Article 21 From: 2004dss@ucsbuxa.ucsb.edu (Diane Shelander) Newsgroups: sci.crypt Subject: Re: Password Probabilities Keywords: password, ASCII Message-ID: <7635@hub.ucsb.edu> Date: 4 Dec 90 06:22:44 GMT References: <1990Nov22.211909.29282@weitek.COM> <529@tygra.ddmi.com> <7577@hub.ucsb.edu> Sender: news@hub.ucsb.edu Lines: 954 The following is a shell archive of a program called des. des provides NBS DEA traceable encryption and decryption using Electronic Code Book (ECB) mode. The files include are: Makefile des.c getopt.c (public domain) des.test test vectors derived from NBS Special Pub 5000-20 des.1 man page for des (may be viewed with psview and psroff see Makefile) The des uses libcrypt which may not be functional for decryption on your system. See des.1 (appended). The crypt() call is used for initializing the E permutation array, as it is not otherwise initialized, resulting in the use of R[0] only in f(R,K), which isn't very secure. The test vectors are included for such a reason, in case someone wants to play with their version of libcrypt. This program is similar to descrypt.c by Stephen Kochan and Patrick Wood in "Unix System Security" (Hayden Books). I wrote the code several years ago, but resurrected it when I saw the bit in byte ordering wrong in descrypt.c. The test vector feature (-t) (see des.1) can be used or modified for generating keys for a key management system for a secure network. des can accept either an ascii key or a hex key, and uses it untransformed. (descrypt.c uses a crypt() call to stir up the key). Using libcrypt, des runs on my IRIS 4D-25/G at about 2.8 kbytes/sec. I have a faster impelementation of the Data Encryption Algorithm and a new version of des, but am not ready to release it. The new version runs at about 10 kbytes/sec. -------- cut here ------- # /bin/sh only cat << SH_EOF > Makefile # .SUFFIXES: .prt .vw .1 SRCS = des.c getopt.c UNDER_RCS = $(SRCS) des.test des.1 all: des neat: rm -f *.o *BAK .emacs* clobber: neat rm -f des ci: ci -f -u $(UNDER_RCS) firstci: rcsdir ci rcs -q -U $(UNDER_RCS) chmod u+w $(UNDER_RCS) rcsdir: mkdir RCS des: des.o getopt.o cc -o des des.c getopt.o -lcrypt strip des getopt.o: getopt.c cc -c getopt.o getopt.c .1.prt: tbl $*.1 | psroff -man -h .1.vw: tbl $*.1 | psroff -man -t | psview -F1.0 SH_EOF cat << SH_EOF > des.c /* * Copyright (c) 1990 David G. Koontz. * All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that the above copyright notice and this paragraph are * duplicated in all such forms and that any documentation, * advertisiing materials, and other materials related to such * distribution and use acknowledge that the software was developed * by the above mentioned individual. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE */ #ifndef lint char copyright[]= "@(#) Copyright (c) 1990 David G. Koontz\n All rights reserved.\n"; #endif /* des -- perform encryption/decryption using DES algorithm */ #define TRUE 1 #define FALSE 0 #define SHIFT 1 #define NOSHIFT 0 extern int optind,opterr; extern char *optarg; #include #include #include char *getpass(); static char null_salt[8] = {0x2e,0x2e,0,0,0,0,0,0}; #define BYTES_PER_BLOCK 8 #define NYBBLES_PER_BLOCK 16 #define NUMBER_OF_KEY_BYTES 8 #define BITS_PER_NYBBLE 4 #define BITS_PER_BYTE 8 #define BITS_PER_BLOCK 64 #define BIT(x) ( 1 << x) #define TODEC 16 #define ENCRYPT 0 #define DECRYPT 1 main (argc,argv) int argc; char **argv; { unsigned char input[BYTES_PER_BLOCK], output[BYTES_PER_BLOCK]; unsigned char bits[BITS_PER_BLOCK]; unsigned char key[NUMBER_OF_KEY_BYTES]; unsigned char testinput[128]; unsigned char testkey[NYBBLES_PER_BLOCK+1]; unsigned char testplain[NYBBLES_PER_BLOCK+1]; unsigned char testcipher[NYBBLES_PER_BLOCK+1]; unsigned char testresult[NYBBLES_PER_BLOCK+1]; int