4.3BSD-Reno/share/man/cat3/des.0
DES_CRYPT(3) 4.0 DES_CRYPT(3)
N�NA�AM�ME�E
des_read_password, des_string_to_key, des_random_key,
des_set_key, des_ecb_encrypt, des_cbc_encrypt,
des_pcbc_encrypt, des_cbc_cksum, des_quad_cksum, - (new) DES
encryption
S�SY�YN�NO�OP�PS�SI�IS�S
#�#i�in�nc�cl�lu�ud�de�e <�<k�ke�er�rb�be�er�ro�os�sI�IV�V/�/d�de�es�s.�.h�h>�>
i�in�nt�t d�de�es�s_�_r�re�ea�ad�d_�_p�pa�as�ss�sw�wo�or�rd�d(�(k�ke�ey�y,�,p�pr�ro�om�mp�pt�t,�,v�ve�er�ri�if�fy�y)�)
des_cblock *key;
char *prompt;
int verify;
i�in�nt�t d�de�es�s_�_s�st�tr�ri�in�ng�g_�_t�to�o_�_k�ke�ey�y(�(s�st�tr�r,�,k�ke�ey�y)�)
c�ch�ha�ar�r *�*s�st�tr�r;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k k�ke�ey�y;�;
i�in�nt�t d�de�es�s_�_r�ra�an�nd�do�om�m_�_k�ke�ey�y(�(k�ke�ey�y)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*k�ke�ey�y;�;
i�in�nt�t d�de�es�s_�_s�se�et�t_�_k�ke�ey�y(�(k�ke�ey�y,�,s�sc�ch�he�ed�du�ul�le�e)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*k�ke�ey�y;�;
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
i�in�nt�t d�de�es�s_�_e�ec�cb�b_�_e�en�nc�cr�ry�yp�pt�t(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,s�sc�ch�he�ed�du�ul�le�e,�,e�en�nc�cr�ry�yp�pt�t)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
i�in�nt�t e�en�nc�cr�ry�yp�pt�t;�;
i�in�nt�t d�de�es�s_�_c�cb�bc�c_�_e�en�nc�cr�ry�yp�pt�t(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,l�le�en�ng�gt�th�h,�,s�sc�ch�he�ed�du�ul�le�e,�,i�iv�ve�ec�c,�,e�en�nc�cr�ry�yp�pt�t)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
l�lo�on�ng�g l�le�en�ng�gt�th�h;�;
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�iv�ve�ec�c;�;
i�in�nt�t e�en�nc�cr�ry�yp�pt�t;�;
i�in�nt�t d�de�es�s_�_p�pc�cb�bc�c_�_e�en�nc�cr�ry�yp�pt�t(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,l�le�en�ng�gt�th�h,�,s�sc�ch�he�ed�du�ul�le�e,�,i�iv�ve�ec�c,�,e�en�nc�cr�ry�yp�pt�t)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
l�lo�on�ng�g l�le�en�ng�gt�th�h;�;
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�iv�ve�ec�c;�;
i�in�nt�t e�en�nc�cr�ry�yp�pt�t;�;
u�un�ns�si�ig�gn�ne�ed�d l�lo�on�ng�g d�de�es�s_�_c�cb�bc�c_�_c�ck�ks�su�um�m(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,l�le�en�ng�gt�th�h,�,s�sc�ch�he�ed�du�ul�le�e,�,i�iv�ve�ec�c)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
l�lo�on�ng�g l�le�en�ng�gt�th�h;�;
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
Printed 7/27/90 Kerberos 1
DES_CRYPT(3) 4.0 DES_CRYPT(3)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�iv�ve�ec�c;�;
u�un�ns�si�ig�gn�ne�ed�d l�lo�on�ng�g q�qu�ua�ad�d_�_c�ck�ks�su�um�m(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,l�le�en�ng�gt�th�h,�,o�ou�ut�t_�_c�co�ou�un�nt�t,�,s�se�ee�ed�d)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
l�lo�on�ng�g l�le�en�ng�gt�th�h;�;
i�in�nt�t o�ou�ut�t_�_c�co�ou�un�nt�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*s�se�ee�ed�d;�;
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
This library supports various DES encryption related opera-
tions. It differs from the _�c_�r_�y_�p_�t, _�s_�e_�t_�k_�e_�y, _�a_�n_�d _�e_�n_�c_�r_�y_�p_�t
library routines in that it provides a true DES encryption,
without modifying the algorithm, and executes much faster.
