| 1 | |
| 2 | |
| 3 | |
| 4 | DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) |
| 5 | |
| 6 | |
| 7 | N\bNA\bAM\bME\bE |
| 8 | des_read_password, des_string_to_key, des_random_key, |
| 9 | des_set_key, des_ecb_encrypt, des_cbc_encrypt, |
| 10 | des_pcbc_encrypt, des_cbc_cksum, des_quad_cksum, - (new) |
| 11 | DES encryption |
| 12 | |
| 13 | S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS |
| 14 | #\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<k\bke\ber\brb\bbe\ber\bro\bos\bsI\bIV\bV/\b/d\bde\bes\bs.\b.h\bh>\b> |
| 15 | |
| 16 | i\bin\bnt\bt d\bde\bes\bs_\b_r\bre\bea\bad\bd_\b_p\bpa\bas\bss\bsw\bwo\bor\brd\bd(\b(k\bke\bey\by,\b,p\bpr\bro\bom\bmp\bpt\bt,\b,v\bve\ber\bri\bif\bfy\by)\b) |
| 17 | des_cblock *key; |
| 18 | char *prompt; |
| 19 | int verify; |
| 20 | |
| 21 | i\bin\bnt\bt d\bde\bes\bs_\b_s\bst\btr\bri\bin\bng\bg_\b_t\bto\bo_\b_k\bke\bey\by(\b(s\bst\btr\br,\b,k\bke\bey\by)\b) |
| 22 | c\bch\bha\bar\br *\b*s\bst\btr\br;\b; |
| 23 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk k\bke\bey\by;\b; |
| 24 | |
| 25 | i\bin\bnt\bt d\bde\bes\bs_\b_r\bra\ban\bnd\bdo\bom\bm_\b_k\bke\bey\by(\b(k\bke\bey\by)\b) |
| 26 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*k\bke\bey\by;\b; |
| 27 | |
| 28 | i\bin\bnt\bt d\bde\bes\bs_\b_s\bse\bet\bt_\b_k\bke\bey\by(\b(k\bke\bey\by,\b,s\bsc\bch\bhe\bed\bdu\bul\ble\be)\b) |
| 29 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*k\bke\bey\by;\b; |
| 30 | d\bde\bes\bs_\b_k\bke\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be s\bsc\bch\bhe\bed\bdu\bul\ble\be;\b; |
| 31 | |
| 32 | i\bin\bnt\bt d\bde\bes\bs_\b_e\bec\bcb\bb_\b_e\ben\bnc\bcr\bry\byp\bpt\bt(\b(i\bin\bnp\bpu\but\bt,\b,o\bou\but\btp\bpu\but\bt,\b,s\bsc\bch\bhe\bed\bdu\bul\ble\be,\b,e\ben\bnc\bcr\bry\byp\bpt\bt)\b) |
| 33 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*i\bin\bnp\bpu\but\bt;\b; |
| 34 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*o\bou\but\btp\bpu\but\bt;\b; |
| 35 | d\bde\bes\bs_\b_k\bke\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be s\bsc\bch\bhe\bed\bdu\bul\ble\be;\b; |
| 36 | i\bin\bnt\bt e\ben\bnc\bcr\bry\byp\bpt\bt;\b; |
| 37 | |
| 38 | i\bin\bnt\bt d\bde\bes\bs_\b_c\bcb\bbc\bc_\b_e\ben\bnc\bcr\bry\byp\bpt\bt(\b(i\bin\bnp\bpu\but\bt,\b,o\bou\but\btp\bpu\but\bt,\b,l\ble\ben\bng\bgt\bth\bh,\b,s\bsc\bch\bhe\bed\bdu\bul\ble\be,\b,i\biv\bve\bec\bc,\b,e\ben\bnc\bcr\bry\byp\bpt\bt)\b) |
| 39 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*i\bin\bnp\bpu\but\bt;\b; |
| 40 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*o\bou\but\btp\bpu\but\bt;\b; |
| 41 | l\blo\bon\bng\bg l\ble\ben\bng\bgt\bth\bh;\b; |
| 42 | d\bde\bes\bs_\b_k\bke\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be s\bsc\bch\bhe\bed\bdu\bul\ble\be;\b; |
| 43 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*i\biv\bve\bec\bc;\b; |
| 44 | i\bin\bnt\bt e\ben\bnc\bcr\bry\byp\bpt\bt;\b; |