len,c; int verbose = FALSE; int testerrors = 0; int totalerrors = 0; int testcount = 0; int needkey = TRUE; int desmode = ENCRYPT; int testmode = FALSE; char padchar = 0x20; /* default pad character is space */ if (argc < 2) goto usage; crypt(null_salt,null_salt); /* initialize the E[] array */ while (( c = getopt(argc,argv,"edk:K:p:tv")) != EOF) { switch (c){ case 'e': desmode = ENCRYPT; break; case 'd': desmode = DECRYPT; break; case 'k': if (needkey) { needkey = FALSE; if ( (c = optarg[0]) == '-') /* prevent lost data */ goto usage; if ( (c = strlen(optarg)) < 8) { fprintf(stderr,"%s: key must be 8 char\n",argv[0]); exit(1); } loadkey(optarg,SHIFT); } else { fprintf(stderr,"%s: too many keys\n",argv[0]); exit(1); } break; case 'K': if ( needkey ) { needkey = FALSE; strxtoc(optarg,key); /* will complain about bad format */ while (*optarg) *optarg++ = 0; loadkey(key,NOSHIFT); } else { fprintf(stderr,"%s: too many keys\n",argv[0]); exit(1); } break; case 'p': padchar = (unsigned char) strtol(optarg,0,TODEC); break; case 't': testmode = TRUE; break; case 'v': verbose = TRUE; break; case '?': usage: fprintf(stderr,"Usage: %s -e | -d ",argv[0]); fprintf(stderr,"[-k key | -K hex_key] "); fprintf(stderr,"[-p hex_pad_char]\n\n"); fprintf(stderr," Or: %s -t [-v]\n\n",argv[0]); exit(1); break; } } if (needkey && !testmode ) { strncpy(key,getpass("key: "),8); if ( (c = strlen(key)) < 8) { fprintf(stderr,"%s: key must be 8 char\n",argv[0]); exit(1); } loadkey(key,SHIFT); } if ( !testmode) /* regular operation loop */ while ((len = fread(input, 1, BYTES_PER_BLOCK, stdin)) > 0) { if ( len < BYTES_PER_BLOCK ) { /* encrypt mode only */ while (len < BYTES_PER_BLOCK) input[len++]=padchar; } bytes_to_bits(input, bits); encrypt(bits,desmode); bits_to_bytes(bits,output); fwrite(output, 1, BYTES_PER_BLOCK, stdout); } else /* test mode */ { while (fgets(testinput,(sizeof testinput) -1, stdin) != NULL ) { if ( strncmp(testinput,"encrypt",7) == 0) { /* mode = encode */ desmode = ENCRYPT; fprintf(stderr,"%s",testinput); } else if ( strncmp(testinput,"decrypt",7) == 0) { /* mode = decode */ fprintf(stderr,"%s",testinput); desmode = DECRYPT; } else if ( strncmp(testinput," ",1) == 0) { /* key, plain & cipher */ testcount++; len = sscanf(testinput,"%s%s%s*", testkey, testplain, testcipher); if ( verbose ) { fprintf(stderr," %s %s %s\n", testkey, testplain, testcipher); } strxtoc(testkey,key); loadkey(key,NOSHIFT); strxtoc(testplain,input); bytes_to_bits(input,bits); encrypt(bits,desmode); bits_to_bytes(bits,output); strctox(output,testresult); if ( (len = strncasecmp(testcipher,testresult,16)) != 0 ) { fprintf(stderr,"Test: %d -- ERROR expected %s got %s\n", testcount,testcipher,testresult); testerrors++; } } else { /* nothing but eyewash */ if ( testcount ) { fprintf(stderr," %d tests performed\n",testcount); fprintf(stderr," ERRORS on these tests : %d\n",testerrors); totalerrors +=testerrors; testcount = 0; testerrors = 0; } fprintf(stderr,"%s",testinput); } } fprintf(stderr,"Total Errors = %d\n",totalerrors); } return(0); } loadkey(key,shift) char *key; int shift; { int i; char bits[BITS_PER_BLOCK]; if (shift) for (i=0;i= 0;k--) { if (bytes[i] & BIT(k)) bits[j++]=1; else bits[j++]=0; } } } bits_to_bytes (bits,bytes) unsigned char *bits,*bytes; { register int i,j,k; for (i=0,j=0;i < BYTES_PER_BLOCK;i++) bytes[i]=0; for (i=0,j=0;i < BITS_PER_BYTE;i++) { for (k=7;k >= 0;k--) if(bits[j++]) bytes[i] |= BIT(k); } } strxtoc(hexstr,charstr) /* converts 16 hex digit strings to char strings */ char *hexstr,*charstr; { #define UPPER_NYBBLE ( !