524 lines
23 KiB
Groff
524 lines
23 KiB
Groff
.\" $NetBSD: openssl_des.3,v 1.6 2002/08/09 16:15:45 itojun Exp $
|
|
.\"
|
|
.\" Automatically generated by Pod::Man version 1.02
|
|
.\" Sat Aug 10 00:57:24 2002
|
|
.\"
|
|
.\" Standard preamble:
|
|
.\" ======================================================================
|
|
.de Sh \" Subsection heading
|
|
.br
|
|
.if t .Sp
|
|
.ne 5
|
|
.PP
|
|
\fB\\$1\fR
|
|
.PP
|
|
..
|
|
.de Sp \" Vertical space (when we can't use .PP)
|
|
.if t .sp .5v
|
|
.if n .sp
|
|
..
|
|
.de Ip \" List item
|
|
.br
|
|
.ie \\n(.$>=3 .ne \\$3
|
|
.el .ne 3
|
|
.IP "\\$1" \\$2
|
|
..
|
|
.de Vb \" Begin verbatim text
|
|
.ft CW
|
|
.nf
|
|
.ne \\$1
|
|
..
|
|
.de Ve \" End verbatim text
|
|
.ft R
|
|
|
|
.fi
|
|
..
|
|
.\" Set up some character translations and predefined strings. \*(-- will
|
|
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
|
.\" double quote, and \*(R" will give a right double quote. | will give a
|
|
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
|
|
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
|
|
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
|
|
.tr \(*W-|\(bv\*(Tr
|
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
|
.ie n \{\
|
|
. ds -- \(*W-
|
|
. ds PI pi
|
|
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
. ds L" ""
|
|
. ds R" ""
|
|
. ds C` `
|
|
. ds C' '
|
|
'br\}
|
|
.el\{\
|
|
. ds -- \|\(em\|
|
|
. ds PI \(*p
|
|
. ds L" ``
|
|
. ds R" ''
|
|
'br\}
|
|
.\"
|
|
.\" If the F register is turned on, we'll generate index entries on stderr
|
|
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
|
|
.\" index entries marked with X<> in POD. Of course, you'll have to process
|
|
.\" the output yourself in some meaningful fashion.
|
|
.if \nF \{\
|
|
. de IX
|
|
. tm Index:\\$1\t\\n%\t"\\$2"
|
|
. .
|
|
. nr % 0
|
|
. rr F
|
|
.\}
|
|
.\"
|
|
.\" For nroff, turn off justification. Always turn off hyphenation; it
|
|
.\" makes way too many mistakes in technical documents.
|
|
.hy 0
|
|
.if n .na
|
|
.\"
|
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
|
.bd B 3
|
|
. \" fudge factors for nroff and troff
|
|
.if n \{\
|
|
. ds #H 0
|
|
. ds #V .8m
|
|
. ds #F .3m
|
|
. ds #[ \f1
|
|
. ds #] \fP
|
|
.\}
|
|
.if t \{\
|
|
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
|
. ds #V .6m
|
|
. ds #F 0
|
|
. ds #[ \&
|
|
. ds #] \&
|
|
.\}
|
|
. \" simple accents for nroff and troff
|
|
.if n \{\
|
|
. ds ' \&
|
|
. ds ` \&
|
|
. ds ^ \&
|
|
. ds , \&
|
|
. ds ~ ~
|
|
. ds /
|
|
.\}
|
|
.if t \{\
|
|
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
|
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
|
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
|
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
|
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
|
.\}
|
|
. \" troff and (daisy-wheel) nroff accents
|
|
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
|
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
|
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
|
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
|
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
|
.ds ae a\h'-(\w'a'u*4/10)'e
|
|
.ds Ae A\h'-(\w'A'u*4/10)'E
|
|
. \" corrections for vroff
|
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
|
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
|
. \" for low resolution devices (crt and lpr)
|
|
.if \n(.H>23 .if \n(.V>19 \
|
|
\{\
|
|
. ds : e
|
|
. ds 8 ss
|
|
. ds o a
|
|
. ds d- d\h'-1'\(ga
|
|
. ds D- D\h'-1'\(hy
|
|
. ds th \o'bp'
|
|
. ds Th \o'LP'
|
|
. ds ae ae
|
|
. ds Ae AE
|
|
.\}
|
