4.4BSD/usr/share/man/cat3/des.0
DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3)
N�NA�AM�ME�E
des_read_password, des_string_to_key, des_random_key,
des_set_key, des_ecb_encrypt, des_cbc_encrypt,
des_pcbc_encrypt, des_cbc_cksum, des_quad_cksum, - (new)
DES encryption
S�SY�YN�NO�OP�PS�SI�IS�S
#�#i�in�nc�cl�lu�ud�de�e <�<k�ke�er�rb�be�er�ro�os�sI�IV�V/�/d�de�es�s.�.h�h>�>
i�in�nt�t d�de�es�s_�_r�re�ea�ad�d_�_p�pa�as�ss�sw�wo�or�rd�d(�(k�ke�ey�y,�,p�pr�ro�om�mp�pt�t,�,v�ve�er�ri�if�fy�y)�)
des_cblock *key;
char *prompt;
int verify;
i�in�nt�t d�de�es�s_�_s�st�tr�ri�in�ng�g_�_t�to�o_�_k�ke�ey�y(�(s�st�tr�r,�,k�ke�ey�y)�)
c�ch�ha�ar�r *�*s�st�tr�r;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k k�ke�ey�y;�;
i�in�nt�t d�de�es�s_�_r�ra�an�nd�do�om�m_�_k�ke�ey�y(�(k�ke�ey�y)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*k�ke�ey�y;�;
i�in�nt�t d�de�es�s_�_s�se�et�t_�_k�ke�ey�y(�(k�ke�ey�y,�,s�sc�ch�he�ed�du�ul�le�e)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*k�ke�ey�y;�;
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
i�in�nt�t d�de�es�s_�_e�ec�cb�b_�_e�en�nc�cr�ry�yp�pt�t(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,s�sc�ch�he�ed�du�ul�le�e,�,e�en�nc�cr�ry�yp�pt�t)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
i�in�nt�t e�en�nc�cr�ry�yp�pt�t;�;
i�in�nt�t d�de�es�s_�_c�cb�bc�c_�_e�en�nc�cr�ry�yp�pt�t(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,l�le�en�ng�gt�th�h,�,s�sc�ch�he�ed�du�ul�le�e,�,i�iv�ve�ec�c,�,e�en�nc�cr�ry�yp�pt�t)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
l�lo�on�ng�g l�le�en�ng�gt�th�h;�;
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�iv�ve�ec�c;�;
i�in�nt�t e�en�nc�cr�ry�yp�pt�t;�;
i�in�nt�t d�de�es�s_�_p�pc�cb�bc�c_�_e�en�nc�cr�ry�yp�pt�t(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,l�le�en�ng�gt�th�h,�,s�sc�ch�he�ed�du�ul�le�e,�,i�iv�ve�ec�c,�,e�en�nc�cr�ry�yp�pt�t)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
l�lo�on�ng�g l�le�en�ng�gt�th�h;�;
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�iv�ve�ec�c;�;
i�in�nt�t e�en�nc�cr�ry�yp�pt�t;�;
u�un�ns�si�ig�gn�ne�ed�d l�lo�on�ng�g d�de�es�s_�_c�cb�bc�c_�_c�ck�ks�su�um�m(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,l�le�en�ng�gt�th�h,�,s�sc�ch�he�ed�du�ul�le�e,�,i�iv�ve�ec�c)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
l�lo�on�ng�g l�le�en�ng�gt�th�h;�;
MIT Project Athena Kerberos Version 4.0 1
DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3)
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e s�sc�ch�he�ed�du�ul�le�e;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�iv�ve�ec�c;�;
u�un�ns�si�ig�gn�ne�ed�d l�lo�on�ng�g q�qu�ua�ad�d_�_c�ck�ks�su�um�m(�(i�in�np�pu�ut�t,�,o�ou�ut�tp�pu�ut�t,�,l�le�en�ng�gt�th�h,�,o�ou�ut�t_�_c�co�ou�un�nt�t,�,s�se�ee�ed�d)�)
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*i�in�np�pu�ut�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*o�ou�ut�tp�pu�ut�t;�;
l�lo�on�ng�g l�le�en�ng�gt�th�h;�;
i�in�nt�t o�ou�ut�t_�_c�co�ou�un�nt�t;�;
d�de�es�s_�_c�cb�bl�lo�oc�ck�k *�*s�se�ee�ed�d;�;
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
This library supports various DES encryption related oper-
ations. It differs from the _�c_�r_�y_�p_�t_�, _�s_�e_�t_�k_�e_�y_�, _�a_�n_�d _�e_�n_�c_�r_�y_�p_�t
library routines in that it provides a true DES encryp-
tion, without modifying the algorithm, and executes much
faster.