(val & 1) ) unsigned char c; int val; for (val = 0; val < NYBBLES_PER_BLOCK;val++) { if ((hexstr[val] >= '0') && (hexstr[val] <= '9')) if (UPPER_NYBBLE) c = (hexstr[val] - '0') << BITS_PER_NYBBLE; else c += hexstr[val] - '0'; else if ((hexstr[val] >= 'A') && (hexstr[val] <= 'F')) if (UPPER_NYBBLE) c = (hexstr[val] - 'A' +10) << BITS_PER_NYBBLE; else c += hexstr[val] - 'A' +10; else if ((hexstr[val] >= 'a') && (hexstr[val] <= 'f')) if (UPPER_NYBBLE) c = (hexstr[val] - 'a' +10) << BITS_PER_NYBBLE; else c += hexstr[val] - 'a' +10; else { fprintf(stderr,"hex conversion error: %s - char %d\n",hexstr,val); if ((val = strlen(hexstr)) != NYBBLES_PER_BLOCK) fprintf(stderr,"hex string length != 16\n"); exit(1); } if ( UPPER_NYBBLE) /* 2nd nybble of each char */ charstr[val>>1] = 0; else charstr[val>>1] = c; } } strctox(charstr,hexstr) /* converts 8 char string to 16 hex digit string */ char *charstr,*hexstr; { unsigned char c; int i; for (i = 0; i < 8; i++) { c = charstr[i] >> BITS_PER_NYBBLE; /* uppper nybble */ if ( c <= 9) *hexstr++ = c + '0'; else *hexstr++ = c + '7'; c = (charstr[i] & 0xf); if ( c <= 9) *hexstr++ = c + '0'; else *hexstr++ = c + '7'; } *hexstr = 0; /* following NULL terminator */ } SH_EOF cat << SH_EOF > getopt.c #define NULL 0 #define EOF (-1) #define ERR(s, c) if(opterr){\ extern int strlen(), write();\ char errbuf[2];\ errbuf[0] = c; errbuf[1] = '\n';\ (void) write(2, argv[0], (unsigned)strlen(argv[0]));\ (void) write(2, s, (unsigned)strlen(s));\ (void) write(2, errbuf, 2);} extern int strcmp(); /* bsd based system will require index */ #define strchr index extern char *strchr(); int opterr = 1; int optind = 1; int optopt; char *optarg; int getopt(argc, argv, opts) int argc; char **argv, *opts; { static int sp = 1; register int c; register char *cp; if(sp == 1) if(optind >= argc || argv[optind][0] != '-' || argv[optind][1] == '\0') return(EOF); else if(strcmp(argv[optind], "--") == NULL) { optind++; return(EOF); } optopt = c = argv[optind][sp]; if(c == ':' || (cp=strchr(opts, c)) == NULL) { ERR(": illegal option -- ", c); if(argv[optind][++sp] == '\0') { optind++; sp = 1; } return('?'); } if(*++cp == ':') { if(argv[optind][sp+1] != '\0') optarg = &argv[optind++][sp+1]; else if(++optind >= argc) { ERR(": option requires an argument -- ", c); sp = 1; return('?'); } else optarg = argv[optind++]; sp = 1; } else { if(argv[optind][++sp] == '\0') { sp = 1; optind++; } optarg = NULL; } return(c); } SH_EOF cat << SH_EOF > des.test # Test vectors for DES Electronic Code Book (ECB) # implementation, derived from: # "Validating the Correctness of Hardware # Implementations of the NBS Data Encryption Standard" # NBS Special Publication 500-20, 1980. # # Initial Permutation and Expansion test # encrypt # 0101010101010101 95F8A5E5DD31D900 8000000000000000 0101010101010101 DD7F121CA5015619 4000000000000000 0101010101010101 2E8653104F3834EA 2000000000000000 0101010101010101 4BD388FF6CD81D4F 1000000000000000 0101010101010101 20B9E767B2FB1456 0800000000000000 0101010101010101 55579380D77138EF 0400000000000000 0101010101010101 6CC5DEFAAF04512F 0200000000000000 0101010101010101 0D9F279BA5D87260 0100000000000000 0101010101010101 D9031B0271BD5A0A 0080000000000000 0101010101010101 424250B37C3DD951 0040000000000000 0101010101010101 B8061B7ECD9A21E5 0020000000000000 0101010101010101 F15D0F286B65BD28 0010000000000000 0101010101010101 ADD0CC8D6E5DEBA1 0008000000000000 0101010101010101 E6D5F82752AD63D1 0004000000000000 0101010101010101 ECBFE3BD3F591A5E 0002000000000000 0101010101010101 F356834379D165CD 0001000000000000 0101010101010101 2B9F982F20037FA9 0000800000000000 0101010101010101 889DE068A16F0BE6 0000400000000000 0101010101010101 E19E275D846A1298 0000200000000000 0101010101010101 329A8ED523D71AEC 0000100000000000 0101010101010101 E7FCE22557D23C97 0000080000000000 0101010101010101 12A9F5817FF2D65D 0000040000000000 0101010101010101 A484C3AD38DC9C19 0000020000000000 0101010101010101 