|
.rm #[ #] #H #V #F C
|
|
.\" ======================================================================
|
|
.\"
|
|
.IX Title "des 3"
|
|
.TH des 3 "0.9.6g" "2001-04-12" "OpenSSL"
|
|
.UC
|
|
.SH "NAME"
|
|
des_random_key, des_set_key, des_key_sched, des_set_key_checked,
|
|
des_set_key_unchecked, des_set_odd_parity, des_is_weak_key,
|
|
des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt,
|
|
des_cfb_encrypt, des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt,
|
|
des_ofb64_encrypt, des_xcbc_encrypt, des_ede2_cbc_encrypt,
|
|
des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt,
|
|
des_ede3_cbcm_encrypt, des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt,
|
|
des_read_password, des_read_2passwords, des_read_pw_string,
|
|
des_cbc_cksum, des_quad_cksum, des_string_to_key, des_string_to_2keys,
|
|
des_fcrypt, des_crypt, des_enc_read, des_enc_write \- \s-1DES\s0 encryption
|
|
.SH "LIBRARY"
|
|
libcrypto, -lcrypto
|
|
.SH "SYNOPSIS"
|
|
.IX Header "SYNOPSIS"
|
|
.Vb 1
|
|
\& #include <openssl/des.h>
|
|
.Ve
|
|
.Vb 1
|
|
\& void des_random_key(des_cblock *ret);
|
|
.Ve
|
|
.Vb 6
|
|
\& int des_set_key(const_des_cblock *key, des_key_schedule schedule);
|
|
\& int des_key_sched(const_des_cblock *key, des_key_schedule schedule);
|
|
\& int des_set_key_checked(const_des_cblock *key,
|
|
\& des_key_schedule schedule);
|
|
\& void des_set_key_unchecked(const_des_cblock *key,
|
|
\& des_key_schedule schedule);
|
|
.Ve
|
|
.Vb 2
|
|
\& void des_set_odd_parity(des_cblock *key);
|
|
\& int des_is_weak_key(const_des_cblock *key);
|
|
.Ve
|
|
.Vb 7
|
|
\& void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
|
|
\& des_key_schedule ks, int enc);
|
|
\& void des_ecb2_encrypt(const_des_cblock *input, des_cblock *output,
|
|
\& des_key_schedule ks1, des_key_schedule ks2, int enc);
|
|
\& void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
|
|
\& des_key_schedule ks1, des_key_schedule ks2,
|
|
\& des_key_schedule ks3, int enc);
|
|
.Ve
|
|
.Vb 18
|
|
\& void des_ncbc_encrypt(const unsigned char *input, unsigned char *output,
|
|
\& long length, des_key_schedule schedule, des_cblock *ivec,
|
|
\& int enc);
|
|
\& void des_cfb_encrypt(const unsigned char *in, unsigned char *out,
|
|
\& int numbits, long length, des_key_schedule schedule,
|
|
\& des_cblock *ivec, int enc);
|
|
\& void des_ofb_encrypt(const unsigned char *in, unsigned char *out,
|
|
\& int numbits, long length, des_key_schedule schedule,
|
|
\& des_cblock *ivec);
|
|
\& void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
|
|
\& long length, des_key_schedule schedule, des_cblock *ivec,
|
|
\& int enc);
|
|
\& void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
|
|
\& long length, des_key_schedule schedule, des_cblock *ivec,
|
|
\& int *num, int enc);
|
|
\& void des_ofb64_encrypt(const unsigned char *in, unsigned char *out,
|
|
\& long length, des_key_schedule schedule, des_cblock *ivec,
|
|
\& int *num);
|
|
.Ve
|
|
.Vb 3
|
|
\& void des_xcbc_encrypt(const unsigned char *input, unsigned char *output,
|
|
\& long length, des_key_schedule schedule, des_cblock *ivec,
|
|
\& const_des_cblock *inw, const_des_cblock *outw, int enc);
|
|
.Ve
|
|
.Vb 9
|
|
\& void des_ede2_cbc_encrypt(const unsigned char *input,
|
|
\& unsigned char *output, long length, des_key_schedule ks1,
|
|
\& des_key_schedule ks2, des_cblock *ivec, int enc);
|
|
\& void des_ede2_cfb64_encrypt(const unsigned char *in,
|
|
\& unsigned char *out, long length, des_key_schedule ks1,
|
|
\& des_key_schedule ks2, des_cblock *ivec, int *num, int enc);
|
|
\& void des_ede2_ofb64_encrypt(const unsigned char *in,