| 45 | |
| 46 | i\bin\bnt\bt d\bde\bes\bs_\b_p\bpc\bcb\bbc\bc_\b_e\ben\bnc\bcr\bry\byp\bpt\bt(\b(i\bin\bnp\bpu\but\bt,\b,o\bou\but\btp\bpu\but\bt,\b,l\ble\ben\bng\bgt\bth\bh,\b,s\bsc\bch\bhe\bed\bdu\bul\ble\be,\b,i\biv\bve\bec\bc,\b,e\ben\bnc\bcr\bry\byp\bpt\bt)\b) |
| 47 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*i\bin\bnp\bpu\but\bt;\b; |
| 48 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*o\bou\but\btp\bpu\but\bt;\b; |
| 49 | l\blo\bon\bng\bg l\ble\ben\bng\bgt\bth\bh;\b; |
| 50 | d\bde\bes\bs_\b_k\bke\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be s\bsc\bch\bhe\bed\bdu\bul\ble\be;\b; |
| 51 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*i\biv\bve\bec\bc;\b; |
| 52 | i\bin\bnt\bt e\ben\bnc\bcr\bry\byp\bpt\bt;\b; |
| 53 | |
| 54 | u\bun\bns\bsi\big\bgn\bne\bed\bd l\blo\bon\bng\bg d\bde\bes\bs_\b_c\bcb\bbc\bc_\b_c\bck\bks\bsu\bum\bm(\b(i\bin\bnp\bpu\but\bt,\b,o\bou\but\btp\bpu\but\bt,\b,l\ble\ben\bng\bgt\bth\bh,\b,s\bsc\bch\bhe\bed\bdu\bul\ble\be,\b,i\biv\bve\bec\bc)\b) |
| 55 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*i\bin\bnp\bpu\but\bt;\b; |
| 56 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*o\bou\but\btp\bpu\but\bt;\b; |
| 57 | l\blo\bon\bng\bg l\ble\ben\bng\bgt\bth\bh;\b; |
| 58 | |
| 59 | |
| 60 | |
| 61 | MIT Project Athena Kerberos Version 4.0 1 |
| 62 | |
| 63 | |
| 64 | |
| 65 | |
| 66 | |
| 67 | |
| 68 | |
| 69 | |
| 70 | DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) |
| 71 | |
| 72 | |
| 73 | d\bde\bes\bs_\b_k\bke\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be s\bsc\bch\bhe\bed\bdu\bul\ble\be;\b; |
| 74 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*i\biv\bve\bec\bc;\b; |
| 75 | |
| 76 | u\bun\bns\bsi\big\bgn\bne\bed\bd l\blo\bon\bng\bg q\bqu\bua\bad\bd_\b_c\bck\bks\bsu\bum\bm(\b(i\bin\bnp\bpu\but\bt,\b,o\bou\but\btp\bpu\but\bt,\b,l\ble\ben\bng\bgt\bth\bh,\b,o\bou\but\bt_\b_c\bco\bou\bun\bnt\bt,\b,s\bse\bee\bed\bd)\b) |
| 77 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*i\bin\bnp\bpu\but\bt;\b; |
| 78 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*o\bou\but\btp\bpu\but\bt;\b; |
| 79 | l\blo\bon\bng\bg l\ble\ben\bng\bgt\bth\bh;\b; |
| 80 | i\bin\bnt\bt o\bou\but\bt_\b_c\bco\bou\bun\bnt\bt;\b; |
| 81 | d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk *\b*s\bse\bee\bed\bd;\b; |
| 82 | |
| 83 | |
| 84 | D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN |
| 85 | This library supports various DES encryption related oper- |
| 86 | ations. It differs from the _\bc_\br_\by_\bp_\bt_\b, _\bs_\be_\bt_\bk_\be_\by_\b, _\ba_\bn_\bd _\be_\bn_\bc_\br_\by_\bp_\bt |
| 87 | library routines in that it provides a true DES encryp- |
| 88 | tion, without modifying the algorithm, and executes much |
| 89 | faster. |
| 90 | |
| 91 | For each key that may be simultaneously active, create a |
