*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> des_set_key_checked (3)              
Title
Content
Arch
Section
 

des(3)

Contents


NAME    [Toc]    [Back]

       des,   des_random_key,  des_set_key,  des_set_key_checked,
       des_set_key_unchecked,                 des_set_odd_parity,
       des_ecb_encrypt,    des_ecb2_encrypt,    des_ecb3_encrypt,
       des_ncbc_encrypt,    des_cfb_encrypt,     des_ofb_encrypt,
       des_pcbc_encrypt,   des_cfb64_encrypt,  des_ofb64_encrypt,
       des_xcbc_encrypt,                    des_ede2_cbc_encrypt,
       des_ede2_cfb64_encrypt,            des_ede2_ofb64_encrypt,
       des_ede3_cbc_encrypt,               des_ede3_cbcm_encrypt,
       des_ede3_cfb64_encrypt,            des_ede3_ofb64_encrypt,
       des_read_password,                    des_read_2passwords,
       des_read_pw_string,   des_cbc_cksum,  des_string_to_2keys,
       des_fcrypt, des_enc_read, des_enc_write - DES encryption

SYNOPSIS    [Toc]    [Back]

       #include <openssl/des.h>

       void des_random_key(
               des_cblock *ret ); int des_set_key(
               const_des_cblock *key,
               des_key_schedule schedule ); int des_key_sched(
               const_des_cblock *key,
               des_key_schedule       schedule       );       int
       des_set_key_checked(
               const_des_cblock *key,
               des_key_schedule       schedule       );      void
       des_set_key_unchecked(
               const_des_cblock *key,
               des_key_schedule schedule ); void des_set_odd_parity(