|
|
\& unsigned char *out, long length, des_key_schedule ks1,
|
|
\& des_key_schedule ks2, des_cblock *ivec, int *num);
|
|
.Ve
|
|
.Vb 15
|
|
\& void des_ede3_cbc_encrypt(const unsigned char *input,
|
|
\& unsigned char *output, long length, des_key_schedule ks1,
|
|
\& des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec,
|
|
\& int enc);
|
|
\& void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
|
|
\& long length, des_key_schedule ks1, des_key_schedule ks2,
|
|
\& des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2,
|
|
\& int enc);
|
|
\& void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
|
|
\& long length, des_key_schedule ks1, des_key_schedule ks2,
|
|
\& des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
|
|
\& void des_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
|
|
\& long length, des_key_schedule ks1,
|
|
\& des_key_schedule ks2, des_key_schedule ks3,
|
|
\& des_cblock *ivec, int *num);
|
|
.Ve
|
|
.Vb 5
|
|
\& int des_read_password(des_cblock *key, const char *prompt, int verify);
|
|
\& int des_read_2passwords(des_cblock *key1, des_cblock *key2,
|
|
\& const char *prompt, int verify);
|
|
\& int des_read_pw_string(char *buf, int length, const char *prompt,
|
|
\& int verify);
|
|
.Ve
|
|
.Vb 8
|
|
\& DES_LONG des_cbc_cksum(const unsigned char *input, des_cblock *output,
|
|
\& long length, des_key_schedule schedule,
|
|
\& const_des_cblock *ivec);
|
|
\& DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[],
|
|
\& long length, int out_count, des_cblock *seed);
|
|
\& void des_string_to_key(const char *str, des_cblock *key);
|
|
\& void des_string_to_2keys(const char *str, des_cblock *key1,
|
|
\& des_cblock *key2);
|
|
.Ve
|
|
.Vb 3
|
|
\& char *des_fcrypt(const char *buf, const char *salt, char *ret);
|
|
\& char *des_crypt(const char *buf, const char *salt);
|
|
\& char *crypt(const char *buf, const char *salt);
|
|
.Ve
|
|
.Vb 4
|
|
\& int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
|
|
\& des_cblock *iv);
|
|
\& int des_enc_write(int fd, const void *buf, int len,
|
|
\& des_key_schedule sched, des_cblock *iv);
|
|
.Ve
|
|
.SH "DESCRIPTION"
|
|
.IX Header "DESCRIPTION"
|
|
This library contains a fast implementation of the \s-1DES\s0 encryption
|
|
algorithm.
|
|
.PP
|
|
There are two phases to the use of \s-1DES\s0 encryption. The first is the
|
|
generation of a \fIdes_key_schedule\fR from a key, the second is the
|
|
actual encryption. A \s-1DES\s0 key is of type \fIdes_cblock\fR. This type is
|
|
consists of 8 bytes with odd parity. The least significant bit in
|
|
each byte is the parity bit. The key schedule is an expanded form of
|
|
the key; it is used to speed the encryption process.
|
|
.PP
|
|
\&\fIdes_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded
|
|
prior to using this function (see openssl_rand(3); for backward
|
|
compatibility the function \fIdes_random_seed()\fR is available as well).
|
|
If the \s-1PRNG\s0 could not generate a secure key, 0 is returned. In
|
|
earlier versions of the library, \fIdes_random_key()\fR did not generate
|
|
secure keys.
|
|
.PP
|
|
Before a \s-1DES\s0 key can be used, it must be converted into the
|
|
architecture dependent \fIdes_key_schedule\fR via the
|
|
\&\fIdes_set_key_checked()\fR or \fIdes_set_key_unchecked()\fR function.
|
|
.PP
|
|
\&\fIdes_set_key_checked()\fR will check that the key passed is of odd parity
|
|
and is not a week or semi-weak key. If the parity is wrong, then \-1
|
|
is returned. If the key is a weak key, then \-2 is returned. If an
|
|
error is returned, the key schedule is not generated.
