des, des_random_key, des_set_key, des_set_key_checked,
des_set_key_unchecked, des_set_odd_parity,
des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt,
des_ncbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
des_pcbc_encrypt, des_cfb64_encrypt, des_ofb64_encrypt,
des_xcbc_encrypt, des_ede2_cbc_encrypt,
des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt,
des_ede3_cbc_encrypt, des_ede3_cbcm_encrypt,
des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt,
des_read_password, des_read_2passwords,
des_read_pw_string, des_cbc_cksum, des_string_to_2keys,
des_fcrypt, des_enc_read, des_enc_write  DES encryption
#include <openssl/des.h>
void des_random_key(
des_cblock *ret ); int des_set_key(
const_des_cblock *key,
des_key_schedule schedule ); int des_key_sched(
const_des_cblock *key,
des_key_schedule schedule ); int
des_set_key_checked(
const_des_cblock *key,
des_key_schedule schedule ); void
des_set_key_unchecked(
const_des_cblock *key,
des_key_schedule schedule ); void des_set_odd_parity(
des_cblock *key ); int des_is_weak_key(
const_des_cblock *key ); void des_ecb_encrypt(
const_des_cblock *input,
des_cblock *output,
des_key_schedule ks,
int enc ); void des_ecb2_encrypt(
const_des_cblock *input,
des_cblock *output,
des_key_schedule ks1,
des_key_schedule ks2,
int enc ); void des_ecb3_encrypt(
const_des_cblock *input,
, des_cblock *output,
des_key_schedule ks1,
des_key_schedule ks2,
des_key_schedule ks3,
int enc ); void des_ncbc_encrypt(
const unsigned char *input,
unsigned char *output,
long length,
des_key_schedule schedule,
des_cblock *ivec,
int enc ); void des_cfb_encrypt(
const unsigned char *in,
unsigned char *out,
int numbits,
long length,
des_key_schedule schedule,
des_cblock *ivec,
int enc ); void des_ofb_encrypt(
const unsigned char *in,
unsigned char *out,
int numbits,
long length,
des_key_schedule schedule,
des_cblock *ivec ); void des_pcbc_encrypt(
const unsigned char *input,
nsigned char *output,
u,
long length,
des_key_schedule schedule,
des_cblock *ivec,
int enc ); void des_cfb64_encrypt(
const unsigned char *in,
unsigned char *out,
long length,
des_key_schedule schedule,
des_cblock *ivec,
int *num,
int enc ); void des_ofb64_encrypt(
const unsigned char *in,
unsigned char *out,
long length,
des_key_schedule schedule,
des_cblock *ivec,
int *num ); void des_xcbc_encrypt(
const unsigned char *input,
unsigned char *output,
long length,
des_key_schedule schedule,
des_cblock *ivec,
const_des_cblock *inw,
const_des_cblock *outw,
int enc ); void des_ede2_cbc_encrypt(
const unsigned char *input,
unsigned char *output,
long length,
des_key_schedule ks1,
des_key_schedule ks2,
des_cblock *ivec,
int enc ); void des_ede2_cfb64_encrypt(
const unsigned char *in,
unsigned char *out,
long length,
des_key_schedule ks1,
des_key_schedule ks2,
des_cblock *ivec,
int *num,
int enc ); void des_ede2_ofb64_encrypt(
const unsigned char *in,
unsigned char *out,
long length,
des_key_schedule ks1,
des_key_schedule ks2,
des_cblock *ivec,
int *num ); void des_ede3_cbc_encrypt(
const unsigned char *input,
unsigned char *output,
long length,
des_key_schedule ks1,
des_key_schedule ks2,
des_key_schedule ks3,
des_cblock *ivec,
int enc ); void des_ede3_cbcm_encrypt(
const unsigned char *in,
unsigned char *out,
long length,
des_key_schedule ks1,
des_key_schedule ks2,
des_key_schedule ks3,
des_cblock *ivec1,
des_cblock *ivec2,
int enc ); void des_ede3_cfb64_encrypt(
const unsigned char *in,
unsigned char *out,
long length,
des_key_schedule ks1,
des_key_schedule ks2,
des_key_schedule ks3,
des_cblock *ivec,
int *num,
