*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> des_key_sched (3)              
Title
Content
Arch
Section
 

des_crypt(3)

Contents


NAME    [Toc]    [Back]

       des_crypt,       des_string_to_key,       des_is_weak_key,
       des_key_sched, des_quad_cksum - Data  Encryption  Standard
       (DES) encryption library routines (Auth)

SYNOPSIS    [Toc]    [Back]

       #include <des.h>

       int des_string_to_key(
               char *str,
               C_Block *key ); int des_is_weak_key(
               C_Block key ); unsigned long des_quad_cksum(
               unsigned char *input,
               unsigned long *output,
               long length,
               int iterations,
               C_Block *seed ); int des_key_sched(
               C_Block key,
               Key_schedule schedule );

       If  you are using the SSL rather than the DSL library routines,
 see  des(3)  for  information  on  des_key_sched(),
       des_is_weak_key(),          des_quad_cksum(),          and
       des_string_to_key().

PARAMETERS    [Toc]    [Back]

       For des_string_to_key(), key is a pointer to a C_Block  of
       8-byte  length.   For des_quad_cksum(), des_is_weak_key(),
       and des_key_sched(), key is a pointer to  a  DES  key.   A
       string that is converted to an 8-byte DES key.  Pointer to
       a block of data to which a quadratic checksum algorithm is
       applied.  Pointer to a pre-allocated buffer that will contain
 the complete output from the quadratic checksum algorithm.
   For  each  iteration  of  the  quadratic checksum
       applied to the input, eight bytes (two longwords) of  data
       are  generated.  Length of the data to which the quadratic
       checksum algorithm will be  applied.   If  input  contains
       more  than length bytes of data, then the quadratic checksum
 will only be applied to length bytes  of  input.   The
       number  of iterations of the des_quad_cksum() algorithm to
       apply to input.  If output is NULL, then one iteration  of
       the algorithm will be applied to input, no matter what the
       value of iterations is.  The maximum number of  iterations
       is  four.   An 8-byte quantity used as a seed to the input
       of the des_quad_cksum() algorithm.  A representation of  a
       DES  key  in a form more easily used with encryption algorithms.
  It is used as input to the krb_sendmutual()  routines.

DESCRIPTION    [Toc]    [Back]

       The des_crypt() routines are designed to provide the cryptographic
 routines which are used to  support  authentication.
  Specifically,  des_quad_cksum() and des_key_sched()
       are designed to be used with the DES key which  is  shared
       between  one Kerberos principal and its authenticated peer
       to provide an easy authentication method after the initial
       Kerberos  authentication  pass.   des_string_to_key()  and
       des_is_weak_key() are designed to  enable  the  input  and
       inspection of a key by a user before that key is used with
       the Kerberos  authentication  routines.   The  des_crypt()
       routines are not designed for general encryption.

       The  library  makes  extensive  use of the locally defined
       data types C_Block and Key_schedule. The C_Block struct is
       an  8-byte  block  used  by  the  various  routines of the
       des_crypt() library as the fundamental unit for  DES  data
       and keys.

   ROUTINES    [Toc]    [Back]
       Converts  a  null-terminated string of arbitrary length to
       an 8-byte, odd-byte-parity DES key. The str argument is  a
       pointer  to  the  character string to be converted and key
       points to a C_Block supplied by the caller to receive  the
       generated  key.   The one-way function used to convert the
       string to a key makes it  very  difficult  for  anyone  to
       reconstruct  the string from the key.  No meaningful value
       is returned.  des_is_weak_key() checks a new key input  by
       a user to determine if it belongs to the well known set of
       DES keys which do not provide good cryptographic behavior.
       If  a key passes the inspection of des_is_weak_key(), then
       it can be used  with  the  des_quad_cksum()  routine.  The
       input is a DES key and the output is equal to 1 if the key
       is not a safe key to use; it is equal to 0 if it  is  safe
       to  use.  Produces a checksum by chaining quadratic operations
 on cleartext data.  des_quad_cksum() can be used  to
       produce  a normal quadratic checksum and, if used with the
       DES key shared between two authenticated Kerberos  principals,
  it can also provide for the integrity and authentication
 protection of  data  sent  from  one  principal  to
       another.

              Input   of   length   bytes  are  run  through  the
              des_quad_cksum() routine iterations times  to  produce
  output.   If output is NULL, one iteration is
              performed and output is not affected. If output  is
              not  NULL, the quadratic checksum algorithm will be
              performed iterations times on input, placing  eight
              bytes  (two longwords) of result in output for each
              iteration.  At all times, the low-order bits of the
              last quadratic checksum algorithm pass are returned
              by des_quad_cksum().

              The quadratic checksum algorithm performs a  checksum
  on  a  few  bytes of data and feeds the result
              into the algorithm as  an  addition  input  to  the
              checksum  on the next few bytes. The seed serves as
              the additional input for the first checksum  operation
   and,  therefore,  the  final  checksum  that
              results depends upon the seed input into the  algorithm.
   If the DES key shared between two Kerberos
              principals is used as the initial seed, then  since
              the  checksum  that  results depends upon the seed,
              the ability to produce the checksum proves identity
              and authentication.  Also, since the message cannot
              be altered without knowledge of the seed,  it  also
              provides  for  data  integrity.  des_key_sched() is
              used to convert the key input  into  a  new  format
              that can be used readily with encryption functions.
              The  result,  schedule,  can  be  used   with   the
              krb_sendmutual() functions to enable mutual authentication
 of two Kerberos principals.

              A 0 is returned from des_key_sched() if successful.
              A  -1  is returned if the each byte of the key does
              not have odd parity.  A -2 is returned if  the  key
              is a weak key as defined by des_is_weak_key().



                                                     des_crypt(3)
[ Back ]
 Similar pages
Name OS Title
bdes FreeBSD encrypt/decrypt using the Data Encryption Standard (DES)
bdes OpenBSD encrypt/decrypt using the Data Encryption Standard
crypt Linux password and data encryption
secauthmigrate Tru64 Convert ULTRIX auth(5) authentication data to authcap(4) authentication data (Enhanced Security)
des_set_key_checked Tru64 DES encryption
des_set_key_unchecked Tru64 DES encryption
des_set_key Tru64 DES encryption
des_read_password Tru64 DES encryption
des_read_pw_string Tru64 DES encryption
des_set_odd_parity Tru64 DES encryption
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service