| 92 | d\bde\bes\bs_\b_k\bke\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be struct, defined in "des.h". Next, create |
| 93 | key schedules (from the 8-byte keys) as needed, via |
| 94 | _\bd_\be_\bs_\b__\bs_\be_\bt_\b__\bk_\be_\by_\b, prior to using the encryption or checksum |
| 95 | routines. Then setup the input and output areas. Make |
| 96 | sure to note the restrictions on lengths being multiples |
| 97 | of eight bytes. Finally, invoke the encryption/decryption |
| 98 | routines, _\bd_\be_\bs_\b__\be_\bc_\bb_\b__\be_\bn_\bc_\br_\by_\bp_\bt or _\bd_\be_\bs_\b__\bc_\bb_\bc_\b__\be_\bn_\bc_\br_\by_\bp_\bt or |
| 99 | _\bd_\be_\bs_\b__\bp_\bc_\bb_\bc_\b__\be_\bn_\bc_\br_\by_\bp_\bt_\b, or, to generate a cryptographic check- |
| 100 | sum, use _\bq_\bu_\ba_\bd_\b__\bc_\bk_\bs_\bu_\bm (fast) or _\bd_\be_\bs_\b__\bc_\bb_\bc_\b__\bc_\bk_\bs_\bu_\bm (slow). |
| 101 | |
| 102 | A _\bd_\be_\bs_\b__\bc_\bb_\bl_\bo_\bc_\bk struct is an 8 byte block used as the funda- |
| 103 | mental unit for DES data and keys, and is defined as: |
| 104 | |
| 105 | t\bty\byp\bpe\bed\bde\bef\bf u\bun\bns\bsi\big\bgn\bne\bed\bd c\bch\bha\bar\br d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk[\b[8\b8]\b];\b; |
| 106 | |
| 107 | and a _\bd_\be_\bs_\b__\bk_\be_\by_\b__\bs_\bc_\bh_\be_\bd_\bu_\bl_\be_\b, is defined as: |
| 108 | |
| 109 | t\bty\byp\bpe\bed\bde\bef\bf s\bst\btr\bru\buc\bct\bt d\bde\bes\bs_\b_k\bks\bs_\b_s\bst\btr\bru\buc\bct\bt {\b{d\bde\bes\bs_\b_c\bcb\bbl\blo\boc\bck\bk _\b_;\b;}\b} |
| 110 | d\bde\bes\bs_\b_k\bke\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be[\b[1\b16\b6]\b];\b; |
| 111 | |
| 112 | _\bd_\be_\bs_\b__\br_\be_\ba_\bd_\b__\bp_\ba_\bs_\bs_\bw_\bo_\br_\bd writes the string specified by _\bp_\br_\bo_\bm_\bp_\bt to |
| 113 | the standard output, turns off echo (if possible) and |
| 114 | reads an input string from standard input until terminated |
| 115 | with a newline. If _\bv_\be_\br_\bi_\bf_\by is non-zero, it prompts and |
| 116 | reads input again, for use in applications such as chang- |
| 117 | ing a password; both versions are compared, and the input |
| 118 | is requested repeatedly until they match. Then |
| 119 | _\bd_\be_\bs_\b__\br_\be_\ba_\bd_\b__\bp_\ba_\bs_\bs_\bw_\bo_\br_\bd converts the input string into a valid |
| 120 | DES key, internally using the _\bd_\be_\bs_\b__\bs_\bt_\br_\bi_\bn_\bg_\b__\bt_\bo_\b__\bk_\be_\by routine. |
| 121 | The newly created key is copied to the area pointed to by |
| 122 | the _\bk_\be_\by argument. _\bd_\be_\bs_\b__\br_\be_\ba_\bd_\b__\bp_\ba_\bs_\bs_\bw_\bo_\br_\bd returns a zero if no |
| 123 | errors occurred, or a -1 indicating that an error occurred |
| 124 | |
| 125 | |
| 126 | |
| 127 | MIT Project Athena Kerberos Version 4.0 2 |
| 128 | |
| 129 | |
| 130 | |
| 131 | |
| 132 | |
| 133 | |
| 134 | |
| 135 | |
| 136 | DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) |
| 137 | |
| 138 | |