FBE00A8A1EF8AD72 0000010000000000 0101010101010101 750D079407521363 0000008000000000 0101010101010101 64FEED9C724C2FAF 0000004000000000 0101010101010101 F02B263B328E2B60 0000002000000000 0101010101010101 9D64555A9A10B852 0000001000000000 0101010101010101 D106FF0BED5255D7 0000000800000000 0101010101010101 E1652C6B138C64A5 0000000400000000 0101010101010101 E428581186EC8F46 0000000200000000 0101010101010101 AEB5F5EDE22D1A36 0000000100000000 0101010101010101 E943D7568AEC0C5C 0000000080000000 0101010101010101 DF98C8276F54B04B 0000000040000000 0101010101010101 B160E4680F6C696F 0000000020000000 0101010101010101 FA0752B07D9C4AB8 0000000010000000 0101010101010101 CA3A2B036DBC8502 0000000008000000 0101010101010101 5E0905517BB59BCF 0000000004000000 0101010101010101 814EEB3B91D90726 0000000002000000 0101010101010101 4D49DB1532919C9F 0000000001000000 0101010101010101 25EB5FC3F8CF0621 0000000000800000 0101010101010101 AB6A20C0620D1C6F 0000000000400000 0101010101010101 79E90DBC98F92CCA 0000000000200000 0101010101010101 866ECEDD8072BB0E 0000000000100000 0101010101010101 8B54536F2F3E64A8 0000000000080000 0101010101010101 EA51D3975595B86B 0000000000040000 0101010101010101 CAFFC6AC4542DE31 0000000000020000 0101010101010101 8DD45A2DDF90796C 0000000000010000 0101010101010101 1029D55E880EC2D0 0000000000008000 0101010101010101 5D86CB23639DBEA9 0000000000004000 0101010101010101 1D1CA853AE7C0C5F 0000000000002000 0101010101010101 CE332329248F3228 0000000000001000 0101010101010101 8405D1ABE24FB942 0000000000000800 0101010101010101 E643D78090CA4207 0000000000000400 0101010101010101 48221B9937748A23 0000000000000200 0101010101010101 DD7C0BBD61FAFD54 0000000000000100 0101010101010101 2FBC291A570DB5C4 0000000000000080 0101010101010101 E07C30D7E4E26E12 0000000000000040 0101010101010101 0953E2258E8E90A1 0000000000000020 0101010101010101 5B711BC4CEEBF2EE 0000000000000010 0101010101010101 CC083F1E6D9E85F6 0000000000000008 0101010101010101 D2FD8867D50D2DFE 0000000000000004 0101010101010101 06E7EA22CE92708F 0000000000000002 0101010101010101 166B40B44ABA4BD6 0000000000000001 # # Inverse Permutation and Expansion test # encrypt # 0101010101010101 8000000000000000 95F8A5E5DD31D900 0101010101010101 4000000000000000 DD7F121CA5015619 0101010101010101 2000000000000000 2E8653104F3834EA 0101010101010101 1000000000000000 4BD388FF6CD81D4F 0101010101010101 0800000000000000 20B9E767B2FB1456 0101010101010101 0400000000000000 55579380D77138EF 0101010101010101 0200000000000000 6CC5DEFAAF04512F 0101010101010101 0100000000000000 0D9F279BA5D87260 0101010101010101 0080000000000000 D9031B0271BD5A0A 0101010101010101 0040000000000000 424250B37C3DD951 0101010101010101 0020000000000000 B8061B7ECD9A21E5 0101010101010101 0010000000000000 F15D0F286B65BD28 0101010101010101 0008000000000000 ADD0CC8D6E5DEBA1 0101010101010101 0004000000000000 E6D5F82752AD63D1 0101010101010101 0002000000000000 ECBFE3BD3F591A5E 0101010101010101 0001000000000000 F356834379D165CD 0101010101010101 0000800000000000 2B9F982F20037FA9 0101010101010101 0000400000000000 889DE068A16F0BE6 0101010101010101 0000200000000000 E19E275D846A1298 0101010101010101 0000100000000000 329A8ED523D71AEC 0101010101010101 0000080000000000 E7FCE22557D23C97 0101010101010101 0000040000000000 12A9F5817FF2D65D 0101010101010101 0000020000000000 A484C3AD38DC9C19 0101010101010101 0000010000000000 FBE00A8A1EF8AD72 0101010101010101 0000008000000000 750D079407521363 0101010101010101 0000004000000000 64FEED9C724C2FAF 0101010101010101 0000002000000000 F02B263B328E2B60 0101010101010101 0000001000000000 9D64555A9A10B852 0101010101010101 0000000800000000 D106FF0BED5255D7 0101010101010101 0000000400000000 E1652C6B138C64A5 0101010101010101 0000000200000000 E428581186EC8F46 0101010101010101 0000000100000000 AEB5F5EDE22D1A36 