For each key that may be simultaneously active, create a
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e struct, defined in "des.h". Next, create
key schedules (from the 8-byte keys) as needed, via
_�d_�e_�s__�s_�e_�t__�k_�e_�y, prior to using the encryption or checksum rou-
tines. Then setup the input and output areas. Make sure to
note the restrictions on lengths being multiples of eight
bytes. Finally, invoke the encryption/decryption routines,
_�d_�e_�s__�e_�c_�b__�e_�n_�c_�r_�y_�p_�t or _�d_�e_�s__�c_�b_�c__�e_�n_�c_�r_�y_�p_�t or _�d_�e_�s__�p_�c_�b_�c__�e_�n_�c_�r_�y_�p_�t, or,
to generate a cryptographic checksum, use _�q_�u_�a_�d__�c_�k_�s_�u_�m (fast)
or _�d_�e_�s__�c_�b_�c__�c_�k_�s_�u_�m (slow).
A _�d_�e_�s__�c_�b_�l_�o_�c_�k struct is an 8 byte block used as the fundamen-
tal unit for DES data and keys, and is defined as:
t�ty�yp�pe�ed�de�ef�f u�un�ns�si�ig�gn�ne�ed�d c�ch�ha�ar�r d�de�es�s_�_c�cb�bl�lo�oc�ck�k[�[8�8]�];�;
and a _�d_�e_�s__�k_�e_�y__�s_�c_�h_�e_�d_�u_�l_�e, is defined as:
t�ty�yp�pe�ed�de�ef�f s�st�tr�ru�uc�ct�t d�de�es�s_�_k�ks�s_�_s�st�tr�ru�uc�ct�t {�{d�de�es�s_�_c�cb�bl�lo�oc�ck�k _�_;�;}�}
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e[�[1�16�6]�];�;
_�d_�e_�s__�r_�e_�a_�d__�p_�a_�s_�s_�w_�o_�r_�d writes the string specified by _�p_�r_�o_�m_�p_�t to
the standard output, turns off echo (if possible) and reads
an input string from standard input until terminated with a
newline. If _�v_�e_�r_�i_�f_�y is non-zero, it prompts and reads input
again, for use in applications such as changing a password;
both versions are compared, and the input is requested
repeatedly until they match. Then _�d_�e_�s__�r_�e_�a_�d__�p_�a_�s_�s_�w_�o_�r_�d con-
verts the input string into a valid DES key, internally
using the _�d_�e_�s__�s_�t_�r_�i_�n_�g__�t_�o__�k_�e_�y routine. The newly created key
is copied to the area pointed to by the _�k_�e_�y argument.
_�d_�e_�s__�r_�e_�a_�d__�p_�a_�s_�s_�w_�o_�r_�d returns a zero if no errors occurred, or a
-1 indicating that an error occurred trying to manipulate
the terminal echo.
_�d_�e_�s__�s_�t_�r_�i_�n_�g__�t_�o__�k_�e_�y converts an arbitrary length null-
terminated string to an 8 byte DES key, with odd byte
Printed 7/27/90 Kerberos 2
DES_CRYPT(3) 4.0 DES_CRYPT(3)
parity, per FIPS specification. A one-way function is used
to convert the string to a key, making it very difficult to
reconstruct the string from the key. The _�s_�t_�r argument is a
pointer to the string, and _�k_�e_�y should point to a _�d_�e_�s__�c_�b_�l_�o_�c_�k
supplied by the caller to receive the generated key. No
meaningful value is returned. Void is not used for compati-
bility with other compilers.
_�d_�e_�s__�r_�a_�n_�d_�o_�m__�k_�e_�y generates a random DES encryption key (eight
bytes), set to odd parity per FIPS specifications. This
routine uses the current time, process id, and a counter as
a seed for the random number generator. The caller
must supply space for the output key, pointed to by
argument _�k_�e_�y, then after calling _�d_�e_�s__�r_�a_�n_�d_�o_�m__�k_�e_�y should call
the _�d_�e_�s__�s_�e_�t__�k_�e_�y routine when needed. No meaningful value is
returned. Void is not used for compatibility with other
compilers.
