des.pod

一个用于点对点传输加密的工具包源码

=pod

=head1 NAME

des_random_key, des_set_key, des_key_sched, des_set_key_checked,
des_set_key_unchecked, des_set_odd_parity, des_is_weak_key,
des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt,
des_cfb_encrypt, des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt,
des_ofb64_encrypt, des_xcbc_encrypt, des_ede2_cbc_encrypt,
des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt,
des_ede3_cbcm_encrypt, des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt,
des_read_password, des_read_2passwords, des_read_pw_string,
des_cbc_cksum, des_quad_cksum, des_string_to_key, des_string_to_2keys,
des_fcrypt, des_crypt, des_enc_read, des_enc_write - DES encryption

=head1 SYNOPSIS

 #include <openssl/des.h>

 void des_random_key(des_cblock *ret);

 int des_set_key(const_des_cblock *key, des_key_schedule schedule);
 int des_key_sched(const_des_cblock *key, des_key_schedule schedule);
 int des_set_key_checked(const_des_cblock *key,
        des_key_schedule schedule);
 void des_set_key_unchecked(const_des_cblock *key,
        des_key_schedule schedule);

 void des_set_odd_parity(des_cblock *key);
 int des_is_weak_key(const_des_cblock *key);

 void des_ecb_encrypt(const_des_cblock *input, des_cblock *output, 
        des_key_schedule ks, int enc);
 void des_ecb2_encrypt(const_des_cblock *input, des_cblock *output, 
        des_key_schedule ks1, des_key_schedule ks2, int enc);
 void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, 
        des_key_schedule ks1, des_key_schedule ks2, 
        des_key_schedule ks3, int enc);

 void des_ncbc_encrypt(const unsigned char *input, unsigned char *output, 
        long length, des_key_schedule schedule, des_cblock *ivec, 
        int enc);
 void des_cfb_encrypt(const unsigned char *in, unsigned char *out,
        int numbits, long length, des_key_schedule schedule,
        des_cblock *ivec, int enc);
 void des_ofb_encrypt(const unsigned char *in, unsigned char *out,
        int numbits, long length, des_key_schedule schedule,
        des_cblock *ivec);
 void des_pcbc_encrypt(const unsigned char *input, unsigned char *output, 
        long length, des_key_schedule schedule, des_cblock *ivec, 
        int enc);
 void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
        long length, des_key_schedule schedule, des_cblock *ivec,
        int *num, int enc);
 void des_ofb64_encrypt(const unsigned char *in, unsigned char *out,
        long length, des_key_schedule schedule, des_cblock *ivec,
        int *num);

 void des_xcbc_encrypt(const unsigned char *input, unsigned char *output, 
        long length, des_key_schedule schedule, des_cblock *ivec, 
        const_des_cblock *inw, const_des_cblock *outw, int enc);

 void des_ede2_cbc_encrypt(const unsigned char *input,
        unsigned char *output, long length, des_key_schedule ks1,
        des_key_schedule ks2, des_cblock *ivec, int enc);
 void des_ede2_cfb64_encrypt(const unsigned char *in,
        unsigned char *out, long length, des_key_schedule ks1,
        des_key_schedule ks2, des_cblock *ivec, int *num, int enc);
 void des_ede2_ofb64_encrypt(const unsigned char *in,
        unsigned char *out, long length, des_key_schedule ks1,
        des_key_schedule ks2, des_cblock *ivec, int *num);

 void des_ede3_cbc_encrypt(const unsigned char *input,
        unsigned char *output, long length, des_key_schedule ks1,
        des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec,
        int enc);
 void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, 
        long length, des_key_schedule ks1, des_key_schedule ks2, 
        des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2, 
        int enc);
 void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, 
        long length, des_key_schedule ks1, des_key_schedule ks2,
        des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
 void des_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
        long length, des_key_schedule ks1, 
        des_key_schedule ks2, des_key_schedule ks3, 
        des_cblock *ivec, int *num);

 int des_read_password(des_cblock *key, const char *prompt, int verify);
 int des_read_2passwords(des_cblock *key1, des_cblock *key2, 
        const char *prompt, int verify);
 int des_read_pw_string(char *buf, int length, const char *prompt,
        int verify);