0101010101010101 0000000080000000 E943D7568AEC0C5C 0101010101010101 0000000040000000 DF98C8276F54B04B 0101010101010101 0000000020000000 B160E4680F6C696F 0101010101010101 0000000010000000 FA0752B07D9C4AB8 0101010101010101 0000000008000000 CA3A2B036DBC8502 0101010101010101 0000000004000000 5E0905517BB59BCF 0101010101010101 0000000002000000 814EEB3B91D90726 0101010101010101 0000000001000000 4D49DB1532919C9F 0101010101010101 0000000000800000 25EB5FC3F8CF0621 0101010101010101 0000000000400000 AB6A20C0620D1C6F 0101010101010101 0000000000200000 79E90DBC98F92CCA 0101010101010101 0000000000100000 866ECEDD8072BB0E 0101010101010101 0000000000080000 8B54536F2F3E64A8 0101010101010101 0000000000040000 EA51D3975595B86B 0101010101010101 0000000000020000 CAFFC6AC4542DE31 0101010101010101 0000000000010000 8DD45A2DDF90796C 0101010101010101 0000000000008000 1029D55E880EC2D0 0101010101010101 0000000000004000 5D86CB23639DBEA9 0101010101010101 0000000000002000 1D1CA853AE7C0C5F 0101010101010101 0000000000001000 CE332329248F3228 0101010101010101 0000000000000800 8405D1ABE24FB942 0101010101010101 0000000000000400 E643D78090CA4207 0101010101010101 0000000000000200 48221B9937748A23 0101010101010101 0000000000000100 DD7C0BBD61FAFD54 0101010101010101 0000000000000080 2FBC291A570DB5C4 0101010101010101 0000000000000040 E07C30D7E4E26E12 0101010101010101 0000000000000020 0953E2258E8E90A1 0101010101010101 0000000000000010 5B711BC4CEEBF2EE 0101010101010101 0000000000000008 CC083F1E6D9E85F6 0101010101010101 0000000000000004 D2FD8867D50D2DFE 0101010101010101 0000000000000002 06E7EA22CE92708F 0101010101010101 0000000000000001 166B40B44ABA4BD6 # # Key Permutation tests # encrypt # 8001010101010101 0000000000000000 95A8D72813DAA94D 4001010101010101 0000000000000000 0EEC1487DD8C26D5 2001010101010101 0000000000000000 7AD16FFB79C45926 1001010101010101 0000000000000000 D3746294CA6A6CF3 0801010101010101 0000000000000000 809F5F873C1FD761 0401010101010101 0000000000000000 C02FAFFEC989D1FC 0201010101010101 0000000000000000 4615AA1D33E72F10 0180010101010101 0000000000000000 2055123350C00858 0140010101010101 0000000000000000 DF3B99D6577397C8 0120010101010101 0000000000000000 31FE17369B5288C9 0110010101010101 0000000000000000 DFDD3CC64DAE1642 0108010101010101 0000000000000000 178C83CE2B399D94 0104010101010101 0000000000000000 50F636324A9B7F80 0102010101010101 0000000000000000 A8468EE3BC18F06D 0101800101010101 0000000000000000 A2DC9E92FD3CDE92 0101400101010101 0000000000000000 CAC09F797D031287 0101200101010101 0000000000000000 90BA680B22AEB525 0101100101010101 0000000000000000 CE7A24F350E280B6 0101080101010101 0000000000000000 882BFF0AA01A0B87 0101040101010101 0000000000000000 25610288924511C2 0101020101010101 0000000000000000 C71516C29C75D170 0101018001010101 0000000000000000 5199C29A52C9F059 0101014001010101 0000000000000000 C22F0A294A71F29F 0101012001010101 0000000000000000 EE371483714C02EA 0101011001010101 0000000000000000 A81FBD448F9E522F 0101010801010101 0000000000000000 4F644C92E192DFED 0101010401010101 0000000000000000 1AFA9A66A6DF92AE 0101010201010101 0000000000000000 B3C1CC715CB879D8 0101010180010101 0000000000000000 19D032E64AB0BD8B 0101010140010101 0000000000000000 3CFAA7A7DC8720DC 0101010120010101 0000000000000000 B7265F7F447AC6F3 0101010110010101 0000000000000000 9DB73B3C0D163F54 0101010108010101 0000000000000000 8181B65BABF4A975 0101010104010101 0000000000000000 93C9B64042EAA240 0101010102010101 0000000000000000 5570530829705592 0101010101800101 0000000000000000 8638809E878787A0 0101010101400101 0000000000000000 41B9A79AF79AC208 0101010101200101 0000000000000000 7A9BE42F2009A892 0101010101100101 0000000000000000 29038D56BA6D2745 0101010101080101 0000000000000000 5495C6ABF1E5DF51 0101010101040101 0000000000000000 AE13DBD561488933 0101010101020101 