X-Git-Url: https://git.subgeniuskitty.com/unix-history/.git/blobdiff_plain/1c15e88899094343f75aeba04122cd96a96b428e..b105201239c04ed3b95a16df628e70dee3996486:/usr/share/man/cat3/des.0 diff --git a/usr/share/man/cat3/des.0 b/usr/share/man/cat3/des.0 index af4858572e..7e68897962 100644 --- a/usr/share/man/cat3/des.0 +++ b/usr/share/man/cat3/des.0 @@ -1,347 +1,328 @@ -DES_CRYPT(3) 4.0 DES_CRYPT(3) - +DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) NNAAMMEE - des_read_password, des_string_to_key, des_random_key, - des_set_key, des_ecb_encrypt, des_cbc_encrypt, - des_pcbc_encrypt, des_cbc_cksum, des_quad_cksum, - (new) DES - encryption + des_read_password, des_string_to_key, des_random_key, + des_set_key, des_ecb_encrypt, des_cbc_encrypt, + des_pcbc_encrypt, des_cbc_cksum, des_quad_cksum, - (new) + DES encryption SSYYNNOOPPSSIISS - ##iinncclluuddee <> + ##iinncclluuddee <> - iinntt ddeess__rreeaadd__ppaasssswwoorrdd((kkeeyy,,pprroommpptt,,vveerriiffyy)) - des_cblock *key; - char *prompt; - int verify; + iinntt ddeess__rreeaadd__ppaasssswwoorrdd((kkeeyy,,pprroommpptt,,vveerriiffyy)) + des_cblock *key; + char *prompt; + int verify; - iinntt ddeess__ssttrriinngg__ttoo__kkeeyy((ssttrr,,kkeeyy)) - cchhaarr **ssttrr;; - ddeess__ccbblloocckk kkeeyy;; + iinntt ddeess__ssttrriinngg__ttoo__kkeeyy((ssttrr,,kkeeyy)) + cchhaarr **ssttrr;; + ddeess__ccbblloocckk kkeeyy;; - iinntt ddeess__rraannddoomm__kkeeyy((kkeeyy)) - ddeess__ccbblloocckk **kkeeyy;; + iinntt ddeess__rraannddoomm__kkeeyy((kkeeyy)) + ddeess__ccbblloocckk **kkeeyy;; - iinntt ddeess__sseett__kkeeyy((kkeeyy,,sscchheedduullee)) - ddeess__ccbblloocckk **kkeeyy;; - ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; + iinntt ddeess__sseett__kkeeyy((kkeeyy,,sscchheedduullee)) + ddeess__ccbblloocckk **kkeeyy;; + ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; - iinntt ddeess__eeccbb__eennccrryypptt((iinnppuutt,,oouuttppuutt,,sscchheedduullee,,eennccrryypptt)) - ddeess__ccbblloocckk **iinnppuutt;; - ddeess__ccbblloocckk **oouuttppuutt;; - ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; - iinntt eennccrryypptt;; + iinntt ddeess__eeccbb__eennccrryypptt((iinnppuutt,,oouuttppuutt,,sscchheedduullee,,eennccrryypptt)) + ddeess__ccbblloocckk **iinnppuutt;; + ddeess__ccbblloocckk **oouuttppuutt;; + ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; + iinntt eennccrryypptt;; - iinntt ddeess__ccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt)) - ddeess__ccbblloocckk **iinnppuutt;; - ddeess__ccbblloocckk **oouuttppuutt;; - lloonngg lleennggtthh;; - ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; - ddeess__ccbblloocckk **iivveecc;; - iinntt eennccrryypptt;; + iinntt ddeess__ccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt)) + ddeess__ccbblloocckk **iinnppuutt;; + ddeess__ccbblloocckk **oouuttppuutt;; + lloonngg lleennggtthh;; + ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; + ddeess__ccbblloocckk **iivveecc;; + iinntt eennccrryypptt;; - iinntt ddeess__ppccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt)) - ddeess__ccbblloocckk **iinnppuutt;; - ddeess__ccbblloocckk **oouuttppuutt;; - lloonngg lleennggtthh;; - ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; - ddeess__ccbblloocckk **iivveecc;; - iinntt eennccrryypptt;; + iinntt ddeess__ppccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt)) + ddeess__ccbblloocckk **iinnppuutt;; + ddeess__ccbblloocckk **oouuttppuutt;; + lloonngg lleennggtthh;; + ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; + ddeess__ccbblloocckk **iivveecc;; + iinntt eennccrryypptt;; - uunnssiiggnneedd lloonngg ddeess__ccbbcc__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc)) - ddeess__ccbblloocckk **iinnppuutt;; - ddeess__ccbblloocckk **oouuttppuutt;; - lloonngg lleennggtthh;; - ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; + uunnssiiggnneedd lloonngg ddeess__ccbbcc__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc)) + ddeess__ccbblloocckk **iinnppuutt;; + ddeess__ccbblloocckk **oouuttppuutt;; + lloonngg lleennggtthh;; -Printed 7/27/90 Kerberos 1 +MIT Project Athena Kerberos Version 4.0 1 -DES_CRYPT(3) 4.0 DES_CRYPT(3) +DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) - ddeess__ccbblloocckk **iivveecc;; - uunnssiiggnneedd lloonngg qquuaadd__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,oouutt__ccoouunntt,,sseeeedd)) - ddeess__ccbblloocckk **iinnppuutt;; - ddeess__ccbblloocckk **oouuttppuutt;; - lloonngg lleennggtthh;; - iinntt oouutt__ccoouunntt;; - ddeess__ccbblloocckk **sseeeedd;; + ddeess__kkeeyy__sscchheedduullee sscchheedduullee;; + ddeess__ccbblloocckk **iivveecc;; -DDEESSCCRRIIPPTTIIOONN - This library supports various DES encryption related opera- - tions. It differs from the _c_r_y_p_t, _s_e_t_k_e_y, _a_n_d _e_n_c_r_y_p_t - library routines in that it provides a true DES encryption, - without modifying the algorithm, and executes much faster. + uunnssiiggnneedd lloonngg qquuaadd__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,oouutt__ccoouunntt,,sseeeedd)) + ddeess__ccbblloocckk **iinnppuutt;; + ddeess__ccbblloocckk **oouuttppuutt;; + lloonngg lleennggtthh;; + iinntt oouutt__ccoouunntt;; + ddeess__ccbblloocckk **sseeeedd;; - For each key that may be simultaneously active, create a - ddeess__kkeeyy__sscchheedduullee struct, defined in "des.h". Next, create - key schedules (from the 8-byte keys) as needed, via - _d_e_s__s_e_t__k_e_y, prior to using the encryption or checksum rou- - tines. Then setup the input and output areas. Make sure to - note the restrictions on lengths being multiples of eight - bytes. Finally, invoke the encryption/decryption routines, - _d_e_s__e_c_b__e_n_c_r_y_p_t or _d_e_s__c_b_c__e_n_c_r_y_p_t or _d_e_s__p_c_b_c__e_n_c_r_y_p_t, or, - to generate a cryptographic checksum, use _q_u_a_d__c_k_s_u_m (fast) - or _d_e_s__c_b_c__c_k_s_u_m (slow). - A _d_e_s__c_b_l_o_c_k struct is an 8 byte block used as the fundamen- - tal unit for DES data and keys, and is defined as: +DDEESSCCRRIIPPTTIIOONN + This library supports various DES encryption related oper- + ations. It differs from the _c_r_y_p_t_, _s_e_t_k_e_y_, _a_n_d _e_n_c_r_y_p_t + library routines in that it provides a true DES encryp- + tion, without modifying the algorithm, and executes much + faster. - ttyyppeeddeeff uunnssiiggnneedd cchhaarr ddeess__ccbblloocckk[[88]];; + For each key that may be simultaneously active, create a + ddeess__kkeeyy__sscchheedduullee struct, defined in "des.h". Next, create + key schedules (from the 8-byte keys) as needed, via + _d_e_s___s_e_t___k_e_y_, prior to using the encryption or checksum + routines. Then setup the input and output areas. Make + sure to note the restrictions on lengths being multiples + of eight bytes. Finally, invoke the encryption/decryption + routines, _d_e_s___e_c_b___e_n_c_r_y_p_t or _d_e_s___c_b_c___e_n_c_r_y_p_t or + _d_e_s___p_c_b_c___e_n_c_r_y_p_t_, or, to generate a cryptographic check- + sum, use _q_u_a_d___c_k_s_u_m (fast) or _d_e_s___c_b_c___c_k_s_u_m (slow). - and a _d_e_s__k_e_y__s_c_h_e_d_u_l_e, is defined as: + A _d_e_s___c_b_l_o_c_k struct is an 8 byte block used as the funda- + mental unit for DES data and keys, and is defined as: - ttyyppeeddeeff ssttrruucctt ddeess__kkss__ssttrruucctt {{ddeess__ccbblloocckk __;;}} - ddeess__kkeeyy__sscchheedduullee[[1166]];; + ttyyppeeddeeff uunnssiiggnneedd cchhaarr