[src/trunk]: src/usr.bin/bdes Ressurect bdes(1).

[thorpej <thorpej%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e340fd61ff37
branches:  trunk
changeset: 488007:e340fd61ff37
user:      thorpej <thorpej%NetBSD.org@localhost>
date:      Fri Jun 16 16:53:20 2000 +0000

description:
Ressurect bdes(1).

diffstat:

 usr.bin/bdes/Makefile |    9 +
 usr.bin/bdes/bdes.1   |  360 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 369 insertions(+), 0 deletions(-)

diffs (truncated from 377 to 300 lines):

diff -r 23ae82065462 -r e340fd61ff37 usr.bin/bdes/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/usr.bin/bdes/Makefile     Fri Jun 16 16:53:20 2000 +0000
@@ -0,0 +1,9 @@
+#      $NetBSD: Makefile,v 1.5 2000/06/16 16:53:20 thorpej Exp $
+#      @(#)Makefile    8.1 (Berkeley) 6/6/93
+
+PROG=  bdes
+
+LDADD+=        -lcrypt
+DPADD+=        ${LIBCRYPT}
+
+.include <bsd.prog.mk>
diff -r 23ae82065462 -r e340fd61ff37 usr.bin/bdes/bdes.1
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/usr.bin/bdes/bdes.1       Fri Jun 16 16:53:20 2000 +0000
@@ -0,0 +1,360 @@
+.\"    $NetBSD: bdes.1,v 1.5 2000/06/16 16:53:21 thorpej Exp $
+.\"
+.\" Copyright (c) 1991, 1993
+.\"    The Regents of the University of California.  All rights reserved.
+.\"
+.\" This code is derived from software contributed to Berkeley by
+.\" Matt Bishop of Dartmouth College.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"    This product includes software developed by the University of
+.\"    California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"    @(#)bdes.1      8.1 (Berkeley) 6/29/93
+.\"
+.de x2
+.if t 2\u\s-3\\$1\s0\d
+.if n 2**\\$1
+..
+.TH BDES 1 "October 17, 1996"
+.UC 6
+.SH NAME
+bdes \- encrypt/decrypt using the Data Encryption Standard
+.SH SYNOPSIS
+.nf
+.ft B
+bdes [ \-abdp ] [ \-F N ] [ \-f N ] [ \-k key ]
+.ti +5
+[ \-m N ] [ \-o N ] [ \-v vector ]
+.ft R
+.fi
+.SH DESCRIPTION
+.I Bdes
+implements all DES modes of operation described in FIPS PUB 81, 
+including alternative cipher feedback mode and both authentication
+modes.
+.I Bdes
+reads from the standard input and writes to the standard output.
+By default, the input is encrypted using cipher block chaining mode.
+Using the same key for encryption and decryption preserves plain text.
+.PP
+All modes but the electronic code book mode require an initialization
+vector; if none is supplied, the zero vector is used.
+If no
+.I key
+is specified on the command line, the user is prompted for one (see
+.IR getpass (3)
+for more details).
+.PP
+The options are as follows:
+.TP
+\-a
+The key and initialization vector strings are to be taken as ASCII,
+suppressing the special interpretation given to leading ``0X'', ``0x'',
+``0B'', and ``0b'' characters.
+This flag applies to
+.I both
+the key and initialization vector.
+.TP
+\-b
+Use electronic code book mode.  This is not recommended for messages
+longer than 8 bytes, as patterns in the input will show through to the
+output.
+.TP
+\-d
+Decrypt the input.
+.TP
+\-F
+Use
+.IR N -bit
+alternative cipher feedback mode.
+Currently
+.I N
+must be a multiple of 7 between 7 and 56 inclusive (this does not conform
+to the alternative CFB mode specification).
+.TP
+\-f
+Use
+.IR N -bit
+cipher feedback mode.
+Currently
+.I N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the standard CFB mode specification).
+.TP
+\-k
+Use
+.I key
+as the cryptographic key.
+.TP
+\-m
+Compute a message authentication code (MAC) of
+.I N
+bits on the input.
+The value of
+.I N
+must be between 1 and 64 inclusive; if
+.I N
+is not a multiple of 8, enough 0 bits will be added to pad the MAC length
+to the nearest multiple of 8.
+Only the MAC is output.
+MACs are only available in cipher block chaining mode or in cipher feedback
+mode.
+.TP
+\-o
+Use
+.IR N -bit
+output feedback mode.
+Currently
+.I N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the OFB mode specification).
+.TP
+\-p
+Disable the resetting of the parity bit.
+This flag forces the parity bit of the key to be used as typed, rather than
+making each character be of odd parity.
+It is used only if the key is given in ASCII.
+.TP
+\-v
+Set the initialization vector to
+.IR vector ;
+the vector is interpreted in the same way as the key.  The vector is
+ignored in electronic codebook mode.  For best security, a different
+initialization vector should be used for each file.
+.PP
+The key and initialization vector are taken as sequences of ASCII
+characters which are then mapped into their bit representations.
+If either begins with ``0X'' or ``0x'',
+that one is taken as a sequence of hexadecimal digits indicating the
+bit pattern;
+if either begins with ``0B'' or ``0b'',