|
|
.PP
|
|
\&\fIdes_set_key()\fR (called \fIdes_key_sched()\fR in the \s-1MIT\s0 library) works like
|
|
\&\fIdes_set_key_checked()\fR if the \fIdes_check_key\fR flag is non-zero,
|
|
otherwise like \fIdes_set_key_unchecked()\fR. These functions are available
|
|
for compatibility; it is recommended to use a function that does not
|
|
depend on a global variable.
|
|
.PP
|
|
\&\fIdes_set_odd_parity()\fR (called \fIdes_fixup_key_parity()\fR in the \s-1MIT\s0
|
|
library) sets the parity of the passed \fIkey\fR to odd.
|
|
.PP
|
|
\&\fIdes_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it
|
|
is ok. The probability that a randomly generated key is weak is
|
|
1/2^52, so it is not really worth checking for them.
|
|
.PP
|
|
The following routines mostly operate on an input and output stream of
|
|
\&\fIdes_cblock\fRs.
|
|
.PP
|
|
\&\fIdes_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or
|
|
decrypts a single 8\-byte \fIdes_cblock\fR in \fIelectronic code book\fR
|
|
(\s-1ECB\s0) mode. It always transforms the input data, pointed to by
|
|
\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument.
|
|
If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR
|
|
(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the
|
|
key_schedule specified by the \fIschedule\fR argument, previously set via
|
|
\&\fIdes_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now
|
|
ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input
|
|
and output may overlap. \fIdes_ecb_encrypt()\fR does not return a value.
|
|
.PP
|
|
\&\fIdes_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using
|
|
three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting
|
|
the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and
|
|
then encrypting with \fIks3\fR. This routine greatly reduces the chances
|
|
of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR,
|
|
\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption
|
|
using \s-1ECB\s0 mode and \fIks1\fR as the key.
|
|
.PP
|
|
The macro \fIdes_ecb2_encrypt()\fR is provided to perform two-key Triple-DES
|
|
encryption by using \fIks1\fR for the final encryption.
|
|
.PP
|
|
\&\fIdes_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR
|
|
(\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the
|
|
routine cipher-block-chain encrypts the cleartext data pointed to by
|
|
the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR
|
|
argument, using the key schedule provided by the \fIschedule\fR argument,
|
|
and initialization vector provided by the \fIivec\fR argument. If the
|
|
\&\fIlength\fR argument is not an integral multiple of eight bytes, the
|
|
last block is copied to a temporary area and zero filled. The output
|
|
is always an integral multiple of eight bytes.
|
|
.PP
|
|
\&\fIdes_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and
|
|
\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret
|
|
(unlike the iv) and are as such, part of the key. So the key is sort
|
|
of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0.
|
|
.PP
|
|
\&\fIdes_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with
|
|
three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is
|
|
really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0.
|
|
.PP
|
|
The \fIdes_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by
|
|
reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR.
|
|
This form of Triple-DES is used by the \s-1RSAREF\s0 library.
|
|
.PP
|
|
\&\fIdes_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block
|
|
chaining mode used by Kerberos v4. Its parameters are the same as
|
|
\&\fIdes_ncbc_encrypt()\fR.
|
|
.PP
|
|
\&\fIdes_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This
|
|
method takes an array of characters as input and outputs and array of
|
|
characters. It does not require any padding to 8 character groups.
|
|
Note: the \fIivec\fR variable is changed and the new changed value needs to
|
|
be passed to the next call to this function. Since this function runs
|
|
a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only
|
|
suggested for use when sending small numbers of characters.
|
|
.PP
|
|
\&\fIdes_cfb64_encrypt()\fR
|
|
implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback. Why is this
|
|
useful you ask? Because this routine will allow you to encrypt an
|
|
arbitrary number of bytes, no 8 byte padding. Each call to this
|
|
routine will encrypt the input bytes to output and then update ivec
|
|
and num. num contains 'how far' we are though ivec. If this does
|
|
not make much sense, read more about cfb mode of \s-1DES\s0 :\-).
|
|
.PP
|
|
\&\fIdes_ede3_cfb64_encrypt()\fR and \fIdes_ede2_cfb64_encrypt()\fR is the same as
|
|
\&\fIdes_cfb64_encrypt()\fR except that Triple-DES is used.
