des_crypt(3krb)des_crypt(3krb)Namedes_crypt - Data Encryption Standard (DES) encryption library routines.
Syntax
#include <des.h>
int des_string_to_key (str, key)
char *str;
C_Block *key;
int des_is_weak_key (key)
C_Block key;
unsigned long des_quad_cksum (input, output, length,
iterations, seed)
unsigned char *input;
unsigned long *output;
long length;
int iterations;
C_Block *seed;
int des_key_sched (key, schedule)
C_Block key;
Key_schedule schedule;
Arguments
key For key is a pointer to a of 8-byte length. For and key is a
pointer to a DES key.
str A string that is converted to an 8-byte DES key.
input Pointer to a block of data to which a quadratic checksum algo‐
rithm is applied.
output Pointer to a pre-allocated buffer that will contain the com‐
plete output from the quadratic checksum algorithm. For each
iteration of the quadratic checksum applied to the input,
eight bytes (two longwords) of data are generated.
length Length of the data to which the quadratic checksum algorithm
will be applied. If input contains more than length bytes of
data, then the quadratic checksum will only be applied to
length bytes of input.
iterations
The number of iterations of the algorithm to apply to input.
If output is NULL, then one iteration of the algorithm will be
applied to input, no matter what the value of iterations is.
The maximum number of iterations is four.
seed An 8-byte quantity used as a seed to the input of the algo‐
rithm.
schedule A representation of a DES key in a form more easily used with
encryption algorithms. It is used as input to the routines.
Description
The routines are designed to provide the cryptographic routines which
are used to support authentication. Specifically, and are designed to
be used with the DES key which is shared between one Kerberos principal
and its authenticated peer to provide an easy authentication method
after the initial Kerberos authentication pass. and are designed to
enable the input and inspection of a key by a user before that key is
used with the Kerberos authentication routines. The routines are not
designed for general encryption.
The library makes extensive use of the locally defined data types
C_Block and Key_schedule. The C_Block struct is an 8-byte block used by
the various routines of the library as the fundamental unit for DES
data and keys.
Routines
string_to_key
Converts a null-terminated string of arbitrary length to an
8-byte, odd-byte-parity DES key. The str argument is a pointer
to the character string to be converted and key points to a
C_Block supplied by the caller to receive the generated key.
The one-way function used to convert the string to a key makes
it very difficult for anyone to reconstruct the string from the
key. No meaningful value is returned.
des_is_weak_key
checks a new key input by a user to determine if it belongs to
the well known set of DES keys which do not provide good crypto‐
graphic behavior. If a key passes the inspection of then it can
be used with the routine. The input is a DES key and the output
is equal to 1 if the key is not a safe key to use; it is equal
to 0 if it is safe to use.
des_quad_cksum
Produces a checksum by chaining quadratic operations on cleart‐
ext data. can be used to produce a normal quadratic checksum
and, if used with the DES key shared between two authenticated
Kerberos principals, it can also provide for the integrity and
authentication protection of data sent from one principal to
another.
Input of length bytes are run through the routine iterations
times to produce output. If output is NULL, one iteration is
performed and output is not affected. If output is not NULL,
the quadratic checksum algorithm will be performed iterations
times on input, placing eight bytes (two longwords) of result in
output for each iteration. At all times, the low-order bits of
the last quadratic checksum algorithm pass are returned by
The quadratic checksum algorithm performs a checksum on a few
bytes of data and feeds the result into the algorithm as an
addition input to the checksum on the next few bytes. The seed
serves as the additional input for the first checksum operation
and, therefore, the final checksum that results depends upon the
seed input into the algorithm. If the DES key shared between
two Kerberos principals is used as the initial seed, then since
the checksum that results depends upon the seed, the ability to
produce the checksum proves identity and authentication. Also,
since the message cannot be altered without knowledge of the
seed, it also provides for data integrity.
des_key_sched
is used to convert the key input into a new format that can be
used readily with encryption functions. The result, schedule,
can be used with the functions to enable mutual authentication
of two Kerberos principals.
0 is returned from if successful.
-1 is returned if the each byte of the key does not have odd
parity.
-2 is returned if the key is a weak key as defined by
des_crypt(3krb)