               des_cblock *key ); int des_is_weak_key(
               const_des_cblock *key ); void des_ecb_encrypt(
               const_des_cblock *input,
               des_cblock *output,
               des_key_schedule ks,
               int enc ); void des_ecb2_encrypt(
               const_des_cblock *input,
               des_cblock *output,
               des_key_schedule ks1,
               des_key_schedule ks2,
               int enc ); void des_ecb3_encrypt(
               const_des_cblock *input,
               , des_cblock *output,
               des_key_schedule ks1,
               des_key_schedule ks2,
               des_key_schedule ks3,
               int enc ); void des_ncbc_encrypt(
               const unsigned char *input,
               unsigned char *output,
               long length,
               des_key_schedule schedule,
               des_cblock *ivec,
               int enc ); void des_cfb_encrypt(
               const unsigned char *in,
               unsigned char *out,
               int numbits,
               long length,
               des_key_schedule schedule,
               des_cblock *ivec,
               int enc ); void des_ofb_encrypt(
               const unsigned char *in,
               unsigned char *out,
               int numbits,
               long length,
               des_key_schedule schedule,
               des_cblock *ivec ); void des_pcbc_encrypt(
               const unsigned char *input,
               nsigned char *output,
               u,
               long length,
               des_key_schedule schedule,
               des_cblock *ivec,
               int enc ); void des_cfb64_encrypt(
               const unsigned char *in,
               unsigned char *out,
               long length,
               des_key_schedule schedule,
               des_cblock *ivec,
               int *num,
               int enc ); void des_ofb64_encrypt(
               const unsigned char *in,
               unsigned char *out,
               long length,
               des_key_schedule schedule,
               des_cblock *ivec,
               int *num ); void des_xcbc_encrypt(
               const unsigned char *input,
               unsigned char *output,
               long length,
               des_key_schedule schedule,
               des_cblock *ivec,
               const_des_cblock *inw,
               const_des_cblock *outw,
               int enc ); void des_ede2_cbc_encrypt(
               const unsigned char *input,
               unsigned char *output,
               long length,
               des_key_schedule ks1,
               des_key_schedule ks2,
               des_cblock *ivec,
               int enc ); void des_ede2_cfb64_encrypt(
               const unsigned char *in,
               unsigned char *out,
               long length,
               des_key_schedule ks1,
               des_key_schedule ks2,
               des_cblock *ivec,
               int *num,
               int enc ); void des_ede2_ofb64_encrypt(
               const unsigned char *in,
               unsigned char *out,
               long length,
               des_key_schedule ks1,
               des_key_schedule ks2,
               des_cblock *ivec,
               int *num ); void des_ede3_cbc_encrypt(
               const unsigned char *input,
               unsigned char *output,
               long length,
               des_key_schedule ks1,
               des_key_schedule ks2,
               des_key_schedule ks3,
               des_cblock *ivec,
               int enc ); void des_ede3_cbcm_encrypt(
               const unsigned char *in,
               unsigned char *out,
               long length,
               des_key_schedule ks1,
               des_key_schedule ks2,
               des_key_schedule ks3,
               des_cblock *ivec1,
               des_cblock *ivec2,
               int enc ); void des_ede3_cfb64_encrypt(
               const unsigned char *in,
               unsigned char *out,
               long length,
               des_key_schedule ks1,
               des_key_schedule ks2,
               des_key_schedule ks3,
               des_cblock *ivec,
               int *num,
               int enc ); void des_ede3_ofb64_encrypt(
               const unsigned char *in,
               unsigned char *out,
               long length,
               des_key_schedule ks1,
               des_key_schedule ks2,
               des_key_schedule ks3,
               des_cblock *ivec,
               int *num ); int des_read_password(
               des_cblock *key,
               const char *prompt,
               int verify ); int des_read_2passwords(
               des_cblock *key1,
               des_cblock *key2,
               const char *prompt,
               int verify ); int des_read_pw_string(
               char *buf,
               int length,
               const char *prompt,
               int verify ); DES_LONG des_cbc_cksum(
               const unsigned char *input,
               des_cblock *output,
               long length,
               des_key_schedule schedule,
               const_des_cblock *ivec ); DES_LONG des_quad_cksum(
               const unsigned char *input,
               des_cblock output[],
               long length,
               int out_count,
               des_cblock *seed ); void des_string_to_key(
               const char *str,
               des_cblock *key ); void des_string_to_2keys(
               const char *str,
               des_cblock *key1,
               des_cblock *key2 ); char *des_fcrypt(
               const char *buf,
               const char *salt,
               char *ret ); char *des_crypt(
               const char *buf,
               const char *salt ); char *crypt(
               const char *buf,
               const char *salt ); int des_enc_read(
               int fd,
               void *buf,
               int len,
               des_key_schedule sched,
               des_cblock *iv ); int des_enc_write(
               int fd,
               const void *buf,
               int len,
               des_key_schedule sched,
               des_cblock *iv );

DESCRIPTION    [Toc]    [Back]

       This library contains a fast  implementation  of  the  DES
       encryption algorithm.

       There  are  two  phases to the use of DES encryption.  The
       first is the generation of a des_key_schedule from a  key;
       the second is the actual encryption.  A DES key is of type
       des_cblock.  This type consists of 8 bytes with  odd  parity.
  The least significant bit in each byte is the parity
       bit.  The key schedule is an expanded form of the key;  it
       is used to speed the encryption process.

       The  des_random_key()  generates  a  random key.  The PRNG
       must  be  seeded  prior  to  using  this   function   (see
       rand_ssl(3);   for  backward  compatibility  the  des_random_seed()
 function is available as  well).  If  the  PRNG
       could  not  generate a secure key, 0 is returned.  In earlier
 versions of the  library,  des_random_key()  did  not
       generate secure keys.

       Before  a  DES  key can be used, it must be converted into
       the  architecture  dependent  des_key_schedule   via   the
       des_set_key_checked()   or  des_set_key_unchecked()  functions.


       The des_set_key_checked() function will check that the key
       passed  is  of  odd  parity and is not a weak or semi-weak
       key.  If the parity is wrong, then -1 is returned.  If the
       key  is  a  weak key, then -2 is returned.  If an error is
       returned, the key schedule is not generated.

       The des_set_key() function (called des_key_sched() in  the
       MIT  library)  works  like  des_set_key_checked()  if  the
       des_check_key flag is non-zero; otherwise, it  works  like
       des_set_key_unchecked().   These  functions  are available
       for compatibility; we recommend you use  a  function  that
       does not depend on a global variable.

