diff options
author | Ulf Möller <ulf@openssl.org> | 2000-03-19 02:09:37 +0000 |
---|---|---|
committer | Ulf Möller <ulf@openssl.org> | 2000-03-19 02:09:37 +0000 |
commit | 395df2fe306764e0d6909d423cd390ee2e841392 (patch) | |
tree | 3a1f7c6ad4e6842e8a6a2fe29b2c117e098ff11d /crypto/des | |
parent | 7af4816f0e9b624d8c2fcec19768ac14febb1832 (diff) |
libdes manpage.
This may still contain a few errors from the old documentation,
but most of it should make sense.
Diffstat (limited to 'crypto/des')
-rw-r--r-- | crypto/des/des_crypt.pod | 261 |
1 files changed, 0 insertions, 261 deletions
diff --git a/crypto/des/des_crypt.pod b/crypto/des/des_crypt.pod deleted file mode 100644 index 673215f758..0000000000 --- a/crypto/des/des_crypt.pod +++ /dev/null @@ -1,261 +0,0 @@ -=pod - -=head1 NAME - -des_read_password, des_read_2password, des_string_to_key, -des_string_to_2key, des_read_pw_string, des_random_key, des_set_key, -des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt, -des_3cbc_encrypt, des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt, -des_cbc_cksum, des_quad_cksum, des_enc_read, des_enc_write, -des_set_odd_parity, des_is_weak_key, crypt - (non USA) DES encryption - -=head1 SYNOPSIS - - #include <des.h> - - int des_read_password(des_cblock *key, char *prompt, int verify); - - int des_read_2password(des_cblock *key1, des_cblock *key2, char *prompt, - int verify); - - int des_string_to_key(char *str, des_cblock *key); - - int des_string_to_2keys(char *str, des_cblock *key1, des_cblock *key2); - - int des_read_pw_string(char *buf, int length, char *prompt, int verify); - - int des_random_key(des_cblock *key); - - int des_set_key(des_cblock *key, des_key_schedule schedule); - - int des_key_sched(des_cblock *key, des_key_schedule schedule); - - int des_ecb_encrypt(des_cblock *input, des_cblock *output, - des_key_schedule schedule, int encrypt); - - int des_ecb3_encrypt(des_cblock *input, des_cblock *output, - des_key_schedule ks1, des_key_schedule ks2, int encrypt); - - int des_cbc_encrypt(des_cblock *input, des_cblock *output, - long length, des_key_schedule schedule, des_cblock *ivec, - int encrypt); - - int des_3cbc_encrypt(des_cblock *input, des_cblock *output, - long length, des_key_schedule sk1, des_key_schedule sk2, - des_cblock *ivec1, des_cblock *ivec2, int encrypt); - - int des_pcbc_encrypt(des_cblock *input, des_cblock *output, - long length, des_key_schedule schedule, des_cblock *ivec, - int encrypt); - - int des_cfb_encrypt(unsigned char *input, unsigned char *output, - int numbits, long length, des_key_schedule schedule, - des_cblock *ivec, int encrypt); - - int des_ofb_encrypt(unsigned char *input, unsigned char *output, - int numbits, long length, des_key_schedule schedule, - des_cblock *ivec); - - unsigned long des_cbc_cksum(des_cblock *input, des_cblock *output, - long length, des_key_schedule schedule, des_cblock *ivec); - - unsigned long des_quad_cksum(des_cblock *input, des_cblock *output, - long length, int out_count, des_cblock *seed); - - int des_check_key; - - int des_enc_read(int fd, char *buf, int len, des_key_schedule sched, - des_cblock *iv); - - int des_enc_write(int fd, char *buf, int len, des_key_schedule sched, - des_cblock *iv); - - extern int des_rw_mode; - - void des_set_odd_parity(des_cblock *key); - - int des_is_weak_key(des_cblock *key); - - char *crypt(char *passwd, char *salt); - -=head1 DESCRIPTION - -This library contains a fast implementation of the DES encryption -algorithm. - -There are two phases to the use of DES encryption. The first is the -generation of a I<des_key_schedule> from a key, the second is the -actual encryption. A des key is of type I<des_cblock>. This type is -made from 8 characters with odd parity. The least significant bit in -the character is the parity bit. The key schedule is an expanded form -of the key; it is used to speed the encryption process. - -I<des_read_password> writes the string specified by prompt to the -standard output, turns off echo and reads an input string from -standard input until terminated with a newline. If verify is -non-zero, it prompts