 DES_LONG des_cbc_cksum(const unsigned char *input, des_cblock *output, 
        long length, des_key_schedule schedule, 
        const_des_cblock *ivec);
 DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[], 
        long length, int out_count, des_cblock *seed);
 void des_string_to_key(const char *str, des_cblock *key);
 void des_string_to_2keys(const char *str, des_cblock *key1,
        des_cblock *key2);

 char *des_fcrypt(const char *buf, const char *salt, char *ret);
 char *des_crypt(const char *buf, const char *salt);
 char *crypt(const char *buf, const char *salt);

 int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
        des_cblock *iv);
 int des_enc_write(int fd, const void *buf, int len,
        des_key_schedule sched, des_cblock *iv);

=head1 DESCRIPTION

This library contains a fast implementation of the DES encryption
algorithm.

There are two phases to the use of DES encryption.  The first is the
generation of a I<des_key_schedule> from a key, the second is the
actual encryption.  A DES key is of type I<des_cblock>. This type is
consists of 8 bytes with odd parity.  The least significant bit in
each byte is the parity bit.  The key schedule is an expanded form of
the key; it is used to speed the encryption process.

des_random_key() generates a random key.  The PRNG must be seeded
prior to using this function (see L<rand(3)|rand(3)>; for backward
compatibility the function des_random_seed() is available as well).
If the PRNG could not generate a secure key, 0 is returned.  In
earlier versions of the library, des_random_key() did not generate
secure keys.

Before a DES key can be used, it must be converted into the
architecture dependent I<des_key_schedule> via the
des_set_key_checked() or des_set_key_unchecked() function.

des_set_key_checked() will check that the key passed is of odd parity
and is not a week or semi-weak key.  If the parity is wrong, then -1
is returned.  If the key is a weak key, then -2 is returned.  If an
error is returned, the key schedule is not generated.

des_set_key() (called des_key_sched() in the MIT library) works like
des_set_key_checked() if the I<des_check_key> flag is non-zero,
otherwise like des_set_key_unchecked().  These functions are available
for compatibility; it is recommended to use a function that does not
depend on a global variable.

des_set_odd_parity() (called des_fixup_key_parity() in the MIT
library) sets the parity of the passed I<key> to odd.

des_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
is ok.  The probability that a randomly generated key is weak is
1/2^52, so it is not really worth checking for them.

The following routines mostly operate on an input and output stream of
I<des_cblock>s.

des_ecb_encrypt() is the basic DES encryption routine that encrypts or
decrypts a single 8-byte I<des_cblock> in I<electronic code book>
(ECB) mode.  It always transforms the input data, pointed to by
I<input>, into the output data, pointed to by the I<output> argument.
If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
(cleartext) is encrypted in to the I<output> (ciphertext) using the
key_schedule specified by the I<schedule> argument, previously set via
I<des_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
ciphertext) is decrypted into the I<output> (now cleartext).  Input
and output may overlap.  des_ecb_encrypt() does not return a value.

des_ecb3_encrypt() encrypts/decrypts the I<input> block by using
three-key Triple-DES encryption in ECB mode.  This involves encrypting
the input with I<ks1>, decrypting with the key schedule I<ks2>, and
then encrypting with I<ks3>.  This routine greatly reduces the chances
of brute force breaking of DES and has the advantage of if I<ks1>,
I<ks2> and I<ks3> are the same, it is equivalent to just encryption
using ECB mode and I<ks1> as the key.

The macro des_ecb2_encrypt() is provided to perform two-key Triple-DES
encryption by using I<ks1> for the final encryption.

des_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
(CBC) mode of DES.  If the I<encrypt> argument is non-zero, the
routine cipher-block-chain encrypts the cleartext data pointed to by
the I<input> argument into the ciphertext pointed to by the I<output>
argument, using the key schedule provided by the I<schedule> argument,
and initialization vector provided by the I<ivec> argument.  If the
I<length> argument is not an integral multiple of eight bytes, the
last block is copied to a temporary area and zero filled.  The output
is always an integral multiple of eight bytes.

des_xcbc_encrypt() is RSA's DESX mode of DES.  It uses I<inw> and