0000000000000000 024D1FFA8904E389 0101010101018001 0000000000000000 D1399712F99BF02E 0101010101014001 0000000000000000 14C1D7C1CFFEC79E 0101010101012001 0000000000000000 1DE5279DAE3BED6F 0101010101011001 0000000000000000 E941A33F85501303 0101010101010801 0000000000000000 DA99DBBC9A03F379 0101010101010401 0000000000000000 B7FC92F91D8E92E9 0101010101010201 0000000000000000 AE8E5CAA3CA04E85 0101010101010180 0000000000000000 9CC62DF43B6EED74 0101010101010140 0000000000000000 D863DBB5C59A91A0 0101010101010120 0000000000000000 A1AB2190545B91D7 0101010101010110 0000000000000000 0875041E64C570F7 0101010101010108 0000000000000000 5A594528BEBEF1CC 0101010101010104 0000000000000000 FCDB3291DE21F0C0 0101010101010102 0000000000000000 869EFD7F9F265A09 # # Test of right-shifts in Decryption # decrypt # 8001010101010101 95A8D72813DAA94D 0000000000000000 4001010101010101 0EEC1487DD8C26D5 0000000000000000 2001010101010101 7AD16FFB79C45926 0000000000000000 1001010101010101 D3746294CA6A6CF3 0000000000000000 0801010101010101 809F5F873C1FD761 0000000000000000 0401010101010101 C02FAFFEC989D1FC 0000000000000000 0201010101010101 4615AA1D33E72F10 0000000000000000 0180010101010101 2055123350C00858 0000000000000000 0140010101010101 DF3B99D6577397C8 0000000000000000 0120010101010101 31FE17369B5288C9 0000000000000000 0110010101010101 DFDD3CC64DAE1642 0000000000000000 0108010101010101 178C83CE2B399D94 0000000000000000 0104010101010101 50F636324A9B7F80 0000000000000000 0102010101010101 A8468EE3BC18F06D 0000000000000000 0101800101010101 A2DC9E92FD3CDE92 0000000000000000 0101400101010101 CAC09F797D031287 0000000000000000 0101200101010101 90BA680B22AEB525 0000000000000000 0101100101010101 CE7A24F350E280B6 0000000000000000 0101080101010101 882BFF0AA01A0B87 0000000000000000 0101040101010101 25610288924511C2 0000000000000000 0101020101010101 C71516C29C75D170 0000000000000000 0101018001010101 5199C29A52C9F059 0000000000000000 0101014001010101 C22F0A294A71F29F 0000000000000000 0101012001010101 EE371483714C02EA 0000000000000000 0101011001010101 A81FBD448F9E522F 0000000000000000 0101010801010101 4F644C92E192DFED 0000000000000000 0101010401010101 1AFA9A66A6DF92AE 0000000000000000 0101010201010101 B3C1CC715CB879D8 0000000000000000 0101010180010101 19D032E64AB0BD8B 0000000000000000 0101010140010101 3CFAA7A7DC8720DC 0000000000000000 0101010120010101 B7265F7F447AC6F3 0000000000000000 0101010110010101 9DB73B3C0D163F54 0000000000000000 0101010108010101 8181B65BABF4A975 0000000000000000 0101010104010101 93C9B64042EAA240 0000000000000000 0101010102010101 5570530829705592 0000000000000000 0101010101800101 8638809E878787A0 0000000000000000 0101010101400101 41B9A79AF79AC208 0000000000000000 0101010101200101 7A9BE42F2009A892 0000000000000000 0101010101100101 29038D56BA6D2745 0000000000000000 0101010101080101 5495C6ABF1E5DF51 0000000000000000 0101010101040101 AE13DBD561488933 0000000000000000 0101010101020101 024D1FFA8904E389 0000000000000000 0101010101018001 D1399712F99BF02E 0000000000000000 0101010101014001 14C1D7C1CFFEC79E 0000000000000000 0101010101012001 1DE5279DAE3BED6F 0000000000000000 0101010101011001 E941A33F85501303 0000000000000000 0101010101010801 DA99DBBC9A03F379 0000000000000000 0101010101010401 B7FC92F91D8E92E9 0000000000000000 0101010101010201 AE8E5CAA3CA04E85 0000000000000000 0101010101010180 9CC62DF43B6EED74 0000000000000000 0101010101010140 D863DBB5C59A91A0 0000000000000000 0101010101010120 A1AB2190545B91D7 0000000000000000 0101010101010110 0875041E64C570F7 0000000000000000 0101010101010108 5A594528BEBEF1CC 0000000000000000 0101010101010104 FCDB3291DE21F0C0 0000000000000000 0101010101010102 869EFD7F9F265A09 0000000000000000 # # Data permutation test # encrypt # 1046913489980131 0000000000000000 88D55E54F54C97B4 1007103489988020 