and reads the input again and verifies that both -entered passwords are the same. The entered string is converted into -a des key by using the I<des_string_to_key> routine. The new key is -placed in the I<des_cblock> that was passed (by reference) to the -routine. If there were no errors, I<des_read_password> returns 0, -1 -is returned if there was a terminal error and 1 is returned for any -other error. - -I<des_read_2password> operates in the same way as I<des_read_password> -except that it generates two keys by using the I<des_string_to_2key> -function. - -I<des_read_pw_string> is called by I<des_read_password> to read and -verify a string from a terminal device. The string is returned in -I<buf>. The size of I<buf> is passed to the routine via the I<length> -parameter. - -I<des_string_to_key> converts a string into a valid des key. - -I<des_string_to_2key> converts a string into two valid des keys. This -routine is best suited for used to generate keys for use with -I<des_ecb3_encrypt>. - -I<des_random_key> returns a random key that is made of a combination -of process id, time and an increasing counter. - -Before a des key can be used, it is converted into a -I<des_key_schedule> via the I<des_set_key> routine. If the -I<des_check_key> flag is non-zero, I<des_set_key> will check that the -key passed is of odd parity and is not a week or semi-weak key. If -the parity is wrong, then -1 is returned. If the key is a weak key, -then -2 is returned. If an error is returned, the key schedule is not -generated. - -I<des_key_sched> is another name for the I<des_set_key> function. - -The following routines mostly operate on an input and output stream of -I<des_cblock>'s. - -I<des_ecb_encrypt> is the basic DES encryption routine that encrypts -or decrypts a single 8-byte I<des_cblock> in I<electronic code book> -mode. It always transforms the input data, pointed to by I<input>, -into the output data, pointed to by the I<output> argument. If the -I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input> -(cleartext) is encrypted in to the I<output> (ciphertext) using the -key_schedule specified by the I<schedule> argument, previously set via -I<des_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now -ciphertext) is decrypted into the I<output> (now cleartext). Input -and output may overlap. No meaningful value is returned. - -I<des_ecb3_encrypt> encrypts/decrypts the I<input> block by using -triple ecb DES encryption. This involves encrypting the input with -I<ks1>, decryption with the key schedule I<ks2>, and then encryption -with the first again. This routine greatly reduces the chances of -brute force breaking of DES and has the advantage of if I<ks1> and -I<ks2> are the same, it is equivalent to just encryption using ecb -mode and I<ks1> as the key. - -I<des_cbc_encrypt> encrypts/decrypts using the -I<cipher-block-chaining> mode of DES. If the I<encrypt> argument is -non-zero, the routine cipher-block-chain encrypts the cleartext data -pointed to by the I<input> argument into the ciphertext pointed to by -the I<output> argument, using the key schedule provided by the -I<schedule> argument, and initialization vector provided by the -I<ivec> argument. If the I<length> argument is not an integral -multiple of eight bytes, the last block is copied to a temporary area -and zero filled. The output is always an integral multiple of eight -bytes. To make multiple cbc encrypt calls on a large amount of data -appear to be one I<des_cbc_encrypt> call, the I<ivec> of subsequent -calls should be the last 8 bytes of the output. - -I<des_3cbc_encrypt> encrypts/decrypts the I<input> block by using -triple cbc DES encryption. This involves encrypting the input with -key schedule I<ks1>, decryption with the key schedule I<ks2>, and then -encryption with the first again. Two initialization vectors are -required, I<ivec1> and I<ivec2>. Unlike I<des_cbc_encrypt>, these -initialization vectors are modified by the subroutine. This routine -greatly reduces the chances of brute force breaking of DES and has the -advantage of if I<ks1> and I<ks2> are the same, it