|
|
.PP
|
|
\&\fIdes_ofb_encrypt()\fR encrypts using output feedback mode. This method
|
|
takes an array of characters as input and outputs and array of
|
|
characters. It does not require any padding to 8 character groups.
|
|
Note: the \fIivec\fR variable is changed and the new changed value needs to
|
|
be passed to the next call to this function. Since this function runs
|
|
a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only
|
|
suggested for use when sending small numbers of characters.
|
|
.PP
|
|
\&\fIdes_ofb64_encrypt()\fR is the same as \fIdes_cfb64_encrypt()\fR using Output
|
|
Feed Back mode.
|
|
.PP
|
|
\&\fIdes_ede3_ofb64_encrypt()\fR and \fIdes_ede2_ofb64_encrypt()\fR is the same as
|
|
\&\fIdes_ofb64_encrypt()\fR, using Triple-DES.
|
|
.PP
|
|
The following functions are included in the \s-1DES\s0 library for
|
|
compatibility with the \s-1MIT\s0 Kerberos library. \fIdes_read_pw_string()\fR
|
|
is also available under the name \fIEVP_read_pw_string()\fR.
|
|
.PP
|
|
\&\fIdes_read_pw_string()\fR writes the string specified by \fIprompt\fR to
|
|
standard output, turns echo off and reads in input string from the
|
|
terminal. The string is returned in \fIbuf\fR, which must have space for
|
|
at least \fIlength\fR bytes. If \fIverify\fR is set, the user is asked for
|
|
the password twice and unless the two copies match, an error is
|
|
returned. A return code of \-1 indicates a system error, 1 failure due
|
|
to use interaction, and 0 is success.
|
|
.PP
|
|
\&\fIdes_read_password()\fR does the same and converts the password to a \s-1DES\s0
|
|
key by calling \fIdes_string_to_key()\fR; \fIdes_read_2password()\fR operates in
|
|
the same way as \fIdes_read_password()\fR except that it generates two keys
|
|
by using the \fIdes_string_to_2key()\fR function. \fIdes_string_to_key()\fR is
|
|
available for backward compatibility with the \s-1MIT\s0 library. New
|
|
applications should use a cryptographic hash function. The same
|
|
applies for \fIdes_string_to_2key()\fR.
|
|
.PP
|
|
\&\fIdes_cbc_cksum()\fR produces an 8 byte checksum based on the input stream
|
|
(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned
|
|
and the complete 8 bytes are placed in \fIoutput\fR. This function is
|
|
used by Kerberos v4. Other applications should use
|
|
EVP_DigestInit(3) etc. instead.
|
|
.PP
|
|
\&\fIdes_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte
|
|
checksum from the input bytes. The algorithm can be iterated over the
|
|
input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is
|
|
non-NULL, the 8 bytes generated by each pass are written into
|
|
\&\fIoutput\fR.
|
|
.PP
|
|
The following are DES-based transformations:
|
|
.PP
|
|
\&\fIdes_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This
|
|
version takes only a small amount of space relative to other fast
|
|
\&\fIcrypt()\fR implementations. This is different to the normal crypt in
|
|
that the third parameter is the buffer that the return value is
|
|
written into. It needs to be at least 14 bytes long. This function
|
|
is thread safe, unlike the normal crypt.
|
|
.PP
|
|
\&\fIdes_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR.
|
|
This function calls \fIdes_fcrypt()\fR with a static array passed as the
|
|
third parameter. This emulates the normal non-thread safe semantics
|
|
of \fIcrypt\fR\|(3).
|
|
.PP
|
|
\&\fIdes_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from
|
|
buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default)
|
|
using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual
|
|
data send down \fIfd\fR consists of 4 bytes (in network byte order)
|
|
containing the length of the following encrypted data. The encrypted
|
|
data then follows, padded with random data out to a multiple of 8
|
|
bytes.
|
|
.PP
|
|
\&\fIdes_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor
|
|
\&\fIfd\fR into buffer \fIbuf\fR. The data being read from \fIfd\fR is assumed to
|
|
have come from \fIdes_enc_write()\fR and is decrypted using \fIsched\fR for
|
|
the key schedule and \fIiv\fR for the initial vector.