       The       des_set_odd_parity()       function      (called
       des_fixup_key_parity() in the MIT library) sets the parity
       of the passed key to odd.

       The des_is_weak_key() function returns 1 is the passed key
       is a weak key, 0 if it is ok.  The probability that a randomly
 generated key is weak is 1/2^52.

       The following routines mostly operate on an input and output
 stream of des_cblock: The  des_ecb_encrypt()  function
       is  the  basic  DES  encryption  routine  that encrypts or
       decrypts a single 8-byte  des_cblock  in  electronic  code
       book  (ECB)  mode.   It  always transforms the input data,
       pointed to by input, into the output data, pointed  to  by
       the  output  argument. If the encrypt argument is non-zero
       (DES_ENCRYPT), the input (cleartext) is  encrypted  in  to
       the  output  (ciphertext) using the key_schedule specified
       by the schedule argument, previously set via  des_set_key.
       If  encrypt  is zero (DES_DECRYPT), the input (now ciphertext)
 is decrypted into the output (now cleartext).  Input
       and  output  may  overlap.  The des_ecb_encrypt() function
       does not return a value.  The des_ecb3_encrypt()  function
       encrypts  and  decrypts the input block by using three-key
       Triple-DES encryption in ECB mode.  This involves encrypting
  the  input with ks1, decrypting with the key schedule
       ks2, and then encrypting with ks3.  This  routine  greatly
       reduces the chances of brute force breaking of DES and has
       the advantage if ks1, ks2 and ks3  are  the  same.  It  is
       equivalent  to  encryption  using  ECB mode and ks1 as the
       key.  The des_ecb2_encrypt() macro is provided to  perform
       two-key  Triple-DES  encryption by using ks1 for the final
       encryption.  The des_ncbc_encrypt() function encrypts  and
       decrypts  using  the  cipher-block-chaining  (CBC) mode of
       DES.  If the encrypt argument  is  non-zero,  the  routine
       cipher-block-chain  encrypts the cleartext data pointed to
       by the input argument into the ciphertext  pointed  to  by
       the  output  argument,  using the key schedule provided by
       the schedule argument, and initialization vector  provided
       by  the  ivec  argument.  If the length argument is not an
       integral multiple of eight bytes, the last block is copied
       to a temporary area and zero filled.  The output is always
       an   integral    multiple    of    eight    bytes.     The
       des_xcbc_encrypt() function is RSA's DESX mode of DES.  It
       uses inw and outw to whiten the encryption.  The  inw  and
       outw  are  secret (unlike the iv) and are part of the key.
       So the key is sort of 24 bytes.  This is much better  than
       CBC  DES.   The des_ede3_cbc_encrypt() function implements
       outer triple CBC DES  encryption  with  three  keys.  This
       means  that  each  DES  operation  inside  the CBC mode is
       really an C=E(ks3,D(ks2,E(ks1,M))).  This mode is used  by
       SSL.   The des_ede2_cbc_encrypt() macro implements two-key
       Triple-DES  by  reusing  ks1  for  the  final  encryption.
       C=E(ks1,D(ks2,E(ks1,M))).  This form of Triple-DES is used
       by the RSAREF library.   The  des_pcbc_encrypt()  function
       encrypts  and  decrypts using the propagating cipher block
       chaining mode used by Kerberos v4. Its parameters are  the
       same  as  des_ncbc_encrypt().  The des_cfb_encrypt() function
 encrypts and decrypts  using  cipher  feedback  mode.
       This method takes an array of characters as input and outputs
 and array of characters.  It  does  not  require  any
       padding  to  8  character  groups.  The  ivec  variable is
       changed and the new changed value needs to  be  passed  to
       the  next call to this function.  Since this function runs
       a complete DES ECB encryption per numbits,  this  function
       is  only  suggested  for use when sending small numbers of
       characters.  The des_cfb64_encrypt()  function  implements
       CFB  mode  of  DES  with  64-bit feedback.  This is useful
       because this routine will allow you to  encrypt  an  arbitrary
  number  of  bytes, no 8-byte padding.  Each call to
       this routine will encrypt the input bytes  to  output  and
       then  update  ivec  and  num.  The num shows where you are
       through   ivec.     The    des_ede3_cfb64_encrypt()    and
       des_ede2_cfb64_encrypt()  functions  are  the  same as the
       des_cfb64_encrypt() function  except  that  Triple-DES  is
       used.   The des_ofb_encrypt() function encrypts using output
 feedback mode.  This method takes an array of  characters
  as  input  and  outputs and array of characters.  It
       does not require any padding to  8-character  groups.  The
       ivec  variable  is changed and the new changed value needs
       to be passed to the next call  to  this  function.   Since
       this  function  runs  a  complete  DES  ECB encryption per
       numbits, we recommend using this function only when  sending
  small numbers of characters.  The des_ofb64_encrypt()
       function is the same as the  des_cfb64_encrypt()  function
       using Output Feed Back mode.  The des_ede3_ofb64_encrypt()
       and des_ede2_ofb64_encrypt() functions  are  the  same  as
       des_ofb64_encrypt() using Triple-DES.