is equivalent to -just encryption using cbc mode and I<ks1> as the key. - -I<des_pcbc_encrypt> encrypt/decrypts using a modified block chaining -mode. It provides better error propagation characteristics than cbc -encryption. - -I<des_cfb_encrypt> encrypt/decrypts using cipher feedback mode. This -method takes an array of characters as input and outputs and array of -characters. It does not require any padding to 8 character groups. -Note: the ivec variable is changed and the new changed value needs to -be passed to the next call to this function. Since this function runs -a complete DES ecb encryption per numbits, this function is only -suggested for use when sending small numbers of characters. - -I<des_ofb_encrypt> encrypt using output feedback mode. This method -takes an array of characters as input and outputs and array of -characters. It does not require any padding to 8 character groups. -Note: the ivec variable is changed and the new changed value needs to -be passed to the next call to this function. Since this function runs -a complete DES ecb encryption per numbits, this function is only -suggested for use when sending small numbers of characters. - -I<des_cbc_cksum> produces an 8 byte checksum based on the input stream -(via cbc encryption). The last 4 bytes of the checksum is returned -and the complete 8 bytes is placed in I<output>. - -I<des_quad_cksum> returns a 4 byte checksum from the input bytes. The -algorithm can be iterated over the input, depending on I<out_count>, -1, 2, 3 or 4 times. If I<output> is non-NULL, the 8 bytes generated -by each pass are written into I<output>. - -I<des_enc_write> is used to write I<len> bytes to file descriptor -I<fd> from buffer I<buf>. The data is encrypted via I<pcbc_encrypt> -(default) using I<sched> for the key and I<iv> as a starting vector. -The actual data send down I<fd> consists of 4 bytes (in network byte -order) containing the length of the following encrypted data. The -encrypted data then follows, padded with random data out to a multiple -of 8 bytes. - -I<des_enc_read> is used to read I<len> bytes from file descriptor -I<fd> into buffer I<buf>. The data being read from I<fd> is assumed to -have come from I<des_enc_write> and is decrypted using I<sched> for -the key schedule and I<iv> for the initial vector. The -I<des_enc_read/des_enc_write> pair can be used to read/write to files, -pipes and sockets. I have used them in implementing a version of -rlogin in which all data is encrypted. - -I<des_rw_mode> is used to specify the encryption mode to use with -I<des_enc_read> and I<des_end_write>. If set to I<DES_PCBC_MODE> (the -default), des_pcbc_encrypt is used. If set to I<DES_CBC_MODE> -des_cbc_encrypt is used. These two routines and the variable are not -part of the normal MIT library. - -I<des_set_odd_parity> sets the parity of the passed I<key> to odd. -This routine is not part of the standard MIT library. - -I<des_is_weak_key> returns 1 is the passed key is a weak key (pick -again :-), 0 if it is ok. This routine is not part of the standard -MIT library. - -I<crypt> is a replacement for the normal system crypt. It is much -faster than the system crypt. - -=head1 BUGS - -I<des_cfb_encrypt> and I<des_ofb_encrypt> operates on input of 8 bits. -What this means is that if you set numbits to 12, and length to 2, the -first 12 bits will come from the 1st input byte and the low half of -the second input byte. The second 12 bits will have the low 8 bits -taken from the 3rd input byte and the top 4 bits taken from the 4th -input byte. The same holds for output. This function has been -implemented this way because most people will be using a multiple of 8 -and because once you get into pulling bytes input bytes apart things -get ugly! - -I<des_read_pw_string> is the most machine/OS dependent function and -normally generates the most problems when porting this code. - -I<des_string_to_key> is probably different from the MIT version since -there are lots of fun ways to implement one-way encryption of a text -string. - -=head1 AUTHOR - -Eric Young (eay@cryptsoft.com) - -=cut |