| 139 | trying to manipulate the terminal echo. |
| 140 | |
| 141 | |
| 142 | _\bd_\be_\bs_\b__\bs_\bt_\br_\bi_\bn_\bg_\b__\bt_\bo_\b__\bk_\be_\by converts an arbitrary length null- |
| 143 | terminated string to an 8 byte DES key, with odd byte par- |
| 144 | ity, per FIPS specification. A one-way function is used |
| 145 | to convert the string to a key, making it very difficult |
| 146 | to reconstruct the string from the key. The _\bs_\bt_\br argument |
| 147 | is a pointer to the string, and _\bk_\be_\by should point to a |
| 148 | _\bd_\be_\bs_\b__\bc_\bb_\bl_\bo_\bc_\bk supplied by the caller to receive the generated |
| 149 | key. No meaningful value is returned. Void is not used |
| 150 | for compatibility with other compilers. |
| 151 | |
| 152 | |
| 153 | _\bd_\be_\bs_\b__\br_\ba_\bn_\bd_\bo_\bm_\b__\bk_\be_\by generates a random DES encryption key |
| 154 | (eight bytes), set to odd parity per FIPS specifications. |
| 155 | This routine uses the current time, process id, and a |
| 156 | counter as a seed for the random number generator. The |
| 157 | caller must supply space for the output key, pointed to |
| 158 | by argument _\bk_\be_\by_\b, then after calling _\bd_\be_\bs_\b__\br_\ba_\bn_\bd_\bo_\bm_\b__\bk_\be_\by should |
| 159 | call the _\bd_\be_\bs_\b__\bs_\be_\bt_\b__\bk_\be_\by routine when needed. No meaningful |
| 160 | value is returned. Void is not used for compatibility |
| 161 | with other compilers. |
| 162 | |
| 163 | |
| 164 | _\bd_\be_\bs_\b__\bs_\be_\bt_\b__\bk_\be_\by calculates a key schedule from all eight bytes |
| 165 | of the input key, pointed to by the _\bk_\be_\by argument, and out- |
| 166 | puts the schedule into the _\bd_\be_\bs_\b__\bk_\be_\by_\b__\bs_\bc_\bh_\be_\bd_\bu_\bl_\be indicated by |
| 167 | the _\bs_\bc_\bh_\be_\bd_\bu_\bl_\be argument. Make sure to pass a valid eight |
| 168 | byte key; no padding is done. The key schedule may then |
| 169 | be used in subsequent encryption/decryption/checksum oper- |
| 170 | ations. Many key schedules may be cached for later use. |
| 171 | The user is responsible to clear keys and schedules as |
| 172 | soon as no longer needed, to prevent their disclosure. |
| 173 | The routine also checks the key parity, and returns a zero |
| 174 | if the key parity is correct (odd), a -1 indicating a key |
| 175 | parity error, or a -2 indicating use of an illegal weak |
| 176 | key. If an error is returned, the key schedule was not |
| 177 | created. |
| 178 | |
| 179 | |
| 180 | _\bd_\be_\bs_\b__\be_\bc_\bb_\b__\be_\bn_\bc_\br_\by_\bp_\bt is the basic DES encryption routine that |
| 181 | encrypts or decrypts a single 8-byte block in e\bel\ble\bec\bct\btr\bro\bon\bni\bic\bc |
| 182 | c\bco\bod\bde\be b\bbo\boo\bok\bk mode. It always transforms the input data, |
| 183 | pointed to by _\bi_\bn_\bp_\bu_\bt_\b, into the output data, pointed to by |
| 184 | the _\bo_\bu_\bt_\bp_\bu_\bt argument. |
