diff options
Diffstat (limited to 'doc/crypto/des.pod')
| -rw-r--r-- | doc/crypto/des.pod | 376 |
1 files changed, 0 insertions, 376 deletions
diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod deleted file mode 100644 index 9908039..0000000 --- a/doc/crypto/des.pod +++ /dev/null @@ -1,376 +0,0 @@ -=pod - -=head1 NAME - -des_random_key, des_set_key, des_key_sched, des_set_key_checked, -des_set_key_unchecked, des_set_odd_parity, des_is_weak_key, -des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt, -des_cfb_encrypt, des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt, -des_ofb64_encrypt, des_xcbc_encrypt, des_ede2_cbc_encrypt, -des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt, -des_ede3_cbcm_encrypt, des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt, -des_read_password, des_read_2passwords, des_read_pw_string, -des_cbc_cksum, des_quad_cksum, des_string_to_key, des_string_to_2keys, -des_fcrypt, des_crypt, des_enc_read, des_enc_write - DES encryption - -=head1 SYNOPSIS - - #include <openssl/des.h> - - void des_random_key(des_cblock *ret); - - int des_set_key(const_des_cblock *key, des_key_schedule schedule); - int des_key_sched(const_des_cblock *key, des_key_schedule schedule); - int des_set_key_checked(const_des_cblock *key, - des_key_schedule schedule); - void des_set_key_unchecked(const_des_cblock *key, - des_key_schedule schedule); - - void des_set_odd_parity(des_cblock *key); - int des_is_weak_key(const_des_cblock *key); - - void des_ecb_encrypt(const_des_cblock *input, des_cblock *output, - des_key_schedule ks, int enc); - void des_ecb2_encrypt(const_des_cblock *input, des_cblock *output, - des_key_schedule ks1, des_key_schedule ks2, int enc); - void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, - des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, int enc); - - void des_ncbc_encrypt(const unsigned char *input, unsigned char *output, - long length, des_key_schedule schedule, des_cblock *ivec, - int enc); - void des_cfb_encrypt(const unsigned char *in, unsigned char *out, - int numbits, long length, des_key_schedule schedule, - des_cblock *ivec, int enc); - void des_ofb_encrypt(const unsigned char *in, unsigned char *out, - int numbits, long length, des_key_schedule schedule, - des_cblock *ivec); - void des_pcbc_encrypt(const unsigned char *input, unsigned char *output, - long length, des_key_schedule schedule, des_cblock *ivec, - int enc); - void des_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, des_key_schedule schedule, des_cblock *ivec, - int *num, int enc); - void des_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, des_key_schedule schedule, des_cblock *ivec, - int *num); - - void des_xcbc_encrypt(const unsigned char *input, unsigned char *output, - long length, des_key_schedule schedule, des_cblock *ivec, - const_des_cblock *inw, const_des_cblock *outw, int enc); - - void des_ede2_cbc_encrypt(const unsigned char *input, - unsigned char *output, long length, des_key_schedule ks1, - des_key_schedule ks2, des_cblock *ivec, int enc); - void des_ede2_cfb64_encrypt(const unsigned char *in, - unsigned char *out, long length, des_key_schedule ks1, - des_key_schedule ks2, des_cblock *ivec, int *num, int enc); - void des_ede2_ofb64_encrypt(const unsigned char *in, - unsigned char *out, long length, des_key_schedule ks1, - des_key_schedule ks2, des_cblock *ivec, int *num); - - void des_ede3_cbc_encrypt(const unsigned char *input, - unsigned char *output, long length, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, - int enc); - void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2, - int enc); - void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int *num, int enc); - void des_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3, - des_cblock *ivec, int *num); - - int des_read_password(des_cblock *key, const char *prompt, int verify); - int des_read_2passwords(des_cblock *key1, des_cblock *key2, - const char *prompt, int verify); - int des_read_pw_string(char *buf, int length, const char *prompt, - int verify); - - DES_LONG des_cbc_cksum(const unsigned char *input, des_cblock *output, - long length, des_key_schedule schedule, - const_des_cblock *ivec); - DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[], - long length, int out_count, des_cblock *seed); - void des_string_to_key(const char *str, des_cblock *key); - void des_string_to_2keys(const char *str, des_cblock *key1, - des_cblock *key2); - - char *des_fcrypt(const char *buf, const char *salt, char *ret); - char *des_crypt(const char *buf, const char *salt); - char *crypt(const char *buf, const char *salt); - - int des_enc_read(int fd, void *buf, int len, des_key_schedule sched, - des_cblock *iv); - int des_enc_write(int fd, const void *buf, int len, - des_key_schedule sched, des_cblock *iv); - -=head1 DESCRIPTION - -This library contains a fast implementation of the DES encryption -algorithm. - -There are two phases to the use of DES encryption. The first is the -generation of a I<des_key_schedule> from a key, the second is the -actual encryption. A DES key is of type I<des_cblock>. This type is -consists of 8 bytes with odd parity. The least significant bit in -each byte is the parity bit. The key schedule is an expanded form of -the key; it is used to speed the encryption process. - -des_random_key() generates a random key. The PRNG must be seeded -prior to using this function (see L<rand(3)|rand(3)>; for backward -compatibility the function des_random_seed() is available as well). -If the PRNG could not generate a secure key, 0 is returned. In -earlier versions of the library, des_random_key() did not generate -secure keys. - -Before a DES key can be used, it must be