For each key that may be simultaneously active, create a
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e struct, defined in "des.h". Next, create
key schedules (from the 8-byte keys) as needed, via
_�d_�e_�s_�__�s_�e_�t_�__�k_�e_�y_�, prior to using the encryption or checksum
routines. Then setup the input and output areas. Make
sure to note the restrictions on lengths being multiples
of eight bytes. Finally, invoke the encryption/decryption
routines, _�d_�e_�s_�__�e_�c_�b_�__�e_�n_�c_�r_�y_�p_�t or _�d_�e_�s_�__�c_�b_�c_�__�e_�n_�c_�r_�y_�p_�t or
_�d_�e_�s_�__�p_�c_�b_�c_�__�e_�n_�c_�r_�y_�p_�t_�, or, to generate a cryptographic check-
sum, use _�q_�u_�a_�d_�__�c_�k_�s_�u_�m (fast) or _�d_�e_�s_�__�c_�b_�c_�__�c_�k_�s_�u_�m (slow).
A _�d_�e_�s_�__�c_�b_�l_�o_�c_�k struct is an 8 byte block used as the funda-
mental unit for DES data and keys, and is defined as:
t�ty�yp�pe�ed�de�ef�f u�un�ns�si�ig�gn�ne�ed�d c�ch�ha�ar�r d�de�es�s_�_c�cb�bl�lo�oc�ck�k[�[8�8]�];�;
and a _�d_�e_�s_�__�k_�e_�y_�__�s_�c_�h_�e_�d_�u_�l_�e_�, is defined as:
t�ty�yp�pe�ed�de�ef�f s�st�tr�ru�uc�ct�t d�de�es�s_�_k�ks�s_�_s�st�tr�ru�uc�ct�t {�{d�de�es�s_�_c�cb�bl�lo�oc�ck�k _�_;�;}�}
d�de�es�s_�_k�ke�ey�y_�_s�sc�ch�he�ed�du�ul�le�e[�[1�16�6]�];�;
_�d_�e_�s_�__�r_�e_�a_�d_�__�p_�a_�s_�s_�w_�o_�r_�d writes the string specified by _�p_�r_�o_�m_�p_�t to
the standard output, turns off echo (if possible) and
reads an input string from standard input until terminated
with a newline. If _�v_�e_�r_�i_�f_�y is non-zero, it prompts and
reads input again, for use in applications such as chang-
ing a password; both versions are compared, and the input
is requested repeatedly until they match. Then
_�d_�e_�s_�__�r_�e_�a_�d_�__�p_�a_�s_�s_�w_�o_�r_�d converts the input string into a valid
DES key, internally using the _�d_�e_�s_�__�s_�t_�r_�i_�n_�g_�__�t_�o_�__�k_�e_�y routine.
The newly created key is copied to the area pointed to by
the _�k_�e_�y argument. _�d_�e_�s_�__�r_�e_�a_�d_�__�p_�a_�s_�s_�w_�o_�r_�d returns a zero if no
errors occurred, or a -1 indicating that an error occurred
MIT Project Athena Kerberos Version 4.0 2
DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3)
trying to manipulate the terminal echo.
_�d_�e_�s_�__�s_�t_�r_�i_�n_�g_�__�t_�o_�__�k_�e_�y converts an arbitrary length null-
terminated string to an 8 byte DES key, with odd byte par-
ity, per FIPS specification. A one-way function is used
to convert the string to a key, making it very difficult
to reconstruct the string from the key. The _�s_�t_�r argument
is a pointer to the string, and _�k_�e_�y should point to a
_�d_�e_�s_�__�c_�b_�l_�o_�c_�k supplied by the caller to receive the generated
key. No meaningful value is returned. Void is not used
for compatibility with other compilers.
_�d_�e_�s_�__�r_�a_�n_�d_�o_�m_�__�k_�e_�y generates a random DES encryption key
(eight bytes), set to odd parity per FIPS specifications.