| 185 | |
| 186 | If the _\be_\bn_\bc_\br_\by_\bp_\bt argument is non-zero, the _\bi_\bn_\bp_\bu_\bt (cleartext) |
| 187 | is encrypted into the _\bo_\bu_\bt_\bp_\bu_\bt (ciphertext) using the |
| 188 | key_schedule specified by the _\bs_\bc_\bh_\be_\bd_\bu_\bl_\be argument, previ- |
| 189 | ously set via _\bd_\be_\bs_\b__\bs_\be_\bt_\b__\bk_\be_\by |
| 190 | |
| 191 | |
| 192 | |
| 193 | MIT Project Athena Kerberos Version 4.0 3 |
| 194 | |
| 195 | |
| 196 | |
| 197 | |
| 198 | |
| 199 | |
| 200 | |
| 201 | |
| 202 | DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) |
| 203 | |
| 204 | |
| 205 | If encrypt is zero, the _\bi_\bn_\bp_\bu_\bt (now ciphertext) is |
| 206 | decrypted into the _\bo_\bu_\bt_\bp_\bu_\bt (now cleartext). |
| 207 | |
| 208 | Input and output may overlap. |
| 209 | |
| 210 | No meaningful value is returned. Void is not used for |
| 211 | compatibility with other compilers. |
| 212 | |
| 213 | |
| 214 | _\bd_\be_\bs_\b__\bc_\bb_\bc_\b__\be_\bn_\bc_\br_\by_\bp_\bt encrypts/decrypts using the c\bci\bip\bph\bhe\ber\br-\b-b\bbl\blo\boc\bck\bk-\b- |
| 215 | c\bch\bha\bai\bin\bni\bin\bng\bg m\bmo\bod\bde\be o\bof\bf D\bDE\bES\bS.\b. If the _\be_\bn_\bc_\br_\by_\bp_\bt argument is non- |
| 216 | zero, the routine cipher-block-chain encrypts the cleart- |
| 217 | ext data pointed to by the _\bi_\bn_\bp_\bu_\bt argument into the cipher- |
| 218 | text pointed to by the _\bo_\bu_\bt_\bp_\bu_\bt argument, using the key |
| 219 | schedule provided by the _\bs_\bc_\bh_\be_\bd_\bu_\bl_\be argument, and initial- |
| 220 | ization vector provided by the _\bi_\bv_\be_\bc argument. If the |
| 221 | _\bl_\be_\bn_\bg_\bt_\bh argument is not an integral multiple of eight |
| 222 | bytes, the last block is copied to a temp and zero filled |
| 223 | (highest addresses). The output is ALWAYS an integral |
| 224 | multiple of eight bytes. |
| 225 | |
| 226 | If _\be_\bn_\bc_\br_\by_\bp_\bt is zero, the routine cipher-block chain |
| 227 | decrypts the (now) ciphertext data pointed to by the _\bi_\bn_\bp_\bu_\bt |
| 228 | argument into (now) cleartext pointed to by the _\bo_\bu_\bt_\bp_\bu_\bt |
| 229 | argument using the key schedule provided by the _\bs_\bc_\bh_\be_\bd_\bu_\bl_\be |
| 230 | argument, and initialization vector provided by the _\bi_\bv_\be_\bc |
| 231 | argument. Decryption ALWAYS operates on integral multiples |
| 232 | of 8 bytes, so it will round the _\bl_\be_\bn_\bg_\bt_\bh provided up to the |
| 233 | appropriate multiple. Consequently, it will always produce |
| 234 | the rounded-up number of bytes of output cleartext. The |
| 235 | application must determine if the output cleartext was |
| 236 | zero-padded due to original cleartext lengths that were |
| 237 | not integral multiples of 8. |
| 238 | |
| 239 | No errors or meaningful values are returned. Void is not |
| 240 | used for compatibility with other compilers. |