0000000000000000 0C0CC00C83EA48FD 10071034C8980120 0000000000000000 83BC8EF3A6570183 1046103489988020 0000000000000000 DF725DCAD94EA2E9 1086911519190101 0000000000000000 E652B53B550BE8B0 1086911519580101 0000000000000000 AF527120C485CBB0 5107B01519580101 0000000000000000 0F04CE393DB926D5 1007B01519190101 0000000000000000 C9F00FFC74079067 3107915498080101 0000000000000000 7CFD82A593252B4E 3107919498080101 0000000000000000 CB49A2F9E91363E3 10079115B9080140 0000000000000000 00B588BE70D23F56 3107911598080140 0000000000000000 406A9A6AB43399AE 1007D01589980101 0000000000000000 6CB773611DCA9ADA 9107911589980101 0000000000000000 67FD21C17DBB5D70 9107D01589190101 0000000000000000 9592CB4110430787 1007D01598980120 0000000000000000 A6B7FF68A318DDD3 1007940498190101 0000000000000000 4D102196C914CA16 0107910491190401 0000000000000000 2DFA9F4573594965 0107910491190101 0000000000000000 B46604816C0E0774 0107940491190401 0000000000000000 6E7E6221A4F34E87 19079210981A0101 0000000000000000 AA85E74643233199 1007911998190801 0000000000000000 2E5A19DB4D1962D6 10079119981A0801 0000000000000000 23A866A809D30894 1007921098190101 0000000000000000 D812D961F017D320 100791159819010B 0000000000000000 055605816E58608F 1004801598190101 0000000000000000 ABD88E8B1B7716F1 1004801598190102 0000000000000000 537AC95BE69DA1E1 1004801598190108 0000000000000000 AED0F6AE3C25CDD8 1002911498100104 0000000000000000 B3E35A5EE53E7B8D 1002911598190104 0000000000000000 61C79C71921A2EF8 1002911598100201 0000000000000000 E2F5728F0995013C 1002911698100101 0000000000000000 1AEAC39A61F0A464 # # S-Box test # encrypt # 7CA110454A1A6E57 01A1D6D039776742 690F5B0D9A26939B 0131D9619DC1376E 5CD54CA83DEF57DA 7A389D10354BD271 07A1133E4A0B2686 0248D43806F67172 868EBB51CAB4599A 3849674C2602319E 51454B582DDF440A 7178876E01F19B2A 04B915BA43FEB5B6 42FD443059577FA2 AF37FB421F8C4095 0113B970FD34F2CE 059B5E0851CF143A 86A560F10EC6D85B 0170F175468FB5E6 0756D8E0774761D2 0CD3DA020021DC09 43297FAD38E373FE 762514B829BF486A EA676B2CB7DB2B7A 07A7137045DA2A16 3BDD119049372802 DFD64A815CAF1A0F 04689104C2FD3B2F 26955F6835AF609A 5C513C9C4886C088 37D06BB516CB7546 164D5E404F275232 0A2AEEAE3FF4AB77 1F08260D1AC2465E 6B056E18759F5CCA EF1BF03E5DFA575A 584023641ABA6176 004BD6EF09176062 88BF0DB6D70DEE56 025816164629B007 480D39006EE762F2 A1F9915541020B56 49793EBC79B3258F 437540C8698F3CFA 6FBF1CAFCFFD0556 4FB05E1515AB73A7 072D43A077075292 2F22E49BAB7CA1AC 49E95D6D4CA229BF 02FE55778117F12A 5A6B612CC26CCE4A 018310DC409B26D6 1D9D5C5018F728C2 5F4C038ED12B2E41 1C587F1C13924FEF 305532286D6F295A 63FAC0D034D9F793 # Errors found: SH_EOF cat << SH_EOF > des.1 .ds ]T 15 Nov 90 .ds CP \s-2\(co\f3 Copyright 1990 by David G. Koontz\f1\s+2 .de}F .ev1 .}E .if\\n()s 'sp |\\n(.pu-1v-1p .if\\n()t 'sp |\\n(.pu-3v .ifn 'sp |\\n(.pu-4v .ifn .tl Page %\\*(]T .if\\n()s .tl - % - .if\\n()t \{.if o .tl Page %\\*(CP\\*(]T .ife .tl \\*(]T\\*(CPPage % \} 'bp .ev .. .de}C .. .po 1.0i .nrIN 0.5i .nr)S 12 .TH \f3DES 1 "" "\s+1\f6/dev/ktz\f1\s-1" .SH \f3NAME des \- encrypt/decrypt using verified NBS DES algorithm .SH \f3SYNOPSIS .B des -e \|\(bv \|-d [-k key \|\(bv \|-K hex_key] [-p pad_character], or .br .B des -t [-v] .SH \f3DESCRIPTION .I Des\^ encrypts or decrypts according to the .B -e (encrypt) and .B -d (decrypt) flags reading from standard input and writing to standard output. The .B -k flag passes a string of 8 characters to be used as key. The .B -K flag passes a 16 character hexidecimal key. The DES algorithm produces a 64 bit cipher product using a 56 bit key and 64 bit plaintext value. .PP If no key is passed .I des\^ uses the routine getpass("key: ") to demand an 8 character key from standard input. All key inputs must be of the correct length or .I des\^ will terminate. .PP Character string keys ( .B -k