Contenttype: text/html
Man page of des_crypt
des_crypt
Section: C Library Functions (3)
Index
Return to Main Contents
NAME
des_crypt, des_string_to_key, des_is_weak_key, des_key_sched, des_quad_cksum  Data Encryption Standard (DES) encryption library routines (Auth)
SYNOPSIS
#include <des.h>
int des_string_to_key(
char *str,
C_Block *key);
int des_is_weak_key (
C_Block key);
unsigned long des_quad_cksum(
unsigned char *input,
unsigned long *output,
long length,
int iterations,
C_Block *seed);
int des_key_sched(
C_Block key,
Key_schedule schedule);
PARAMETERS
 key

For
key is a pointer to a
of 8byte length. For
and
key
is a pointer to a DES key.
 str

A string that is converted to an 8byte DES key.
 input

Pointer to a block of data to which a quadratic checksum algorithm is applied.
 output

Pointer to a preallocated buffer that will contain the complete output from the quadratic
checksum algorithm. For each iteration of the quadratic checksum applied to the input,
eight bytes (two longwords) of data are generated.
 length

Length of the data to which the quadratic checksum algorithm will be applied. If input
contains more than length bytes of data, then the
quadratic checksum
will only be applied to length bytes of input.
 iterations

The number of iterations of the
algorithm to apply to input. If output is NULL, then one iteration of the algorithm
will be applied to input, no matter what the value of iterations is. The
maximum number of iterations is four.
 seed

An 8byte quantity used as a seed to the input of the
algorithm.
 schedule

A representation of a DES key in a form more easily used with encryption algorithms. It
is used as input to the
routines.
DESCRIPTION
The
routines are designed to provide the
cryptographic routines which are used to support authentication.
Specifically,
and
are designed to be used with the DES
key which is shared between one Kerberos principal
and its authenticated peer to provide an
easy authentication method after the initial
Kerberos authentication pass.
and
are designed to enable the input and
inspection of a key by a user before that key is used
with the Kerberos authentication routines. The
routines are not designed for general encryption.
The library makes extensive use of the locally defined data types
and
The
struct is an 8byte
block used by the various routines of the
library as the fundamental unit for DES data and keys.
ROUTINES
 string_to_key

Converts a nullterminated string of arbitrary length
to an 8byte, oddbyteparity DES key.
The str argument is a
pointer to the character string to be converted and key points to a
C_Block supplied by the caller to receive the generated key. The oneway
function used to convert the string to a key makes it very difficult for anyone to
reconstruct the string from the key. No
meaningful value is returned.
 des_is_weak_key

checks a new key input by a user to determine if
it belongs to the well known set of
DES keys which do not provide good cryptographic behavior.
If a key passes the inspection of
then it can be used with the
routine.
The input is a DES key and the output is equal
to 1 if the key is not a safe key
to use; it is equal to 0 if it is safe to use.
 des_quad_cksum

Produces a checksum by chaining quadratic operations on cleartext
data.
can be used to produce a
normal quadratic checksum and, if used with
the DES key shared between two authenticated
Kerberos principals, it can also provide
for the integrity and authentication
protection of data sent from one principal to another.

Input of length bytes are run through the
routine iterations times to produce output. If output
is NULL, one iteration is performed and output is not affected.
If output is not NULL, the quadratic checksum algorithm will be
performed iterations times on input, placing eight bytes
(two longwords) of result in output for each iteration. At all
times, the loworder bits
of the last quadratic checksum algorithm pass are returned
by

The quadratic checksum algorithm performs a checksum
on a few bytes of data and feeds the result into the algorithm
as an addition input to the checksum on the next few bytes.
The seed serves as the additional input for the first checksum
operation and, therefore, the final checksum that results
depends upon the seed input into the algorithm. If the
DES key shared between two Kerberos principals is used as
the initial seed, then since the checksum that results
depends upon the seed, the ability to produce the checksum
proves identity and authentication. Also, since the message cannot
be altered without knowledge of the seed, it also provides for
data integrity.
 des_key_sched

is used to convert the key input into
a new format that can be used readily with encryption
functions. The result, schedule, can be used with the
functions to enable mutual
authentication of two Kerberos principals.

A 0 is returned from
if successful.
A 1 is returned if the each byte of the key does not
have odd parity.
A 2 is returned if the key is a weak key as
defined by
delim off
Index
 NAME

 SYNOPSIS

 PARAMETERS

 DESCRIPTION

 ROUTINES

This document was created by
man2html,
using the manual pages.
Time: 02:41:58 GMT, October 02, 2010