 |
Index for
Section 3 |
|
 |
Alphabetical
listing for D |
|
 |
Bottom of
page |
|
des_crypt(3)
NAME
des_crypt, des_string_to_key, des_is_weak_key, des_key_sched,
des_quad_cksum - Data Encryption Standard (DES) encryption library routines
(Auth)
SYNOPSIS
#include <des.h>
int des_string_to_key(
char *str,
C_Block *key);
int des_is_weak_key (
C_Block key);
unsigned long des_quad_cksum(
unsigned char *input,
unsigned long *output,
long length,
int iterations,
C_Block *seed);
int des_key_sched(
C_Block key,
Key_schedule schedule);
PARAMETERS
key For des_string_to_key, key is a pointer to a C_Block of 8-byte
length. For des_quad_cksum, des_is_weak_key, and des_key_sched,
key is a pointer to a DES key.
str A string that is converted to an 8-byte DES key.
input Pointer to a block of data to which a quadratic checksum algorithm
is applied.
output Pointer to a pre-allocated buffer that will contain the complete
output from the quadratic checksum algorithm. For each iteration
of the quadratic checksum applied to the input, eight bytes (two
longwords) of data are generated.
length Length of the data to which the quadratic checksum algorithm will
be applied. If input contains more than length bytes of data,
then the quadratic checksum will only be applied to length bytes
of input.
iterations
The number of iterations of the des_quad_cksum algorithm to apply
to input. If output is NULL, then one iteration of the algorithm
will be applied to input, no matter what the value of iterations
is. The maximum number of iterations is four.
seed An 8-byte quantity used as a seed to the input of the
des_quad_cksum algorithm.
schedule A representation of a DES key in a form more easily used with
encryption algorithms. It is used as input to the krb_sendmutual
routines.
DESCRIPTION
The des_crypt routines are designed to provide the cryptographic routines
which are used to support authentication. Specifically, des_quad_cksum and
des_key_sched are designed to be used with the DES key which is shared
between one Kerberos principal and its authenticated peer to provide an
easy authentication method after the initial Kerberos authentication pass.
des_string_to_key and des_is_weak_key are designed to enable the input and
inspection of a key by a user before that key is used with the Kerberos
authentication routines. The des_crypt routines are not designed for
general encryption.
The library makes extensive use of the locally defined data types C_Block
and Key_schedule. The C_Block struct is an 8-byte block used by the
various routines of the des_crypt library as the fundamental unit for DES
data and keys.
ROUTINES
string_to_key
Converts a null-terminated string of arbitrary length to an 8-byte,
odd-byte-parity DES key. The str argument is a pointer to the
character string to be converted and key points to a C_Block supplied
by the caller to receive the generated key. The one-way function used
to convert the string to a key makes it very difficult for anyone to
reconstruct the string from the key. No meaningful value is returned.
des_is_weak_key
des_is_weak_key checks a new key input by a user to determine if it
belongs to the well known set of DES keys which do not provide good
cryptographic behavior. If a key passes the inspection of
des_is_weak_key, then it can be used with the des_quad_cksum routine.
The input is a DES key and the output is equal to 1 if the key is not
a safe key to use; it is equal to 0 if it is safe to use.
des_quad_cksum
Produces a checksum by chaining quadratic operations on cleartext
data. des_quad_cksum can be used to produce a normal quadratic
checksum and, if used with the DES key shared between two
authenticated Kerberos principals, it can also provide for the
integrity and authentication protection of data sent from one
principal to another.
Input of length bytes are run through the des_quad_cksum routine
iterations times to produce output. If output is NULL, one iteration
is performed and output is not affected. If output is not NULL, the
quadratic checksum algorithm will be performed iterations times on
input, placing eight bytes (two longwords) of result in output for
each iteration. At all times, the low-order bits of the last
quadratic checksum algorithm pass are returned by des_quad_cksum.
The quadratic checksum algorithm performs a checksum on a few bytes of
data and feeds the result into the algorithm as an addition input to
the checksum on the next few bytes. The seed serves as the additional
input for the first checksum operation and, therefore, the final
checksum that results depends upon the seed input into the algorithm.
If the DES key shared between two Kerberos principals is used as the
initial seed, then since the checksum that results depends upon the
seed, the ability to produce the checksum proves identity and
authentication. Also, since the message cannot be altered without
knowledge of the seed, it also provides for data integrity.
des_key_sched
des_key_sched is used to convert the key input into a new format that
can be used readily with encryption functions. The result, schedule,
can be used with the krb_sendmutual functions to enable mutual
authentication of two Kerberos principals.
A 0 is returned from des_key_sched if successful. A -1 is returned if
the each byte of the key does not have odd parity. A -2 is returned
if the key is a weak key as defined by des_is_weak_key.
|
Index for
Section 3 |
|
|
Alphabetical
listing for D |
|
 |
Top of
page |
|