+that one is taken as a sequence of binary digits indicating the bit pattern.
+In either case,
+only the leading 64 bits of the key or initialization vector
+are used,
+and if fewer than 64 bits are provided, enough 0 bits are appended
+to pad the key to 64 bits.
+.PP
+According to the DES standard, the low-order bit of each character in the
+key string is deleted.
+Since most ASCII representations set the high-order bit to 0, simply
+deleting the low-order bit effectively reduces the size of the key space
+from 
+.x2 56
+to
+.x2 48
+keys.
+To prevent this, the high-order bit must be a function depending in part
+upon the low-order bit; so, the high-order bit is set to whatever value
+gives odd parity.
+This preserves the key space size.
+Note this resetting of the parity bit is
+.I not
+done if the key is given in binary or hex, and can be disabled for ASCII
+keys as well.
+.PP
+The DES is considered a very strong cryptosystem hobbled by a short
+key, and other than table lookup attacks, key search attacks, and
+Hellman's time-memory tradeoff (all of which are very expensive and
+time-consuming), no practical cryptanalytic methods for breaking the
+DES are known in the open literature.  As of this writing, the best
+known cryptanalytic method is linear cryptanalysis, which requires an
+average of 
+.x2 43
+known plaintext-ciphertext pairs to succeed.
+Unfortunately for the DES, key search attacks (requiring only 
+a single known plaintext-ciphertext pair and trying 
+.x2 55
+keys on average) are becoming practical.
+.PP
+As with all cryptosystems, the choice of keys and
+key security remain the most vulnerable aspect of
+.IR bdes .
+.SH IMPLEMENTATION NOTES
+For implementors wishing to write software compatible with this program,
+the following notes are provided.
+This software is believed to be compatible with the implementation of the
+data encryption standard distributed by Sun Microsystems, Inc.
+.PP
+In the ECB and CBC modes, plaintext is encrypted in units of 64 bits (8 bytes,
+also called a block).
+To ensure that the plaintext file is encrypted correctly,
+.I bdes
+will (internally) append from 1 to 8 bytes, the last byte containing an
+integer stating how many bytes of that final block are from the plaintext
+file, and encrypt the resulting block.
+Hence, when decrypting, the last block may contain from 0 to 7 characters
+present in the plaintext file, and the last byte tells how many.
+Note that if during decryption the last byte of the file does not contain an
+integer between 0 and 7, either the file has been corrupted or an incorrect
+key has been given.
+A similar mechanism is used for the OFB and CFB modes, except that those
+simply require the length of the input to be a multiple of the mode size,
+and the final byte contains an integer between 0 and one less than the number
+of bytes being used as the mode.
+(This was another reason that the mode size must be a multiple of 8 for those
+modes.)
+.PP
+Unlike Sun's implementation, unused bytes of that last block are not filled
+with random data, but instead contain what was in those byte positions in
+the preceding block.
+This is quicker and more portable, and does not weaken the encryption
+significantly.
+.PP
+If the key is entered in ASCII, the parity bits of the key characters are set
+so that each key character is of odd parity.
+Unlike Sun's implementation, it is possible to enter binary or hexadecimal
+keys on the command line, and if this is done, the parity bits are
+.I not
+reset.
+This allows testing using arbitrary bit patterns as keys.
+.PP
+The Sun implementation always uses an initialization vector of 0
+(that is, all zeroes).
+By default,
+.I bdes
+does too, but this may be changed from the command line.
+.SH SEE ALSO
+crypt(3), getpass(3)
+.sp
+.IR "Data Encryption Standard" ,
+Federal Information Processing Standard #46,
+National Bureau of Standards,
+U.S. Department of Commerce,
+Washington DC
+(Jan. 1977)
+.sp
+.IR "DES Modes of Operation" ,
+Federal Information Processing Standard #81,
+National Bureau of Standards,
+U.S. Department of Commerce
+Washington DC
+(Dec. 1980)
+.sp
+Dorothy Denning,
+.IR "Cryptography and Data Security" ,
+Addison-Wesley Publishing Co.,
+Reading, MA
+\(co1982.
+.sp
+Matt Bishop,
+.IR "Implementation Notes on bdes(1)" ,
+Technical Report PCS-TR-91-158,
+Department of Mathematics and Computer Science,
+Dartmouth College,
+Hanover, NH  03755
+(Apr. 1991).
+.sp
+M.J. Wiener,
+.IR "Efficient DES Key Search" ,
+Technical Report 244,
+School of Computer Science,
+Carleton University
+(May 1994).
+.sp
+Bruce Schneier,
+.IR "Applied Cryptography (2nd edition)" ,
+John Wiley & Sons, Inc.,
+New York, NY