and .B getpass() ) have each byte shifted left one bit, to leave bit[0] undefined. Bit[0] is used as a parity bit, and is otherwise uninvolved in DES keys. Shifting character string keys provides retention of all ascii defined bits and results in a 56 bit key. Hex key strings, such as from the .B -K option or from the test vector, are not shifted. It is the hex key provider's responsibility to properly position 7 bits of key into the upper 7 bits of each hex byte. .PP The .B -p flag passes a hexidecimal value of the range 0x0 - 0xFF to be used in place of the default pad character (0x20). The pad character is used to fill out the last 8 byte block if the input stream does not supply muliples of 8 bytes. .SH \f3TESTMODE The .B -t and .B -v flags are used to toggle .I test\^ and .I verbose\^ modes. Testmode switches input format to test vectors used in DES algorithm verification. Each vector includes a 16 hexdigit key, a 16 hexdigit data value and a 16 hexdigit result value. All output during testmode operation is made to standard error output. A summary of tests is output irregardless of the .I -v\^ flag. Verbose mode outputs the test source and error locations. .SH \f3TEST VECTOR FORMAT An input line must contain less than 127 characters. A line containing a leading space is considered a vector. A line without a leading space is a comment. The .I des\^ mode is set for vectors following a comment line that contains either .B encrypt or .B decrypt as the first 7 characters. A line containing a vector is comprised of a leading space and three 16 hexdigit values. .PP A trailing comment line in the vector file forces output of the error total. .SH \f3NORMAL OPERATION .I Des\^ encrypts and decrypts with the same key: .PP .RS des -e -k key < clear >cypher .br des -d -k key < cypher .RE .PP will output a stream identical to that contained in clear, with the exeception of the possibility of up to 7 pad characters being appended to the decoded stream. .PP Files encrypted by .I des\^ are compatible with the National Bureau of Standards Digital Encryption Standard in an electronic code book (ECB) implementation. .PP .I Des\^ utilizes the libcrypt library used by the passwd and makekey programs. .I Des\^ is slower than the .B crypt command it is intended to replace, a trade off for higher security. .I Des\^ also has the capabilty of decrypting concatenated files, if all used the same key schedule and key. .bp .SH \f3EXAMPLE .IP des -e -k abcdefgh < foo.c > fum .PP will use the string "abcdefgh" as key to encrypt the contents of "foo.c", and place the encrypted output in file "fum". File "fum" at this point will be unreadable. .SM \f3NOTE:\f1 that the original file, "foo.c", remains in readable form. To obtain readable print-out of the file "fum", it could be decoded as follows: .IP des -d < fum .PP After the response: .IP key: .PP the user types in "abcdefgh". .SH \f3FILES .ta \w'des.test\ \ \ \ 'u des.test test vector file, derived from \f2NBS Special Pub 500-20 .br .DT .SH \f3SEE ALSO crypt(1), makekey(1). .SH \f3BUGS Encryption of large files is time consuming. Some implementations of libcrypt do not allow the .I edflag\^ in the routine encrypt(block,edflag) to be set to decode (TRUE). This is done in compliance with export restrictions on cryptographic systems. This may be defeated by clever programming in some cases. .PP .I Des\^ also uses padding of the input to assemble the last block of data. This can result in up to 7 characters added to the decoded data. If having the pad character selectable is not flexible enough, a pipeline filter can be written to protect and stuff a pad value in the plaintext domain, and strip pad characters from the decoded output. .br See .I crypt\^ for additional bugs. SH_EOF