUBKEYS FOR 16 ROUNDS OF DES C KS IS COMPUTED BY SETKEY SUBROUTINE WHICH MUST BE CALLED BEFORE C THE DES SUBROUTINE IS CALLED. SETKEY IS CALLED ONCE TO SET THE C KEY AND THEN DOES NOT HAVE TO BE CALLED AGAIN UNTIL THE KEY IS C CHANGED. C COMMON KS INTEGER LR(64),L(32),R(32) EQUIVALENCE (LR(1),L(1)), (LR(33),R(1)) INTEGER TEMPL(32),EX(48),F(32) C IP IS THE INITIAL PERMUTATION FOR THE DATA INTEGER IP(64)/ 1 58,50,42,34,26,18,10,02. 1 60,52,44.36.28.20.12,04, 1 62,54,46,38,30,22,14,06, 1 64,56,48,40,32,24,16,08, 1 57,49,41,33,25,17,09,01, 1 59,51,43,35,27,19,11,03, 1 61,53,45,37,29,21,13,05, 1 63,55,47,39,31,23,15,07/ C IPINV IS THE INVERSE OF THE INITIAL PERMUTATION C INTEGER IPINV(64)/ C 1 40,08,48,16,56,24,64,32, C 1 39,07,47,15,55,23,63,31, C 1 38,06,46,14,54,22,62.30, C 1 37,05,45,13,53,21,61,29, C 1 36,04,44,12,52,20,60,28, C 1 35,03,43,11,51,19,59,27, C 1 34,02,42,10,50,18,58,26, C 1 33,01,41,09,49,17,57,25/ C NOTE: THE REVERSED 1P INVERSE TABLE -REVIPI- IS USED BECAUSE C IT SAVES THE TIME OF REVERSING THE L AND R REGISTERS. INTEGER REVIPI (64)/ C 1 08,40,16,48,24,56,32,64, 1 07,39,15,47,23,55,31,63, 1 06,38,14,46,22,54,30,62, 1 05,37,13,45,21,53,29,61, 1 04,36,12,44,20,52,28,60, 1 03,35,11,43,19,51,27,59, 1 02,34,10,42,18,50,26,58, 1 01,33,09,41,17,49,25,57/ C E IS THE EXPANSION OPERATION WHICH EXPANDS 32 BITS TO 48 BITS INTEGER E(48)/ 1 32,01,02,03,04,05, 1 04,05,06,07,08,09, 1 08,09,10,11,12,13, 1 12,13,14,15,16,17, 1 16,17,18,19,20,21, 1 20,21,22,23,24,25, 1 24,25,26,27,28,29, 1 28,29,30,31,32,01/ C P IS THE PERMUTATION USED IN THE MAIN DES FUNCTION INTEGER P(32)/ 1 16,07,20,21, 1 29,12,28,17, 1 01,15,23,26, 1 05,18,31,10, 1 02,08,24,14, 1 32,27,03,09, 1 19,13,30,06, 1 22,11,04,25/ C THE EIGHT SUBSTITUTION TABLES ARE USED IN THE DES TO SUBSTITUTE 4 BITS C FOR SIX BITS. ONE S TABLE IS USED FOR EACH 6 BIT TO 4 BIT TRANSFORMATION. INTEGER 5(64,8) EQUIVALENCE (S(1,1),S1(1)), (S(1,2),S2(1)) EQUIVALENCE (S(1,3),S3(1)), (S(1,4),S4(1)) EQUIVALENCE (S(1,5),S5(1)), (S(1,6),S6(1)) EQUIVALENCE (S(1,7),S7(1)), (S(1,8),S8(1)) INTEGER SI(64)/ 1 14,04,13,01,02,15,11,08,03,10,06,12,05,09,00,07, 1 00,15,07,04,14,02,13,01,10,06,12,11,09,05,03,08, 1 