converted into the -architecture dependent I<des_key_schedule> via the -des_set_key_checked() or des_set_key_unchecked() function. - -des_set_key_checked() will check that the key passed is of odd parity -and is not a week or semi-weak key. If the parity is wrong, then -1 -is returned. If the key is a weak key, then -2 is returned. If an -error is returned, the key schedule is not generated. - -des_set_key() (called des_key_sched() in the MIT library) works like -des_set_key_checked() if the I<des_check_key> flag is non-zero, -otherwise like des_set_key_unchecked(). These functions are available -for compatibility; it is recommended to use a function that does not -depend on a global variable. - -des_set_odd_parity() (called des_fixup_key_parity() in the MIT -library) sets the parity of the passed I<key> to odd. - -des_is_weak_key() returns 1 is the passed key is a weak key, 0 if it -is ok. The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them. - -The following routines mostly operate on an input and output stream of -I<des_cblock>s. - -des_ecb_encrypt() is the basic DES encryption routine that encrypts or -decrypts a single 8-byte I<des_cblock> in I<electronic code book> -(ECB) mode. It always transforms the input data, pointed to by -I<input>, into the output data, pointed to by the I<output> argument. -If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input> -(cleartext) is encrypted in to the I<output> (ciphertext) using the -key_schedule specified by the I<schedule> argument, previously set via -I<des_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now -ciphertext) is decrypted into the I<output> (now cleartext). Input -and output may overlap. des_ecb_encrypt() does not return a value. - -des_ecb3_encrypt() encrypts/decrypts the I<input> block by using -three-key Triple-DES encryption in ECB mode. This involves encrypting -the input with I<ks1>, decrypting with the key schedule I<ks2>, and -then encrypting with I<ks3>. This routine greatly reduces the chances -of brute force breaking of DES and has the advantage of if I<ks1>, -I<ks2> and I<ks3> are the same, it is equivalent to just encryption -using ECB mode and I<ks1> as the key. - -The macro des_ecb2_encrypt() is provided to perform two-key Triple-DES -encryption by using I<ks1> for the final encryption. - -des_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining> -(CBC) mode of DES. If the I<encrypt> argument is non-zero, the -routine cipher-block-chain encrypts the cleartext data pointed to by -the I<input> argument into the ciphertext pointed to by the I<output> -argument, using the key schedule provided by the I<schedule> argument, -and initialization vector provided by the I<ivec> argument. If the -I<length> argument is not an integral multiple of eight bytes, the -last block is copied to a temporary area and zero filled. The output -is always an integral multiple of eight bytes. - -des_xcbc_encrypt() is RSA's DESX mode of DES. It uses I<inw> and -I<outw> to 'whiten' the encryption. I<inw> and I<outw> are secret -(unlike the iv) and are as such, part of the key. So the key is sort -of 24 bytes. This is much better than CBC DES. - -des_ede3_cbc_encrypt() implements outer triple CBC DES encryption with -three keys. This means that each DES operation inside the CBC mode is -really an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL. - -The des_ede2_cbc_encrypt() macro implements two-key Triple-DES by -reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>. -This form of Triple-DES is used by the RSAREF library. - -des_pcbc_encrypt() encrypt/decrypts using the propagating cipher block -chaining mode used by Kerberos v4. Its parameters are the same as -des_ncbc_encrypt(). - -des_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This -method takes an array of characters as input and outputs and array of -characters. It does not require any padding to 8 character groups. -Note: the I<ivec> variable is changed and the new changed value needs to -be passed to the next call to this function. Since this function runs -a complete DES ECB encryption per I<numbits>, this function is only -suggested for use when sending small numbers of characters. - -des_cfb64_encrypt() -implements CFB mode of DES with 64bit feedback. Why is this -useful you ask? Because this routine will allow you to encrypt an -arbitrary number of bytes, no 8 byte padding. Each call to this -routine will encrypt the input bytes to output and then update ivec -and num. num contains 'how far' we are though ivec. If this does -not make much sense, read more about cfb mode of DES :-). - -des_ede3_cfb64_encrypt() and des_ede2_cfb64_encrypt() is the same as -des_cfb64_encrypt() except that Triple-DES is used. - -des_ofb_encrypt() encrypts using output feedback mode. This method -takes an array of characters as input and outputs and array of -characters. It does not require any padding to 8 character groups. -Note: the I<ivec> variable is changed and the new changed value needs to -be passed to the next call to this function. Since this function runs -a complete DES ECB encryption per numbits, this function is only -suggested for use when sending small numbers of characters. - -des_ofb64_encrypt() is the same as des_cfb64_encrypt() using Output -Feed Back mode. - -des_ede3_ofb64_encrypt() and des_ede2_ofb64_encrypt() is the same as -des_ofb64_encrypt(), using Triple-DES. - -The following functions are included in the DES library for -compatibility with the MIT Kerberos library. des_read_pw_string() -is also available under the name EVP_read_pw_string(). - -des_read_pw_string() writes the string specified by I<prompt> to -standard output, turns echo off and reads in input