|
|
.PP
|
|
\&\fBWarning:\fR The data format used by \fIdes_enc_write()\fR and \fIdes_enc_read()\fR
|
|
has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0
|
|
bytes, \fIdes_enc_write()\fR will split the data into several chunks that
|
|
are all encrypted using the same \s-1IV\s0. So don't use these functions
|
|
unless you are sure you know what you do (in which case you might not
|
|
want to use them anyway). They cannot handle non-blocking sockets.
|
|
\&\fIdes_enc_read()\fR uses an internal state and thus cannot be used on
|
|
multiple files.
|
|
.PP
|
|
\&\fIdes_rw_mode\fR is used to specify the encryption mode to use with
|
|
\&\fIdes_enc_read()\fR and \fIdes_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the
|
|
default), des_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR
|
|
des_cbc_encrypt is used.
|
|
.SH "NOTES"
|
|
.IX Header "NOTES"
|
|
Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is
|
|
not suitable for most applications; see des_modes(7).
|
|
.PP
|
|
The openssl_evp(3) library provides higher-level encryption functions.
|
|
.SH "BUGS"
|
|
.IX Header "BUGS"
|
|
\&\fIdes_3cbc_encrypt()\fR is flawed and must not be used in applications.
|
|
.PP
|
|
\&\fIdes_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIdes_ncbc_encrypt()\fR
|
|
instead.
|
|
.PP
|
|
\&\fIdes_cfb_encrypt()\fR and \fIdes_ofb_encrypt()\fR operates on input of 8 bits.
|
|
What this means is that if you set numbits to 12, and length to 2, the
|
|
first 12 bits will come from the 1st input byte and the low half of
|
|
the second input byte. The second 12 bits will have the low 8 bits
|
|
taken from the 3rd input byte and the top 4 bits taken from the 4th
|
|
input byte. The same holds for output. This function has been
|
|
implemented this way because most people will be using a multiple of 8
|
|
and because once you get into pulling bytes input bytes apart things
|
|
get ugly!
|
|
.PP
|
|
\&\fIdes_read_pw_string()\fR is the most machine/OS dependent function and
|
|
normally generates the most problems when porting this code.
|
|
.SH "CONFORMING TO"
|
|
.IX Header "CONFORMING TO"
|
|
\&\s-1ANSI\s0 X3.106
|
|
.PP
|
|
The \fBdes\fR library was written to be source code compatible with
|
|
the \s-1MIT\s0 Kerberos library.
|
|
.SH "SEE ALSO"
|
|
.IX Header "SEE ALSO"
|
|
\&\fIcrypt\fR\|(3), des_modes(7), openssl_evp(3), openssl_rand(3)
|
|
.SH "HISTORY"
|
|
.IX Header "HISTORY"
|
|
\&\fIdes_cbc_cksum()\fR, \fIdes_cbc_encrypt()\fR, \fIdes_ecb_encrypt()\fR,
|
|
\&\fIdes_is_weak_key()\fR, \fIdes_key_sched()\fR, \fIdes_pcbc_encrypt()\fR,
|
|
\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR, \fIdes_read_password()\fR and
|
|
\&\fIdes_string_to_key()\fR are available in the \s-1MIT\s0 Kerberos library;
|
|
\&\fIdes_check_key_parity()\fR, \fIdes_fixup_key_parity()\fR and \fIdes_is_weak_key()\fR
|
|
are available in newer versions of that library.
|
|
.PP
|
|
\&\fIdes_set_key_checked()\fR and \fIdes_set_key_unchecked()\fR were added in
|
|
OpenSSL 0.9.5.
|
|
.PP
|
|
\&\fIdes_generate_random_block()\fR, \fIdes_init_random_number_generator()\fR,
|
|
\&\fIdes_new_random_key()\fR, \fIdes_set_random_generator_seed()\fR and
|
|
\&\fIdes_set_sequence_number()\fR and \fIdes_rand_data()\fR are used in newer
|
|
versions of Kerberos but are not implemented here.
|
|
.PP
|
|
\&\fIdes_random_key()\fR generated cryptographically weak random data in
|
|
SSLeay and in OpenSSL prior version 0.9.5, as well as in the original
|
|
\&\s-1MIT\s0 library.
|
|
.SH "AUTHOR"
|
|
.IX Header "AUTHOR"
|
|
Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project
|
|
(http://www.openssl.org).
|