       The  following  functions  are included in the DES library
       for compatibility  with  the  MIT  Kerberos  library.  The
       des_read_pw_string()  function is also available under the
       name EVP_read_pw_string().  The des_read_pw_string() function
  writes  the  string  specified by prompt to standard
       output, turns echo off and reads in input string from  the
       terminal.   The string is returned in buf, which must have
       space for at least length bytes.  If verify  is  set,  the
       user  is  asked  for  the  password twice.  Unless the two
       copies match, an error is returned.  A return code  of  -1
       indicates  a  system  error, 1 failure due to use interaction,
 and 0 is success.  The des_read_password()  function
       does  the  same  and converts the password to a DES key by
       calling  des_string_to_key();   the   des_read_2password()
       function  operates  in the same way as des_read_password()
       except  that  it  generates  two   keys   by   using   the
       des_string_to_2key()  function.   The  des_string_to_key()
       function is available for backward compatibility with  the
       MIT  library.  New applications should use a cryptographic
       hash    function.     The    same    applies    for    the
       des_string_to_2key()  function.  The des_cbc_cksum() function
 produces an 8-byte checksum based on the input stream
       (via  CBC  encryption).   The last 4 bytes of the checksum
       are returned and the complete 8 bytes are placed  in  output.
 This function is used by Kerberos v4.  Other applications
  should  use  EVP_DigestInit()  etc.  instead.   The
       des_quad_cksum()  function  is a Kerberos v4 function.  It
       returns a 4-byte checksum from the input bytes.  The algorithm
  can  be  iterated  over  the  input,  depending  on
       out_count, 1, 2, 3 or 4 times.  If output is non-NULL, the
       8 bytes generated by each pass are written into output.

       The   following   are   DES-based   transformations:   The
       des_fcrypt() function  is  a  fast  version  of  the  Unix
       crypt()  function.  This version takes only a small amount
       of space relative to other fast  crypt()  implementations.
       This  is different from the normal crypt in that the third
       parameter is the buffer that the return value  is  written
       into.   It needs to be at least 14 bytes long.  This function
  is  thread  safe,  unlike  the  normal  crypt.   The
       des_crypt()  function is a faster replacement for the normal
 system crypt(). This function calls des_fcrypt()  with
       a  static  array passed as the third parameter.  This emulates
 the normal non-thread  safe  semantics  of  crypt().
       The  des_enc_write()  function  writes  len  bytes to file
       descriptor fd from buffer buf. The data is  encrypted  via
       pcbc_encrypt (default) using sched for the key and iv as a
       starting vector.  The actual data send down fd consists of
       4  bytes  (in network byte order) containing the length of
       the following encrypted data.   The  encrypted  data  then
       follows,  padded  with  random data out to a multiple of 8
       bytes.  The des_enc_read() function is used  to  read  len
       bytes  from  file  descriptor fd into buffer buf. The data
       being  read  from  fd  is  assumed  to  have   come   from
       des_enc_write()  and  is decrypted using sched for the key
       schedule and iv for the initial vector.

