3
des_read_password, des_read_2password,
4
des_string_to_key, des_string_to_2key, des_read_pw_string,
5
des_random_key, des_set_key,
6
des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt,
8
des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
9
des_cbc_cksum, des_quad_cksum,
10
des_enc_read, des_enc_write, des_set_odd_parity,
11
des_is_weak_key, crypt \- (non USA) DES encryption
18
.B int des_read_password(key,prompt,verify)
23
.B int des_read_2password(key1,key2,prompt,verify)
24
des_cblock *key1,*key2;
28
.B int des_string_to_key(str,key)
32
.B int des_string_to_2keys(str,key1,key2)
34
des_cblock *key1,*key2;
36
.B int des_read_pw_string(buf,length,prompt,verify)
42
.B int des_random_key(key)
45
.B int des_set_key(key,schedule)
47
des_key_schedule schedule;
49
.B int des_key_sched(key,schedule)
51
des_key_schedule schedule;
53
.B int des_ecb_encrypt(input,output,schedule,encrypt)
56
des_key_schedule schedule;
59
.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt)
62
des_key_schedule ks1,ks2;
65
.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
69
des_key_schedule schedule;
73
.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt)
83
.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
87
des_key_schedule schedule;
91
.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt)
93
unsigned char *output;
96
des_key_schedule schedule;
100
.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec)
101
unsigned char *input,*output;
104
des_key_schedule schedule;
107
.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
111
des_key_schedule schedule;
114
.B unsigned long des_quad_cksum(input,output,length,out_count,seed)
121
.B int des_check_key;
123
.B int des_enc_read(fd,buf,len,sched,iv)
127
des_key_schedule sched;
130
.B int des_enc_write(fd,buf,len,sched,iv)
134
des_key_schedule sched;
137
.B extern int des_rw_mode;
139
.B void des_set_odd_parity(key)
142
.B int des_is_weak_key(key)
145
.B char *crypt(passwd,salt)
151
This library contains a fast implementation of the DES encryption
154
There are two phases to the use of DES encryption.
155
The first is the generation of a
158
the second is the actual encryption.
161
This type is made from 8 characters with odd parity.
162
The least significant bit in the character is the parity bit.
163
The key schedule is an expanded form of the key; it is used to speed the
167
writes the string specified by prompt to the standard output,
168
turns off echo and reads an input string from standard input
169
until terminated with a newline.
170
If verify is non-zero, it prompts and reads the input again and verifies
171
that both entered passwords are the same.
172
The entered string is converted into a des key by using the
175
The new key is placed in the
177
that was passed (by reference) to the routine.
178
If there were no errors,
181
-1 is returned if there was a terminal error and 1 is returned for
184
.I des_read_2password
185
operates in the same way as
187
except that it generates 2 keys by using the
188
.I des_string_to_2key
191
.I des_read_pw_string
194
to read and verify a string from a terminal device.
195
The string is returned in
199
is passed to the routine via the
204
converts a string into a valid des key.
206
.I des_string_to_2key
207
converts a string into 2 valid des keys.
208
This routine is best suited for used to generate keys for use with
212
returns a random key that is made of a combination of process id,
213
time and an increasing counter.
215
Before a des key can be used it is converted into a
224
will check that the key passed is of odd parity and is not a week or
226
If the parity is wrong,
228
If the key is a weak key,
230
If an error is returned,
231
the key schedule is not generated.
234
is another name for the
238
The following routines mostly operate on an input and output stream of
242
is the basic DES encryption routine that encrypts or decrypts a single 8-byte
245
.I electronic code book
247
It always transforms the input data, pointed to by
249
into the output data,
255
argument is non-zero (DES_ENCRYPT),
258
(cleartext) is encrypted in to the
260
(ciphertext) using the key_schedule specified by the
267
is zero (DES_DECRYPT),
271
is decrypted into the
274
Input and output may overlap.
275
No meaningful value is returned.
278
encrypts/decrypts the
280
block by using triple ecb DES encryption.
281
This involves encrypting the input with
283
decryption with the key schedule
285
and then encryption with the first again.
286
This routine greatly reduces the chances of brute force breaking of
287
DES and has the advantage of if
291
are the same, it is equivalent to just encryption using ecb mode and
296
encrypts/decrypts using the
297
.I cipher-block-chaining
301
argument is non-zero,
302
the routine cipher-block-chain encrypts the cleartext data pointed to by the
304
argument into the ciphertext pointed to by the
307
using the key schedule provided by the
310
and initialisation vector provided by the
315
argument is not an integral multiple of eight bytes,
316
the last block is copied to a temporary area and zero filled.