ddeess__ccbblloocckk[[88]];; - _d_e_s__r_e_a_d__p_a_s_s_w_o_r_d writes the string specified by _p_r_o_m_p_t to - the standard output, turns off echo (if possible) and reads - an input string from standard input until terminated with a - newline. If _v_e_r_i_f_y is non-zero, it prompts and reads input - again, for use in applications such as changing a password; - both versions are compared, and the input is requested - repeatedly until they match. Then _d_e_s__r_e_a_d__p_a_s_s_w_o_r_d con- - verts the input string into a valid DES key, internally - using the _d_e_s__s_t_r_i_n_g__t_o__k_e_y routine. The newly created key - is copied to the area pointed to by the _k_e_y argument. - _d_e_s__r_e_a_d__p_a_s_s_w_o_r_d returns a zero if no errors occurred, or a - -1 indicating that an error occurred trying to manipulate - the terminal echo. + and a _d_e_s___k_e_y___s_c_h_e_d_u_l_e_, is defined as: - _d_e_s__s_t_r_i_n_g__t_o__k_e_y converts an arbitrary length null- - terminated string to an 8 byte DES key, with odd byte + ttyyppeeddeeff ssttrruucctt ddeess__kkss__ssttrruucctt {{ddeess__ccbblloocckk __;;}} + ddeess__kkeeyy__sscchheedduullee[[1166]];; + _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d writes the string specified by _p_r_o_m_p_t to + the standard output, turns off echo (if possible) and + reads an input string from standard input until terminated + with a newline. If _v_e_r_i_f_y is non-zero, it prompts and + reads input again, for use in applications such as chang- + ing a password; both versions are compared, and the input + is requested repeatedly until they match. Then + _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d converts the input string into a valid + DES key, internally using the _d_e_s___s_t_r_i_n_g___t_o___k_e_y routine. + The newly created key is copied to the area pointed to by + the _k_e_y argument. _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d returns a zero if no + errors occurred, or a -1 indicating that an error occurred -Printed 7/27/90 Kerberos 2 +MIT Project Athena Kerberos Version 4.0 2 -DES_CRYPT(3) 4.0 DES_CRYPT(3) - parity, per FIPS specification. A one-way function is used - to convert the string to a key, making it very difficult to - reconstruct the string from the key. The _s_t_r argument is a - pointer to the string, and _k_e_y should point to a _d_e_s__c_b_l_o_c_k - supplied by the caller to receive the generated key. No - meaningful value is returned. Void is not used for compati- - bility with other compilers. +DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) - _d_e_s__r_a_n_d_o_m__k_e_y generates a random DES encryption key (eight - bytes), set to odd parity per FIPS specifications. This - routine uses the current time, process id, and a counter as - a seed for the random number generator. The caller - must supply space for the output key, pointed to by - argument _k_e_y, then after calling _d_e_s__r_a_n_d_o_m__k_e_y should call - the _d_e_s__s_e_t__k_e_y routine when needed. No meaningful value is - returned. Void is not used for compatibility with other - compilers. - _d_e_s__s_e_t__k_e_y calculates a key schedule from all eight bytes - of the input key, pointed to by the _k_e_y argument, and out- - puts the schedule into the _d_e_s__k_e_y__s_c_h_e_d_u_l_e indicated by the - _s_c_h_e_d_u_l_e argument. Make sure to pass a valid eight byte key; - no padding is done. The key schedule may then be used in - subsequent encryption/decryption/checksum operations. Many - key schedules may be cached for later use. The user is - responsible to clear keys and schedules as soon as no longer - needed, to prevent their disclosure. The routine also - checks the key parity, and returns a zero if the key parity - is correct (odd), a -1 indicating a key parity error, or a - -2 indicating use of an illegal weak key. If an error is - returned, the key schedule was not created. + trying to manipulate the terminal echo. - _d_e_s__e_c_b__e_n_c_r_y_p_t is the basic DES encryption routine that - encrypts or decrypts a single 8-byte block in eelleeccttrroonniicc - ccooddee bbooookk mode. It always transforms the input data, - pointed to by _i_n_p_u_t, into the output data, pointed to by the - _o_u_t_p_u_t argument. - If the _e_n_c_r_y_p_t argument is non-zero, the _i_n_p_u_t (cleartext) - is encrypted into the _o_u_t_p_u_t (ciphertext) using the - key_schedule specified by the _s_c_h_e_d_u_l_e argument, previously - set via _d_e_s__s_e_t__k_e_y + _d_e_s___s_t_r_i_n_g___t_o___k_e_y converts an arbitrary length null- + terminated string to an 8 byte DES key, with odd byte par- + ity, per FIPS specification. A one-way function is used + to convert the string to a key, making it very difficult + to reconstruct the string from the key. The _s_t_r argument + is a pointer to the string, and _k_e_y should point to a + _d_e_s___c_b_l_o_c_k supplied by the caller to receive the generated + key. No meaningful value is returned. Void is not used + for compatibility with other compilers. - If encrypt is zero, the _i_n_p_u_t (now ciphertext) is decrypted - into the _o_u_t_p_u_t (now cleartext). - Input and output may overlap. + _d_e_s___r_a_n_d_o_m___k_e_y generates a random DES encryption key + (eight bytes), set to odd parity per FIPS specifications. + This routine uses the current time, process id, and a + counter as a seed for the random number generator. The + caller must supply space for the output key, pointed to + by argument _k_e_y_, then after calling _d_e_s___r_a_n_d_o_m___k_e_y should + call the _d_e_s___s_e_t___k_e_y routine when needed. No meaningful + value is returned. Void is not used for compatibility + with other compilers. - No meaningful value is returned. Void is not used for com- - patibility with other compilers. + _d_e_s___s_e_t___k_e_y calculates a key schedule from all eight bytes + of the input key, pointed to by the _k_e_y argument, and out- + puts the schedule into the _d_e_s___k_e_y___s_c_h_e_d_u_l_e indicated by + the _s_c_h_e_d_u_l_e argument. Make sure to pass a valid eight + byte key; no padding is done. The key schedule may then + be used in subsequent encryption/decryption/checksum oper- + ations. Many key schedules may be cached for later use. + The user is responsible to clear keys and schedules as + soon as no longer needed, to prevent their disclosure. + The routine also checks the key parity, and returns a zero + if the key parity is correct (odd), a -1 indicating a key + parity error, or a -2 indicating use of an illegal weak + key. If an error is returned, the key schedule was not + created. + _d_e_s___e_c_b___e_n_c_r_y_p_t is the basic DES encryption routine that + encrypts or decrypts a single 8-byte block in eelleeccttrroonniicc + ccooddee bbooookk mode. It always transforms the input data, + pointed to by _i_n_p_u_t_, into the output data, pointed to by + the _o_u_t_p_u_t argument. + If the _e_n_c_r_y_p_t argument is non-zero, the _i_n_p_u_t (cleartext) + is encrypted into the _o_u_t_p_u_t (ciphertext) using the + key_schedule specified by the _s_c_h_e_d_u_l_e argument, previ- + ously set via _d_e_s___s_e_t___k_e_y -Printed 7/27/90 Kerberos 3 +MIT Project Athena Kerberos Version 4.0 3 -DES_CRYPT(3) 4.0 DES_CRYPT(3) - _d_e_s__c_b_c__e_n_c_r_y_p_t encrypts/decrypts using the cciipphheerr--bblloocckk-- - cchhaaiinniinngg mmooddee ooff