Cryptography Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.00

DES Algorithm - Operation Modes and JCE SUN Implementation

Part:   1  2  3 

(Continued from previous part...)

What is CFB (Cipher FeedBack) Operation Mode?

CFB (Cipher FeedBack) operation mode can be described with notations defined earlier as the following formula and diagram:

C[i] = P[i] XOR Ek(C[i-1])
C[1] = P[1] XOR Ek(IV)

      IV                             
       |        -----|        -----| 
     Ek()     /    Ek()     /    Ek()
       |     /       |     /       |
       |    /        |    /        | 
P[1]--XOR  /  P[2]--XOR  /  P[3]--XOR
       |  /          |  /          | 
       | /           | /           | 
     C[1]          C[2]          C[3]

As you can see from the formula and the diagram, in CBC mode, each block of plaintext is XORed with the encrypted version of the previous ciphertext to generate the current ciphertext block. In this way, each ciphertext block is depending on all plaintext blocks up to that point. Note that for the first block, the Initial Vector (IV) is used as the previous ciphertext block.

What is OFB (Output FeedBack) Operation Mode?

OFB (Output FeedBack) operation mode can be described with notations defined earlier as the following formula and diagram:

C[i] = P[i] XOR O[i]
O[i] = Ek(O[i-1])
O[1] = E(IV)

      IV                             
       |        -----|        -----| 
     Ek()     /    Ek()     /    Ek()
       |--O[1]       |--O[2]       |--O[3] 
       |             |             | 
P[1]--XOR     P[2]--XOR     P[3]--XOR
       |             |             | 
     C[1]          C[2]          C[3]

As you can see from the formula and the diagram, in OFB mode, each block of plaintext is XORed with the current output block to generate the current ciphertext block. The current output block is obtained by applying the encryption process on the previous output block. Note that for the first block, the Initial Vector (IV) is used as the previous output block.

Sun Java Implementation of DES Operation Modes

Sun has implemented all 4 operation modes described above in their JDK JCE (Java Cryptography Extension) package. To use DES operation modes properly, you need to:

1. Specify the operation mode name as part of the algorithm name when calling Cipher.getInstance(algorithm) to create a cipher object like:

   Cipher cObj1 = Cipher.getInstance("DES/ECB/NoPadding");
   Cipher cObj2 = Cipher.getInstance("DES/CBC/NoPadding");
   Cipher cObj3 = Cipher.getInstance("DES/CFB/NoPadding");
   Cipher cObj4 = Cipher.getInstance("DES/OFB/NoPadding");

2. Initialize the cipher object with the key and the IV (Initial Vector) by using the IvParameterSpec class like:

   AlgorithmParameterSpec apsObj = new IvParameterSpec(theIV);
   cObj.init(Cipher.ENCRYPT_MODE, keyObj, apsObj);

JceSunDesOperationModeTest.java - JCE DES Operation Mode Testing Program

To test out JCE DES operation mode implementation, I wrote the following testing program:

/**
 * JceSunDesOperationModeTest.java
 * Copyright (c) 2006 by Dr. Herong Yang, http://www.herongyang.com/
 */
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
class JceSunDesOperationModeTest {
   public static void main(String[] a) {
      if (a.length<1) {
         System.out.println("Usage:");
         System.out.println(
            "java JceSunDesOperationModeTest 1/2/3/4");
         return;
      }
      String test = a[0];
      try {
         byte[] theKey = null;
         byte[] theIVp = null;
         byte[] theMsg = null; 
         byte[] theExp = null; 
         String algorithm = null;
         if (test.equals("1")) { 
            algorithm = "DES/ECB/NoPadding";
            theKey = hexToBytes("0123456789ABCDEF");
            theMsg = hexToBytes(
               "4E6F77206973207468652074696D6520666F7220616C6C20");
            // "Now is the time for all "
            theExp = hexToBytes(
               "3FA40E8A984D43156A271787AB8883F9893D51EC4B563B53");
         } else if (test.equals("2")) { 
            algorithm = "DES/CBC/NoPadding";
            theKey = hexToBytes("0123456789ABCDEF");
            theIVp = hexToBytes("1234567890ABCDEF");
            theMsg = hexToBytes(
               "4E6F77206973207468652074696D6520666F7220616C6C20");
            // "Now is the time for all "
            theExp = hexToBytes(
               "E5C7CDDE872BF27C43E934008C389C0F683788499A7C05F6");
         } else if (test.equals("3")) { 
            algorithm = "DES/CFB/NoPadding";
            theKey = hexToBytes("0123456789ABCDEF");
            theIVp = hexToBytes("1234567890ABCDEF");
            theMsg = hexToBytes(
               "4E6F77206973207468652074696D6520666F7220616C6C20");
            // "Now is the time for all "
            theExp = hexToBytes(
               "F3096249C7F46E51A69E839B1A92F78403467133898EA622");
         } else if (test.equals("4")) { 
            algorithm = "DES/OFB/NoPadding";
            theKey = hexToBytes("0123456789ABCDEF");
            theIVp = hexToBytes("1234567890ABCDEF");
            theMsg = hexToBytes(
               "4E6F77206973207468652074696D6520666F7220616C6C20");
            // "Now is the time for all "
            theExp = hexToBytes(
               "F3096249C7F46E5135F24A242EEB3D3F3D6D5BE3255AF8C3");
         } else {
            System.out.println("Wrong option. For help enter:");
            System.out.println("java JceSunDesOperationModeTest");
            return;
         }	

(Continued on next part...)

Part:   1  2  3 

Dr. Herong Yang, updated in 2007
Cryptography Tutorials - Herong's Tutorial Notes - DES Algorithm - Operation Modes and JCE SUN Implementation