_�d_�e_�s__�s_�e_�t__�k_�e_�y calculates a key schedule from all eight bytes
of the input key, pointed to by the _�k_�e_�y argument, and out-
puts the schedule into the _�d_�e_�s__�k_�e_�y__�s_�c_�h_�e_�d_�u_�l_�e indicated by the
_�s_�c_�h_�e_�d_�u_�l_�e argument. Make sure to pass a valid eight byte key;
no padding is done. The key schedule may then be used in
subsequent encryption/decryption/checksum operations. Many
key schedules may be cached for later use. The user is
responsible to clear keys and schedules as soon as no longer
needed, to prevent their disclosure. The routine also
checks the key parity, and returns a zero if the key parity
is correct (odd), a -1 indicating a key parity error, or a
-2 indicating use of an illegal weak key. If an error is
returned, the key schedule was not created.
_�d_�e_�s__�e_�c_�b__�e_�n_�c_�r_�y_�p_�t is the basic DES encryption routine that
encrypts or decrypts a single 8-byte block in e�el�le�ec�ct�tr�ro�on�ni�ic�c
c�co�od�de�e b�bo�oo�ok�k mode. It always transforms the input data,
pointed to by _�i_�n_�p_�u_�t, into the output data, pointed to by the
_�o_�u_�t_�p_�u_�t argument.
If the _�e_�n_�c_�r_�y_�p_�t argument is non-zero, the _�i_�n_�p_�u_�t (cleartext)
is encrypted into the _�o_�u_�t_�p_�u_�t (ciphertext) using the
key_schedule specified by the _�s_�c_�h_�e_�d_�u_�l_�e argument, previously
set via _�d_�e_�s__�s_�e_�t__�k_�e_�y
If encrypt is zero, the _�i_�n_�p_�u_�t (now ciphertext) is decrypted
into the _�o_�u_�t_�p_�u_�t (now cleartext).
Input and output may overlap.
No meaningful value is returned. Void is not used for com-
patibility with other compilers.
Printed 7/27/90 Kerberos 3
DES_CRYPT(3) 4.0 DES_CRYPT(3)
_�d_�e_�s__�c_�b_�c__�e_�n_�c_�r_�y_�p_�t encrypts/decrypts using the c�ci�ip�ph�he�er�r-�-b�bl�lo�oc�ck�k-�-
c�ch�ha�ai�in�ni�in�ng�g m�mo�od�de�e o�of�f D�DE�ES�S.�. If the _�e_�n_�c_�r_�y_�p_�t argument is non-zero,
the routine cipher-block-chain encrypts the cleartext data
pointed to by the _�i_�n_�p_�u_�t argument into the ciphertext pointed
to by the _�o_�u_�t_�p_�u_�t argument, using the key schedule provided
by the _�s_�c_�h_�e_�d_�u_�l_�e argument, and initialization vector provided
by the _�i_�v_�e_�c argument. If the _�l_�e_�n_�g_�t_�h argument is not an
integral multiple of eight bytes, the last block is copied
to a temp and zero filled (highest addresses). The output
is ALWAYS an integral multiple of eight bytes.
If _�e_�n_�c_�r_�y_�p_�t is zero, the routine cipher-block chain decrypts
the (now) ciphertext data pointed to by the _�i_�n_�p_�u_�t argument
into (now) cleartext pointed to by the _�o_�u_�t_�p_�u_�t argument using
the key schedule provided by the _�s_�c_�h_�e_�d_�u_�l_�e argument, and ini-
tialization vector provided by the _�i_�v_�e_�c argument. Decryption
ALWAYS operates on integral multiples of 8 bytes, so it will
round the _�l_�e_�n_�g_�t_�h provided up to the appropriate multiple.
Consequently, it will always produce the rounded-up number
of bytes of output cleartext. The application must determine
if the output cleartext was zero-padded due to original
cleartext lengths that were not integral multiples of 8.
No errors or meaningful values are returned. Void is not
used for compatibility with other compilers.
A characteristic of cbc mode is that changing a single bit
of the cleartext, then encrypting using cbc mode, affects
ALL the subsequent ciphertext. This makes cryptanalysis
much more difficult. However, modifying a single bit of the
ciphertext, then decrypting, only affects the resulting
cleartext from the modified block and the succeeding block.