318
an integral multiple of eight bytes.
319
To make multiple cbc encrypt calls on a large amount of data appear to
324
of subsequent calls should be the last 8 bytes of the output.
327
encrypts/decrypts the
329
block by using triple cbc DES encryption.
330
This involves encrypting the input with key schedule
332
decryption with the key schedule
334
and then encryption with the first again.
335
2 initialisation vectors are required,
341
these initialisation vectors are modified by the subroutine.
342
This routine greatly reduces the chances of brute force breaking of
343
DES and has the advantage of if
347
are the same, it is equivalent to just encryption using cbc mode and
352
encrypt/decrypts using a modified block chaining mode.
353
It provides better error propagation characteristics than cbc
357
encrypt/decrypts using cipher feedback mode. This method takes an
358
array of characters as input and outputs and array of characters. It
359
does not require any padding to 8 character groups. Note: the ivec
360
variable is changed and the new changed value needs to be passed to
361
the next call to this function. Since this function runs a complete
362
DES ecb encryption per numbits, this function is only suggested for
363
use when sending small numbers of characters.
366
encrypt using output feedback mode. This method takes an
367
array of characters as input and outputs and array of characters. It
368
does not require any padding to 8 character groups. Note: the ivec
369
variable is changed and the new changed value needs to be passed to
370
the next call to this function. Since this function runs a complete
371
DES ecb encryption per numbits, this function is only suggested for
372
use when sending small numbers of characters.
375
produces an 8 byte checksum based on the input stream (via cbc encryption).
376
The last 4 bytes of the checksum is returned and the complete 8 bytes is
381
returns a 4 byte checksum from the input bytes.
382
The algorithm can be iterated over the input,
389
the 8 bytes generated by each pass are written into
400
The data is encrypted via
406
as a starting vector.
407
The actual data send down
409
consists of 4 bytes (in network byte order) containing the length of the
410
following encrypted data. The encrypted data then follows, padded with random
411
data out to a multiple of 8 bytes.
421
The data being read from
423
is assumed to have come from
425
and is decrypted using
427
for the key schedule and
429
for the initial vector.
431
.I des_enc_read/des_enc_write
432
pair can be used to read/write to files, pipes and sockets.
433
I have used them in implementing a version of rlogin in which all
437
is used to specify the encryption mode to use with
443
(the default), des_pcbc_encrypt is used.
446
des_cbc_encrypt is used.
447
These two routines and the variable are not part of the normal MIT library.
449
.I des_set_odd_parity
450
sets the parity of the passed
452
to odd. This routine is not part of the standard MIT library.
455
returns 1 is the passed key is a weak key (pick again :-),
457
This routine is not part of the standard MIT library.
460
is a replacement for the normal system crypt.
461
It is much faster than the system crypt.
468
The encryption routines have been tested on 16bit, 32bit and 64bit
469
machines of various endian and even works under VMS.
473
If you think this manual is sparse,
474
read the des_crypt(3) manual from the MIT kerberos (or bones outside
475
of the USA) distribution.
480
operates on input of 8 bits. What this means is that if you set
481
numbits to 12, and length to 2, the first 12 bits will come from the 1st
482
input byte and the low half of the second input byte. The second 12
483
bits will have the low 8 bits taken from the 3rd input byte and the
484
top 4 bits taken from the 4th input byte. The same holds for output.
485
This function has been implemented this way because most people will
486
be using a multiple of 8 and because once you get into pulling bytes input
487
bytes apart things get ugly!
489
.I des_read_pw_string
490
is the most machine/OS dependent function and normally generates the
491
most problems when porting this code.
494
is probably different from the MIT version since there are lots
495
of fun ways to implement one-way encryption of a text string.
497
The routines are optimised for 32 bit machines and so are not efficient
500
NOTE: extensive work has been done on this library since this document
501
was origionally written. Please try to read des.doc from the libdes
502
distribution since it is far more upto date and documents more of the
503
functions. Libdes is now also being shipped as part of SSLeay, a
504
general cryptographic library that amonst other things implements
505
netscapes SSL protocoll. The most recent version can be found in
506
SSLeay distributions.
508
Eric Young (eay@cryptsoft.com)