| 241 | |
| 242 | A characteristic of cbc mode is that changing a single bit |
| 243 | of the cleartext, then encrypting using cbc mode, affects |
| 244 | ALL the subsequent ciphertext. This makes cryptanalysis |
| 245 | much more difficult. However, modifying a single bit of |
| 246 | the ciphertext, then decrypting, only affects the result- |
| 247 | ing cleartext from the modified block and the succeeding |
| 248 | block. Therefore, _\bd_\be_\bs_\b__\bp_\bc_\bb_\bc_\b__\be_\bn_\bc_\br_\by_\bp_\bt is STRONGLY recom- |
| 249 | mended for applications where indefinite propagation of |
| 250 | errors is required in order to detect modifications. |
| 251 | |
| 252 | |
| 253 | _\bd_\be_\bs_\b__\bp_\bc_\bb_\bc_\b__\be_\bn_\bc_\br_\by_\bp_\bt encrypts/decrypts using a modified block |
| 254 | chaining mode. Its calling sequence is identical to |
| 255 | _\bd_\be_\bs_\b__\bc_\bb_\bc_\b__\be_\bn_\bc_\br_\by_\bp_\bt_\b. It differs in its error propagation |
| 256 | |
| 257 | |
| 258 | |
| 259 | MIT Project Athena Kerberos Version 4.0 4 |
| 260 | |
| 261 | |
| 262 | |
| 263 | |
| 264 | |
| 265 | |
| 266 | |
| 267 | |
| 268 | DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) |
| 269 | |
| 270 | |
| 271 | characteristics. |
| 272 | |
| 273 | _\bd_\be_\bs_\b__\bp_\bc_\bb_\bc_\b__\be_\bn_\bc_\br_\by_\bp_\bt is highly recommended for most encryption |
| 274 | purposes, in that modification of a single bit of the |
| 275 | ciphertext will affect ALL the subsequent (decrypted) |
| 276 | cleartext. Similarly, modifying a single bit of the clear- |
| 277 | text will affect ALL the subsequent (encrypted) cipher- |
| 278 | text. "PCBC" mode, on encryption, "xors" both the cleart- |
| 279 | ext of block N and the ciphertext resulting from block N |
| 280 | with the cleartext for block N+1 prior to encrypting block |
| 281 | N+1. |
| 282 | |
| 283 | _\bd_\be_\bs_\b__\bc_\bb_\bc_\b__\bc_\bk_\bs_\bu_\bm produces an 8 byte cryptographic checksum by |
| 284 | cipher-block-chain encrypting the cleartext data pointed |
| 285 | to by the _\bi_\bn_\bp_\bu_\bt argument. All of the ciphertext output is |
| 286 | discarded, except the last 8-byte ciphertext block, which |
| 287 | is written into the area pointed to by the _\bo_\bu_\bt_\bp_\bu_\bt argu- |
| 288 | ment. It uses the key schedule, provided by the _\bs_\bc_\bh_\be_\bd_\bu_\bl_\be |
| 289 | argument and initialization vector provided by the _\bi_\bv_\be_\bc |
| 290 | argument. If the _\bl_\be_\bn_\bg_\bt_\bh argument is not an integral mul- |
| 291 | tiple of eight bytes, the last cleartext block is copied |
| 292 | to a temp and zero filled (highest addresses). The output |
| 293 | is ALWAYS eight bytes. |
| 294 | |
| 295 | The routine also returns an unsigned long, which is the |
| 296 | last (highest address) half of the 8 byte checksum com- |
| 297 | puted. |
| 298 | |
| 299 | |