DDEESS.. If the _e_n_c_r_y_p_t argument is non-zero, - the routine cipher-block-chain encrypts the cleartext data - pointed to by the _i_n_p_u_t argument into the ciphertext pointed - to by the _o_u_t_p_u_t argument, using the key schedule provided - by the _s_c_h_e_d_u_l_e argument, and initialization vector provided - by the _i_v_e_c argument. If the _l_e_n_g_t_h argument is not an - integral multiple of eight bytes, the last block is copied - to a temp and zero filled (highest addresses). The output - is ALWAYS an integral multiple of eight bytes. - If _e_n_c_r_y_p_t is zero, the routine cipher-block chain decrypts - the (now) ciphertext data pointed to by the _i_n_p_u_t argument - into (now) cleartext pointed to by the _o_u_t_p_u_t argument using - the key schedule provided by the _s_c_h_e_d_u_l_e argument, and ini- - tialization vector provided by the _i_v_e_c argument. Decryption - ALWAYS operates on integral multiples of 8 bytes, so it will - round the _l_e_n_g_t_h provided up to the appropriate multiple. - Consequently, it will always produce the rounded-up number - of bytes of output cleartext. The application must determine - if the output cleartext was zero-padded due to original - cleartext lengths that were not integral multiples of 8. +DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) - No errors or meaningful values are returned. Void is not - used for compatibility with other compilers. - A characteristic of cbc mode is that changing a single bit - of the cleartext, then encrypting using cbc mode, affects - ALL the subsequent ciphertext. This makes cryptanalysis - much more difficult. However, modifying a single bit of the - ciphertext, then decrypting, only affects the resulting - cleartext from the modified block and the succeeding block. - Therefore, _d_e_s__p_c_b_c__e_n_c_r_y_p_t is STRONGLY recommended for - applications where indefinite propagation of errors is - required in order to detect modifications. + If encrypt is zero, the _i_n_p_u_t (now ciphertext) is + decrypted into the _o_u_t_p_u_t (now cleartext). - _d_e_s__p_c_b_c__e_n_c_r_y_p_t encrypts/decrypts using a modified block - chaining mode. Its calling sequence is identical to - _d_e_s__c_b_c__e_n_c_r_y_p_t. It differs in its error propagation charac- - teristics. + Input and output may overlap. - _d_e_s__p_c_b_c__e_n_c_r_y_p_t is highly recommended for most encryption - purposes, in that modification of a single bit of the - ciphertext will affect ALL the subsequent (decrypted) clear- - text. Similarly, modifying a single bit of the cleartext - will affect ALL the subsequent (encrypted) ciphertext. - "PCBC" mode, on encryption, "xors" both the cleartext of - block N and the ciphertext resulting from block N with the - cleartext for block N+1 prior to encrypting block N+1. + No meaningful value is returned. Void is not used for + compatibility with other compilers. - _d_e_s__c_b_c__c_k_s_u_m produces an 8 byte cryptographic checksum by - cipher-block-chain encrypting the cleartext data pointed to + _d_e_s___c_b_c___e_n_c_r_y_p_t encrypts/decrypts using the cciipphheerr--bblloocckk-- + cchhaaiinniinngg mmooddee ooff DDEESS.. If the _e_n_c_r_y_p_t argument is non- + zero, the routine cipher-block-chain encrypts the cleart- + ext data pointed to by the _i_n_p_u_t argument into the cipher- + text pointed to by the _o_u_t_p_u_t argument, using the key + schedule provided by the _s_c_h_e_d_u_l_e argument, and initial- + ization vector provided by the _i_v_e_c argument. If the + _l_e_n_g_t_h argument is not an integral multiple of eight + bytes, the last block is copied to a temp and zero filled + (highest addresses). The output is