string from the -terminal. The string is returned in I<buf>, which must have space for -at least I<length> bytes. If I<verify> is set, the user is asked for -the password twice and unless the two copies match, an error is -returned. A return code of -1 indicates a system error, 1 failure due -to use interaction, and 0 is success. - -des_read_password() does the same and converts the password to a DES -key by calling des_string_to_key(); des_read_2password() operates in -the same way as des_read_password() except that it generates two keys -by using the des_string_to_2key() function. des_string_to_key() is -available for backward compatibility with the MIT library. New -applications should use a cryptographic hash function. The same -applies for des_string_to_2key(). - -des_cbc_cksum() produces an 8 byte checksum based on the input stream -(via CBC encryption). The last 4 bytes of the checksum are returned -and the complete 8 bytes are placed in I<output>. This function is -used by Kerberos v4. Other applications should use -L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead. - -des_quad_cksum() is a Kerberos v4 function. It returns a 4 byte -checksum from the input bytes. The algorithm can be iterated over the -input, depending on I<out_count>, 1, 2, 3 or 4 times. If I<output> is -non-NULL, the 8 bytes generated by each pass are written into -I<output>. - -The following are DES-based transformations: - -des_fcrypt() is a fast version of the Unix crypt(3) function. This -version takes only a small amount of space relative to other fast -crypt() implementations. This is different to the normal crypt in -that the third parameter is the buffer that the return value is -written into. It needs to be at least 14 bytes long. This function -is thread safe, unlike the normal crypt. - -des_crypt() is a faster replacement for the normal system crypt(). -This function calls des_fcrypt() with a static array passed as the -third parameter. This emulates the normal non-thread safe semantics -of crypt(3). - -des_enc_write() writes I<len> bytes to file descriptor I<fd> from -buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default) -using I<sched> for the key and I<iv> as a starting vector. The actual -data send down I<fd> consists of 4 bytes (in network byte order) -containing the length of the following encrypted data. The encrypted -data then follows, padded with random data out to a multiple of 8 -bytes. - -des_enc_read() is used to read I<len> bytes from file descriptor -I<fd> into buffer I<buf>. The data being read from I<fd> is assumed to -have come from des_enc_write() and is decrypted using I<sched> for -the key schedule and I<iv> for the initial vector. - -B<Warning:> The data format used by des_enc_write() and des_enc_read() -has a cryptographic weakness: When asked to write more than MAXWRITE -bytes, des_enc_write() will split the data into several chunks that -are all encrypted using the same IV. So don't use these functions -unless you are sure you know what you do (in which case you might not -want to use them anyway). They cannot handle non-blocking sockets. -des_enc_read() uses an internal state and thus cannot be used on -multiple files. - -I<des_rw_mode> is used to specify the encryption mode to use with -des_enc_read() and des_end_write(). If set to I<DES_PCBC_MODE> (the -default), des_pcbc_encrypt is used. If set to I<DES_CBC_MODE> -des_cbc_encrypt is used. - -=head1 NOTES - -Single-key DES is insecure due to its short key size. ECB mode is -not suitable for most applications; see L<des_modes(7)|des_modes(7)>. - -The L<evp(3)|evp(3)> library provides higher-level encryption functions. - -=head1 BUGS - -des_3cbc_encrypt() is flawed and must not be used in applications. - -des_cbc_encrypt() does not modify B<ivec>; use des_ncbc_encrypt() -instead. - -des_cfb_encrypt() and des_ofb_encrypt() operates on input of 8 bits. -What this means is that if you set numbits to 12, and length to 2, the -first 12 bits will come from the 1st input byte and the low half of -the second input byte. The second 12 bits will have the low 8 bits -taken from the 3rd input byte and the top 4 bits taken from the 4th -input byte. The same holds for output. This function has been -implemented this way because most people will be using a multiple of 8 -and because once you get into pulling bytes input bytes apart things -get ugly! - -des_read_pw_string() is the most machine/OS dependent function and -normally generates the most problems when porting this code. - -=head1 CONFORMING TO - -ANSI X3.106 - -The B<des> library was written to be source code compatible with -the MIT Kerberos library. - -=head1 SEE ALSO - -crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)> - -=head1 HISTORY - -des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(), -des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(), -des_quad_cksum(), des_random_key(), des_read_password() and -des_string_to_key() are available in the MIT Kerberos library; -des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key() -are available in newer versions of that library. - -des_set_key_checked() and des_set_key_unchecked() were added in -OpenSSL 0.9.5. - -des_generate_random_block(), des_init_random_number_generator(), -des_new_random_key(), des_set_random_generator_seed() and -des_set_sequence_number() and des_rand_data() are used in newer -versions of Kerberos but are not implemented here. - -des_random_key() generated cryptographically weak random data in -SSLeay and in OpenSSL prior version 0.9.5, as well as in the original -MIT library. - -=head1 AUTHOR - -Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project -(http://www.openssl.org). - -=cut |