int enc ); void des_ede3_ofb64_encrypt(
const unsigned char *in,
unsigned char *out,
long length,
des_key_schedule ks1,
des_key_schedule ks2,
des_key_schedule ks3,
des_cblock *ivec,
int *num ); int des_read_password(
des_cblock *key,
const char *prompt,
int verify ); int des_read_2passwords(
des_cblock *key1,
des_cblock *key2,
const char *prompt,
int verify ); int des_read_pw_string(
char *buf,
int length,
const char *prompt,
int verify ); DES_LONG des_cbc_cksum(
const unsigned char *input,
des_cblock *output,
long length,
des_key_schedule schedule,
const_des_cblock *ivec ); DES_LONG des_quad_cksum(
const unsigned char *input,
des_cblock output[],
long length,
int out_count,
des_cblock *seed ); void des_string_to_key(
const char *str,
des_cblock *key ); void des_string_to_2keys(
const char *str,
des_cblock *key1,
des_cblock *key2 ); char *des_fcrypt(
const char *buf,
const char *salt,
char *ret ); char *des_crypt(
const char *buf,
const char *salt ); char *crypt(
const char *buf,
const char *salt ); int des_enc_read(
int fd,
void *buf,
int len,
des_key_schedule sched,
des_cblock *iv ); int des_enc_write(
int fd,
const void *buf,
int len,
des_key_schedule sched,
des_cblock *iv );
This library contains a fast implementation of the DES
encryption algorithm.
There are two phases to the use of DES encryption. The
first is the generation of a des_key_schedule from a key;
the second is the actual encryption. A DES key is of type
des_cblock. This type consists of 8 bytes with odd parity.
The least significant bit in each byte is the parity
bit. The key schedule is an expanded form of the key; it
is used to speed the encryption process.
The des_random_key() generates a random key. The PRNG
must be seeded prior to using this function (see
rand_ssl(3); for backward compatibility the des_random_seed()
function is available as well). If the PRNG
could not generate a secure key, 0 is returned. In earlier
versions of the library, des_random_key() did not
generate secure keys.
Before a DES key can be used, it must be converted into
the architecture dependent des_key_schedule via the
des_set_key_checked() or des_set_key_unchecked() functions.
The des_set_key_checked() function will check that the key
passed is of odd parity and is not a weak or semiweak
key. If the parity is wrong, then 1 is returned. If the
key is a weak key, then 2 is returned. If an error is
returned, the key schedule is not generated.
The des_set_key() function (called des_key_sched() in the
MIT library) works like des_set_key_checked() if the
des_check_key flag is nonzero; otherwise, it works like
des_set_key_unchecked(). These functions are available
for compatibility; we recommend you use a function that
does not depend on a global variable.
The des_set_odd_parity() function (called
des_fixup_key_parity() in the MIT library) sets the parity
of the passed key to odd.
The des_is_weak_key() function returns 1 is the passed key
is a weak key, 0 if it is ok. The probability that a randomly
generated key is weak is 1/2^52.
The following routines mostly operate on an input and output
stream of des_cblock: The des_ecb_encrypt() function
is the basic DES encryption routine that encrypts or
decrypts a single 8byte des_cblock in electronic code
book (ECB) mode. It always transforms the input data,
pointed to by input, into the output data, pointed to by
the output argument. If the encrypt argument is nonzero
(DES_ENCRYPT), the input (cleartext) is encrypted in to
the output (ciphertext) using the key_schedule specified
by the schedule argument, previously set via des_set_key.