ALWAYS an integral + multiple of eight bytes. + If _e_n_c_r_y_p_t is zero, the routine cipher-block chain + decrypts the (now) ciphertext data pointed to by the _i_n_p_u_t + argument into (now) cleartext pointed to by the _o_u_t_p_u_t + argument using the key schedule provided by the _s_c_h_e_d_u_l_e + argument, and initialization vector provided by the _i_v_e_c + argument. Decryption ALWAYS operates on integral multiples + of 8 bytes, so it will round the _l_e_n_g_t_h provided up to the + appropriate multiple. Consequently, it will always produce + the rounded-up number of bytes of output cleartext. The + application must determine if the output cleartext was + zero-padded due to original cleartext lengths that were + not integral multiples of 8. -Printed 7/27/90 Kerberos 4 + No errors or meaningful values are returned. Void is not + used for compatibility with other compilers. + A characteristic of cbc mode is that changing a single bit + of the cleartext, then encrypting using cbc mode, affects + ALL the subsequent ciphertext. This makes cryptanalysis + much more difficult. However, modifying a single bit of + the ciphertext, then decrypting, only affects the result- + ing cleartext from the modified block and the succeeding + block. Therefore, _d_e_s___p_c_b_c___e_n_c_r_y_p_t is STRONGLY recom- + mended for applications where indefinite propagation of + errors is required in order to detect modifications. + _d_e_s___p_c_b_c___e_n_c_r_y_p_t encrypts/decrypts using a modified block + chaining mode. Its calling sequence is identical to + _d_e_s___c_b_c___e_n_c_r_y_p_t_. It differs in its error propagation -DES_CRYPT(3) 4.0 DES_CRYPT(3) +MIT Project Athena Kerberos Version 4.0 4 - by the _i_n_p_u_t argument. All of the ciphertext output is dis- - carded, except the last 8-byte ciphertext block, which is - written into the area pointed to by the _o_u_t_p_u_t argument. It - uses the key schedule, provided by the _s_c_h_e_d_u_l_e argument and - initialization vector provided by the _i_v_e_c argument. If the - _l_e_n_g_t_h argument is not an integral multiple of eight bytes, - the last cleartext block is copied to a temp and zero filled - (highest addresses). The output is ALWAYS eight bytes. - The routine also returns an unsigned long, which is the last - (highest address) half of the 8 byte checksum computed. - _q_u_a_d__c_k_s_u_m produces a checksum by chaining quadratic opera- - tions on the cleartext data pointed to by the _i_n_p_u_t argu- - ment. The _l_e_n_g_t_h argument specifies the length of the input - -- only exactly that many bytes are included for the check- - sum, without any padding. - The algorithm may be iterated over the same input data, if - the _o_u_t__c_o_u_n_t argument is 2, 3 or 4, and the optional _o_u_t_p_u_t - argument is a non-null pointer . The default is one itera- - tion, and it will not run more than 4 times. Multiple itera- - tions run slower, but provide a longer checksum if desired. - The _s_e_e_d argument provides an 8-byte seed for the first - iteration. If multiple iterations are requested, the results - of one iteration are automatically used as the seed for the - next iteration. - It returns both an unsigned long checksum value, and if the - _o_u_t_p_u_t argument is not a null pointer, up to 16 bytes of the - computed checksum are written into the output. -FFIILLEESS - /usr/include/kerberosIV/des.h - /usr/lib/libdes.a +DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) -SSEEEE AALLSSOO -DDIIAAGGNNOOSSTTIICCSS -BBUUGGSS - This software has not yet been compiled or tested on - machines other than the VAX and the IBM PC. - -AAUUTTHHOORRSS - Steve Miller, MIT Project Athena/Digital