Therefore, _�d_�e_�s__�p_�c_�b_�c__�e_�n_�c_�r_�y_�p_�t is STRONGLY recommended for
applications where indefinite propagation of errors is
required in order to detect modifications.
_�d_�e_�s__�p_�c_�b_�c__�e_�n_�c_�r_�y_�p_�t encrypts/decrypts using a modified block
chaining mode. Its calling sequence is identical to
_�d_�e_�s__�c_�b_�c__�e_�n_�c_�r_�y_�p_�t. It differs in its error propagation charac-
teristics.
_�d_�e_�s__�p_�c_�b_�c__�e_�n_�c_�r_�y_�p_�t is highly recommended for most encryption
purposes, in that modification of a single bit of the
ciphertext will affect ALL the subsequent (decrypted) clear-
text. Similarly, modifying a single bit of the cleartext
will affect ALL the subsequent (encrypted) ciphertext.
"PCBC" mode, on encryption, "xors" both the cleartext of
block N and the ciphertext resulting from block N with the
cleartext for block N+1 prior to encrypting block N+1.
_�d_�e_�s__�c_�b_�c__�c_�k_�s_�u_�m produces an 8 byte cryptographic checksum by
cipher-block-chain encrypting the cleartext data pointed to
Printed 7/27/90 Kerberos 4
DES_CRYPT(3) 4.0 DES_CRYPT(3)
by the _�i_�n_�p_�u_�t argument. All of the ciphertext output is dis-
carded, except the last 8-byte ciphertext block, which is
written into the area pointed to by the _�o_�u_�t_�p_�u_�t argument. It
uses the key schedule, provided by the _�s_�c_�h_�e_�d_�u_�l_�e argument and
initialization vector provided by the _�i_�v_�e_�c argument. If the
_�l_�e_�n_�g_�t_�h argument is not an integral multiple of eight bytes,
the last cleartext block is copied to a temp and zero filled
(highest addresses). The output is ALWAYS eight bytes.
The routine also returns an unsigned long, which is the last
(highest address) half of the 8 byte checksum computed.
_�q_�u_�a_�d__�c_�k_�s_�u_�m produces a checksum by chaining quadratic opera-
tions on the cleartext data pointed to by the _�i_�n_�p_�u_�t argu-
ment. The _�l_�e_�n_�g_�t_�h argument specifies the length of the input
-- only exactly that many bytes are included for the check-
sum, without any padding.
The algorithm may be iterated over the same input data, if
the _�o_�u_�t__�c_�o_�u_�n_�t argument is 2, 3 or 4, and the optional _�o_�u_�t_�p_�u_�t
argument is a non-null pointer . The default is one itera-
tion, and it will not run more than 4 times. Multiple itera-
tions run slower, but provide a longer checksum if desired.
The _�s_�e_�e_�d argument provides an 8-byte seed for the first
iteration. If multiple iterations are requested, the results
of one iteration are automatically used as the seed for the
next iteration.
It returns both an unsigned long checksum value, and if the
_�o_�u_�t_�p_�u_�t argument is not a null pointer, up to 16 bytes of the
computed checksum are written into the output.
F�FI�IL�LE�ES�S
/usr/include/kerberosIV/des.h
/usr/lib/libdes.a
S�SE�EE�E A�AL�LS�SO�O
D�DI�IA�AG�GN�NO�OS�ST�TI�IC�CS�S
B�BU�UG�GS�S
This software has not yet been compiled or tested on
machines other than the VAX and the IBM PC.
A�AU�UT�TH�HO�OR�RS�S
Steve Miller, MIT Project Athena/Digital Equipment Corpora-
tion
R�RE�ES�ST�TR�RI�IC�CT�TI�IO�ON�NS�S
COPYRIGHT 1985,1986 Massachusetts Institute of Technology
This software may not be exported outside of the US without
a special license from the US Dept of Commerce. It may be
replaced by any secret key block cipher with block length
Printed 7/27/90 Kerberos 5
DES_CRYPT(3) 4.0 DES_CRYPT(3)
and key length of 8 bytes, as long as the interface is the
same as described here.
Printed 7/27/90 Kerberos 6