If encrypt is zero (DES_DECRYPT), the input (now ciphertext)
is decrypted into the output (now cleartext). Input
and output may overlap. The des_ecb_encrypt() function
does not return a value. The des_ecb3_encrypt() function
encrypts and decrypts the input block by using threekey
TripleDES encryption in ECB mode. This involves encrypting
the input with ks1, decrypting with the key schedule
ks2, and then encrypting with ks3. This routine greatly
reduces the chances of brute force breaking of DES and has
the advantage if ks1, ks2 and ks3 are the same. It is
equivalent to encryption using ECB mode and ks1 as the
key. The des_ecb2_encrypt() macro is provided to perform
twokey TripleDES encryption by using ks1 for the final
encryption. The des_ncbc_encrypt() function encrypts and
decrypts using the cipherblockchaining (CBC) mode of
DES. If the encrypt argument is nonzero, the routine
cipherblockchain encrypts the cleartext data pointed to
by the input argument into the ciphertext pointed to by
the output argument, using the key schedule provided by
the schedule argument, and initialization vector provided
by the ivec argument. If the length argument is not an
integral multiple of eight bytes, the last block is copied
to a temporary area and zero filled. The output is always
an integral multiple of eight bytes. The
des_xcbc_encrypt() function is RSA's DESX mode of DES. It
uses inw and outw to whiten the encryption. The inw and
outw are secret (unlike the iv) and are part of the key.
So the key is sort of 24 bytes. This is much better than
CBC DES. The des_ede3_cbc_encrypt() function implements
outer triple CBC DES encryption with three keys. This
means that each DES operation inside the CBC mode is
really an C=E(ks3,D(ks2,E(ks1,M))). This mode is used by
SSL. The des_ede2_cbc_encrypt() macro implements twokey
TripleDES by reusing ks1 for the final encryption.
C=E(ks1,D(ks2,E(ks1,M))). This form of TripleDES is used
by the RSAREF library. The des_pcbc_encrypt() function
encrypts and decrypts using the propagating cipher block
chaining mode used by Kerberos v4. Its parameters are the
same as des_ncbc_encrypt(). The des_cfb_encrypt() function
encrypts and decrypts using cipher feedback mode.
This method takes an array of characters as input and outputs
and array of characters. It does not require any
padding to 8 character groups. The ivec variable is
changed and the new changed value needs to be passed to
the next call to this function. Since this function runs
a complete DES ECB encryption per numbits, this function
is only suggested for use when sending small numbers of
characters. The des_cfb64_encrypt() function implements
CFB mode of DES with 64bit feedback. This is useful
because this routine will allow you to encrypt an arbitrary
number of bytes, no 8byte padding. Each call to
this routine will encrypt the input bytes to output and
then update ivec and num. The num shows where you are
through ivec. The des_ede3_cfb64_encrypt() and
des_ede2_cfb64_encrypt() functions are the same as the
des_cfb64_encrypt() function except that TripleDES is
used. The des_ofb_encrypt() function encrypts using output
feedback mode. This method takes an array of characters
as input and outputs and array of characters. It
does not require any padding to 8character groups. The
ivec variable is changed and the new changed value needs
to be passed to the next call to this function. Since
this function runs a complete DES ECB encryption per
numbits, we recommend using this function only when sending
small numbers of characters. The des_ofb64_encrypt()
function is the same as the des_cfb64_encrypt() function
using Output Feed Back mode. The des_ede3_ofb64_encrypt()
and des_ede2_ofb64_encrypt() functions are the same as
des_ofb64_encrypt() using TripleDES.
The following functions are included in the DES library
for compatibility with the MIT Kerberos library. The
des_read_pw_string() function is also available under the
name EVP_read_pw_string(). The des_read_pw_string() function
writes the string specified by prompt to standard
output, turns echo off and reads in input string from the
terminal. The string is returned in buf, which must have
space for at least length bytes. If verify is set, the
user is asked for the password twice. Unless the two
copies match, an error is returned. A return code of 1
indicates a system error, 1 failure due to use interaction,
and 0 is success. The des_read_password() function
does the same and converts the password to a DES key by
calling des_string_to_key(); the des_read_2password()
function operates in the same way as des_read_password()
except that it generates two keys by using the
des_string_to_2key() function. The des_string_to_key()
function is available for backward compatibility with the
MIT library. New applications should use a cryptographic
hash function. The same applies for the
des_string_to_2key() function. The des_cbc_cksum() function
produces an 8byte checksum based on the input stream
(via CBC encryption). The last 4 bytes of the checksum
are returned and the complete 8 bytes are placed in output.
