Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

des_crypt(3krb) [ultrix man page]

des_crypt(3krb) 														   des_crypt(3krb)

Name
       des_crypt - Data Encryption Standard (DES) encryption library routines.

Syntax
	#include <des.h>

	int des_string_to_key	 (str, key)
	char	      *str;
	C_Block  *key;

	int des_is_weak_key (key)
	C_Block  key;

	unsigned long des_quad_cksum  (input, output, length,
						       iterations, seed)
	unsigned char  *input;
	unsigned long *output;
	long	      length;
	int	 iterations;
	C_Block  *seed;

	int des_key_sched  (key, schedule)
	C_Block  key;
	Key_schedule  schedule;

Arguments
       key	For key is a pointer to a of 8-byte length.  For and key is a pointer to a DES key.

       str	A string that is converted to an 8-byte DES key.

       input	Pointer to a block of data to which a quadratic checksum algorithm is applied.

       output	Pointer to a pre-allocated buffer that will contain the complete output from the quadratic checksum algorithm.	For each iteration
		of the quadratic checksum applied to the input, eight bytes (two longwords) of data are generated.

       length	Length of the data to which the quadratic checksum algorithm will be applied.  If input contains more than length bytes  of  data,
		then the quadratic checksum will only be applied to length bytes of input.

       iterations
		The  number  of  iterations  of  the  algorithm to apply to input.  If output is NULL, then one iteration of the algorithm will be
		applied to input, no matter what the value of iterations is.  The maximum number of iterations is four.

       seed	An 8-byte quantity used as a seed to the input of the algorithm.

       schedule A representation of a DES key in a form more easily used with encryption algorithms.  It is used as input to the routines.

Description
       The routines are designed to provide the cryptographic routines which are used to support authentication.  Specifically, and  are  designed
       to  be  used  with  the DES key which is shared between one Kerberos principal and its authenticated peer to provide an easy authentication
       method after the initial Kerberos authentication pass.  and are designed to enable the input and inspection of a key by a user before  that
       key is used with the Kerberos authentication routines.  The routines are not designed for general encryption.

       The  library  makes extensive use of the locally defined data types C_Block and Key_schedule. The C_Block struct is an 8-byte block used by
       the various routines of the library as the fundamental unit for DES data and keys.

Routines
       string_to_key
	      Converts a null-terminated string of arbitrary length to an 8-byte, odd-byte-parity DES key.  The str argument is a pointer  to  the
	      character string to be converted and key points to a C_Block supplied by the caller to receive the generated key.  The one-way func-
	      tion used to convert the string to a key makes it very difficult for anyone to reconstruct the string from the key.   No	meaningful
	      value is returned.

       des_is_weak_key
	      checks  a  new  key  input  by a user to determine if it belongs to the well known set of DES keys which do not provide good crypto-
	      graphic behavior.  If a key passes the inspection of then it can be used with the routine.  The input is a DES key and the output is
	      equal to 1 if the key is not a safe key to use; it is equal to 0 if it is safe to use.

       des_quad_cksum
	      Produces	a checksum by chaining quadratic operations on cleartext data.	can be used to produce a normal quadratic checksum and, if
	      used with the DES key shared between two authenticated Kerberos principals, it can also provide for the integrity and authentication
	      protection of data sent from one principal to another.

	      Input of length bytes are run through the routine iterations times to produce output.  If output is NULL, one iteration is performed
	      and output is not affected.  If output is not NULL, the quadratic checksum algorithm will be performed iterations  times	on  input,
	      placing  eight bytes (two longwords) of result in output for each iteration.  At all times, the low-order bits of the last quadratic
	      checksum algorithm pass are returned by

	      The quadratic checksum algorithm performs a checksum on a few bytes of data and feeds the result into the algorithm as  an  addition
	      input  to  the checksum on the next few bytes.  The seed serves as the additional input for the first checksum operation and, there-
	      fore, the final checksum that results depends upon the seed input into the algorithm.  If the DES key shared  between  two  Kerberos
	      principals  is  used  as	the  initial  seed, then since the checksum that results depends upon the seed, the ability to produce the
	      checksum proves identity and authentication.  Also, since the message cannot be altered without knowledge of the seed, it also  pro-
	      vides for data integrity.

       des_key_sched
	      is used to convert the key input into a new format that can be used readily with encryption functions.  The result, schedule, can be
	      used with the functions to enable mutual authentication of two Kerberos principals.

	      0 is returned from if successful.
	      -1 is returned if the each byte of the key does not have odd parity.
	      -2 is returned if the key is a weak key as defined by

																   des_crypt(3krb)
Man Page