typedef unsigned char des_cblock[8];
typedef struct des_ks_struct
{
union {
des_cblock _;
/* make sure things are correct size on machines with
* 8 byte longs */
DES_LONG pad[2];
} ks;
#undef _
#define _ ks._
} des_key_schedule[16];
#ifndef DES_LONG
#define DES_LONG unsigned long
#endif
#define DES_ENCRYPT 1
#define DES_DECRYPT 0
#define DES_CBC_MODE 0
#define DES_PCBC_MODE 1
#define DES_KEY_SZ (sizeof(des_cblock))
#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
#define C_Block des_cblock
#define Key_schedule des_key_schedule
extern int des_check_key; /* defaults to false */
extern int des_rw_mode; /* defaults to DES_PCBC_MODE */
The des_cblock type is also used for the ivec (initialization vector) which is used by many DES encryption modes. Briefly, an ivec is a random block of data which is used to modify the encryption so that the same input block does not encrypt to the same output block, if the ivecs are different. In addition, the ivec is used to hold the intermediate ciphertext in 'chaining' or 'feedback' modes. See DES encryption modes overview for more details, or FIP Pub 81: DES Modes of Operation for a really detailed explanation.
Finally, the des_cblock type is also used for the DES key. A DES key is 8 bytes, but every 8th bit is a parity bit, so its 'real' length, if you are considering exhaustive search of the key space, is only 56 bits.
The des_key_schedule type is used for an expanded form of the DES key which is used to speed up the implentation of the DES algorithm. This schedule is actually a collection of 16 subkeys that are required by the algorithm; see DES algorithm references for more information.
The DES_LONG type is used wherever the code requires a 'long' type.
DES_ENCRYPT and DES_DECRYPT can be used wherever a function prototype calls for enc; passing DES_ENCRYPT as a parameter means that encryption will be done, and passing DES_DECRYPTION means that decryption will be done.
The defines DES_KEY_SZ and DES_SCHEDULE_SZ are provided for user convenience (and besides, don't you feel just a little bit queasy after hardcoding in all of those 8's?)
The defines Cblock as a synonym for des_cblock and Key_schedule as a synonym for des_key_schedule are provided for user convenience and for compatibility with the MIT DES implementation in kerberos.
The variable des_rw_mode can be set either to DES_CBC_MODE or to DES_PCBC_MODE in order to determine which encryption mode the functions des_enc_read and des_enc_write use.
If the variable des_check_key is non-zero, the function des_set_key will check the key it is passed to determine if it is weak or has the wrong parity. If the variable is zero, no check will be made.
If the key you are using has been randomly generated, odds are very slim that your key is one of the weak ones. (There are four weak keys and 12 semi-weak keys, and an additional 48 possible weak keys, out of a total of 2^56 total keys.) It is still probably worth it to check, if you have the cycles to spare. des_set_key checks for weak and semi-weak keys. For more information, see DES weak, semi-weak and possible-weak keys.