This routine uses the current time, process id, and a
counter as a seed for the random number generator. The
caller must supply space for the output key, pointed to
by argument _�k_�e_�y_�, then after calling _�d_�e_�s_�__�r_�a_�n_�d_�o_�m_�__�k_�e_�y should
call the _�d_�e_�s_�__�s_�e_�t_�__�k_�e_�y routine when needed. No meaningful
value is returned. Void is not used for compatibility
with other compilers.
_�d_�e_�s_�__�s_�e_�t_�__�k_�e_�y calculates a key schedule from all eight bytes
of the input key, pointed to by the _�k_�e_�y argument, and out-
puts the schedule into the _�d_�e_�s_�__�k_�e_�y_�__�s_�c_�h_�e_�d_�u_�l_�e indicated by
the _�s_�c_�h_�e_�d_�u_�l_�e argument. Make sure to pass a valid eight
byte key; no padding is done. The key schedule may then
be used in subsequent encryption/decryption/checksum oper-
ations. Many key schedules may be cached for later use.
The user is responsible to clear keys and schedules as
soon as no longer needed, to prevent their disclosure.
The routine also checks the key parity, and returns a zero
if the key parity is correct (odd), a -1 indicating a key
parity error, or a -2 indicating use of an illegal weak
key. If an error is returned, the key schedule was not
created.
_�d_�e_�s_�__�e_�c_�b_�__�e_�n_�c_�r_�y_�p_�t is the basic DES encryption routine that
encrypts or decrypts a single 8-byte block in e�el�le�ec�ct�tr�ro�on�ni�ic�c
c�co�od�de�e b�bo�oo�ok�k mode. It always transforms the input data,
pointed to by _�i_�n_�p_�u_�t_�, into the output data, pointed to by
the _�o_�u_�t_�p_�u_�t argument.
If the _�e_�n_�c_�r_�y_�p_�t argument is non-zero, the _�i_�n_�p_�u_�t (cleartext)
is encrypted into the _�o_�u_�t_�p_�u_�t (ciphertext) using the
key_schedule specified by the _�s_�c_�h_�e_�d_�u_�l_�e argument, previ-
ously set via _�d_�e_�s_�__�s_�e_�t_�__�k_�e_�y
MIT Project Athena Kerberos Version 4.0 3
DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3)
If encrypt is zero, the _�i_�n_�p_�u_�t (now ciphertext) is
decrypted into the _�o_�u_�t_�p_�u_�t (now cleartext).
Input and output may overlap.
No meaningful value is returned. Void is not used for
compatibility with other compilers.
_�d_�e_�s_�__�c_�b_�c_�__�e_�n_�c_�r_�y_�p_�t encrypts/decrypts using the c�ci�ip�ph�he�er�r-�-b�bl�lo�oc�ck�k-�-
c�ch�ha�ai�in�ni�in�ng�g m�mo�od�de�e o�of�f D�DE�ES�S.�. If the _�e_�n_�c_�r_�y_�p_�t argument is non-
zero, the routine cipher-block-chain encrypts the cleart-
ext data pointed to by the _�i_�n_�p_�u_�t argument into the cipher-
text pointed to by the _�o_�u_�t_�p_�u_�t argument, using the key
schedule provided by the _�s_�c_�h_�e_�d_�u_�l_�e argument, and initial-
ization vector provided by the _�i_�v_�e_�c argument. If the
_�l_�e_�n_�g_�t_�h argument is not an integral multiple of eight
bytes, the last block is copied to a temp and zero filled
(highest addresses). The output is ALWAYS an integral
multiple of eight bytes.
If _�e_�n_�c_�r_�y_�p_�t is zero, the routine cipher-block chain
decrypts the (now) ciphertext data pointed to by the _�i_�n_�p_�u_�t
argument into (now) cleartext pointed to by the _�o_�u_�t_�p_�u_�t
argument using the key schedule provided by the _�s_�c_�h_�e_�d_�u_�l_�e
argument, and initialization vector provided by the _�i_�v_�e_�c
argument. Decryption ALWAYS operates on integral multiples
of 8 bytes, so it will round the _�l_�e_�n_�g_�t_�h provided up to the
appropriate multiple. Consequently, it will always produce
the rounded-up number of bytes of output cleartext. The
application must determine if the output cleartext was
zero-padded due to original cleartext lengths that were
not integral multiples of 8.
No errors or meaningful values are returned. Void is not
used for compatibility with other compilers.
