Update to docs and test cases

2025-12-08 05:19:46 +00:00 · 2015-12-23 23:19:37 +01:00 · 2015-12-23 23:19:37 +01:00 · 3fb362b5cd
commit 3fb362b5cd
parent f3847ec1e0
17 changed files with 298 additions and 174 deletions
--- a/lib/Crypto/Cipher/DES.py
+++ b/lib/Crypto/Cipher/DES.py
@ -24,12 +24,13 @@
 DES `(Data Encryption Standard)`__ is a symmetric block cipher standardized
 by NIST_ . It has a fixed data block size of 8 bytes.
 Its keys are 64 bits long, even though 8 bits were used for integrity (now they
-are ignored) and do not contribute to securty.
+are ignored) and do not contribute to securty. The effective key length is
+therefore 56 bits only.

 DES is cryptographically secure, but its key length is too short by nowadays
 standards and it could be brute forced with some effort.

-DES should not be used for new designs. Use `AES`.
+**Use DES, not AES. This module is provided only for legacy purposes.**

 As an example, encryption can be done as follows:

@ -106,22 +107,25 @@ def new(key, mode, *args, **kwargs):
      key : byte string
        The secret key to use in the symmetric cipher.
        It must be 8 byte long. The parity bits will be ignored.
+
    :Keywords:
      mode : a *MODE_** constant
        The chaining mode to use for encryption or decryption.
-      IV : byte string
+
+      iv : byte string
        (*Only* `MODE_CBC`, `MODE_CFB`, `MODE_OFB`, `MODE_OPENPGP`).

        The initialization vector to use for encryption or decryption.

-        It is ignored for `MODE_ECB` and `MODE_CTR`.
-
-        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
-        and `block_size` +2 bytes for decryption (in the latter case, it is
+        For `MODE_OPENPGP`, IV must be 8 bytes long for encryption
+        and 10 bytes for decryption (in the latter case, it is
        actually the *encrypted* IV which was prefixed to the ciphertext).
-        It is mandatory.

        For all other modes, it must be 8 bytes long.
+
+        If not provided, a random byte string is generated (you can read it
+        back via the ``iv`` attribute).
+
      nonce : byte string
        (*Only* `MODE_EAX` and `MODE_CTR`).
        A mandatory value that must never be reused for any other encryption.
@ -130,15 +134,19 @@ def new(key, mode, *args, **kwargs):

        For `MODE_EAX`, there are no restrictions, but it is recommended to
        use at least 16 bytes.
-      counter : object
-        (*Only* `MODE_CTR`). An object created by `Crypto.Util.Counter`.
+
+        If not provided for `MODE_EAX`, a random byte string is generated (you
+        can read it back via the ``nonce`` attribute).
+
      mac_len : integer
-        (*Only* `MODE_EAX`). Length of the MAC, in bytes.
+        (*Only* `MODE_EAX`). Length of the authentication tag, in bytes.
        It must be no larger than 8 (which is the default).
+
      segment_size : integer
-        (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext
-        are segmented in.
-        It must be a multiple of 8. If not specified, it will be assumed to be 8.
+        (*Only* `MODE_CFB`).The number of **bits** the plaintext and ciphertext
+        are segmented in. It must be a multiple of 8.
+        If not specified, it will be assumed to be 8.
+
      initial_value : integer
        (*Only* `MODE_CTR`). The initial value for the counter within
        the counter block. By default it is 0.