Equipment Corpora- - tion - -RREESSTTRRIICCTTIIOONNSS - COPYRIGHT 1985,1986 Massachusetts Institute of Technology - This software may not be exported outside of the US without - a special license from the US Dept of Commerce. It may be - replaced by any secret key block cipher with block length + characteristics. + _d_e_s___p_c_b_c___e_n_c_r_y_p_t is highly recommended for most encryption + purposes, in that modification of a single bit of the + ciphertext will affect ALL the subsequent (decrypted) + cleartext. Similarly, modifying a single bit of the clear- + text will affect ALL the subsequent (encrypted) cipher- + text. "PCBC" mode, on encryption, "xors" both the cleart- + ext of block N and the ciphertext resulting from block N + with the cleartext for block N+1 prior to encrypting block + N+1. + _d_e_s___c_b_c___c_k_s_u_m produces an 8 byte cryptographic checksum by + cipher-block-chain encrypting the cleartext data pointed + to by the _i_n_p_u_t argument. All of the ciphertext output is + discarded, except the last 8-byte ciphertext block, which + is written into the area pointed to by the _o_u_t_p_u_t argu- + ment. It uses the key schedule, provided by the _s_c_h_e_d_u_l_e + argument and initialization vector provided by the _i_v_e_c + argument. If the _l_e_n_g_t_h argument is not an integral mul- + tiple of eight bytes, the last cleartext block is copied + to a temp and zero filled (highest addresses). The output + is ALWAYS eight bytes. -Printed 7/27/90 Kerberos 5 + The routine also returns an unsigned long, which is the + last (highest address) half of the 8 byte checksum com- + puted. + _q_u_a_d___c_k_s_u_m produces a checksum by chaining quadratic oper- + ations on the cleartext data pointed to by the _i_n_p_u_t argu- + ment. The _l_e_n_g_t_h argument specifies the length of the + input -- only exactly that many bytes are included for the + checksum, without any padding. + The algorithm may be iterated over the same input data, if + the _o_u_t___c_o_u_n_t argument is 2, 3 or 4, and the optional _o_u_t_- + _p_u_t argument is a non-null pointer . The default is one + iteration, and it will not run more than 4 times. Multiple + iterations run slower, but provide a longer checksum if + desired. The _s_e_e_d argument provides an 8-byte seed for the + first iteration. If multiple iterations are requested, the + results of one iteration are automatically used as the + seed for the next iteration. + It returns both an unsigned long checksum value, and if + the _o_u_t_p_u_t argument is not a null pointer, up to 16 bytes + of the computed checksum are written into the output. -DES_CRYPT(3) 4.0 DES_CRYPT(3) - - - - and key length of 8 bytes, as long as the interface is the - same as described here. - +MIT Project Athena Kerberos Version 4.0 5 @@ -350,12 +331,31 @@ DES_CRYPT(3) 4.0 DES_CRYPT(3) +DES_CRYPT(3) BSD Programmer's Manual DES_CRYPT(3) +FFIILLEESS + /usr/include/kerberosIV/des.h + /usr/lib/libdes.a +SSEEEE AALLSSOO +DDIIAAGGNNOOSSTTIICCSS +BBUUGGSS + This software has not yet been compiled or tested on + machines other than the VAX and the IBM PC. +AAUUTTHHOORRSS + Steve Miller, MIT Project Athena/Digital Equipment Corpo- + ration +RREESSTTRRIICCTTIIOONNSS + COPYRIGHT 1985,1986 Massachusetts Institute of Technology + This software may not be exported outside of the US with- + out a special license from the US Dept of Commerce. It may + be replaced by any secret key block cipher with block + length and key length of 8 bytes, as long as the interface + is the same as described here. @@ -388,9 +388,9 @@ DES_CRYPT(3) 4.0 DES_CRYPT(3) +MIT Project Athena Kerberos Version 4.0 6 -Printed 7/27/90 Kerberos 6