A characteristic of cbc mode is that changing a single bit
of the cleartext, then encrypting using cbc mode, affects
ALL the subsequent ciphertext. This makes cryptanalysis
much more difficult. However, modifying a single bit of
the ciphertext, then decrypting, only affects the result-
ing cleartext from the modified block and the succeeding
block. Therefore, _�d_�e_�s_�__�p_�c_�b_�c_�__�e_�n_�c_�r_�y_�p_�t is STRONGLY recom-
mended for applications where indefinite propagation of
errors is required in order to detect modifications.
_�d_�e_�s_�__�p_�c_�b_�c_�__�e_�n_�c_�r_�y_�p_�t encrypts/decrypts using a modified block
chaining mode. Its calling sequence is identical to
_�d_�e_�s_�__�c_�b_�c_�__�e_�n_�c_�r_�y_�p_�t_�. It differs in its error propagation
MIT Project Athena Kerberos Version 4.0 4
DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3)
characteristics.
_�d_�e_�s_�__�p_�c_�b_�c_�__�e_�n_�c_�r_�y_�p_�t is highly recommended for most encryption
purposes, in that modification of a single bit of the
ciphertext will affect ALL the subsequent (decrypted)
cleartext. Similarly, modifying a single bit of the clear-
text will affect ALL the subsequent (encrypted) cipher-
text. "PCBC" mode, on encryption, "xors" both the cleart-
ext of block N and the ciphertext resulting from block N
with the cleartext for block N+1 prior to encrypting block
N+1.
_�d_�e_�s_�__�c_�b_�c_�__�c_�k_�s_�u_�m produces an 8 byte cryptographic checksum by
cipher-block-chain encrypting the cleartext data pointed
to by the _�i_�n_�p_�u_�t argument. All of the ciphertext output is
discarded, except the last 8-byte ciphertext block, which
is written into the area pointed to by the _�o_�u_�t_�p_�u_�t argu-
ment. It uses the key schedule, provided by the _�s_�c_�h_�e_�d_�u_�l_�e
argument and initialization vector provided by the _�i_�v_�e_�c
argument. If the _�l_�e_�n_�g_�t_�h argument is not an integral mul-
tiple of eight bytes, the last cleartext block is copied
to a temp and zero filled (highest addresses). The output
is ALWAYS eight bytes.
The routine also returns an unsigned long, which is the
last (highest address) half of the 8 byte checksum com-
puted.
_�q_�u_�a_�d_�__�c_�k_�s_�u_�m produces a checksum by chaining quadratic oper-
ations on the cleartext data pointed to by the _�i_�n_�p_�u_�t argu-
ment. The _�l_�e_�n_�g_�t_�h argument specifies the length of the
input -- only exactly that many bytes are included for the
checksum, without any padding.
The algorithm may be iterated over the same input data, if
the _�o_�u_�t_�__�c_�o_�u_�n_�t argument is 2, 3 or 4, and the optional _�o_�u_�t_�-
_�p_�u_�t argument is a non-null pointer . The default is one
iteration, and it will not run more than 4 times. Multiple
iterations run slower, but provide a longer checksum if
desired. The _�s_�e_�e_�d argument provides an 8-byte seed for the
first iteration. If multiple iterations are requested, the
results of one iteration are automatically used as the
seed for the next iteration.
It returns both an unsigned long checksum value, and if
the _�o_�u_�t_�p_�u_�t argument is not a null pointer, up to 16 bytes
of the computed checksum are written into the output.
MIT Project Athena Kerberos Version 4.0 5
DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3)
F�FI�IL�LE�ES�S
/usr/include/kerberosIV/des.h
/usr/lib/libdes.a
S�SE�EE�E A�AL�LS�SO�O
D�DI�IA�AG�GN�NO�OS�ST�TI�IC�CS�S
B�BU�UG�GS�S
This software has not yet been compiled or tested on
machines other than the VAX and the IBM PC.
A�AU�UT�TH�HO�OR�RS�S
Steve Miller, MIT Project Athena/Digital Equipment Corpo-
ration
R�RE�ES�ST�TR�RI�IC�CT�TI�IO�ON�NS�S
COPYRIGHT 1985,1986 Massachusetts Institute of Technology
This software may not be exported outside of the US with-
out a special license from the US Dept of Commerce. It may
be replaced by any secret key block cipher with block
length and key length of 8 bytes, as long as the interface
is the same as described here.
MIT Project Athena Kerberos Version 4.0 6