                                     Note

              The  data  format  used  by   des_enc_write()   and
              des_enc_read()  has  a cryptographic weakness: When
              asked  to   write   more   than   MAXWRITE   bytes,
              des_enc_write()  will  split  the data into several
              chunks that are all encrypted using  the  same  IV.
              We  do  not  recommend using these functions unless
              you are sure you know what  you  do.   They  cannot
              handle  non-blocking  sockets.  The  des_enc_read()
              function uses an internal state and cannot be  used
              on  multiple  files.  The des_rw_mode specifies the
              encryption mode to use with the des_enc_read()  and
              des_end_write()   functions.    If  it  is  set  to
              DES_PCBC_MODE (the  default),  des_pcbc_encrypt  is
              used.     If    it    is   set   to   DES_CBC_MODE,
              des_cbc_encrypt is used.

NOTES    [Toc]    [Back]

       Single-key DES is insecure due to its short key size.  ECB
       mode   is   not   suitable   for  most  applications;  see
       des_modes(7).

       The evp(3) library provides higher-level encryption  functions.

RESTRICTIONS    [Toc]    [Back]

       The  des_3cbc_encrypt() function is flawed and must not be
       used in applications.

       The des_cbc_encrypt() function does not modify  ivec;  use
       the des_ncbc_encrypt() function instead.

       The   des_cfb_encrypt()  and  des_ofb_encrypt()  functions
       operate on input of 8 bits. What this means is that if you
       set numbits to 12, and length to 2, the first 12 bits will
       come from the first input byte and the  low  half  of  the
       second input byte.  The second 12 bits will have the low 8
       bits taken from the 3rd input byte  and  the  top  4  bits
       taken from the fourth input byte.  The same holds for output.
  This function has been implemented this way  because
       most people will be using a multiple of 8.

       The  des_read_pw_string()  function is the most machine/OS
       dependent function and normally generates the  most  problems
 when porting this code.

       The  des  library was written to be source code compatible
       with the MIT Kerberos library. It conforms to ANSI X3.106.

HISTORY    [Toc]    [Back]

       The des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(),
       des_is_weak_key(),  des_key_sched(),   des_pcbc_encrypt(),
       des_quad_cksum(),  des_random_key(),  des_read_password(),
       and des_string_to_key() functions are available in the MIT
       Kerberos      library;     the     des_check_key_parity(),
       des_fixup_key_parity(),  and  des_is_weak_key()  functions
       are available in newer versions of that library.

       The   des_set_key_checked()   and  des_set_key_unchecked()
       functions were added in OpenSSL 0.9.5.

       The   des_generate_random_block(),    des_init_random_number_generator(),
 des_new_random_key(), des_set_random_generator_seed(),
       des_set_sequence_number(),        and
       des_rand_data()  functions  are  used in newer versions of
       Kerberos but are not implemented here.

       The des_random_key() function generated  cryptographically
       weak  random  data  in SSLeay and in OpenSSL prior version
       0.9.5, as well as in the original MIT library.

       Author is Eric Young (eay@cryptsoft.com). Modified for the
       OpenSSL project (http://www.openssl.org).






SEE ALSO    [Toc]    [Back]

      
      
       Functions: crypt(3), des_crypt(3), evp(3), rand_ssl(3)

       Files: des_modes(7)



                                                           des(3)
[ Back ]
 Similar pages
Name OS Title
des_key_sched Tru64 Data Encryption Standard (DES) encryption library routines (Auth)
des_is_weak_key Tru64 Data Encryption Standard (DES) encryption library routines (Auth)
des_quad_cksum Tru64 Data Encryption Standard (DES) encryption library routines (Auth)
des_string_to_key Tru64 Data Encryption Standard (DES) encryption library routines (Auth)
des_crypt Tru64 Data Encryption Standard (DES) encryption library routines (Auth)
des_3ecb_encrypt OpenBSD (non USA) DES encryption
des_cbc_encrypt OpenBSD (non USA) DES encryption
des_3cbc_encrypt OpenBSD (non USA) DES encryption
RC4 Tru64 RC4 encryption
RC4_set_key Tru64 RC4 encryption
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service