This function is used by Kerberos v4. Other applications
should use EVP_DigestInit() etc. instead. The
des_quad_cksum() function is a Kerberos v4 function. It
returns a 4byte checksum from the input bytes. The algorithm
can be iterated over the input, depending on
out_count, 1, 2, 3 or 4 times. If output is nonNULL, the
8 bytes generated by each pass are written into output.
The following are DESbased transformations: The
des_fcrypt() function is a fast version of the Unix
crypt() function. This version takes only a small amount
of space relative to other fast crypt() implementations.
This is different from the normal crypt in that the third
parameter is the buffer that the return value is written
into. It needs to be at least 14 bytes long. This function
is thread safe, unlike the normal crypt. The
des_crypt() function is a faster replacement for the normal
system crypt(). This function calls des_fcrypt() with
a static array passed as the third parameter. This emulates
the normal nonthread safe semantics of crypt().
The des_enc_write() function writes len bytes to file
descriptor fd from buffer buf. The data is encrypted via
pcbc_encrypt (default) using sched for the key and iv as a
starting vector. The actual data send down fd consists of
4 bytes (in network byte order) containing the length of
the following encrypted data. The encrypted data then
follows, padded with random data out to a multiple of 8
bytes. The des_enc_read() function is used to read len
bytes from file descriptor fd into buffer buf. The data
being read from fd is assumed to have come from
des_enc_write() and is decrypted using sched for the key
schedule and iv for the initial vector.
Note
The data format used by des_enc_write() and
des_enc_read() has a cryptographic weakness: When
asked to write more than MAXWRITE bytes,
des_enc_write() will split the data into several
chunks that are all encrypted using the same IV.
We do not recommend using these functions unless
you are sure you know what you do. They cannot
handle nonblocking sockets. The des_enc_read()
function uses an internal state and cannot be used
on multiple files. The des_rw_mode specifies the
encryption mode to use with the des_enc_read() and
des_end_write() functions. If it is set to
DES_PCBC_MODE (the default), des_pcbc_encrypt is
used. If it is set to DES_CBC_MODE,
des_cbc_encrypt is used.
Singlekey DES is insecure due to its short key size. ECB
mode is not suitable for most applications; see
des_modes(7).
The evp(3) library provides higherlevel encryption functions.
The des_3cbc_encrypt() function is flawed and must not be
used in applications.
The des_cbc_encrypt() function does not modify ivec; use
the des_ncbc_encrypt() function instead.
The des_cfb_encrypt() and des_ofb_encrypt() functions
operate on input of 8 bits. What this means is that if you
set numbits to 12, and length to 2, the first 12 bits will
come from the first input byte and the low half of the
second input byte. The second 12 bits will have the low 8
bits taken from the 3rd input byte and the top 4 bits
taken from the fourth input byte. The same holds for output.
This function has been implemented this way because
most people will be using a multiple of 8.
The des_read_pw_string() function is the most machine/OS
dependent function and normally generates the most problems
when porting this code.
The des library was written to be source code compatible
with the MIT Kerberos library. It conforms to ANSI X3.106.
The des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(),
des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(),
des_quad_cksum(), des_random_key(), des_read_password(),
and des_string_to_key() functions are available in the MIT
Kerberos library; the des_check_key_parity(),
des_fixup_key_parity(), and des_is_weak_key() functions
are available in newer versions of that library.
The des_set_key_checked() and des_set_key_unchecked()
functions were added in OpenSSL 0.9.5.
The des_generate_random_block(), des_init_random_number_generator(),
des_new_random_key(), des_set_random_generator_seed(),
des_set_sequence_number(), and
des_rand_data() functions are used in newer versions of
Kerberos but are not implemented here.
The des_random_key() function generated cryptographically
weak random data in SSLeay and in OpenSSL prior version
0.9.5, as well as in the original MIT library.
Author is Eric Young (eay@cryptsoft.com). Modified for the
OpenSSL project (http://www.openssl.org).
Functions: crypt(3), des_crypt(3), evp(3), rand_ssl(3)
Files: des_modes(7)
des(3)
[ Back ]
