des_crypt, des_string_to_key, des_is_weak_key,
des_key_sched, des_quad_cksum - Data Encryption Standard
(DES) encryption library routines (Auth)
#include <des.h>
int des_string_to_key(
char *str,
C_Block *key ); int des_is_weak_key(
C_Block key ); unsigned long des_quad_cksum(
unsigned char *input,
unsigned long *output,
long length,
int iterations,
C_Block *seed ); int des_key_sched(
C_Block key,
Key_schedule schedule );
If you are using the SSL rather than the DSL library routines,
see des(3) for information on des_key_sched(),
des_is_weak_key(), des_quad_cksum(), and
des_string_to_key().
For des_string_to_key(), key is a pointer to a C_Block of
8-byte length. For des_quad_cksum(), des_is_weak_key(),
and des_key_sched(), key is a pointer to a DES key. A
string that is converted to an 8-byte DES key. Pointer to
a block of data to which a quadratic checksum algorithm is
applied. Pointer to a pre-allocated buffer that will contain
the complete output from the quadratic checksum algorithm.
For each iteration of the quadratic checksum
applied to the input, eight bytes (two longwords) of data
are generated. Length of the data to which the quadratic
checksum algorithm will be applied. If input contains
more than length bytes of data, then the quadratic checksum
will only be applied to length bytes of input. The
number of iterations of the des_quad_cksum() algorithm to
apply to input. If output is NULL, then one iteration of
the algorithm will be applied to input, no matter what the
value of iterations is. The maximum number of iterations
is four. An 8-byte quantity used as a seed to the input
of the des_quad_cksum() algorithm. A representation of a
DES key in a form more easily used with encryption algorithms.
It is used as input to the krb_sendmutual() routines.
The des_crypt() routines are designed to provide the cryptographic
routines which are used to support authentication.
Specifically, des_quad_cksum() and des_key_sched()
are designed to be used with the DES key which is shared
between one Kerberos principal and its authenticated peer
to provide an easy authentication method after the initial
Kerberos authentication pass. des_string_to_key() and
des_is_weak_key() are designed to enable the input and
inspection of a key by a user before that key is used with
the Kerberos authentication routines. The des_crypt()
routines are not designed for general encryption.
The library makes extensive use of the locally defined
data types C_Block and Key_schedule. The C_Block struct is
an 8-byte block used by the various routines of the
des_crypt() library as the fundamental unit for DES data
and keys.
ROUTINES [Toc] [Back]
Converts a null-terminated string of arbitrary length to
an 8-byte, odd-byte-parity DES key. The str argument is a
pointer to the character string to be converted and key
points to a C_Block supplied by the caller to receive the
generated key. The one-way function used to convert the
string to a key makes it very difficult for anyone to
reconstruct the string from the key. No meaningful value
is returned. des_is_weak_key() checks a new key input by
a user to determine if it belongs to the well known set of
DES keys which do not provide good cryptographic behavior.
If a key passes the inspection of des_is_weak_key(), then
it can be used with the des_quad_cksum() routine. The
input is a DES key and the output is equal to 1 if the key
is not a safe key to use; it is equal to 0 if it is safe
to use. Produces a checksum by chaining quadratic operations
on cleartext data. des_quad_cksum() can be used to
produce a normal quadratic checksum and, if used with the
DES key shared between two authenticated Kerberos principals,
it can also provide for the integrity and authentication
protection of data sent from one principal to
another.
Input of length bytes are run through the
des_quad_cksum() routine iterations times to produce
output. If output is NULL, one iteration is
performed and output is not affected. If output is
not NULL, the quadratic checksum algorithm will be
performed iterations times on input, placing eight
bytes (two longwords) of result in output for each
iteration. At all times, the low-order bits of the
last quadratic checksum algorithm pass are returned
by des_quad_cksum().
The quadratic checksum algorithm performs a checksum
on a few bytes of data and feeds the result
into the algorithm as an addition input to the
checksum on the next few bytes. The seed serves as
the additional input for the first checksum operation
and, therefore, the final checksum that
results depends upon the seed input into the algorithm.
If the DES key shared between two Kerberos
principals is used as the initial seed, then since
the checksum that results depends upon the seed,
the ability to produce the checksum proves identity
and authentication. Also, since the message cannot
be altered without knowledge of the seed, it also
provides for data integrity. des_key_sched() is
used to convert the key input into a new format
that can be used readily with encryption functions.
The result, schedule, can be used with the
krb_sendmutual() functions to enable mutual authentication
of two Kerberos principals.
A 0 is returned from des_key_sched() if successful.
A -1 is returned if the each byte of the key does
not have odd parity. A -2 is returned if the key
is a weak key as defined by des_is_weak_key().
des_crypt(3)
[ Back ] |