04,01,14,08,13,06,02,11,15,12,09,07,03,10,05,00, 1 15,12,08,02,04,09,01,07,05,11,03,14,1O,00,06,13/ INTEGER S2(64)/ 1 15,01,08,14,06,11,03,04,09,07,02,13,12,00,05,10, 1 03,13,04,07,15,02,08,14,12,00,01,10,06,09,11,05, 1 00,14,07,11,10,04,13,01,05,08,12,06,09,03,02,15, 1 13,08,10,01,03,15,04,02,11,06,07,12,00,05,14,09/ INTEGER S3(64)/ 1 10,00,09,14,06,03,15,05,01,13,12,07,11,04,02,06, 1 13,07,00,09,03,04,06,10,02,08,05,14,12,11,15,01, 1 13,06,04,09,08,15,03,00,11,01,02,12,05,10,14,07, 1 01,10,13,00,06,09,08,07,04,15,14,03,11,05,02,12/ INTEGER S4(64)/ 1 07,13,14,03,00,06,09,10,01,02,08,05,11,12,04,15, 1 13,08,11,05,06,15,00,03,04,07,02,12,01,10,14,09, 1 10,06,09,00,12,11,07,13,15,01,03,14,05,02,08,04, 1 03,15,00,06,10,01,13,08,09,04,05,11,12,07,02,14/ INTEGER SS(64)/ 1 02,12,04,01,07,10,11,06,08,05,03,15,13,00,14,09. 1 14,11,02,12,04,07,13,01,05,00,15,10,03,09,08,06. 1 04,02,01,11,10,13,07,08,15,09,12,05,06,03,00,14, 1 11,08,12.07,01,14,02,13,06,15,00,09,10,04,05,03/ INTEGER S6(64)/ 1 12,01,10,15,09,02.06,08,00, 13,03,04,14,07,05,11, 1 10,15,04,02,07.12,09,05,06,01, 13,14,00,11,03,08, 1 09,14,15,05,02,08,12,03.07,00,04,10,01,13,11,06, 1 04,03,02,12,09,05,15,10,11,14,01,07,06,00,08,13/ INTEGER S7(64)/ 1 04,11,02, 14,15,00,08,13,03,12,09,07,05,10,08,01, 1 13,00,11,07,04,09,01,10, 14,03,05,12,02,15,08,06. 1 01,04,11,13,12,03,07,14,10, 15,06,08,00,05,09.02. 1 06. 11,13,08,01,04,10.07,09,05,00,15,14,02,03,12/ INTEGER S8(64)/ 1 13,02,08,04,06,15,11,01,10,09,03,14,05,00,12,07, 1 01,15,13,08,10,03,07,04,12.05,06.11,00, 14,09,02, 1 07,11,04,01,09,12,14,02,00,08,10,13,15,03,05,08, 1 02,01.14.07,04.10,08,13,15,12,09.00,03,05.06,11/ C C*** SWITCH=0 IS ENCRYPTION; SWITCH=1 IS DECRYPTION MODE C N1=1 N2=16 N3=1 IF (SWITCH .EQ. 0)GO TO 20 N1=16 N2=1 N3=-1 C LOOP WHICH DOES THE INITIAL PERMUTATION OF THE INPUT 20 DO 50 1=1,64 50 LR(I)=INPUT(IP(I)) C MAIN LOOP WHICH ENCRYPTS OR DECRYPTS FOR 16 ROUNDS DO 500 N=N1,N2,N3 C LOOP WHICH SAVES THE R REGISTER DO 75 1=1,32 75 TEMPL(I)=R(I) C LOOP WHICH EXPANDS THE R REGISTER USING THE E FUNCTION C AND DOES THE XOR OF THE KEY SCHEDULE SUBKEY AND THE EXPANDED R. DO 100 1=1,48 EX(I)=1 100 IF(R(E(I)) .EQ. KS(I.N)) EX(I)=0 C LOOP WHICH DOES