| 300 | _\bq_\bu_\ba_\bd_\b__\bc_\bk_\bs_\bu_\bm produces a checksum by chaining quadratic oper- |
| 301 | ations on the cleartext data pointed to by the _\bi_\bn_\bp_\bu_\bt argu- |
| 302 | ment. The _\bl_\be_\bn_\bg_\bt_\bh argument specifies the length of the |
| 303 | input -- only exactly that many bytes are included for the |
| 304 | checksum, without any padding. |
| 305 | |
| 306 | The algorithm may be iterated over the same input data, if |
| 307 | the _\bo_\bu_\bt_\b__\bc_\bo_\bu_\bn_\bt argument is 2, 3 or 4, and the optional _\bo_\bu_\bt_\b- |
| 308 | _\bp_\bu_\bt argument is a non-null pointer . The default is one |
| 309 | iteration, and it will not run more than 4 times. Multiple |
| 310 | iterations run slower, but provide a longer checksum if |
| 311 | desired. The _\bs_\be_\be_\bd argument provides an 8-byte seed for the |
| 312 | first iteration. If multiple iterations are requested, the |
| 313 | results of one iteration are automatically used as the |
| 314 | seed for the next iteration. |
| 315 | |
| 316 | It returns both an unsigned long checksum value, and if |
| 317 | the _\bo_\bu_\bt_\bp_\bu_\bt argument is not a null pointer, up to 16 bytes |
| 318 | of the computed checksum are written into the output. |
| 319 | |
| 320 | |
| 321 | |
| 322 | |
| 323 | |
| 324 | |
| 325 | MIT Project Athena Kerberos Version 4.0 5 |
| 326 | |
| 327 | |
| 328 | |
| 329 | |
| 330 | |
| 331 | |
| 332 | |
| 333 | |
| 334 | DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) |
| 335 | |
| 336 | |
| 337 | F\bFI\bIL\bLE\bES\bS |
| 338 | /usr/include/kerberosIV/des.h |
| 339 | /usr/lib/libdes.a |
| 340 | |
| 341 | S\bSE\bEE\bE A\bAL\bLS\bSO\bO |
| 342 | D\bDI\bIA\bAG\bGN\bNO\bOS\bST\bTI\bIC\bCS\bS |
| 343 | B\bBU\bUG\bGS\bS |
| 344 | This software has not yet been compiled or tested on |
| 345 | machines other than the VAX and the IBM PC. |
| 346 | |
| 347 | A\bAU\bUT\bTH\bHO\bOR\bRS\bS |
| 348 | Steve Miller, MIT Project Athena/Digital Equipment Corpo- |
| 349 | ration |
| 350 | |
| 351 | R\bRE\bES\bST\bTR\bRI\bIC\bCT\bTI\bIO\bON\bNS\bS |
| 352 | COPYRIGHT 1985,1986 Massachusetts Institute of Technology |
| 353 | |
| 354 | This software may not be exported outside of the US with- |
| 355 | out a special license from the US Dept of Commerce. It may |
| 356 | be replaced by any secret key block cipher with block |
| 357 | length and key length of 8 bytes, as long as the interface |
| 358 | is the same as described here. |
| 359 | |
| 360 | |
| 361 | |
| 362 | |
| 363 | |
| 364 | |
| 365 | |
| 366 | |
| 367 | |
| 368 | |
| 369 | |
| 370 | |
| 371 | |
| 372 | |
| 373 | |
| 374 | |
| 375 | |
| 376 | |
| 377 | |
| 378 | |
| 379 | |
| 380 | |
| 381 | |
| 382 | |
| 383 | |
| 384 | |
| 385 | |
| 386 | |
| 387 | |
| 388 | |
| 389 | |
| 390 | |
| 391 | MIT Project Athena Kerberos Version 4.0 6 |
| 392 | |
| 393 | |
| 394 | |
| 395 | |
| 396 | |