THE SUBSTITUTIONS USING THE 8 S TABLES. DO 200 J=0,7 K=J*6+1 IN=EX(K) *32+EX(K+5) * 16+EX(K+1 ) *8+EX(K+2) *4+EX(K+3) *2+EX(K+4) SUB=S(IN+1 .J+1) K=J*4 F(K+1) = SUB/8 F(K+2) = MOD(SUB,8)/4 F(K+3) = MOD(SUB,4)/2 200 F(K+4) - MOD(SUB,2) C LOOP WHICH DOES THE P PERMUTATION OPERATION TO THE 32-BIT RESULT C AND ALSO DOES THE XOR OF THE OLD L AND THE NEW RESULT OF THE F FUNCTION. DO 300 J=1,32 R(J)-1 300 IF (L(J) .EQ. F(P(J))) R(J)-0 C SETS THE NEW L TO BE THE OLD R THAT HAD BEEN SAVED. DO 400 J=1,32 400 L(J)=TEMPL(J) 500 CONTINUE C DOES THE INVERSE PERMUTATION AFTER THE 16 ROUNDS TO COMPLETE THE DES. DO 600 J=1,64 600 OUTPUT(J)=LR(REVIPI(J)) END SUBROUTINE SETKEY (KEY) C SUBROUTINE TO PERFORM DES KEY SCHEDULE C PRODUCED BY THE NATIONAL BUREAU OF STANDARDS C NOT SUBJECT TO COPYRIGHT - NOT SUPPORTED BY NBS IMPLICIT INTEGER (A-Z) INTEGER KEY(64) C KS IS THE COMMON AREA WITH THE DES SUBROUTINE. SETKEY MUST SET KS C BEFORE THE DES IS CALLED OR GARBAGE WILL RESULT FROM THE DES. INTEGER KS(48.16).CD(56).C(28).D(28) COMMON KS EQUIVALENCE (CD(1), C(1)), (CD(29),D(1)) C PCI IS THE PERMUTED CHOICE 1 DEFINED IN THE DES INTEGER PCI(56)/ 1 57,49,41,33,25,17,09, 1 01,58,50,42,34,26,18, 1 10,02,59,51,43,35,27, 1 19,11,03,60.52,44,36, 1 63,55,47,39,31,23,15, 1 07,62,54,46,38,30,22, 1 14,06,61,53,45,37,29, 1 21,13,05,28,20,12,04/ C PC2 IS THE PERMUTED CHOICE 2 DEFINED IN THE DES. INTEGER PC2(48)/ 1 14,17,11,24,01,05, 1 03,28,15,06,21,10, 1 23,19,12,04,26,08, 1 16,07,27,20,13,02, 1 41,52,31,37,47,55, 1 30,40,51,45,33,48, 1 44,49,39,56,34,53, 1 46,42,50,36,29,32/ C KSFT IS THE KEY SHIFT VECTOR DEFINED IN THE DES. INTEGER KSFT(16)/1.1,2,2,2,2,2.2,1,2,2,2,2,2,2,1/ C LOOP WHICH PERFORMS THE FIRST PERMUTATION ON THE KEY, REMOVING THE C PARITY BITS AND SETTING UP THE C AND D REGISTERS. DO 100 1=1,56 100 OD(I)=KEY(PCI(I)) C LOOP WHICH COMPUTES THE KS ARRAY FOR THE DES. THIS TECHNIQUE USES C LOTS OF MEMORY BUT RUNS FAST. THE KS NEED ONLY BE COMPUTED ONCE C FOR ALL THE ENCRYPT AND DECRYPT OPERATIONS WHICH USE THIS KEY. DO 500 1=1,16 DO 300 J=1,KSFT(I) CT=C(1) DT=D(1) DO 200 K=1,27 C(K)=C(K+1) 200 D(K)=D(K+1) C(28)=DT 300 D(28)=DT DO 400 J=1,48 400 KS(J,I)=CD(PC2(J)) 500 CONTINUE END